Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack & Google redirects


  • Please log in to reply
21 replies to this topic

#1 527

527

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 30 November 2012 - 01:47 PM

My dad has asked me to help with his computer again. This time he is having problems with browser hijacks and redirects to spam sites from Google searches. There are now hyperlinked ads in normal browser text. It happens in both IE & Firefox. He says the computer is slower than before.

This is the third time since the summer there has been a major problem with his machine. I have been very grateful to get help on the forum in the past. This time I wonder if it would be possible to just use the previous system restore point created after the last successful cleaning?

And also it would help to have some ideas how to prevent future problems - we can't have this happen every 6 weeks. I have cautioned him against clicking email links or downloading suspicious attachments from email. Web browser history has been erased so I can't investigate that at the moment but it could be the problem. Two other machines running on the same home network have been completely clean.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:23 AM

Posted 30 November 2012 - 01:53 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 30 November 2012 - 02:15 PM

Thanks Naren

14:12:38.0080 4716 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:12:38.0450 4716 ============================================================
14:12:38.0450 4716 Current date / time: 2012/11/30 14:12:38.0450
14:12:38.0450 4716 SystemInfo:
14:12:38.0450 4716
14:12:38.0450 4716 OS Version: 6.1.7601 ServicePack: 1.0
14:12:38.0450 4716 Product type: Workstation
14:12:38.0450 4716 ComputerName: TONY-PC
14:12:38.0450 4716 UserName: Tony
14:12:38.0450 4716 Windows directory: C:\Windows
14:12:38.0450 4716 System windows directory: C:\Windows
14:12:38.0450 4716 Running under WOW64
14:12:38.0450 4716 Processor architecture: Intel x64
14:12:38.0450 4716 Number of processors: 4
14:12:38.0450 4716 Page size: 0x1000
14:12:38.0450 4716 Boot type: Normal boot
14:12:38.0450 4716 ============================================================
14:12:39.0631 4716 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:12:39.0651 4716 ============================================================
14:12:39.0651 4716 \Device\Harddisk0\DR0:
14:12:39.0651 4716 MBR partitions:
14:12:39.0651 4716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:12:39.0651 4716 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3283F, BlocksNum 0x72E25FC1
14:12:39.0651 4716 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72E58800, BlocksNum 0x18AD800
14:12:39.0651 4716 ============================================================
14:12:39.0671 4716 C: <-> \Device\Harddisk0\DR0\Partition2
14:12:39.0701 4716 D: <-> \Device\Harddisk0\DR0\Partition3
14:12:39.0701 4716 ============================================================
14:12:39.0701 4716 Initialize success
14:12:39.0701 4716 ============================================================
14:13:02.0503 5188 ============================================================
14:13:02.0503 5188 Scan started
14:13:02.0503 5188 Mode: Manual; TDLFS;
14:13:02.0503 5188 ============================================================
14:13:06.0474 5188 ================ Scan system memory ========================
14:13:06.0484 5188 System memory - ok
14:13:06.0484 5188 ================ Scan services =============================
14:13:06.0674 5188 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:13:06.0684 5188 1394ohci - ok
14:13:06.0714 5188 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:13:06.0724 5188 ACPI - ok
14:13:06.0734 5188 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:13:06.0734 5188 AcpiPmi - ok
14:13:06.0864 5188 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:13:06.0864 5188 AdobeARMservice - ok
14:13:06.0964 5188 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:13:06.0964 5188 AdobeFlashPlayerUpdateSvc - ok
14:13:07.0004 5188 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:13:07.0014 5188 adp94xx - ok
14:13:07.0034 5188 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:13:07.0034 5188 adpahci - ok
14:13:07.0054 5188 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:13:07.0054 5188 adpu320 - ok
14:13:07.0084 5188 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:13:07.0084 5188 AeLookupSvc - ok
14:13:07.0134 5188 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:13:07.0144 5188 AFD - ok
14:13:07.0174 5188 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:13:07.0174 5188 agp440 - ok
14:13:07.0194 5188 [ 3327E85CADB3B65EE36016E35BCC0ADC ] ahcix64s C:\Windows\system32\DRIVERS\ahcix64s.sys
14:13:07.0204 5188 ahcix64s - ok
14:13:07.0224 5188 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:13:07.0224 5188 ALG - ok
14:13:07.0254 5188 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:13:07.0254 5188 aliide - ok
14:13:07.0284 5188 [ 2FDCB3E855076CE97CCB58E2CF8F2A09 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:13:07.0294 5188 AMD External Events Utility - ok
14:13:07.0304 5188 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:13:07.0314 5188 amdide - ok
14:13:07.0324 5188 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:13:07.0334 5188 AmdK8 - ok
14:13:07.0554 5188 [ 9920704BF815A5B42DA5264F013AAEB7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:13:07.0794 5188 amdkmdag - ok
14:13:07.0864 5188 [ 0D1055A47A8F5DC1CAA2701831293EBB ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:13:07.0874 5188 amdkmdap - ok
14:13:07.0904 5188 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:13:07.0914 5188 AmdPPM - ok
14:13:07.0934 5188 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:13:07.0934 5188 amdsata - ok
14:13:07.0984 5188 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:13:07.0984 5188 amdsbs - ok
14:13:08.0004 5188 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:13:08.0004 5188 amdxata - ok
14:13:08.0054 5188 [ B01289CC07A2E21C4EFCA722D1EFB243 ] AMD_RAIDXpert C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
14:13:08.0064 5188 AMD_RAIDXpert - ok
14:13:08.0084 5188 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:13:08.0114 5188 AppID - ok
14:13:08.0144 5188 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:13:08.0144 5188 AppIDSvc - ok
14:13:08.0184 5188 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:13:08.0184 5188 Appinfo - ok
14:13:08.0254 5188 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:13:08.0254 5188 Apple Mobile Device - ok
14:13:08.0264 5188 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:13:08.0264 5188 arc - ok
14:13:08.0274 5188 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:13:08.0284 5188 arcsas - ok
14:13:08.0294 5188 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:13:08.0294 5188 AsyncMac - ok
14:13:08.0314 5188 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:13:08.0314 5188 atapi - ok
14:13:08.0374 5188 [ 7D89B0C443F6068E5B27AA3B972069FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
14:13:08.0424 5188 athr - ok
14:13:08.0664 5188 [ 9920704BF815A5B42DA5264F013AAEB7 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:13:08.0794 5188 atikmdag - ok
14:13:08.0834 5188 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
14:13:08.0834 5188 AtiPcie - ok
14:13:08.0884 5188 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:13:08.0894 5188 AudioEndpointBuilder - ok
14:13:08.0914 5188 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:13:08.0924 5188 AudioSrv - ok
14:13:08.0954 5188 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:13:08.0954 5188 AxInstSV - ok
14:13:08.0984 5188 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:13:08.0994 5188 b06bdrv - ok
14:13:09.0024 5188 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:13:09.0034 5188 b57nd60a - ok
14:13:09.0054 5188 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:13:09.0064 5188 BDESVC - ok
14:13:09.0114 5188 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:13:09.0114 5188 Beep - ok
14:13:09.0134 5188 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:13:09.0134 5188 blbdrive - ok
14:13:09.0214 5188 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:13:09.0214 5188 Bonjour Service - ok
14:13:09.0244 5188 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:13:09.0244 5188 bowser - ok
14:13:09.0274 5188 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:13:09.0274 5188 BrFiltLo - ok
14:13:09.0284 5188 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:13:09.0284 5188 BrFiltUp - ok
14:13:09.0314 5188 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:13:09.0314 5188 Browser - ok
14:13:09.0344 5188 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys
14:13:09.0344 5188 Brserid - ok
14:13:09.0364 5188 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:13:09.0374 5188 BrSerWdm - ok
14:13:09.0394 5188 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:13:09.0394 5188 BrUsbMdm - ok
14:13:09.0414 5188 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
14:13:09.0414 5188 BrUsbSer - ok
14:13:09.0434 5188 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:13:09.0434 5188 BTHMODEM - ok
14:13:09.0464 5188 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:13:09.0464 5188 bthserv - ok
14:13:09.0484 5188 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:13:09.0484 5188 cdfs - ok
14:13:09.0514 5188 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
14:13:09.0514 5188 cdrom - ok
14:13:09.0564 5188 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:13:09.0564 5188 CertPropSvc - ok
14:13:09.0574 5188 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:13:09.0584 5188 circlass - ok
14:13:09.0604 5188 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:13:09.0614 5188 CLFS - ok
14:13:09.0664 5188 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:13:09.0674 5188 clr_optimization_v2.0.50727_32 - ok
14:13:09.0704 5188 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:13:09.0714 5188 clr_optimization_v2.0.50727_64 - ok
14:13:09.0784 5188 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:13:09.0784 5188 clr_optimization_v4.0.30319_32 - ok
14:13:09.0814 5188 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:13:09.0814 5188 clr_optimization_v4.0.30319_64 - ok
14:13:09.0834 5188 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:13:09.0834 5188 CmBatt - ok
14:13:09.0864 5188 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:13:09.0864 5188 cmdide - ok
14:13:09.0904 5188 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:13:09.0914 5188 CNG - ok
14:13:09.0934 5188 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:13:09.0934 5188 Compbatt - ok
14:13:09.0964 5188 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:13:09.0964 5188 CompositeBus - ok
14:13:09.0974 5188 COMSysApp - ok
14:13:09.0984 5188 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:13:09.0994 5188 crcdisk - ok
14:13:10.0024 5188 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:13:10.0034 5188 CryptSvc - ok
14:13:10.0054 5188 [ 1CA90212A99DB6975C344826D11055C9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
14:13:10.0064 5188 dc3d - ok
14:13:10.0104 5188 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:13:10.0114 5188 DcomLaunch - ok
14:13:10.0144 5188 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:13:10.0154 5188 defragsvc - ok
14:13:10.0184 5188 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:13:10.0184 5188 DfsC - ok
14:13:10.0224 5188 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:13:10.0234 5188 Dhcp - ok
14:13:10.0254 5188 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:13:10.0254 5188 discache - ok
14:13:10.0284 5188 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:13:10.0284 5188 Disk - ok
14:13:10.0324 5188 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:13:10.0324 5188 Dnscache - ok
14:13:10.0354 5188 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:13:10.0354 5188 dot3svc - ok
14:13:10.0414 5188 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
14:13:10.0414 5188 Dot4 - ok
14:13:10.0454 5188 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
14:13:10.0454 5188 Dot4Print - ok
14:13:10.0484 5188 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
14:13:10.0484 5188 dot4usb - ok
14:13:10.0514 5188 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:13:10.0524 5188 DPS - ok
14:13:10.0544 5188 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:13:10.0544 5188 drmkaud - ok
14:13:10.0584 5188 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:13:10.0604 5188 DXGKrnl - ok
14:13:10.0634 5188 [ BBD683974D4BF2B9E2D8638CF503ACD8 ] eac_notifysvc C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_svc.exe
14:13:10.0634 5188 eac_notifysvc - ok
14:13:10.0654 5188 [ 44BCE248CA00DAC64BC1CE25ADF18ACA ] eac_productsvc C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_productsvc.exe
14:13:10.0654 5188 eac_productsvc - ok
14:13:10.0684 5188 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:13:10.0684 5188 EapHost - ok
14:13:10.0784 5188 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:13:10.0864 5188 ebdrv - ok
14:13:10.0894 5188 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:13:10.0904 5188 EFS - ok
14:13:10.0954 5188 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:13:10.0964 5188 ehRecvr - ok
14:13:10.0994 5188 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:13:10.0994 5188 ehSched - ok
14:13:11.0024 5188 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:13:11.0034 5188 elxstor - ok
14:13:11.0054 5188 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:13:11.0064 5188 ErrDev - ok
14:13:11.0094 5188 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:13:11.0104 5188 EventSystem - ok
14:13:11.0114 5188 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:13:11.0124 5188 exfat - ok
14:13:11.0144 5188 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:13:11.0154 5188 fastfat - ok
14:13:11.0194 5188 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:13:11.0204 5188 Fax - ok
14:13:11.0214 5188 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:13:11.0214 5188 fdc - ok
14:13:11.0234 5188 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:13:11.0234 5188 fdPHost - ok
14:13:11.0254 5188 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:13:11.0254 5188 FDResPub - ok
14:13:11.0264 5188 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:13:11.0264 5188 FileInfo - ok
14:13:11.0284 5188 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:13:11.0284 5188 Filetrace - ok
14:13:11.0294 5188 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:13:11.0294 5188 flpydisk - ok
14:13:11.0324 5188 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:13:11.0324 5188 FltMgr - ok
14:13:11.0384 5188 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:13:11.0414 5188 FontCache - ok
14:13:11.0454 5188 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:13:11.0454 5188 FontCache3.0.0.0 - ok
14:13:11.0474 5188 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:13:11.0474 5188 FsDepends - ok
14:13:11.0494 5188 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:13:11.0504 5188 Fs_Rec - ok
14:13:11.0524 5188 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:13:11.0524 5188 fvevol - ok
14:13:11.0554 5188 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:13:11.0554 5188 gagp30kx - ok
14:13:11.0594 5188 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
14:13:11.0624 5188 GameConsoleService - ok
14:13:11.0684 5188 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:13:11.0694 5188 GEARAspiWDM - ok
14:13:11.0804 5188 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:13:11.0824 5188 gpsvc - ok
14:13:11.0894 5188 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:13:11.0894 5188 gupdate - ok
14:13:11.0914 5188 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:13:11.0924 5188 gupdatem - ok
14:13:11.0934 5188 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:13:11.0934 5188 hcw85cir - ok
14:13:11.0974 5188 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:13:11.0974 5188 HDAudBus - ok
14:13:11.0994 5188 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:13:11.0994 5188 HidBatt - ok
14:13:12.0004 5188 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:13:12.0014 5188 HidBth - ok
14:13:12.0034 5188 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:13:12.0034 5188 HidIr - ok
14:13:12.0064 5188 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:13:12.0064 5188 hidserv - ok
14:13:12.0094 5188 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
14:13:12.0094 5188 HidUsb - ok
14:13:12.0134 5188 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:13:12.0134 5188 hkmsvc - ok
14:13:12.0174 5188 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:13:12.0184 5188 HomeGroupListener - ok
14:13:12.0204 5188 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:13:12.0214 5188 HomeGroupProvider - ok
14:13:12.0264 5188 [ 58C91CCA61A948DC6E789C93C05A1D6F ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
14:13:12.0264 5188 HP Health Check Service - ok
14:13:12.0334 5188 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:13:12.0344 5188 hpqcxs08 - ok
14:13:12.0364 5188 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:13:12.0374 5188 hpqddsvc - ok
14:13:12.0404 5188 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
14:13:12.0414 5188 hpqwmiex - ok
14:13:12.0434 5188 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:13:12.0444 5188 HpSAMD - ok
14:13:12.0494 5188 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:13:12.0504 5188 HTTP - ok
14:13:12.0534 5188 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:13:12.0534 5188 hwpolicy - ok
14:13:12.0564 5188 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:13:12.0574 5188 i8042prt - ok
14:13:12.0604 5188 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:13:12.0614 5188 iaStorV - ok
14:13:12.0654 5188 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:13:12.0654 5188 IDriverT - ok
14:13:12.0695 5188 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:13:12.0715 5188 idsvc - ok
14:13:12.0755 5188 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:13:12.0755 5188 iirsp - ok
14:13:12.0805 5188 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:13:12.0815 5188 IKEEXT - ok
14:13:12.0915 5188 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:13:12.0945 5188 IntcAzAudAddService - ok
14:13:12.0975 5188 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:13:12.0975 5188 intelide - ok
14:13:12.0995 5188 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:13:12.0995 5188 intelppm - ok
14:13:13.0025 5188 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:13:13.0025 5188 IPBusEnum - ok
14:13:13.0045 5188 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:13:13.0055 5188 IpFilterDriver - ok
14:13:13.0075 5188 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:13:13.0085 5188 IPMIDRV - ok
14:13:13.0115 5188 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:13:13.0115 5188 IPNAT - ok
14:13:13.0195 5188 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:13:13.0205 5188 iPod Service - ok
14:13:13.0225 5188 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:13:13.0235 5188 IRENUM - ok
14:13:13.0255 5188 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:13:13.0255 5188 isapnp - ok
14:13:13.0285 5188 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:13:13.0295 5188 iScsiPrt - ok
14:13:13.0315 5188 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:13:13.0325 5188 kbdclass - ok
14:13:13.0345 5188 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:13:13.0345 5188 kbdhid - ok
14:13:13.0365 5188 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:13:13.0365 5188 KeyIso - ok
14:13:13.0395 5188 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:13:13.0395 5188 KSecDD - ok
14:13:13.0425 5188 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:13:13.0435 5188 KSecPkg - ok
14:13:13.0455 5188 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:13:13.0455 5188 ksthunk - ok
14:13:13.0485 5188 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:13:13.0495 5188 KtmRm - ok
14:13:13.0525 5188 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:13:13.0535 5188 LanmanServer - ok
14:13:13.0575 5188 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:13:13.0575 5188 LanmanWorkstation - ok
14:13:13.0625 5188 [ 108333981C841EB0FF198AA5DFCF3D3B ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:13:13.0625 5188 LightScribeService - ok
14:13:13.0645 5188 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:13:13.0645 5188 lltdio - ok
14:13:13.0675 5188 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:13:13.0685 5188 lltdsvc - ok
14:13:13.0695 5188 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:13:13.0705 5188 lmhosts - ok
14:13:13.0735 5188 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:13:13.0735 5188 LSI_FC - ok
14:13:13.0755 5188 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:13:13.0765 5188 LSI_SAS - ok
14:13:13.0775 5188 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:13:13.0775 5188 LSI_SAS2 - ok
14:13:13.0795 5188 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:13:13.0795 5188 LSI_SCSI - ok
14:13:13.0815 5188 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:13:13.0825 5188 luafv - ok
14:13:13.0845 5188 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:13:13.0855 5188 Mcx2Svc - ok
14:13:13.0885 5188 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:13:13.0885 5188 megasas - ok
14:13:13.0905 5188 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:13:13.0915 5188 MegaSR - ok
14:13:13.0975 5188 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:13:13.0985 5188 Microsoft Office Groove Audit Service - ok
14:13:13.0995 5188 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:13:14.0005 5188 MMCSS - ok
14:13:14.0025 5188 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:13:14.0025 5188 Modem - ok
14:13:14.0035 5188 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:13:14.0035 5188 monitor - ok
14:13:14.0075 5188 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
14:13:14.0075 5188 mouclass - ok
14:13:14.0095 5188 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:13:14.0095 5188 mouhid - ok
14:13:14.0115 5188 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:13:14.0125 5188 mountmgr - ok
14:13:14.0165 5188 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:13:14.0165 5188 MozillaMaintenance - ok
14:13:14.0195 5188 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:13:14.0205 5188 mpio - ok
14:13:14.0215 5188 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:13:14.0215 5188 mpsdrv - ok
14:13:14.0265 5188 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:13:14.0265 5188 MRxDAV - ok
14:13:14.0305 5188 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:13:14.0305 5188 mrxsmb - ok
14:13:14.0345 5188 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:13:14.0345 5188 mrxsmb10 - ok
14:13:14.0375 5188 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:13:14.0375 5188 mrxsmb20 - ok
14:13:14.0395 5188 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:13:14.0395 5188 msahci - ok
14:13:14.0425 5188 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:13:14.0425 5188 msdsm - ok
14:13:14.0445 5188 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:13:14.0455 5188 MSDTC - ok
14:13:14.0485 5188 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:13:14.0485 5188 Msfs - ok
14:13:14.0505 5188 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:13:14.0505 5188 mshidkmdf - ok
14:13:14.0535 5188 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:13:14.0535 5188 msisadrv - ok
14:13:14.0555 5188 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:13:14.0565 5188 MSiSCSI - ok
14:13:14.0575 5188 msiserver - ok
14:13:14.0605 5188 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:13:14.0605 5188 MSKSSRV - ok
14:13:14.0625 5188 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:13:14.0625 5188 MSPCLOCK - ok
14:13:14.0635 5188 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:13:14.0635 5188 MSPQM - ok
14:13:14.0675 5188 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:13:14.0685 5188 MsRPC - ok
14:13:14.0715 5188 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:13:14.0715 5188 mssmbios - ok
14:13:14.0725 5188 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:13:14.0735 5188 MSTEE - ok
14:13:14.0745 5188 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:13:14.0745 5188 MTConfig - ok
14:13:14.0765 5188 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:13:14.0765 5188 Mup - ok
14:13:14.0805 5188 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:13:14.0815 5188 napagent - ok
14:13:14.0845 5188 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:13:14.0855 5188 NativeWifiP - ok
14:13:14.0905 5188 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:13:14.0925 5188 NDIS - ok
14:13:14.0945 5188 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:13:14.0945 5188 NdisCap - ok
14:13:14.0975 5188 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:13:14.0995 5188 NdisTapi - ok
14:13:15.0025 5188 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:13:15.0025 5188 Ndisuio - ok
14:13:15.0045 5188 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:13:15.0045 5188 NdisWan - ok
14:13:15.0075 5188 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:13:15.0075 5188 NDProxy - ok
14:13:15.0125 5188 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:13:15.0125 5188 Net Driver HPZ12 - ok
14:13:15.0375 5188 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:13:15.0375 5188 NetBIOS - ok
14:13:15.0445 5188 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:13:15.0445 5188 NetBT - ok
14:13:15.0475 5188 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:13:15.0475 5188 Netlogon - ok
14:13:15.0515 5188 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:13:15.0525 5188 Netman - ok
14:13:15.0545 5188 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:13:15.0565 5188 netprofm - ok
14:13:15.0585 5188 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:13:15.0595 5188 NetTcpPortSharing - ok
14:13:15.0615 5188 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:13:15.0615 5188 nfrd960 - ok
14:13:15.0645 5188 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:13:15.0655 5188 NlaSvc - ok
14:13:15.0665 5188 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:13:15.0665 5188 Npfs - ok
14:13:15.0685 5188 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:13:15.0695 5188 nsi - ok
14:13:15.0705 5188 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:13:15.0705 5188 nsiproxy - ok
14:13:15.0775 5188 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:13:15.0825 5188 Ntfs - ok
14:13:15.0835 5188 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:13:15.0845 5188 Null - ok
14:13:15.0865 5188 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:13:15.0865 5188 nvraid - ok
14:13:15.0895 5188 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:13:15.0905 5188 nvstor - ok
14:13:15.0935 5188 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:13:15.0945 5188 nv_agp - ok
14:13:15.0995 5188 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:13:16.0005 5188 odserv - ok
14:13:16.0035 5188 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:13:16.0035 5188 ohci1394 - ok
14:13:16.0075 5188 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:13:16.0075 5188 ose - ok
14:13:16.0105 5188 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:13:16.0115 5188 p2pimsvc - ok
14:13:16.0145 5188 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:13:16.0155 5188 p2psvc - ok
14:13:16.0175 5188 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:13:16.0185 5188 Parport - ok
14:13:16.0215 5188 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:13:16.0225 5188 partmgr - ok
14:13:16.0235 5188 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:13:16.0245 5188 PcaSvc - ok
14:13:16.0265 5188 PCDSRVC{61A6314B-67E718C5-06000000}_0 - ok
14:13:16.0295 5188 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:13:16.0305 5188 pci - ok
14:13:16.0315 5188 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:13:16.0315 5188 pciide - ok
14:13:16.0335 5188 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:13:16.0345 5188 pcmcia - ok
14:13:16.0385 5188 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
14:13:16.0385 5188 pcouffin - ok
14:13:16.0405 5188 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:13:16.0405 5188 pcw - ok
14:13:16.0435 5188 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:13:16.0445 5188 PEAUTH - ok
14:13:16.0515 5188 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:13:16.0515 5188 PerfHost - ok
14:13:16.0585 5188 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:13:16.0625 5188 pla - ok
14:13:16.0815 5188 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:13:16.0815 5188 PlugPlay - ok
14:13:16.0845 5188 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:13:16.0845 5188 Pml Driver HPZ12 - ok
14:13:16.0865 5188 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:13:16.0875 5188 PNRPAutoReg - ok
14:13:16.0895 5188 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:13:17.0185 5188 PNRPsvc - ok
14:13:17.0245 5188 [ A6D06378F37BDBA0C0019294C2AABBD0 ] Point64 C:\Windows\system32\DRIVERS\point64k.sys
14:13:17.0245 5188 Point64 - ok
14:13:17.0325 5188 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:13:17.0615 5188 PolicyAgent - ok
14:13:17.0645 5188 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:13:17.0655 5188 Power - ok
14:13:17.0695 5188 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:13:17.0695 5188 PptpMiniport - ok
14:13:17.0725 5188 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:13:17.0725 5188 Processor - ok
14:13:17.0775 5188 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:13:17.0785 5188 ProfSvc - ok
14:13:17.0795 5188 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:13:17.0805 5188 ProtectedStorage - ok
14:13:17.0825 5188 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:13:17.0825 5188 Psched - ok
14:13:17.0885 5188 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:13:17.0925 5188 ql2300 - ok
14:13:17.0945 5188 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:13:17.0945 5188 ql40xx - ok
14:13:17.0985 5188 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:13:17.0995 5188 QWAVE - ok
14:13:18.0025 5188 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:13:18.0025 5188 QWAVEdrv - ok
14:13:18.0045 5188 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:13:18.0045 5188 RasAcd - ok
14:13:18.0065 5188 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:13:18.0075 5188 RasAgileVpn - ok
14:13:18.0095 5188 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:13:18.0095 5188 RasAuto - ok
14:13:18.0135 5188 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:13:18.0135 5188 Rasl2tp - ok
14:13:18.0155 5188 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:13:18.0165 5188 RasMan - ok
14:13:18.0205 5188 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:13:18.0205 5188 RasPppoe - ok
14:13:18.0225 5188 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:13:18.0225 5188 RasSstp - ok
14:13:18.0265 5188 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:13:18.0275 5188 rdbss - ok
14:13:18.0295 5188 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:13:18.0295 5188 rdpbus - ok
14:13:18.0305 5188 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:13:18.0315 5188 RDPCDD - ok
14:13:18.0335 5188 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:13:18.0335 5188 RDPENCDD - ok
14:13:18.0345 5188 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:13:18.0345 5188 RDPREFMP - ok
14:13:18.0385 5188 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:13:18.0395 5188 RDPWD - ok
14:13:18.0415 5188 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:13:18.0425 5188 rdyboost - ok
14:13:18.0445 5188 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:13:18.0455 5188 RemoteAccess - ok
14:13:18.0495 5188 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:13:18.0505 5188 RemoteRegistry - ok
14:13:18.0525 5188 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:13:18.0535 5188 RpcEptMapper - ok
14:13:18.0555 5188 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:13:18.0565 5188 RpcLocator - ok
14:13:18.0595 5188 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:13:18.0605 5188 RpcSs - ok
14:13:18.0615 5188 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:13:18.0625 5188 rspndr - ok
14:13:18.0665 5188 [ 91296F0B2653281B2F11E0FCE56AA427 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:13:18.0665 5188 RTL8167 - ok
14:13:18.0685 5188 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:13:18.0685 5188 SamSs - ok
14:13:18.0725 5188 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:13:18.0725 5188 sbp2port - ok
14:13:18.0755 5188 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:13:18.0765 5188 SCardSvr - ok
14:13:18.0795 5188 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:13:18.0795 5188 scfilter - ok
14:13:18.0835 5188 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:13:18.0875 5188 Schedule - ok
14:13:18.0905 5188 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:13:18.0915 5188 SCPolicySvc - ok
14:13:18.0945 5188 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:13:18.0955 5188 SDRSVC - ok
14:13:19.0025 5188 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
14:13:19.0025 5188 SeaPort - ok
14:13:19.0045 5188 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:13:19.0045 5188 secdrv - ok
14:13:19.0095 5188 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:13:19.0095 5188 seclogon - ok
14:13:19.0125 5188 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:13:19.0125 5188 SENS - ok
14:13:19.0145 5188 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:13:19.0145 5188 SensrSvc - ok
14:13:19.0165 5188 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:13:19.0165 5188 Serenum - ok
14:13:19.0195 5188 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:13:19.0195 5188 Serial - ok
14:13:19.0225 5188 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:13:19.0235 5188 sermouse - ok
14:13:19.0285 5188 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:13:19.0295 5188 SessionEnv - ok
14:13:19.0315 5188 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:13:19.0315 5188 sffdisk - ok
14:13:19.0335 5188 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:13:19.0335 5188 sffp_mmc - ok
14:13:19.0355 5188 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:13:19.0355 5188 sffp_sd - ok
14:13:19.0375 5188 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:13:19.0375 5188 sfloppy - ok
14:13:19.0415 5188 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:13:19.0435 5188 ShellHWDetection - ok
14:13:19.0465 5188 [ 0F498DEE92FD73DD999BAE4D506367F5 ] SI3132 C:\Windows\system32\DRIVERS\SI3132.sys
14:13:19.0465 5188 SI3132 - ok
14:13:19.0505 5188 [ 127CE10E01F53F2EDACA7FE42E5631EA ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys
14:13:19.0505 5188 SiFilter - ok
14:13:19.0525 5188 [ B742C37002B8EBEF6E230DF9B4B28546 ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys
14:13:19.0525 5188 SiRemFil - ok
14:13:19.0545 5188 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:13:19.0545 5188 SiSRaid2 - ok
14:13:19.0555 5188 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:13:19.0555 5188 SiSRaid4 - ok
14:13:19.0585 5188 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:13:19.0585 5188 Smb - ok
14:13:19.0615 5188 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:13:19.0615 5188 SNMPTRAP - ok
14:13:19.0635 5188 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:13:19.0635 5188 spldr - ok
14:13:19.0685 5188 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:13:19.0695 5188 Spooler - ok
14:13:19.0815 5188 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:13:19.0925 5188 sppsvc - ok
14:13:19.0955 5188 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:13:19.0965 5188 sppuinotify - ok
14:13:20.0005 5188 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:13:20.0015 5188 srv - ok
14:13:20.0045 5188 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:13:20.0055 5188 srv2 - ok
14:13:20.0075 5188 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:13:20.0075 5188 srvnet - ok
14:13:20.0125 5188 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:13:20.0135 5188 SSDPSRV - ok
14:13:20.0145 5188 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:13:20.0155 5188 SstpSvc - ok
14:13:20.0185 5188 [ BBD683974D4BF2B9E2D8638CF503ACD8 ] sstsmonsvc C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_svc.exe
14:13:20.0185 5188 sstsmonsvc - ok
14:13:20.0205 5188 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:13:20.0205 5188 stexstor - ok
14:13:20.0245 5188 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:13:20.0275 5188 stisvc - ok
14:13:20.0305 5188 [ A06B42EF83038667D70BC75CAA6588A0 ] StopSign Update Manager C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe
14:13:20.0305 5188 StopSign Update Manager - ok
14:13:20.0345 5188 [ 745E8BDD1AD92BCE97DBCF1BA60D4045 ] SUSTUCAM C:\Windows\system32\DRIVERS\sustucam.sys
14:13:20.0345 5188 SUSTUCAM - ok
14:13:20.0395 5188 [ C7C1C5CA51447B273A6C8BC972397BA5 ] SUSTUCAP C:\Windows\system32\DRIVERS\sustucap.sys
14:13:20.0395 5188 SUSTUCAP - ok
14:13:20.0405 5188 [ A69A9A9FE119907E85BB30CDFBFB2A38 ] SUSTUCAU C:\Windows\system32\DRIVERS\sustucau.sys
14:13:20.0415 5188 SUSTUCAU - ok
14:13:20.0425 5188 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:13:20.0425 5188 swenum - ok
14:13:20.0455 5188 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:13:20.0485 5188 swprv - ok
14:13:20.0555 5188 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:13:20.0615 5188 SysMain - ok
14:13:20.0635 5188 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:13:20.0645 5188 TabletInputService - ok
14:13:20.0665 5188 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:13:20.0675 5188 TapiSrv - ok
14:13:20.0695 5188 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:13:20.0706 5188 TBS - ok
14:13:20.0796 5188 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:13:20.0856 5188 Tcpip - ok
14:13:20.0926 5188 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:13:20.0956 5188 TCPIP6 - ok
14:13:21.0006 5188 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:13:21.0006 5188 tcpipreg - ok
14:13:21.0026 5188 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:13:21.0026 5188 TDPIPE - ok
14:13:21.0066 5188 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:13:21.0066 5188 TDTCP - ok
14:13:21.0096 5188 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:13:21.0096 5188 tdx - ok
14:13:21.0126 5188 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:13:21.0136 5188 TermDD - ok
14:13:21.0166 5188 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:13:21.0186 5188 TermService - ok
14:13:21.0206 5188 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:13:21.0206 5188 Themes - ok
14:13:21.0236 5188 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:13:21.0236 5188 THREADORDER - ok
14:13:21.0276 5188 [ 99559F8DE53EAC2C8DBC23595803A69D ] TMEBC C:\Windows\system32\DRIVERS\TMEBC64.sys
14:13:21.0276 5188 TMEBC - ok
14:13:21.0296 5188 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:13:21.0296 5188 TrkWks - ok
14:13:21.0346 5188 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:13:21.0346 5188 TrustedInstaller - ok
14:13:21.0386 5188 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:13:21.0386 5188 tssecsrv - ok
14:13:21.0416 5188 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:13:21.0426 5188 TsUsbFlt - ok
14:13:21.0466 5188 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:13:21.0476 5188 tunnel - ok
14:13:21.0496 5188 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:13:21.0506 5188 uagp35 - ok
14:13:21.0526 5188 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:13:21.0536 5188 udfs - ok
14:13:21.0576 5188 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:13:21.0576 5188 UI0Detect - ok
14:13:21.0616 5188 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:13:21.0616 5188 uliagpkx - ok
14:13:21.0636 5188 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
14:13:21.0646 5188 umbus - ok
14:13:21.0656 5188 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:13:21.0666 5188 UmPass - ok
14:13:21.0706 5188 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:13:21.0726 5188 upnphost - ok
14:13:21.0776 5188 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:13:21.0786 5188 USBAAPL64 - ok
14:13:21.0936 5188 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:13:21.0946 5188 usbccgp - ok
14:13:21.0996 5188 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:13:22.0036 5188 usbcir - ok
14:13:22.0116 5188 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:13:22.0126 5188 usbehci - ok
14:13:22.0156 5188 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
14:13:22.0156 5188 usbfilter - ok
14:13:22.0196 5188 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:13:22.0196 5188 usbhub - ok
14:13:22.0206 5188 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:13:22.0216 5188 usbohci - ok
14:13:22.0236 5188 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:13:22.0236 5188 usbprint - ok
14:13:22.0256 5188 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:13:22.0256 5188 usbscan - ok
14:13:22.0276 5188 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:13:22.0276 5188 USBSTOR - ok
14:13:22.0296 5188 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:13:22.0306 5188 usbuhci - ok
14:13:22.0326 5188 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:13:22.0326 5188 UxSms - ok
14:13:22.0346 5188 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:13:22.0346 5188 VaultSvc - ok
14:13:22.0356 5188 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:13:22.0356 5188 vdrvroot - ok
14:13:22.0407 5188 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:13:22.0422 5188 vds - ok
14:13:22.0448 5188 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:13:22.0458 5188 vga - ok
14:13:22.0488 5188 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:13:22.0488 5188 VgaSave - ok
14:13:22.0518 5188 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:13:22.0528 5188 vhdmp - ok
14:13:22.0558 5188 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:13:22.0558 5188 viaide - ok
14:13:22.0578 5188 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:13:22.0578 5188 volmgr - ok
14:13:22.0618 5188 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:13:22.0628 5188 volmgrx - ok
14:13:22.0648 5188 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:13:22.0658 5188 volsnap - ok
14:13:22.0678 5188 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:13:22.0688 5188 vsmraid - ok
14:13:22.0748 5188 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:13:22.0788 5188 VSS - ok
14:13:22.0808 5188 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:13:22.0808 5188 vwifibus - ok
14:13:22.0828 5188 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:13:22.0828 5188 vwififlt - ok
14:13:22.0858 5188 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:13:22.0868 5188 W32Time - ok
14:13:22.0888 5188 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:13:22.0888 5188 WacomPen - ok
14:13:22.0908 5188 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:13:22.0918 5188 WANARP - ok
14:13:22.0918 5188 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:13:22.0928 5188 Wanarpv6 - ok
14:13:22.0988 5188 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:13:23.0028 5188 WatAdminSvc - ok
14:13:23.0078 5188 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:13:23.0128 5188 wbengine - ok
14:13:23.0148 5188 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:13:23.0158 5188 WbioSrvc - ok
14:13:23.0188 5188 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:13:23.0198 5188 wcncsvc - ok
14:13:23.0218 5188 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:13:23.0228 5188 WcsPlugInService - ok
14:13:23.0238 5188 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:13:23.0238 5188 Wd - ok
14:13:23.0268 5188 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
14:13:23.0278 5188 WDC_SAM - ok
14:13:23.0298 5188 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:13:23.0318 5188 Wdf01000 - ok
14:13:23.0338 5188 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:13:23.0338 5188 WdiServiceHost - ok
14:13:23.0348 5188 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:13:23.0358 5188 WdiSystemHost - ok
14:13:23.0388 5188 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:13:23.0398 5188 WebClient - ok
14:13:23.0418 5188 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:13:23.0428 5188 Wecsvc - ok
14:13:23.0448 5188 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:13:23.0458 5188 wercplsupport - ok
14:13:23.0468 5188 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:13:23.0478 5188 WerSvc - ok
14:13:23.0488 5188 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:13:23.0488 5188 WfpLwf - ok
14:13:23.0508 5188 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:13:23.0508 5188 WIMMount - ok
14:13:23.0518 5188 WinHttpAutoProxySvc - ok
14:13:23.0578 5188 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:13:23.0588 5188 Winmgmt - ok
14:13:23.0648 5188 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:13:23.0698 5188 WinRM - ok
14:13:23.0748 5188 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:13:23.0758 5188 WinUsb - ok
14:13:23.0798 5188 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:13:23.0818 5188 Wlansvc - ok
14:13:23.0838 5188 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:13:23.0838 5188 WmiAcpi - ok
14:13:23.0878 5188 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:13:23.0878 5188 wmiApSrv - ok
14:13:23.0908 5188 WMPNetworkSvc - ok
14:13:23.0928 5188 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:13:23.0928 5188 WPCSvc - ok
14:13:23.0968 5188 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:13:23.0978 5188 WPDBusEnum - ok
14:13:23.0998 5188 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:13:23.0998 5188 ws2ifsl - ok
14:13:24.0008 5188 WSearch - ok
14:13:24.0038 5188 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:13:24.0048 5188 WudfPf - ok
14:13:24.0058 5188 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:13:24.0068 5188 WUDFRd - ok
14:13:24.0088 5188 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:13:24.0098 5188 wudfsvc - ok
14:13:24.0128 5188 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:13:24.0138 5188 WwanSvc - ok
14:13:24.0168 5188 ================ Scan global ===============================
14:13:24.0178 5188 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:13:24.0218 5188 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
14:13:24.0228 5188 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
14:13:24.0258 5188 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:13:24.0298 5188 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:13:24.0308 5188 [Global] - ok
14:13:24.0308 5188 ================ Scan MBR ==================================
14:13:24.0318 5188 [ D903658E313289C7E22A468124057BEC ] \Device\Harddisk0\DR0
14:13:24.0548 5188 \Device\Harddisk0\DR0 - ok
14:13:24.0548 5188 ================ Scan VBR ==================================
14:13:24.0558 5188 [ 39590E0073E64473A2A87DFF4B1F0429 ] \Device\Harddisk0\DR0\Partition1
14:13:24.0558 5188 \Device\Harddisk0\DR0\Partition1 - ok
14:13:24.0578 5188 [ E65BB95580D64ECFC7064FF50B86F343 ] \Device\Harddisk0\DR0\Partition2
14:13:24.0588 5188 \Device\Harddisk0\DR0\Partition2 - ok
14:13:24.0618 5188 [ C03AE3B0D098EECD1866A775F9E73C98 ] \Device\Harddisk0\DR0\Partition3
14:13:24.0618 5188 \Device\Harddisk0\DR0\Partition3 - ok
14:13:24.0618 5188 ============================================================
14:13:24.0618 5188 Scan finished
14:13:24.0618 5188 ============================================================
14:13:24.0648 5196 Detected object count: 0
14:13:24.0648 5196 Actual detected object count: 0

#4 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 30 November 2012 - 02:44 PM

It looks like some kind of rootkit. I see two ghosted desktop.ini files on the desktop that I never noticed before.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-30 14:13:16
-----------------------------
14:13:16.855 OS Version: Windows x64 6.1.7601 Service Pack 1
14:13:16.855 Number of processors: 4 586 0x402
14:13:16.855 ComputerName: TONY-PC UserName: Tony
14:13:21.576 Initialize success
14:14:21.096 AVAST engine defs: 12113000
14:14:35.307 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
14:14:35.307 Disk 0 Vendor: Seagate_ HP35 Size: 953869MB BusType: 8
14:14:35.317 Disk 0 MBR read successfully
14:14:35.327 Disk 0 MBR scan
14:14:35.327 Disk 0 unknown MBR code
14:14:35.337 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:14:35.357 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941131 MB offset 206911
14:14:35.387 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12635 MB offset 1927645184
14:14:35.427 Disk 0 scanning C:\Windows\system32\drivers
14:14:49.400 Service scanning
14:15:04.346 Service PCDSRVC{61A6314B-67E718C5-06000000}_0 h:\64_pcdr5\pcdsrvc_x64.pkms **LOCKED** 21
14:15:15.420 Modules scanning
14:15:15.430 Disk 0 trace - called modules:
14:15:15.460 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
14:15:15.470 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007423790]
14:15:15.490 3 CLASSPNP.SYS[fffff880018e543f] -> nt!IofCallDriver -> \Device\00000060[0xfffffa80072169c0]
14:15:18.670 AVAST engine scan C:\Windows
14:15:21.858 AVAST engine scan C:\Windows\system32
14:19:02.725 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:19:07.780 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:21:04.813 AVAST engine scan C:\Windows\system32\drivers
14:21:35.640 AVAST engine scan C:\Users\Tony
14:24:33.475 File: C:\Users\Tony\AppData\Roaming\System\svchost.exe **INFECTED** Win32:Ransom-ZW [Trj]
14:26:53.538 AVAST engine scan C:\ProgramData
14:28:11.113 Scan finished successfully
14:41:33.660 Disk 0 MBR has been saved successfully to "C:\Users\Tony\Desktop\New folder\MBR.dat"
14:41:33.689 The log file has been saved successfully to "C:\Users\Tony\Desktop\New folder\aswMBR.txt"

#5 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 30 November 2012 - 04:44 PM

C:\Users\Tony\AppData\Roaming\System\svchost.exe Win32/TrojanDownloader.Small.PNV trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:23 AM

Posted 30 November 2012 - 05:27 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#7 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 30 November 2012 - 09:06 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.01.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tony :: TONY-PC [administrator]

11/30/2012 7:59:21 PM
mbam-log-2012-11-30 (19-59-21).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 413071
Time elapsed: 1 hour(s), 2 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\$Recycle.Bin\S-1-5-18\$ddce05c1f6dde254af95ab46b5c9190e\n (Trojan.0Access) -> Delete on reboot.
C:\$Recycle.Bin\S-1-5-18\$ddce05c1f6dde254af95ab46b5c9190e\U\00000004.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$ddce05c1f6dde254af95ab46b5c9190e\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$ddce05c1f6dde254af95ab46b5c9190e\U\000000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$ddce05c1f6dde254af95ab46b5c9190e\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$ddce05c1f6dde254af95ab46b5c9190e\U\80000032.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$ddce05c1f6dde254af95ab46b5c9190e\U\80000064.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-810733662-3410757680-3389516245-1003\$ddce05c1f6dde254af95ab46b5c9190e\n (Trojan.0Access) -> Delete on reboot.

(end)

#8 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 30 November 2012 - 09:10 PM

MiniToolBox by Farbar Version: 25-11-2012
Ran by Tony (administrator) on 30-11-2012 at 21:07:45
Running from "C:\Users\Tony\Desktop\New folder"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

# ::1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Atheros 802.11 a/b/g/n Dualband Wireless Network Module = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Tony-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-24-81-EC-FF-12
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5f5:a219:7a8d:52b1%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, November 30, 2012 9:05:18 PM
Lease Expires . . . . . . . . . . : Saturday, December 01, 2012 9:05:18 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 285222017
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-D2-93-52-00-24-81-EC-FF-12
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Physical Address. . . . . . . . . : 00-26-82-14-D4-E7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9FDC186F-754C-4BD2-8737-0C226F613883}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9734DE3F-0A90-4CF7-B5E8-AEF8625CCF37}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4002:c04::64
74.125.140.102
74.125.140.113
74.125.140.139
74.125.140.100
74.125.140.101
74.125.140.138


Pinging google.com [74.125.137.139] with 32 bytes of data:
Reply from 74.125.137.139: bytes=32 time=29ms TTL=46
Reply from 74.125.137.139: bytes=32 time=29ms TTL=46

Ping statistics for 74.125.137.139:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 29ms, Maximum = 29ms, Average = 29ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.138.253.109
72.30.38.140
98.139.183.24


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=139ms TTL=47
Reply from 98.138.253.109: bytes=32 time=157ms TTL=47

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 139ms, Maximum = 157ms, Average = 148ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 24 81 ec ff 12 ......Realtek PCIe GBE Family Controller
10...00 26 82 14 d4 e7 ......Atheros 802.11 a/b/g/n Dualband Wireless Network Module
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::5f5:a219:7a8d:52b1/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 06 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/30/2012 09:05:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/30/2012 09:03:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x73dbc9f1
Faulting process id: 0xc8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (11/30/2012 04:05:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 9.0.8112.16450, time stamp: 0x50372c8a
Exception code: 0xc0000005
Fault offset: 0x001d9ad6
Faulting process id: 0xa50
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (11/30/2012 02:44:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/30/2012 02:43:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/30/2012 02:43:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/30/2012 02:43:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/30/2012 02:13:49 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/30/2012 02:13:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/30/2012 02:13:40 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (11/30/2012 09:05:23 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (11/30/2012 09:05:22 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (11/30/2012 09:05:22 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (11/30/2012 09:04:20 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/30/2012 00:25:28 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (11/30/2012 00:25:27 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (11/30/2012 00:25:26 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (11/29/2012 04:08:25 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/27/2012 07:43:35 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (11/27/2012 07:43:34 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (12/31/2010 03:14:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2012-10-07 16:15:05.266
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\PROGRA~2\ACCELE~1\ANTI-V~1\EacCleanDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-10-07 16:15:04.970
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\PROGRA~2\ACCELE~1\ANTI-V~1\EacCleanDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-08-23 22:07:07.729
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\PROGRA~2\ACCELE~1\ANTI-V~1\EacCleanDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-08-23 22:07:07.557
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\PROGRA~2\ACCELE~1\ANTI-V~1\EacCleanDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-07-02 23:46:54.352
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\PROGRA~2\ACCELE~1\ANTI-V~1\EacCleanDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-07-02 23:46:54.181
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\PROGRA~2\ACCELE~1\ANTI-V~1\EacCleanDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-07-02 15:47:01.532
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\PROGRA~2\ACCELE~1\ANTI-V~1\EacCleanDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-07-02 15:47:01.267
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\PROGRA~2\ACCELE~1\ANTI-V~1\EacCleanDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-06-23 18:35:55.966
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\PROGRA~2\ACCELE~1\ANTI-V~1\EacCleanDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-06-23 18:35:55.857
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\PROGRA~2\ACCELE~1\ANTI-V~1\EacCleanDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer (Version: 6.2.1)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.3)
Adobe AIR (Version: 2.0.4.13090)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.110)
Adobe Flash Player 11 Plugin (Version: 11.5.502.110)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AMD USB Filter Driver (Version: 1.0.11.86)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite MFC-8460N (Version: 1.0.0.0)
BufferChm (Version: 130.0.331.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Full Existing (Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Full New (Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Light (Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0614.2131.36800)
Catalyst Control Center InstallProxy (Version: 2009.0614.2131.36800)
Catalyst Control Center Localization All (Version: 2009.0614.2131.36800)
ccc-core-static (Version: 2009.0614.2131.36800)
ccc-utility64 (Version: 2009.0614.2131.36800)
CCC Help Chinese Standard (Version: 2009.0614.2130.36800)
CCC Help Chinese Traditional (Version: 2009.0614.2130.36800)
CCC Help Czech (Version: 2009.0614.2130.36800)
CCC Help Danish (Version: 2009.0614.2130.36800)
CCC Help Dutch (Version: 2009.0614.2130.36800)
CCC Help English (Version: 2009.0614.2130.36800)
CCC Help Finnish (Version: 2009.0614.2130.36800)
CCC Help French (Version: 2009.0614.2130.36800)
CCC Help German (Version: 2009.0614.2130.36800)
CCC Help Greek (Version: 2009.0614.2130.36800)
CCC Help Hungarian (Version: 2009.0614.2130.36800)
CCC Help Italian (Version: 2009.0614.2130.36800)
CCC Help Japanese (Version: 2009.0614.2130.36800)
CCC Help Korean (Version: 2009.0614.2130.36800)
CCC Help Norwegian (Version: 2009.0614.2130.36800)
CCC Help Polish (Version: 2009.0614.2130.36800)
CCC Help Portuguese (Version: 2009.0614.2130.36800)
CCC Help Russian (Version: 2009.0614.2130.36800)
CCC Help Spanish (Version: 2009.0614.2130.36800)
CCC Help Swedish (Version: 2009.0614.2130.36800)
CCC Help Thai (Version: 2009.0614.2130.36800)
CCC Help Turkish (Version: 2009.0614.2130.36800)
CCleaner (Version: 2.33)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 5.0.0.0)
CyberLink DVD Suite Deluxe (Version: 6.0.3101)
D6100_D7100_D7300_Help (Version: 82.0.233.000)
D7300 (Version: 130.0.365.000)
DataPilot 7 (Version: 7.01.0013)
DeviceDiscovery (Version: 130.0.465.000)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 7.0.8.2 (17/07/2010)
DVDFab 8.0.8.5 (19/03/2011)
ESET Online Scanner v3
Google Chrome (Version: 23.0.1271.95)
Google Update Helper (Version: 1.3.21.123)
GPBaseService2 (Version: 130.0.371.000)
Hardware Diagnostic Tools (Version: 6.0.5205.31)
Homepage Protection (Version: )
HP Advisor (Version: 3.2.8946.3086)
HP Customer Experience Enhancements (Version: 6.0.1.3)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Deskjet & Photosmart Printer Driver Software 13.0 Rel. A (Version: 13.0)
HP Games (Version: 1.0.0.71)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP MediaSmart Demo (Version: 1.00.0000)
HP MediaSmart DVD (Version: 3.0.3123)
HP MediaSmart Movie Themes (Version: 3.0.3102)
HP MediaSmart Music/Photo/Video (Version: 3.0.3205)
HP MediaSmart SmartMenu (Version: 3.0.28.2)
HP Odometer (Version: 2.10.0000)
HP Photo Creations (Version: 1.0.0.5192)
HP Photosmart 7510 series Basic Device Software (Version: 25.0.617.0)
HP Photosmart 7510 series Help (Version: 140.0.2.2)
HP Photosmart 7510 series Product Improvement Study (Version: 25.0.617.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Remote Solution (Version: 1.1.9.0)
HP Setup (Version: 1.2.3220.3079)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Support Assistant (Version: 4.4.6.3)
HP Support Information (Version: 10.1.0002)
HP Update (Version: 5.003.000.004)
HPAsset component for HP Active Support Library (Version: 3.0.1.0)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
iCloud (Version: 1.1.0.40)
iTunes (Version: 10.7.0.21)
Java 7 Update 6 (Version: 7.0.60)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 14.0.8117.416)
LabelPrint (Version: 2.5.1901)
LightScribe System Software (Version: 1.18.5.1)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MarketResearch (Version: 130.0.374.000)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft IntelliPoint 7.0 (Version: 7.0.260.0)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Live Search Toolbar (Version: 3.0.560.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 60 day trial
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PictureMover (Version: 3.3.1.19)
PL-2303 USB-to-Serial (Version: 1.00.000)
Power2Go (Version: 6.0.3101)
PowerDirector (Version: 7.0.3101)
PowerRecover (Version: 5.5.1923)
QuickTime (Version: 7.73.80.64)
RAIDXpert (Version: 2.4.1540.26)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
Realtek High Definition Audio Driver (Version: 6.0.1.6196)
RealUpgrade 1.1 (Version: 1.1.0)
Safari (Version: 5.34.57.2)
SF_CDA_ProductContext (Version: 130.0.365.000)
SF_CDA_Software (Version: 130.0.396.000)
Shop for HP Supplies (Version: 13.0)
Shop to Win 2 (Version: 1.001)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.469.000)
StopSign Internet Security
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
UnloadSupport (Version: 11.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 0.9.2 (Version: 0.9.2)
WebReg (Version: 130.0.132.017)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Yahoo! Install Manager
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 18%
Total physical RAM: 7927.89 MB
Available physical RAM: 6482.72 MB
Total Pagefile: 15853.97 MB
Available Pagefile: 14279.99 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.41 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:919.07 GB) (Free:696.84 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.34 GB) (Free:1.92 GB) NTFS

========================= Users: ========================================

User accounts for \\TONY-PC

Administrator Guest Tony

========================= Restore Points ==================================

28-11-2012 01:48:42 Scheduled Checkpoint

**** End of log ****

Farbar Service Scanner Version: 09-11-2012
Ran by Tony (administrator) on 30-11-2012 at 21:09:24
Running from "C:\Users\Tony\Desktop\New folder"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#9 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 30 November 2012 - 09:14 PM

# AdwCleaner v2.010 - Logfile created 11/30/2012 at 21:10:26
# Updated 29/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tony - TONY-PC
# Boot Mode : Normal
# Running from : C:\Users\Tony\Desktop\New folder\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Tony\Desktop\Software

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\j9lcdna0.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3051 octets] - [25/08/2012 23:16:37]
AdwCleaner[S4].txt - [1748 octets] - [30/11/2012 21:10:26]

########## EOF - C:\AdwCleaner[S4].txt - [1808 octets] ##########

#10 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 30 November 2012 - 09:23 PM

A jucheck.exe window popped up while running junkware removal tool.

The two desktop.ini files are still visible as ghosts on the desktop.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.6.9 (11.30.2012:2)
OS: Windows 7 Home Premium x64
Ran by Tony on Fri 11/30/2012 at 21:14:40.04
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bProtector Start Page
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{abd3b5e1-b268-407b-a150-2641dab8d898}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{abd3b5e1-b268-407b-a150-2641dab8d898}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



~~~ FireFox

Successfully deleted: [File] C:\Users\Tony\AppData\Roaming\mozilla\firefox\profiles\j9lcdna0.default\bprotector_extensions.sqlite



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/30/2012 at 21:21:43.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:23 AM

Posted 30 November 2012 - 10:29 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#12 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 30 November 2012 - 11:29 PM

Farbar Service Scanner Version: 09-11-2012
Ran by Tony (administrator) on 30-11-2012 at 23:29:25
Running from "C:\Users\Tony\Desktop\New folder"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#13 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 30 November 2012 - 11:31 PM

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/30/2012 11:30:03 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\SysWOW64\WinMsgBalloonServer.exe (PID: 1064) [WD-HEUR]
* C:\Windows\SysWOW64\WinMsgBalloonClient.exe (PID: 1976) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-18\$ddce05c1f6dde254af95ab46b5c9190e\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$ddce05c1f6dde254af95ab46b5c9190e\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$ddce05c1f6dde254af95ab46b5c9190e\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$ddce05c1f6dde254af95ab46b5c9190e\L\00000004.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$ddce05c1f6dde254af95ab46b5c9190e\L\201d3dde [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$ddce05c1f6dde254af95ab46b5c9190e\L\4cce1f70 [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$ddce05c1f6dde254af95ab46b5c9190e\L\55490ac4 [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$ddce05c1f6dde254af95ab46b5c9190e\U\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-810733662-3410757680-3389516245-1003\$ddce05c1f6dde254af95ab46b5c9190e\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-810733662-3410757680-3389516245-1003\$ddce05c1f6dde254af95ab46b5c9190e\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-810733662-3410757680-3389516245-1003\$ddce05c1f6dde254af95ab46b5c9190e\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-810733662-3410757680-3389516245-1003\$ddce05c1f6dde254af95ab46b5c9190e\U\ [ZA Dir]
* C:\Windows\assembly\GAC_32\Desktop.ini [ZA File]
* C:\Windows\assembly\GAC_64\Desktop.ini [ZA File]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/30/2012 11:30:22 PM
Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s)

#14 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 30 November 2012 - 11:33 PM

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files (x86)\hp\hp software update\hpwuschd2.exe"
+ "hpqSRMon" "HpqSRmon" "Hewlett-Packard" "c:\program files (x86)\hp\digital imaging\bin\hpqsrmon.exe"
+ "hpsysdrv" "hpsysdrv" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "TkBellExe" "RealNetworks Scheduler" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\update\realsched.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "HP Digital Imaging Monitor.lnk" "HP Digital Imaging Monitor" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
X "Izqeir" "" "" "File not found: C:\Users\Tony\AppData\Roaming\Heez\oxhiy.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "StopSign On-Access Scan" "Real-time virus protection powered by StopSign" "eAcceleration Corp" "c:\program files (x86)\stopsign\onaccess\onaccess_hk64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "StopSign On-Access Scan" "Real-time virus protection powered by StopSign" "eAcceleration Corp" "c:\program files (x86)\stopsign\onaccess\onaccess_hk32.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "StopSignRCS" "StopSign Right-Click-Scan -- RELEASE" "eAcceleration Corp" "c:\program files (x86)\acceleration software\anti-virus\dsshell.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKCU\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "MSCopy" "" "" "File not found: C:\ProgramData\Windows\msseedir.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "MSCopy" "" "" "File not found: C:\ProgramData\Windows\msseedir.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "MSCopy" "" "" "File not found: C:\ProgramData\Windows\msseedir.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "StopSignRCS" "StopSign Right-Click-Scan -- RELEASE" "eAcceleration Corp" "c:\program files (x86)\acceleration software\anti-virus\dsshell.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "&Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Groove GFS Browser Helper" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "HP Print Enhancer" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll"
+ "HP Smart BHO Class" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Microsoft Live Search Toolbar Helper" "MSN® Shell Extender" "Microsoft Corp." "c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll"
+ "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin" "RealPlayer" "c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll"
+ "Search Helper" "Microsoft Search Helper Extention" "Microsoft Corp." "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
+ "Shop to Win 2" "" "Freecause Inc." "c:\program files (x86)\shop to win 2\shoppingbho.dll"
+ "SingleInstance Class" "Yahoo! Single Instance for Mail" "Yahoo! Inc" "c:\program files (x86)\yahoo!\companion\installs\cpn\ytsingleinstance.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
+ "Windows Live Toolbar Helper" "Windows Live Toolbar Core" "Microsoft Corporation" "c:\program files (x86)\windows live\toolbar\wltcore.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "&Windows Live Toolbar" "Windows Live Toolbar Core" "Microsoft Corporation" "c:\program files (x86)\windows live\toolbar\wltcore.dll"
+ "Microsoft Live Search Toolbar" "MSN® Shell Extender" "Microsoft Corp." "c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\onbttnie.dll"
+ "Show or hide HP Smart Web Printing" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll"
+ "SmartPrint" "HP Smart Print Setup" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\smartprint\smartprintsetup.exe"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.5 r502" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\CLMLSvc" "CyberLink MediaLibray Service" "CyberLink" "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe"
+ "\DVDAgent" "HP DVDSmart Resident Program" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\media\dvd\dvdagent.exe"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\Hewlett-Packard\HP Assistant\PC Health Analysis" "HP Support Assistant" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe"
+ "\Hewlett-Packard\HP Assistant\PC Tuneup" "HP Support Assistant" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe"
+ "\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask" "UtilTask" "Microsoft" "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\utiltask.exe"
+ "\HP Photo Creations Messager" "" "" "c:\programdata\hp photo creations\messagecheck.exe"
+ "\HPCeeScheduleForTony" "HP Ceement" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe"
+ "\HPCustParticipation HP Photosmart 7510 series" "HP Customer Participation." "Hewlett-Packard Co." "c:\program files\hp\hp photosmart 7510 series\bin\hpcustpartic.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Microsoft_Hardware_Launch_IPoint_exe" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "\Microsoft_Hardware_Launch_IType_exe" "IType.exe" "Microsoft Corporation" "c:\program files\microsoft intellitype pro\itype.exe"
+ "\PCDRScheduledMaintenance" "Hardware Diagnostic Tools" "PC-Doctor, Inc." "c:\program files\pc-doctor for windows\pcdr5cuiw32.exe"
+ "\RealUpgradeLogonTaskS-1-5-21-810733662-3410757680-3389516245-1003" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files (x86)\real\realupgrade\realupgrade.exe"
+ "\RealUpgradeScheduledTaskS-1-5-21-810733662-3410757680-3389516245-1003" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files (x86)\real\realupgrade\realupgrade.exe"
+ "\RecoveryCDWin7" "ESAdvRemIntegrator" "" "c:\program files (x86)\hewlett-packard\hp tcs\remengine.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "AMD_RAIDXpert" "AMD RAIDXpert Server" "AMD" "c:\program files (x86)\amd\raidxpert\bin\raidxpertservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "eac_notifysvc" "Service for managing messages for users" "eAcceleration Corp" "c:\program files (x86)\eacceleration\framework\eac_notifysvc.dll"
+ "eac_productsvc" "Service for managing eAcceleration product data" "eAcceleration Corp" "c:\program files (x86)\eacceleration\framework\eac_productsvc.exe"
+ "GameConsoleService" "GameConsole management services" "WildTangent, Inc." "c:\program files (x86)\hp games\hp game console\gameconsoleservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "HP Health Check Service" "HP Health Check Service" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp health check\hphc_service.exe"
+ "hpqcxs08" "HP CUE Context Manager Objects" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll"
+ "hpqddsvc" "This service detects and monitors CUE devices on the system." "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll"
+ "hpqwmiex" "hpqwmiex Module" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\1150\intel 32\idrivert.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files (x86)\common files\lightscribe\lssrvc.exe"
+ "Microsoft Office Groove Audit Service" "Groove Audit Service" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveauditservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Microsoft Search Enhancement applications. Also provides server communication for the customer experience improvement program. If this service is disabled, search enhancement features such as search history may not work correctly." "Microsoft Corp." "c:\program files (x86)\microsoft\search enhancement pack\seaport\seaport.exe"
+ "sstsmonsvc" "Provides information about StopSign® Antivirus to the Windows Security Center" "eAcceleration Corp" "c:\program files (x86)\acceleration software\anti-virus\sstsmonsvc0.dll"
+ "StopSign Update Manager" "Provides updating and accounting services for StopSign and eAcceleration products." "eAcceleration" "c:\program files (x86)\common files\eacceleration\eacsvc.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "ahcix64s" "AMD AHCI Compatible Controller Driver for Windows - AMD64 platform" "Advanced Micro Devices, Inc" "c:\windows\system32\drivers\ahcix64s.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athrx.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "AtiPcie" "AMD PCIE Filter Driver for ATI PCIE chipset" "Advanced Micro Devices Inc." "c:\windows\system32\drivers\atipcie.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PCDSRVC{61A6314B-67E718C5-06000000}_0" "" "" "File not found: h:\64_pcdr5\pcdsrvc_x64.pkms"
+ "pcouffin" "low level access layer for CD/DVD/BD devices" "VSO Software" "c:\windows\system32\drivers\pcouffin.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SI3132" "Serial ATA miniport driver" "Silicon Image, Inc" "c:\windows\system32\drivers\si3132.sys"
+ "SiFilter" "Windows Accelerator Driver" "Silicon Image, Inc" "c:\windows\system32\drivers\siwinacc.sys"
+ "SiRemFil" "Filter driver for Silicon Image SATALink controllers." "Silicon Image, Inc" "c:\windows\system32\drivers\siremfil.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SUSTUCAM" "Susteen USB Cable Driver" "Susteen, Inc." "c:\windows\system32\drivers\sustucam.sys"
+ "SUSTUCAP" "Susteen USB Cable Driver" "Susteen, Inc." "c:\windows\system32\drivers\sustucap.sys"
+ "SUSTUCAU" "Susteen USB Cable USB Driver" "Susteen, Inc." "c:\windows\system32\drivers\sustucau.sys"
+ "TMEBC" "Trend Micro Boot Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmebc64.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "usbfilter" "AMD USB Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\usbfilter.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam64.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "msacm.l3codecp" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codecp.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "CL Dvb Subtitle Decoder" "CLDvbSub" "CyberLink_DE" "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrdvbsub.ax"
+ "CL_EVRWindow" "CLEvr" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrevr.dll"
+ "CyberLink Audio Decoder (HP)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\media\dvd\kernel\movie\claud.ax"
+ "CyberLink Audio Decoder (HP)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmraudfx.ax"
+ "CyberLink Audio Effect (HP)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\hewlett-packard\media\dvd\kernel\movie\claudfx.ax"
+ "CyberLink Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmraunrwrapper.ax"
+ "CyberLink Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaunrwrapper.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaursmpl.ax"
+ "CyberLink Audio Spectrum Analyzer (HP)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\claudspa.ax"
+ "CyberLink Audio VolumeBooster" "CyberLink Audio Volume Booster Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gvb.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudiocd.ax"
+ "CyberLink AudioCD Filter (HP)" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\claudiocd.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrdemuxer.ax"
+ "CyberLink Demultiplexer (HP)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\cldemuxer.ax"
+ "Cyberlink Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gdumpdispatch.ax"
+ "Cyberlink Dump Filter" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gdump.ax"
+ "CyberLink DVD Navigator (HP)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\clnavx.ax"
+ "CyberLink DVD Navigator (HP)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\media\dvd\kernel\movie\clnavx.ax"
+ "CyberLink Editing Service 3.0 (Source)" "CES Kernel" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gedtkrn.dll"
+ "CyberLink EPG Decoder" "EPGDec" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrepgdec.ax"
+ "CyberLink File Map Sink" "CyberLink File Map Sink" "Cyberlink Corporation." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrfmsnk.ax"
+ "CyberLink File Map Source" "CyberLink File Map Source" "CyberLink File Map Source" "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrfmsrc.ax"
+ "Cyberlink File Reader (Async.)" "Cyberlink MPEG File Reader" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2greader.ax"
+ "CyberLink Line21 Decoder Filter (HP)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\media\dvd\kernel\movie\clline21.ax"
+ "CyberLink Line21 Decoder Filter (HP)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\clline21.ax"
+ "CyberLink Load Image Filter" "CLImage" "CyberLink" "c:\program files (x86)\cyberlink\shared files\climage.ax"
+ "CyberLink M2V Writer" "CLM2VWriter" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gm2vwriter.ax"
+ "CyberLink MP3 Wrapper-PCM" "CyberLink MP3 Wrapper" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrmp3wrap.ax"
+ "CyberLink MP3/WAV Wrapper" "CyberLink MP3 Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gmp3wrap.ax"
+ "CyberLink MPEG Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gmvd.ax"
+ "CyberLink MPEG Muxer" "MpgMux" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gmpgmux.ax"
+ "CyberLink MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\clsplter.ax"
+ "CyberLink MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files (x86)\cyberlink\power2go\p2gvidenc.ax"
+ "CyberLink MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrmpgvenc.ax"
+ "CyberLink MPEG-1 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gm1spliter.ax"
+ "CyberLink MPEG-2 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gm2spliter.ax"
+ "CyberLink MPEGV Analyzer" "CLMPEGAnalysis" "CyberLink" "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrmpegvanalyzer.ax"
+ "CyberLink PCM Wrapper" "CyberLink PCM Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gpcmenc.ax"
+ "CyberLink Pipe Switch" "CyberLink Pipe Switch" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrpipswch.ax"
+ "CyberLink PTS Regulator" "CyberLink PTS Regulator " "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmptsreg.ax"
+ "CyberLink SBE Filter" "CLSBE" "CyberLink" "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrsbe.ax"
+ "CyberLink SBE Source Filter" "CLSBESrc" "CyberLink" "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrsbesrc.ax"
+ "Cyberlink SubTitle Importor (HP)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\clsubtitle.ax"
+ "Cyberlink SubTitle(HP)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\media\dvd\kernel\movie\clsubtitle.ax"
+ "CyberLink Teletext Decoder Filter" "Teletext Renderer Filter" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrttxdec.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrauts.ax"
+ "CyberLink TimeStretch Filter (CES)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gauts.ax"
+ "CyberLink TimeStretch Filter (HP)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\clauts.ax"
+ "CyberLink TimeStretch Filter (HP)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\media\dvd\kernel\movie\clauts.ax"
+ "CyberLink TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gtlmsplter.ax"
+ "Cyberlink TS Filter Filter" "TSFF" "Cyberlink" "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrtsff.ax"
+ "Cyberlink TS Information" "CLTSInfo" "Cyberlink" "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrtsinfo.ax"
+ "CyberLink Tzan Filter (HP)" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\media\dvd\kernel\movie\cltzan.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gvidfx.ax"
+ "CyberLink Video Effect (HP)" "CLVidFx" "CyberLink" "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\clvidfx.ax"
+ "CyberLink Video Effect (HP)" "CLVidFx" "CyberLink" "c:\program files (x86)\hewlett-packard\media\dvd\kernel\movie\clvidfx.ax"
+ "CyberLink Video Regulator" "CLRGL" "Cyberlink" "c:\program files (x86)\cyberlink\power2go\p2grgl.ax"
+ "CyberLink Video Stabilizer" "CLVideoDeShaking" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gvideostabilizer.ax"
+ "CyberLink Video/SP Decoder (HP)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\video\clvsd.ax"
+ "CyberLink Video/SP Decoder (HP)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\media\dvd\kernel\movie\clvsd.ax"
+ "CyberLink Volume Meter" "CLVolumeMeter" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\hpvolumemeter.ax"
+ "CyberLink WMV Dumper(HP)" "CLWMVDum Dynamic Link Library" "" "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmwmvdump.ax"
+ "MSDVD Audio Wizard (HP)" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\media\dvd\kernel\movie\claudwizard.ax"
+ "P2G Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaud.ax"
+ "P2G Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudenc.ax"
+ "P2G Video Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gvsd.ax"
+ "P2G Video Regulator" "CyberLink Video Regulator" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gresample.ax"
+ "PCM Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmraud.ax"
+ "PCM Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmraudenc.ax"
+ "PCM Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmraursmpl.ax"
+ "PCM Dump Filter" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrdump.ax"
+ "PCM MPEG Muxer" "MpgMux" "CyberLink" "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrmpgmux.ax"
+ "PCM MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrmpgvenc2.ax"
+ "PCM MPEG-2 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrm2splter.ax"
+ "PCM RTP Source Filter" "RTP Source Filter" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrrtpsrc.ax"
+ "PCM SnapShotTIP Filter" "CLSShot" "CyberLink" "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrsshot.ax"
+ "PCM Video Effect" "CLVidFx" "CyberLink" "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrvidfx.ax"
+ "PCM Video Regulator" "CyberLink Video Regulator" "CyberLink" "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrresample.ax"
+ "PCM Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmrvsd.ax"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "Time Regulator" "TimeRegulator" "cyberlink" "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\tv\pcmravi_audtr.ax"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "HP A611 Status Monitor" "Print Status Language Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpinkstsa611lm.dll"
+ "HP Discovery Port Monitor (HP Photosmart 7510 series)" "HP Discovery Port Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpdiscopma611.dll"
+ "PCL hpz3lw71" "LanguageMonitor" "Hewlett-Packard Corporation" "c:\windows\system32\hpz3lw71.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders" "" "" ""
+ "digest.dll" "" "" "File not found: digest.dll"
+ "msapsspc.dll" "" "" "File not found: msapsspc.dll"
+ "msnsspc.dll" "" "" "File not found: msnsspc.dll"

#15 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 30 November 2012 - 11:49 PM

I just had a strange problem with the computer. I was looking through the installed programs and thought I would remove Java & Java update. I don't want those on the computer anymore. After I removed them I wanted to remove some Yahoo toolbars that were installed. The computer shut down automatically during the uninstall. On reboot I got a message "the recycle bin has been corrupted". You might remember I had the same message on this machine before.

I also see "Shop To Win 2" in the list of programs, I will need to remove that as well.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users