Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

apps will not run after virus infection


  • This topic is locked This topic is locked
13 replies to this topic

#1 aliehsh

aliehsh

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 10 August 2012 - 07:03 PM

None of my applications will run properly or allow me to make changes even after multiple scans with bitdefender and spybot. Any help would be greatly appreciated!
My hjt log is as follows:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:46:49 PM, on 8/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Users\Edward Devlin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Edward Devlin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
C:\Users\EDWARD~1\AppData\Local\Temp\Temporary Internet Files\Content.IE5\0SEQEY3Z\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Edward\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12296 bytes

Edited by aliehsh, 11 August 2012 - 01:07 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 15 August 2012 - 07:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464729 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 aliehsh

aliehsh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 16 August 2012 - 08:53 AM

I was directed to what seemed to be an website that infected by computer with a trogan/worn named NBN.rs. I have run bitdefender and spybot which deleted numerous infected files and now is reporting no problems. However, I am unable to access or run my major apps such as Quickbooks and Outlook. Help would be appreciated.
Following is the file after running DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by at 9:25:30 on 2012-08-16
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6134.4298 [GMT -4:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Users\\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Akamai NetSession Interface] "C:\Users\\AppData\Local\Akamai\netsession_win.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{31DDEE32-D7C8-4AF9-80E2-623928DDA57B} : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{834A0E18-69F6-49C0-859B-E444305A8B00} : DhcpNameServer = 10.0.1.1
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\c07kywzu.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
R0 gzflt;gzflt;C:\Windows\system32\DRIVERS\gzflt.sys --> C:\Windows\system32\DRIVERS\gzflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-8-8 103504]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-7-22 690472]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-9-16 386344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-9 1153368]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-8-8 68416]
R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]
R3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
S3 BDSandBox;BDSandBox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-8-18 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-8-18 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-15 14:32:05 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 14:32:05 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 14:32:00 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 14:32:00 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 14:32:00 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 14:32:00 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 14:29:50 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 14:29:50 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 14:29:49 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 14:29:48 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 14:29:47 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-10 18:49:46 -------- d-----w- C:\ProgramData\bdch
2012-08-09 22:15:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-09 22:15:40 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-08 15:25:26 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys
2012-08-08 14:50:05 414414 ----a-w- C:\ProgramData\1344436860.bdinstall.bin
2012-08-08 14:48:21 -------- d-----w- C:\ProgramData\BDLogging
2012-08-08 14:48:14 79952 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
2012-08-08 14:48:14 511328 ----a-w- C:\Windows\capicom.dll
2012-08-08 14:47:55 545064 ----a-w- C:\Windows\System32\drivers\avckf.sys
2012-08-08 14:47:55 258736 ------w- C:\Windows\System32\drivers\avchv.sys
2012-08-08 14:47:51 691896 ------w- C:\Windows\System32\drivers\avc3.sys
2012-08-08 14:43:59 -------- d--h--w- C:\Users\\AppData\Roaming\Bitdefender
2012-08-08 14:43:53 -------- d-----w- C:\ProgramData\Bitdefender
2012-08-08 14:42:08 -------- d--h--w- C:\Users\\AppData\Roaming\QuickScan
2012-08-08 14:41:33 329800 ----a-w- C:\Windows\System32\drivers\trufos.sys
2012-08-08 14:41:33 138232 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2012-08-08 14:41:33 -------- d-----w- C:\Program Files\Bitdefender
2012-08-08 14:40:42 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2012-08-07 05:49:57 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94B47A85-0F81-4722-A564-7174E241E123}\mpengine.dll
2012-07-20 13:57:17 -------- d--h--w- C:\Users\\IGC
2012-07-20 13:57:10 -------- d--h--w- C:\Users\\BEJ5.5.0.23
.
==================== Find3M ====================
.
2012-08-15 04:12:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-15 04:12:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 9:26:39.05 ===============

Attached Files



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:35 AM

Posted 17 August 2012 - 03:17 AM

Hello aliehsh,

Welcome to the forum and apologies for the delay.

However, I am unable to access or run my major apps such as Quickbooks and Outlook.

Could you please elaborate on this and tell me in more details what happens and the error you get, if you get any.

For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:35 AM

Posted 19 August 2012 - 04:13 AM

Are you still there and need assistance?

#6 aliehsh

aliehsh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 21 August 2012 - 01:06 PM

I still need assisstance...running Farbar and will post results

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:35 AM

Posted 21 August 2012 - 03:08 PM

:thumbup2:

Please also give me feedback about the question I asked.

#8 aliehsh

aliehsh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 21 August 2012 - 03:58 PM

The computer is free of infection according to bitdefender and spyboy, but I am still unable to send and receive in Outlook or open my business in Quickbooks.

Farbar log:
Scan result of Farbar Recovery Scan Tool Version: 19-08-2012
Ran by SYSTEM at 21-08-2012 16:13:44
Running from H:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [385560 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [363544 2009-09-23] (Intel Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873288 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1528432 2012-07-31] (Bitdefender)
HKLM-x32\...\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [623880 2008-11-18] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1406248 2011-04-08] (Nero AG)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [41944 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640480 2012-07-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [82256 2011-07-26] (Research In Motion Limited)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [228088 2007-03-26] (Sonic Solutions)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Edward Devlin\...\Run: [Akamai NetSession Interface] "C:\Users\Edward Devlin\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\Edward Devlin\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Edward Devlin\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.101 206.248.154.22

==================== Services (Whitelisted) ======

2 RichVideo64; "C:\Program Files\CyberLink\Shared files\RichVideo64.exe" [386344 2010-08-19] ()
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 UPDATESRV; "C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe" /service [68416 2012-07-03] (Bitdefender)
2 VSSERV; "C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe" /service [1569120 2012-07-26] (Bitdefender)

========================== Drivers (Whitelisted) =============

0 avc3; C:\Windows\System32\Drivers\avc3.sys [691896 2012-03-20] (BitDefender)
3 avchv; C:\Windows\System32\Drivers\avchv.sys [258736 2011-11-25] (BitDefender)
3 avckf; C:\Windows\System32\Drivers\avckf.sys [545064 2012-02-17] (BitDefender)
1 bdfwfpf; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
3 BDSandBox; C:\Windows\System32\Drivers\BDSandBox.sys [79952 2011-11-17] (BitDefender SRL)
0 gzflt; C:\Windows\System32\Drivers\gzflt.sys [138232 2012-04-11] (BitDefender LLC)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
0 trufos; C:\Windows\System32\Drivers\trufos.sys [329800 2012-04-24] (BitDefender S.R.L.)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-21 16:13 - 2012-08-21 16:13 - 00000000 ____D C:\FRST
2012-08-20 09:44 - 2012-08-20 09:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-08-16 09:21 - 2009-08-19 19:50 - 00024416 ___RA (Adobe Systems Inc.) C:\Windows\System32\AdobePDFUI.dll
2012-08-16 05:25 - 2012-08-16 05:25 - 00607260 ____R (Swearware) C:\Users\Edward Devlin\Downloads\dds.com
2012-08-15 23:02 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-15 23:02 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-15 23:02 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-15 23:02 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-15 23:02 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-15 23:02 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-15 23:02 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-15 23:02 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-15 23:02 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-15 23:02 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-15 23:02 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-15 23:02 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-15 23:02 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-15 23:02 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-15 23:02 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-15 23:02 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-15 23:02 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-15 23:02 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-15 23:02 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-15 23:02 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-15 23:02 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-15 23:02 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-15 23:02 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-15 23:02 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-15 23:02 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-15 23:02 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-15 23:02 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-15 23:02 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-15 06:32 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-15 06:32 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-15 06:32 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-15 06:32 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-15 06:32 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-15 06:32 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-15 06:29 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 06:29 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 06:29 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-15 06:29 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-15 06:29 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-15 06:29 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-15 06:29 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-10 10:49 - 2012-08-10 10:49 - 00000000 ____D C:\Users\All Users\bdch
2012-08-09 14:15 - 2012-08-09 18:23 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-08-09 14:15 - 2012-08-09 14:15 - 00001310 ____A C:\Users\\Desktop\Spybot - Search & Destroy.lnk
2012-08-09 14:15 - 2012-08-09 14:15 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-08 17:05 - 2012-08-08 17:05 - 00031744 ____A C:\Users\\Documents\Rescue.asd
2012-08-08 13:56 - 2012-08-08 13:56 - 03897504 ____A (AVG Technologies) C:\Users\Edward Devlin\Downloads\avg_avct_stb_all_2012_1796_cm10.exe
2012-08-08 09:08 - 2012-08-09 12:34 - 00000072 ____A C:\Users\All Users\-GEGd1O830LqQ8X
2012-08-08 09:08 - 2012-08-08 17:53 - 00000072 ____A C:\Users\All Users\-GEGd1O830LqQ8Xr
2012-08-08 09:08 - 2012-08-08 09:08 - 00000385 __RAH C:\Users\\AppData\Roaminguser_gensett.xml
2012-08-08 08:55 - 2012-08-08 08:55 - 00000376 __RAH C:\Users\\AppData\Roamingprivacy.xml
2012-08-08 07:25 - 2012-08-08 07:25 - 00076944 ____A (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys
2012-08-08 07:03 - 2012-08-21 09:19 - 00000359 ____A C:\Windows\System32\checkdnsid.xml
2012-08-08 06:50 - 2012-08-08 06:50 - 00414414 ____A C:\Users\All Users\1344436860.bdinstall.bin
2012-08-08 06:49 - 2012-08-08 06:49 - 00000385 ____A C:\Windows\System32\user_gensett.xml
2012-08-08 06:48 - 2012-08-10 11:23 - 00000872 ___AH C:\bdr-cf01
2012-08-08 06:48 - 2012-08-08 06:48 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2012-08-08 06:48 - 2012-08-08 06:48 - 00000000 ____D C:\Users\All Users\BDLogging
2012-08-08 06:48 - 2011-11-17 13:38 - 00079952 ____A (BitDefender SRL) C:\Windows\System32\Drivers\bdsandbox.sys
2012-08-08 06:48 - 2007-04-11 07:11 - 00511328 ____A (Microsoft Corporation) C:\Windows\capicom.dll
2012-08-08 06:47 - 2012-03-20 16:22 - 00691896 ____N (BitDefender) C:\Windows\System32\Drivers\avc3.sys
2012-08-08 06:47 - 2012-02-17 12:45 - 00545064 ____A (BitDefender) C:\Windows\System32\Drivers\avckf.sys
2012-08-08 06:47 - 2011-11-25 11:00 - 00258736 ____N (BitDefender) C:\Windows\System32\Drivers\avchv.sys
2012-08-08 06:43 - 2012-08-08 06:49 - 00000000 ____D C:\Users\All Users\Bitdefender
2012-08-08 06:43 - 2012-08-08 06:48 - 00253404 ____N C:\bdr-ld01
2012-08-08 06:43 - 2012-08-08 06:48 - 00009216 ____N C:\bdr-ld01.mbr
2012-08-08 06:43 - 2012-08-08 06:43 - 00000000 ___HD C:\Users\\AppData\Roaming\Bitdefender
2012-08-08 06:43 - 2012-07-11 15:59 - 37161560 ____N C:\bdr-im01.gz
2012-08-08 06:43 - 2012-05-24 09:39 - 02510608 ____N C:\bdr-bz01
2012-08-08 06:42 - 2012-08-08 06:42 - 00000000 ___HD C:\Users\\AppData\Roaming\QuickScan
2012-08-08 06:41 - 2012-08-08 06:41 - 00000000 ____D C:\Program Files\Bitdefender
2012-08-08 06:41 - 2012-04-24 11:28 - 00329800 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2012-08-08 06:41 - 2012-04-11 13:03 - 00138232 ____A (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys
2012-08-08 06:40 - 2012-08-08 06:41 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2012-08-08 06:38 - 2012-08-08 06:38 - 02423712 __RAH C:\Users\\Downloads\bitdefender_antivirus.exe
2012-08-08 04:08 - 2012-08-08 04:08 - 00000368 ___AH C:\Users\All Users\GEGd1O830LqQ8X

============ 3 Months Modified Files ========================

2012-08-21 12:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-21 12:06 - 2009-07-13 20:51 - 00049629 ____A C:\Windows\setupact.log
2012-08-21 12:00 - 2011-08-17 07:18 - 01096809 ____A C:\Windows\WindowsUpdate.log
2012-08-21 12:00 - 2009-07-13 20:45 - 00017120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-21 12:00 - 2009-07-13 20:45 - 00017120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-21 11:55 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-21 11:12 - 2012-04-12 09:04 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-21 09:19 - 2012-08-08 07:03 - 00000359 ____A C:\Windows\System32\checkdnsid.xml
2012-08-16 05:25 - 2012-08-16 05:25 - 00607260 ____R (Swearware) C:\Users\\Downloads\dds.com
2012-08-15 23:21 - 2009-07-13 20:45 - 00484952 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 23:00 - 2011-08-17 05:22 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-14 20:12 - 2012-04-12 09:04 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-14 20:12 - 2011-08-23 07:19 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-10 11:23 - 2012-08-08 06:48 - 00000872 ___AH C:\bdr-cf01
2012-08-10 10:50 - 2011-08-18 04:26 - 00086988 ____A C:\Windows\PFRO.log
2012-08-09 14:15 - 2012-08-09 14:15 - 00001310 ____A C:\Users\\Desktop\Spybot - Search & Destroy.lnk
2012-08-09 12:34 - 2012-08-08 09:08 - 00000072 ____A C:\Users\All Users\-GEGd1O830LqQ8X
2012-08-08 17:53 - 2012-08-08 09:08 - 00000072 ____A C:\Users\All Users\-GEGd1O830LqQ8Xr
2012-08-08 17:05 - 2012-08-08 17:05 - 00031744 ____A C:\Users\\Documents\Rescue.asd
2012-08-08 13:56 - 2012-08-08 13:56 - 03897504 ____A (AVG Technologies) C:\Users\Edward Devlin\Downloads\avg_avct_stb_all_2012_1796_cm10.exe
2012-08-08 09:08 - 2012-08-08 09:08 - 00000385 __RAH C:\Users\\AppData\Roaminguser_gensett.xml
2012-08-08 08:55 - 2012-08-08 08:55 - 00000376 __RAH C:\Users\\AppData\Roamingprivacy.xml
2012-08-08 07:25 - 2012-08-08 07:25 - 00076944 ____A (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys
2012-08-08 06:50 - 2012-08-08 06:50 - 00414414 ____A C:\Users\All Users\1344436860.bdinstall.bin
2012-08-08 06:49 - 2012-08-08 06:49 - 00000385 ____A C:\Windows\System32\user_gensett.xml
2012-08-08 06:48 - 2012-08-08 06:48 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2012-08-08 06:48 - 2012-08-08 06:43 - 00253404 ____N C:\bdr-ld01
2012-08-08 06:48 - 2012-08-08 06:43 - 00009216 ____N C:\bdr-ld01.mbr
2012-08-08 06:38 - 2012-08-08 06:38 - 02423712 __RAH C:\Users\\Downloads\bitdefender_antivirus.exe
2012-08-08 04:08 - 2012-08-08 04:08 - 00000368 ___AH C:\Users\All Users\GEGd1O830LqQ8X
2012-08-01 13:45 - 2011-08-18 08:45 - 00000752 ___AH C:\Windows\Brpfx04a.ini
2012-07-18 10:15 - 2012-08-15 06:29 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 15:59 - 2012-08-08 06:43 - 37161560 ____N C:\bdr-im01.gz
2012-07-04 14:16 - 2012-08-15 06:29 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-15 06:29 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-15 06:29 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-15 06:29 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-15 06:29 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-28 20:55 - 2012-08-15 23:02 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-15 23:02 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-15 23:02 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-15 23:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-15 23:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-15 23:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-15 23:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-15 23:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-15 23:02 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-15 23:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-15 23:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-15 23:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-15 23:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-15 23:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-15 23:02 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-15 23:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-15 23:02 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-15 23:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-15 23:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-15 23:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-15 23:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-15 23:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-15 23:02 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-15 23:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-15 23:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-15 23:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-15 23:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-15 23:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-24 18:24 - 2012-06-24 18:24 - 00052320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dc3d.sys
2012-06-08 21:43 - 2012-07-10 12:49 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 12:49 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 12:49 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 12:49 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 12:48 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 12:49 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 12:49 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 12:48 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-21 20:59 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 20:59 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 20:59 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 20:59 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 20:59 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 20:59 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 20:59 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 20:59 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 20:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:50 - 2012-07-10 12:48 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 12:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 12:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 12:48 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 12:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 12:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 12:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 12:48 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 12:48 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 08:25 - 2011-08-17 05:14 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-28 03:09 - 2012-05-28 03:09 - 02168416 ____A (Microsoft Corporation) C:\Windows\System32\coin91.dll
2012-05-24 09:39 - 2012-08-08 06:43 - 02510608 ____N C:\bdr-bz01


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 6134.12 MB
Available physical RAM: 5369.48 MB
Total Pagefile: 6132.27 MB
Available Pagefile: 5370.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

2 Drive c: (Main) (Fixed) (Total:558.81 GB) (Free:417.61 GB) NTFS
3 Drive d: () (Fixed) (Total:349.32 GB) (Free:316.3 GB) NTFS
4 Drive f: () (Fixed) (Total:349.32 GB) (Free:339.17 GB) NTFS
5 Drive g: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
6 Drive h: (KINGSTON1) (Removable) (Total:15.01 GB) (Free:15 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 558 GB 0 B
Disk 1 Online 698 GB 1024 KB
Disk 2 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 558 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Main NTFS Partition 558 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 349 GB 1024 KB
Partition 2 Primary 349 GB 349 GB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 349 GB Healthy

==================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F NTFS Partition 349 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 1024 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H KINGSTON1 FAT32 Removable 15 GB Healthy

==================================================================================

Last Boot: 2012-08-16 20:22

======================= End Of Log ==========================

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:35 AM

Posted 21 August 2012 - 04:13 PM

So the problem is limited to receiving e-mails in Outlook and an issue with Quickbooks?

#10 aliehsh

aliehsh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 22 August 2012 - 05:57 AM

so far those are the only applications I am having problems with

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:35 AM

Posted 22 August 2012 - 11:20 AM

You may try to remove all the accounts from Outlook and add your account again. Meanwhile we will check to see if there is any infection.

  • Please uninstall Spybot as it might interfere with our fixes. We will install a better antispyware. If you wanted to keep Spybot you may install it after we are done. Please do it before proceeding.

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    2012-08-09 12:34 - 2012-08-08 09:08 - 00000072 ____A C:\Users\All Users\-GEGd1O830LqQ8X
    2012-08-08 17:53 - 2012-08-08 09:08 - 00000072 ____A C:\Users\All Users\-GEGd1O830LqQ8Xr
    2012-08-08 04:08 - 2012-08-08 04:08 - 00000368 ___AH C:\Users\All Users\GEGd1O830LqQ8X
    end
    

    You don't need to go to Recovery Environment. Just run FRST on the flash drive in normal mode, press Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#12 aliehsh

aliehsh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 22 August 2012 - 07:10 PM

Fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 19-08-2012
Ran by at 2012-08-22 19:26:10 Run:1
Running from H:\

ATTENTION: THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==============================================

C:\Users\All Users\-GEGd1O830LqQ8X moved successfully.
C:\Users\All Users\-GEGd1O830LqQ8Xr moved successfully.
C:\Users\All Users\GEGd1O830LqQ8X moved successfully.

==== End of Fixlog ====


Malwarebytes log:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.22.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
:: PC [administrator]

8/22/2012 7:44:15 PM
mbam-log-2012-08-22 (19-44-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202118
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

TDSSKiller log (no reboot required):
19:54:34.0418 2304 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
19:54:34.0886 2304 ============================================================
19:54:34.0886 2304 Current date / time: 2012/08/22 19:54:34.0886
19:54:34.0886 2304 SystemInfo:
19:54:34.0886 2304
19:54:34.0886 2304 OS Version: 6.1.7601 ServicePack: 1.0
19:54:34.0886 2304 Product type: Workstation
19:54:34.0886 2304 ComputerName: PC
19:54:34.0886 2304 UserName:
19:54:34.0886 2304 Windows directory: C:\Windows
19:54:34.0886 2304 System windows directory: C:\Windows
19:54:34.0886 2304 Running under WOW64
19:54:34.0886 2304 Processor architecture: Intel x64
19:54:34.0886 2304 Number of processors: 2
19:54:34.0886 2304 Page size: 0x1000
19:54:34.0886 2304 Boot type: Normal boot
19:54:34.0886 2304 ============================================================
19:54:35.0712 2304 Drive \Device\Harddisk1\DR1 - Size: 0x8BBA5F6000 (558.91 Gb), SectorSize: 0x200, Cylinders: 0x9768B, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000040
19:54:35.0712 2304 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:54:35.0962 2304 Drive \Device\Harddisk2\DR4 - Size: 0x3C1800000 (15.02 Gb), SectorSize: 0x200, Cylinders: 0x7A9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:54:35.0962 2304 ============================================================
19:54:35.0962 2304 \Device\Harddisk1\DR1:
19:54:35.0962 2304 MBR partitions:
19:54:35.0962 2304 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:54:35.0962 2304 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x45D9F800
19:54:35.0962 2304 \Device\Harddisk0\DR0:
19:54:35.0962 2304 MBR partitions:
19:54:35.0962 2304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2BAA2800
19:54:35.0962 2304 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2BAA3000, BlocksNum 0x2BAA2000
19:54:35.0962 2304 \Device\Harddisk2\DR4:
19:54:35.0962 2304 MBR partitions:
19:54:35.0962 2304 \Device\Harddisk2\DR4\Partition1: MBR, Type 0xB, StartLBA 0x800, BlocksNum 0x1E0B800
19:54:35.0962 2304 ============================================================
19:54:35.0978 2304 C: <-> \Device\Harddisk1\DR1\Partition2
19:54:36.0009 2304 E: <-> \Device\Harddisk0\DR0\Partition1
19:54:36.0040 2304 F: <-> \Device\Harddisk0\DR0\Partition2
19:54:36.0040 2304 ============================================================
19:54:36.0040 2304 Initialize success
19:54:36.0040 2304 ============================================================
19:54:54.0215 2496 ============================================================
19:54:54.0215 2496 Scan started
19:54:54.0215 2496 Mode: Manual;
19:54:54.0215 2496 ============================================================
19:54:54.0699 2496 ================ Scan system memory ========================
19:54:54.0699 2496 System memory - ok
19:54:54.0714 2496 ================ Scan services =============================
19:54:54.0808 2496 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:54:54.0823 2496 1394ohci - ok
19:54:54.0839 2496 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:54:54.0855 2496 ACPI - ok
19:54:54.0870 2496 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:54:54.0886 2496 AcpiPmi - ok
19:54:54.0948 2496 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:54:54.0979 2496 AdobeFlashPlayerUpdateSvc - ok
19:54:55.0011 2496 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:54:55.0026 2496 adp94xx - ok
19:54:55.0057 2496 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:54:55.0057 2496 adpahci - ok
19:54:55.0073 2496 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:54:55.0089 2496 adpu320 - ok
19:54:55.0104 2496 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:54:55.0104 2496 AeLookupSvc - ok
19:54:55.0135 2496 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:54:55.0151 2496 AFD - ok
19:54:55.0167 2496 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:54:55.0182 2496 agp440 - ok
19:54:55.0291 2496 [ 29584F02A43E427C4227E3B1D9FF1B22 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
19:54:55.0291 2496 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584F02A43E427C4227E3B1D9FF1B22
19:54:55.0307 2496 Akamai ( HiddenFile.Multi.Generic ) - warning
19:54:55.0307 2496 Akamai - detected HiddenFile.Multi.Generic (1)
19:54:55.0323 2496 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:54:55.0323 2496 ALG - ok
19:54:55.0338 2496 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:54:55.0354 2496 aliide - ok
19:54:55.0354 2496 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:54:55.0369 2496 amdide - ok
19:54:55.0385 2496 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:54:55.0385 2496 AmdK8 - ok
19:54:55.0401 2496 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:54:55.0401 2496 AmdPPM - ok
19:54:55.0416 2496 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:54:55.0432 2496 amdsata - ok
19:54:55.0447 2496 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:54:55.0447 2496 amdsbs - ok
19:54:55.0463 2496 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:54:55.0463 2496 amdxata - ok
19:54:55.0479 2496 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:54:55.0494 2496 AppID - ok
19:54:55.0494 2496 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:54:55.0510 2496 AppIDSvc - ok
19:54:55.0525 2496 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:54:55.0525 2496 Appinfo - ok
19:54:55.0572 2496 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:54:55.0588 2496 Apple Mobile Device - ok
19:54:55.0619 2496 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:54:55.0635 2496 AppMgmt - ok
19:54:55.0650 2496 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:54:55.0650 2496 arc - ok
19:54:55.0666 2496 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:54:55.0681 2496 arcsas - ok
19:54:55.0697 2496 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:54:55.0697 2496 AsyncMac - ok
19:54:55.0728 2496 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:54:55.0728 2496 atapi - ok
19:54:55.0775 2496 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:54:55.0806 2496 athr - ok
19:54:55.0837 2496 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:54:55.0853 2496 AudioEndpointBuilder - ok
19:54:55.0869 2496 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:54:55.0869 2496 AudioSrv - ok
19:54:55.0915 2496 [ F57DE310BF3BD9DF0F7D301C1D7F5432 ] avc3 C:\Windows\system32\DRIVERS\avc3.sys
19:54:55.0931 2496 avc3 - ok
19:54:55.0947 2496 [ 4C6BCC638798ABE1F70AFCA70D889C3F ] avchv C:\Windows\system32\DRIVERS\avchv.sys
19:54:55.0947 2496 avchv - ok
19:54:55.0962 2496 [ 6DC4CCA415BBF2FC629BEB532AA0E6CD ] avckf C:\Windows\system32\DRIVERS\avckf.sys
19:54:55.0978 2496 avckf - ok
19:54:56.0009 2496 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:54:56.0009 2496 AxInstSV - ok
19:54:56.0040 2496 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:54:56.0056 2496 b06bdrv - ok
19:54:56.0087 2496 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:54:56.0087 2496 b57nd60a - ok
19:54:56.0165 2496 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
19:54:56.0243 2496 BCM43XX - ok
19:54:56.0274 2496 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:54:56.0290 2496 BDESVC - ok
19:54:56.0337 2496 [ 4CE4B0098FC315C237FA8867F07886C4 ] bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
19:54:56.0352 2496 bdfwfpf - ok
19:54:56.0383 2496 [ 31571D77C6186AD228F52EE4EBDF8EE9 ] BDSandBox C:\Windows\system32\drivers\bdsandbox.sys
19:54:56.0383 2496 BDSandBox - ok
19:54:56.0399 2496 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:54:56.0399 2496 Beep - ok
19:54:56.0446 2496 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:54:56.0446 2496 BFE - ok
19:54:56.0477 2496 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:54:56.0493 2496 BITS - ok
19:54:56.0508 2496 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:54:56.0508 2496 blbdrive - ok
19:54:56.0555 2496 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:54:56.0555 2496 Bonjour Service - ok
19:54:56.0586 2496 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:54:56.0586 2496 bowser - ok
19:54:56.0602 2496 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:54:56.0602 2496 BrFiltLo - ok
19:54:56.0617 2496 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:54:56.0617 2496 BrFiltUp - ok
19:54:56.0633 2496 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:54:56.0649 2496 Browser - ok
19:54:56.0664 2496 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:54:56.0664 2496 Brserid - ok
19:54:56.0680 2496 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:54:56.0680 2496 BrSerWdm - ok
19:54:56.0695 2496 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:54:56.0695 2496 BrUsbMdm - ok
19:54:56.0711 2496 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:54:56.0711 2496 BrUsbSer - ok
19:54:56.0727 2496 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:54:56.0727 2496 BTHMODEM - ok
19:54:56.0758 2496 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:54:56.0773 2496 bthserv - ok
19:54:56.0773 2496 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:54:56.0789 2496 cdfs - ok
19:54:56.0820 2496 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:54:56.0820 2496 cdrom - ok
19:54:56.0851 2496 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:54:56.0851 2496 CertPropSvc - ok
19:54:56.0883 2496 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:54:56.0883 2496 circlass - ok
19:54:56.0898 2496 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:54:56.0914 2496 CLFS - ok
19:54:56.0945 2496 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:54:56.0961 2496 clr_optimization_v2.0.50727_32 - ok
19:54:56.0992 2496 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:54:56.0992 2496 clr_optimization_v2.0.50727_64 - ok
19:54:57.0039 2496 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:54:57.0039 2496 clr_optimization_v4.0.30319_32 - ok
19:54:57.0085 2496 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:54:57.0085 2496 clr_optimization_v4.0.30319_64 - ok
19:54:57.0101 2496 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:54:57.0101 2496 CmBatt - ok
19:54:57.0132 2496 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:54:57.0132 2496 cmdide - ok
19:54:57.0163 2496 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:54:57.0163 2496 CNG - ok
19:54:57.0179 2496 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:54:57.0179 2496 Compbatt - ok
19:54:57.0210 2496 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:54:57.0210 2496 CompositeBus - ok
19:54:57.0226 2496 COMSysApp - ok
19:54:57.0257 2496 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:54:57.0257 2496 crcdisk - ok
19:54:57.0288 2496 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
19:54:57.0304 2496 Creative ALchemy AL6 Licensing Service - ok
19:54:57.0335 2496 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
19:54:57.0351 2496 Creative Audio Engine Licensing Service - ok
19:54:57.0366 2496 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:54:57.0382 2496 CryptSvc - ok
19:54:57.0397 2496 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
19:54:57.0413 2496 CSC - ok
19:54:57.0444 2496 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
19:54:57.0460 2496 CscService - ok
19:54:57.0491 2496 [ 229E3B8F266ABDAFD54E4A372B9D5DDC ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
19:54:57.0491 2496 CT20XUT - ok
19:54:57.0507 2496 [ 229E3B8F266ABDAFD54E4A372B9D5DDC ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
19:54:57.0507 2496 CT20XUT.SYS - ok
19:54:57.0538 2496 [ EB3843A91A10150C9E05607CBCB44090 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
19:54:57.0553 2496 ctac32k - ok
19:54:57.0585 2496 [ BC06EFB59A2316537765462DFE40F764 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
19:54:57.0600 2496 ctaud2k - ok
19:54:57.0631 2496 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
19:54:57.0663 2496 CTAudSvcService - ok
19:54:57.0694 2496 [ 63B2B6CE9D3EF182981FB64BD5433DA4 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
19:54:57.0725 2496 CTEXFIFX - ok
19:54:57.0756 2496 [ 63B2B6CE9D3EF182981FB64BD5433DA4 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
19:54:57.0772 2496 CTEXFIFX.SYS - ok
19:54:57.0787 2496 [ 6D115CC80873B85FD80DDA1C41F75A2C ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
19:54:57.0803 2496 CTHWIUT - ok
19:54:57.0803 2496 [ 6D115CC80873B85FD80DDA1C41F75A2C ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
19:54:57.0803 2496 CTHWIUT.SYS - ok
19:54:57.0819 2496 [ EBC9548EF5838CB5AA8F18B3AC28AF12 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
19:54:57.0834 2496 ctprxy2k - ok
19:54:57.0834 2496 [ 459BEE1682121842285C162E2D98D81A ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
19:54:57.0850 2496 ctsfm2k - ok
19:54:57.0865 2496 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
19:54:57.0881 2496 dc3d - ok
19:54:57.0912 2496 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:54:57.0912 2496 DcomLaunch - ok
19:54:57.0943 2496 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:54:57.0943 2496 defragsvc - ok
19:54:57.0975 2496 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:54:57.0975 2496 DfsC - ok
19:54:58.0006 2496 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:54:58.0006 2496 Dhcp - ok
19:54:58.0037 2496 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:54:58.0037 2496 discache - ok
19:54:58.0053 2496 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:54:58.0068 2496 Disk - ok
19:54:58.0084 2496 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:54:58.0099 2496 Dnscache - ok
19:54:58.0115 2496 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:54:58.0131 2496 dot3svc - ok
19:54:58.0146 2496 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:54:58.0146 2496 DPS - ok
19:54:58.0177 2496 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:54:58.0177 2496 drmkaud - ok
19:54:58.0209 2496 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:54:58.0224 2496 DXGKrnl - ok
19:54:58.0240 2496 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:54:58.0255 2496 EapHost - ok
19:54:58.0333 2496 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:54:58.0411 2496 ebdrv - ok
19:54:58.0427 2496 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:54:58.0443 2496 EFS - ok
19:54:58.0474 2496 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:54:58.0474 2496 ehRecvr - ok
19:54:58.0489 2496 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:54:58.0505 2496 ehSched - ok
19:54:58.0521 2496 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:54:58.0536 2496 elxstor - ok
19:54:58.0567 2496 [ C26133B6165928FBD156C6FE570F9ED2 ] emupia C:\Windows\system32\drivers\emupia2k.sys
19:54:58.0567 2496 emupia - ok
19:54:58.0599 2496 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:54:58.0599 2496 ErrDev - ok
19:54:58.0630 2496 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:54:58.0630 2496 EventSystem - ok
19:54:58.0645 2496 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:54:58.0661 2496 exfat - ok
19:54:58.0677 2496 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:54:58.0677 2496 fastfat - ok
19:54:58.0708 2496 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:54:58.0723 2496 Fax - ok
19:54:58.0723 2496 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:54:58.0739 2496 fdc - ok
19:54:58.0755 2496 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:54:58.0755 2496 fdPHost - ok
19:54:58.0770 2496 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:54:58.0770 2496 FDResPub - ok
19:54:58.0786 2496 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:54:58.0786 2496 FileInfo - ok
19:54:58.0801 2496 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:54:58.0801 2496 Filetrace - ok
19:54:58.0848 2496 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:54:58.0879 2496 FLEXnet Licensing Service - ok
19:54:58.0879 2496 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:54:58.0895 2496 flpydisk - ok
19:54:58.0911 2496 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:54:58.0911 2496 FltMgr - ok
19:54:58.0957 2496 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:54:58.0989 2496 FontCache - ok
19:54:59.0004 2496 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:54:59.0020 2496 FontCache3.0.0.0 - ok
19:54:59.0035 2496 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:54:59.0035 2496 FsDepends - ok
19:54:59.0067 2496 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:54:59.0067 2496 Fs_Rec - ok
19:54:59.0098 2496 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:54:59.0098 2496 fvevol - ok
19:54:59.0113 2496 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:54:59.0129 2496 gagp30kx - ok
19:54:59.0160 2496 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:54:59.0160 2496 GEARAspiWDM - ok
19:54:59.0191 2496 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:54:59.0207 2496 gpsvc - ok
19:54:59.0238 2496 [ 07177B5A8C277074C30AC515FEBD4F37 ] gzflt C:\Windows\system32\DRIVERS\gzflt.sys
19:54:59.0238 2496 gzflt - ok
19:54:59.0285 2496 [ A3F010D5DBFB589A3B3288C05C2EA3F9 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
19:54:59.0316 2496 ha20x2k - ok
19:54:59.0332 2496 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:54:59.0332 2496 hcw85cir - ok
19:54:59.0363 2496 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:54:59.0363 2496 HdAudAddService - ok
19:54:59.0379 2496 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:54:59.0394 2496 HDAudBus - ok
19:54:59.0410 2496 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:54:59.0410 2496 HidBatt - ok
19:54:59.0425 2496 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:54:59.0425 2496 HidBth - ok
19:54:59.0441 2496 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:54:59.0441 2496 HidIr - ok
19:54:59.0457 2496 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:54:59.0457 2496 hidserv - ok
19:54:59.0488 2496 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:54:59.0488 2496 HidUsb - ok
19:54:59.0503 2496 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:54:59.0503 2496 hkmsvc - ok
19:54:59.0535 2496 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:54:59.0550 2496 HomeGroupListener - ok
19:54:59.0566 2496 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:54:59.0581 2496 HomeGroupProvider - ok
19:54:59.0581 2496 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:54:59.0597 2496 HpSAMD - ok
19:54:59.0628 2496 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:54:59.0644 2496 HTTP - ok
19:54:59.0659 2496 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:54:59.0659 2496 hwpolicy - ok
19:54:59.0691 2496 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:54:59.0706 2496 i8042prt - ok
19:54:59.0737 2496 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:54:59.0753 2496 iaStorV - ok
19:54:59.0769 2496 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:54:59.0800 2496 IDriverT - ok
19:54:59.0831 2496 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:54:59.0831 2496 idsvc - ok
19:54:59.0971 2496 [ 24CC43ECDEEFD4C19FBBEE4951B647F1 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:55:00.0096 2496 igfx - ok
19:55:00.0127 2496 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:55:00.0127 2496 iirsp - ok
19:55:00.0159 2496 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:55:00.0174 2496 IKEEXT - ok
19:55:00.0190 2496 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:55:00.0205 2496 intelide - ok
19:55:00.0237 2496 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:55:00.0237 2496 intelppm - ok
19:55:00.0252 2496 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:55:00.0268 2496 IPBusEnum - ok
19:55:00.0283 2496 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:55:00.0299 2496 IpFilterDriver - ok
19:55:00.0330 2496 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:55:00.0346 2496 iphlpsvc - ok
19:55:00.0361 2496 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:55:00.0361 2496 IPMIDRV - ok
19:55:00.0377 2496 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:55:00.0377 2496 IPNAT - ok
19:55:00.0424 2496 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:55:00.0439 2496 iPod Service - ok
19:55:00.0455 2496 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:55:00.0455 2496 IRENUM - ok
19:55:00.0471 2496 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:55:00.0471 2496 isapnp - ok
19:55:00.0502 2496 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:55:00.0502 2496 iScsiPrt - ok
19:55:00.0517 2496 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:55:00.0533 2496 kbdclass - ok
19:55:00.0533 2496 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:55:00.0549 2496 kbdhid - ok
19:55:00.0549 2496 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:55:00.0564 2496 KeyIso - ok
19:55:00.0580 2496 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:55:00.0580 2496 KSecDD - ok
19:55:00.0611 2496 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:55:00.0611 2496 KSecPkg - ok
19:55:00.0627 2496 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:55:00.0642 2496 ksthunk - ok
19:55:00.0658 2496 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:55:00.0673 2496 KtmRm - ok
19:55:00.0705 2496 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:55:00.0720 2496 LanmanServer - ok
19:55:00.0736 2496 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:55:00.0751 2496 LanmanWorkstation - ok
19:55:00.0767 2496 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:55:00.0767 2496 lltdio - ok
19:55:00.0798 2496 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:55:00.0798 2496 lltdsvc - ok
19:55:00.0814 2496 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:55:00.0814 2496 lmhosts - ok
19:55:00.0845 2496 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:55:00.0845 2496 LSI_FC - ok
19:55:00.0861 2496 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:55:00.0876 2496 LSI_SAS - ok
19:55:00.0892 2496 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:55:00.0892 2496 LSI_SAS2 - ok
19:55:00.0907 2496 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:55:00.0907 2496 LSI_SCSI - ok
19:55:00.0939 2496 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:55:00.0939 2496 luafv - ok
19:55:00.0971 2496 [ 0034F69D0007D3F77F6B96FA51228E85 ] LVUSBS64 C:\Windows\system32\DRIVERS\LVUSBS64.sys
19:55:00.0971 2496 LVUSBS64 - ok
19:55:01.0002 2496 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:55:01.0002 2496 Mcx2Svc - ok
19:55:01.0049 2496 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
19:55:01.0080 2496 MDM - ok
19:55:01.0096 2496 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:55:01.0096 2496 megasas - ok
19:55:01.0111 2496 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:55:01.0127 2496 MegaSR - ok
19:55:01.0142 2496 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:55:01.0142 2496 MMCSS - ok
19:55:01.0158 2496 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:55:01.0158 2496 Modem - ok
19:55:01.0189 2496 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:55:01.0189 2496 monitor - ok
19:55:01.0220 2496 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:55:01.0220 2496 mouclass - ok
19:55:01.0236 2496 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:55:01.0252 2496 mouhid - ok
19:55:01.0267 2496 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:55:01.0283 2496 mountmgr - ok
19:55:01.0298 2496 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:55:01.0314 2496 mpio - ok
19:55:01.0314 2496 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:55:01.0330 2496 mpsdrv - ok
19:55:01.0361 2496 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:55:01.0392 2496 MpsSvc - ok
19:55:01.0408 2496 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:55:01.0408 2496 MRxDAV - ok
19:55:01.0439 2496 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:55:01.0439 2496 mrxsmb - ok
19:55:01.0454 2496 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:55:01.0454 2496 mrxsmb10 - ok
19:55:01.0486 2496 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:55:01.0501 2496 mrxsmb20 - ok
19:55:01.0501 2496 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:55:01.0517 2496 msahci - ok
19:55:01.0548 2496 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:55:01.0548 2496 msdsm - ok
19:55:01.0564 2496 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:55:01.0564 2496 MSDTC - ok
19:55:01.0595 2496 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:55:01.0595 2496 Msfs - ok
19:55:01.0610 2496 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:55:01.0610 2496 mshidkmdf - ok
19:55:01.0626 2496 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:55:01.0642 2496 msisadrv - ok
19:55:01.0657 2496 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:55:01.0673 2496 MSiSCSI - ok
19:55:01.0673 2496 msiserver - ok
19:55:01.0688 2496 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:55:01.0688 2496 MSKSSRV - ok
19:55:01.0704 2496 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:55:01.0704 2496 MSPCLOCK - ok
19:55:01.0720 2496 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:55:01.0735 2496 MSPQM - ok
19:55:01.0751 2496 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:55:01.0766 2496 MsRPC - ok
19:55:01.0782 2496 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:55:01.0782 2496 mssmbios - ok
19:55:01.0798 2496 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:55:01.0798 2496 MSTEE - ok
19:55:01.0829 2496 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:55:01.0829 2496 MTConfig - ok
19:55:01.0844 2496 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
19:55:01.0860 2496 MTsensor - ok
19:55:01.0860 2496 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:55:01.0876 2496 Mup - ok
19:55:01.0891 2496 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:55:01.0907 2496 napagent - ok
19:55:01.0922 2496 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:55:01.0938 2496 NativeWifiP - ok
19:55:01.0986 2496 [ 7F79DA9E719D0774BDBC3622ABD3AFD9 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
19:55:02.0017 2496 NAUpdate - ok
19:55:02.0048 2496 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:55:02.0064 2496 NDIS - ok
19:55:02.0079 2496 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:55:02.0079 2496 NdisCap - ok
19:55:02.0095 2496 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:55:02.0111 2496 NdisTapi - ok
19:55:02.0126 2496 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:55:02.0126 2496 Ndisuio - ok
19:55:02.0142 2496 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:55:02.0157 2496 NdisWan - ok
19:55:02.0173 2496 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:55:02.0189 2496 NDProxy - ok
19:55:02.0189 2496 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:55:02.0189 2496 NetBIOS - ok
19:55:02.0220 2496 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:55:02.0220 2496 NetBT - ok
19:55:02.0235 2496 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:55:02.0235 2496 Netlogon - ok
19:55:02.0267 2496 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:55:02.0267 2496 Netman - ok
19:55:02.0298 2496 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:55:02.0298 2496 netprofm - ok
19:55:02.0313 2496 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:55:02.0329 2496 NetTcpPortSharing - ok
19:55:02.0345 2496 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:55:02.0345 2496 nfrd960 - ok
19:55:02.0376 2496 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:55:02.0376 2496 NlaSvc - ok
19:55:02.0391 2496 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:55:02.0391 2496 Npfs - ok
19:55:02.0407 2496 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:55:02.0423 2496 nsi - ok
19:55:02.0423 2496 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:55:02.0438 2496 nsiproxy - ok
19:55:02.0485 2496 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:55:02.0516 2496 Ntfs - ok
19:55:02.0547 2496 [ 77EB11DA191D12D12E28D7BD8905C42C ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
19:55:02.0547 2496 NuidFltr - ok
19:55:02.0563 2496 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:55:02.0563 2496 Null - ok
19:55:02.0579 2496 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:55:02.0594 2496 nvraid - ok
19:55:02.0610 2496 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:55:02.0625 2496 nvstor - ok
19:55:02.0641 2496 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:55:02.0657 2496 nv_agp - ok
19:55:02.0703 2496 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:55:02.0735 2496 odserv - ok
19:55:02.0766 2496 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:55:02.0766 2496 ohci1394 - ok
19:55:02.0797 2496 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:55:02.0828 2496 ose - ok
19:55:02.0828 2496 [ 0E2DE427EBE106E7E5B52869D5C99F68 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
19:55:02.0844 2496 ossrv - ok
19:55:02.0859 2496 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:55:02.0875 2496 p2pimsvc - ok
19:55:02.0906 2496 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:55:02.0922 2496 p2psvc - ok
19:55:02.0937 2496 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:55:02.0937 2496 Parport - ok
19:55:02.0953 2496 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:55:02.0969 2496 partmgr - ok
19:55:02.0984 2496 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:55:02.0984 2496 PcaSvc - ok
19:55:03.0001 2496 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:55:03.0001 2496 pci - ok
19:55:03.0016 2496 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:55:03.0032 2496 pciide - ok
19:55:03.0048 2496 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:55:03.0063 2496 pcmcia - ok
19:55:03.0079 2496 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:55:03.0079 2496 pcw - ok
19:55:03.0110 2496 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:55:03.0110 2496 PEAUTH - ok
19:55:03.0172 2496 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:55:03.0188 2496 PeerDistSvc - ok
19:55:03.0250 2496 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:55:03.0250 2496 PerfHost - ok
19:55:03.0313 2496 [ 37EA62238E17AE88E4713D9246CA1C1C ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS
19:55:03.0328 2496 PID_PEPI - ok
19:55:03.0360 2496 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:55:03.0391 2496 pla - ok
19:55:03.0422 2496 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:55:03.0438 2496 PlugPlay - ok
19:55:03.0453 2496 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:55:03.0453 2496 PNRPAutoReg - ok
19:55:03.0469 2496 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:55:03.0469 2496 PNRPsvc - ok
19:55:03.0500 2496 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
19:55:03.0500 2496 Point64 - ok
19:55:03.0516 2496 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:55:03.0531 2496 PolicyAgent - ok
19:55:03.0562 2496 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:55:03.0578 2496 Power - ok
19:55:03.0594 2496 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:55:03.0594 2496 PptpMiniport - ok
19:55:03.0625 2496 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:55:03.0625 2496 Processor - ok
19:55:03.0656 2496 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:55:03.0656 2496 ProfSvc - ok
19:55:03.0672 2496 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:55:03.0672 2496 ProtectedStorage - ok
19:55:03.0703 2496 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:55:03.0703 2496 Psched - ok
19:55:03.0718 2496 [ A6BF0A9B5A30D743623CA0D3BE35DF05 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
19:55:03.0718 2496 PxHlpa64 - ok
19:55:03.0765 2496 [ 874A4B5F6B8D94904D2D0C8F61B3200F ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
19:55:03.0781 2496 QBCFMonitorService - ok
19:55:03.0796 2496 [ 2241EAF40E472C471CB80CF6B97CCA11 ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
19:55:03.0812 2496 QBFCService - ok
19:55:03.0843 2496 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:55:03.0874 2496 ql2300 - ok
19:55:03.0890 2496 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:55:03.0890 2496 ql40xx - ok
19:55:03.0921 2496 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:55:03.0921 2496 QWAVE - ok
19:55:03.0937 2496 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:55:03.0937 2496 QWAVEdrv - ok
19:55:03.0952 2496 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:55:03.0968 2496 RasAcd - ok
19:55:03.0984 2496 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:55:03.0984 2496 RasAgileVpn - ok
19:55:03.0999 2496 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:55:03.0999 2496 RasAuto - ok
19:55:04.0030 2496 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:55:04.0030 2496 Rasl2tp - ok
19:55:04.0062 2496 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:55:04.0077 2496 RasMan - ok
19:55:04.0093 2496 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:55:04.0093 2496 RasPppoe - ok
19:55:04.0108 2496 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:55:04.0108 2496 RasSstp - ok
19:55:04.0140 2496 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:55:04.0140 2496 rdbss - ok
19:55:04.0155 2496 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:55:04.0171 2496 rdpbus - ok
19:55:04.0186 2496 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:55:04.0186 2496 RDPCDD - ok
19:55:04.0218 2496 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:55:04.0218 2496 RDPDR - ok
19:55:04.0233 2496 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:55:04.0249 2496 RDPENCDD - ok
19:55:04.0264 2496 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:55:04.0264 2496 RDPREFMP - ok
19:55:04.0280 2496 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:55:04.0296 2496 RDPWD - ok
19:55:04.0311 2496 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:55:04.0327 2496 rdyboost - ok
19:55:04.0342 2496 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:55:04.0358 2496 RemoteAccess - ok
19:55:04.0374 2496 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:55:04.0374 2496 RemoteRegistry - ok
19:55:04.0420 2496 [ 0B169FE016039571ECC6DB70073F8979 ] RichVideo64 C:\Program Files\CyberLink\Shared files\RichVideo64.exe
19:55:04.0420 2496 RichVideo64 - ok
19:55:04.0436 2496 RimUsb - ok
19:55:04.0452 2496 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
19:55:04.0452 2496 RimVSerPort - ok
19:55:04.0467 2496 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
19:55:04.0467 2496 ROOTMODEM - ok
19:55:04.0498 2496 [ 06E4A1FFA0B831FCA6F1BBF79C96C38C ] Roxio UPnP Renderer 9 C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
19:55:04.0623 2496 Roxio UPnP Renderer 9 - ok
19:55:04.0639 2496 [ EC7BC56A740E00937D4A3DA1B08AC7B1 ] Roxio Upnp Server 9 C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
19:55:04.0654 2496 Roxio Upnp Server 9 - ok
19:55:04.0701 2496 [ 37C38FDEE9436BC97F9185DC72AFCAE2 ] RoxLiveShare9 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
19:55:04.0732 2496 RoxLiveShare9 - ok
19:55:04.0764 2496 [ 19D610F89396363033BD81BDCB226119 ] RoxMediaDB9 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
19:55:04.0795 2496 RoxMediaDB9 - ok
19:55:04.0810 2496 [ 2D170921E6D430533EA36DA0908FDAB3 ] RoxWatch9 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
19:55:04.0826 2496 RoxWatch9 - ok
19:55:04.0842 2496 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:55:04.0857 2496 RpcEptMapper - ok
19:55:04.0873 2496 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:55:04.0873 2496 RpcLocator - ok
19:55:04.0904 2496 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:55:04.0920 2496 RpcSs - ok
19:55:04.0935 2496 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:55:04.0935 2496 rspndr - ok
19:55:04.0951 2496 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:55:04.0951 2496 s3cap - ok
19:55:04.0966 2496 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:55:04.0966 2496 SamSs - ok
19:55:04.0998 2496 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:55:04.0998 2496 sbp2port - ok
19:55:05.0013 2496 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:55:05.0029 2496 SCardSvr - ok
19:55:05.0044 2496 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:55:05.0060 2496 scfilter - ok
19:55:05.0091 2496 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:55:05.0107 2496 Schedule - ok
19:55:05.0138 2496 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:55:05.0138 2496 SCPolicySvc - ok
19:55:05.0154 2496 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:55:05.0169 2496 SDRSVC - ok
19:55:05.0185 2496 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:55:05.0185 2496 secdrv - ok
19:55:05.0216 2496 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:55:05.0216 2496 seclogon - ok
19:55:05.0232 2496 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:55:05.0232 2496 SENS - ok
19:55:05.0247 2496 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:55:05.0247 2496 SensrSvc - ok
19:55:05.0263 2496 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:55:05.0263 2496 Serenum - ok
19:55:05.0278 2496 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:55:05.0278 2496 Serial - ok
19:55:05.0310 2496 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:55:05.0310 2496 sermouse - ok
19:55:05.0356 2496 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:55:05.0356 2496 SessionEnv - ok
19:55:05.0372 2496 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:55:05.0388 2496 sffdisk - ok
19:55:05.0388 2496 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:55:05.0403 2496 sffp_mmc - ok
19:55:05.0403 2496 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:55:05.0403 2496 sffp_sd - ok
19:55:05.0419 2496 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:55:05.0419 2496 sfloppy - ok
19:55:05.0450 2496 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:55:05.0466 2496 SharedAccess - ok
19:55:05.0497 2496 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:55:05.0497 2496 ShellHWDetection - ok
19:55:05.0512 2496 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:55:05.0528 2496 SiSRaid2 - ok
19:55:05.0544 2496 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:55:05.0544 2496 SiSRaid4 - ok
19:55:05.0559 2496 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:55:05.0559 2496 Smb - ok
19:55:05.0590 2496 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:55:05.0590 2496 SNMPTRAP - ok
19:55:05.0606 2496 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:55:05.0606 2496 spldr - ok
19:55:05.0637 2496 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:55:05.0653 2496 Spooler - ok
19:55:05.0731 2496 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:55:05.0793 2496 sppsvc - ok
19:55:05.0809 2496 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:55:05.0824 2496 sppuinotify - ok
19:55:05.0840 2496 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:55:05.0856 2496 srv - ok
19:55:05.0871 2496 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:55:05.0887 2496 srv2 - ok
19:55:05.0902 2496 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:55:05.0918 2496 srvnet - ok
19:55:05.0934 2496 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:55:05.0949 2496 SSDPSRV - ok
19:55:05.0965 2496 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:55:05.0965 2496 SstpSvc - ok
19:55:05.0980 2496 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:55:05.0980 2496 stexstor - ok
19:55:06.0012 2496 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
19:55:06.0012 2496 StillCam - ok
19:55:06.0027 2496 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:55:06.0043 2496 stisvc - ok
19:55:06.0058 2496 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:55:06.0074 2496 storflt - ok
19:55:06.0090 2496 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
19:55:06.0090 2496 StorSvc - ok
19:55:06.0105 2496 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:55:06.0105 2496 storvsc - ok
19:55:06.0121 2496 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:55:06.0136 2496 swenum - ok
19:55:06.0152 2496 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:55:06.0168 2496 swprv - ok
19:55:06.0214 2496 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:55:06.0246 2496 SysMain - ok
19:55:06.0246 2496 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:55:06.0261 2496 TabletInputService - ok
19:55:06.0277 2496 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:55:06.0292 2496 TapiSrv - ok
19:55:06.0308 2496 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:55:06.0308 2496 TBS - ok
19:55:06.0370 2496 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:55:06.0402 2496 Tcpip - ok
19:55:06.0448 2496 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:55:06.0464 2496 TCPIP6 - ok
19:55:06.0480 2496 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:55:06.0480 2496 tcpipreg - ok
19:55:06.0511 2496 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:55:06.0511 2496 TDPIPE - ok
19:55:06.0542 2496 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:55:06.0542 2496 TDTCP - ok
19:55:06.0573 2496 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:55:06.0573 2496 tdx - ok
19:55:06.0589 2496 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:55:06.0589 2496 TermDD - ok
19:55:06.0636 2496 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:55:06.0651 2496 TermService - ok
19:55:06.0667 2496 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:55:06.0682 2496 Themes - ok
19:55:06.0698 2496 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:55:06.0698 2496 THREADORDER - ok
19:55:06.0714 2496 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:55:06.0714 2496 TrkWks - ok
19:55:06.0745 2496 [ DF219721DDFFCBE03AA894B6B6742BA1 ] trufos C:\Windows\system32\DRIVERS\trufos.sys
19:55:06.0760 2496 trufos - ok
19:55:06.0792 2496 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:55:06.0792 2496 TrustedInstaller - ok
19:55:06.0823 2496 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:55:06.0823 2496 tssecsrv - ok
19:55:06.0838 2496 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:55:06.0838 2496 TsUsbFlt - ok
19:55:06.0870 2496 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:55:06.0870 2496 tunnel - ok
19:55:06.0901 2496 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:55:06.0901 2496 uagp35 - ok
19:55:06.0932 2496 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:55:06.0932 2496 udfs - ok
19:55:06.0963 2496 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:55:06.0979 2496 UI0Detect - ok
19:55:06.0994 2496 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:55:06.0994 2496 uliagpkx - ok
19:55:07.0026 2496 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:55:07.0026 2496 umbus - ok
19:55:07.0026 2496 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:55:07.0041 2496 UmPass - ok
19:55:07.0057 2496 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
19:55:07.0072 2496 UmRdpService - ok
19:55:07.0104 2496 [ 2B1970C804C16D887C28246DB6078EC4 ] UPDATESRV C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
19:55:07.0104 2496 UPDATESRV - ok
19:55:07.0119 2496 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:55:07.0135 2496 upnphost - ok
19:55:07.0166 2496 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:55:07.0166 2496 usbaudio - ok
19:55:07.0182 2496 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:55:07.0182 2496 usbccgp - ok
19:55:07.0213 2496 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:55:07.0213 2496 usbcir - ok
19:55:07.0228 2496 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:55:07.0228 2496 usbehci - ok
19:55:07.0260 2496 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:55:07.0260 2496 usbhub - ok
19:55:07.0275 2496 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:55:07.0275 2496 usbohci - ok
19:55:07.0291 2496 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:55:07.0306 2496 usbprint - ok
19:55:07.0322 2496 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:55:07.0322 2496 USBSTOR - ok
19:55:07.0338 2496 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:55:07.0338 2496 usbuhci - ok
19:55:07.0369 2496 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:55:07.0369 2496 UxSms - ok
19:55:07.0384 2496 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:55:07.0384 2496 VaultSvc - ok
19:55:07.0400 2496 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:55:07.0416 2496 vdrvroot - ok
19:55:07.0431 2496 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:55:07.0447 2496 vds - ok
19:55:07.0447 2496 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:55:07.0462 2496 vga - ok
19:55:07.0462 2496 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:55:07.0478 2496 VgaSave - ok
19:55:07.0494 2496 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:55:07.0494 2496 vhdmp - ok
19:55:07.0509 2496 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:55:07.0525 2496 viaide - ok
19:55:07.0540 2496 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:55:07.0540 2496 vmbus - ok
19:55:07.0556 2496 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:55:07.0572 2496 VMBusHID - ok
19:55:07.0572 2496 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:55:07.0587 2496 volmgr - ok
19:55:07.0618 2496 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:55:07.0618 2496 volmgrx - ok
19:55:07.0634 2496 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:55:07.0650 2496 volsnap - ok
19:55:07.0665 2496 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:55:07.0665 2496 vsmraid - ok
19:55:07.0712 2496 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:55:07.0759 2496 VSS - ok
19:55:07.0806 2496 [ 44A325DDD4199F68C56492B33E7E3B75 ] VSSERV C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
19:55:07.0821 2496 VSSERV - ok
19:55:07.0852 2496 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:55:07.0852 2496 vwifibus - ok
19:55:07.0868 2496 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:55:07.0868 2496 vwififlt - ok
19:55:07.0899 2496 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:55:07.0899 2496 W32Time - ok
19:55:07.0930 2496 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:55:07.0930 2496 WacomPen - ok
19:55:07.0946 2496 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:55:07.0946 2496 WANARP - ok
19:55:07.0962 2496 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:55:07.0962 2496 Wanarpv6 - ok
19:55:08.0008 2496 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:55:08.0040 2496 WatAdminSvc - ok
19:55:08.0071 2496 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:55:08.0118 2496 wbengine - ok
19:55:08.0149 2496 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:55:08.0164 2496 WbioSrvc - ok
19:55:08.0180 2496 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:55:08.0196 2496 wcncsvc - ok
19:55:08.0211 2496 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:55:08.0227 2496 WcsPlugInService - ok
19:55:08.0227 2496 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:55:08.0242 2496 Wd - ok
19:55:08.0258 2496 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:55:08.0274 2496 Wdf01000 - ok
19:55:08.0289 2496 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:55:08.0289 2496 WdiServiceHost - ok
19:55:08.0289 2496 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:55:08.0305 2496 WdiSystemHost - ok
19:55:08.0320 2496 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:55:08.0336 2496 WebClient - ok
19:55:08.0352 2496 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:55:08.0367 2496 Wecsvc - ok
19:55:08.0367 2496 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:55:08.0383 2496 wercplsupport - ok
19:55:08.0398 2496 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:55:08.0398 2496 WerSvc - ok
19:55:08.0430 2496 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:55:08.0430 2496 WfpLwf - ok
19:55:08.0445 2496 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:55:08.0445 2496 WIMMount - ok
19:55:08.0461 2496 WinDefend - ok
19:55:08.0476 2496 WinHttpAutoProxySvc - ok
19:55:08.0508 2496 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:55:08.0523 2496 Winmgmt - ok
19:55:08.0570 2496 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:55:08.0632 2496 WinRM - ok
19:55:08.0679 2496 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:55:08.0679 2496 WinUsb - ok
19:55:08.0710 2496 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:55:08.0726 2496 Wlansvc - ok
19:55:08.0757 2496 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:55:08.0757 2496 WmiAcpi - ok
19:55:08.0788 2496 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:55:08.0788 2496 wmiApSrv - ok
19:55:08.0804 2496 WMPNetworkSvc - ok
19:55:08.0820 2496 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:55:08.0820 2496 WPCSvc - ok
19:55:08.0851 2496 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:55:08.0866 2496 WPDBusEnum - ok
19:55:08.0882 2496 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:55:08.0882 2496 ws2ifsl - ok
19:55:08.0898 2496 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:55:08.0913 2496 wscsvc - ok
19:55:08.0913 2496 WSearch - ok
19:55:08.0976 2496 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:55:09.0022 2496 wuauserv - ok
19:55:09.0054 2496 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:55:09.0054 2496 WudfPf - ok
19:55:09.0069 2496 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:55:09.0085 2496 WUDFRd - ok
19:55:09.0100 2496 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:55:09.0116 2496 wudfsvc - ok
19:55:09.0132 2496 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:55:09.0132 2496 WwanSvc - ok
19:55:09.0163 2496 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
19:55:09.0178 2496 yukonw7 - ok
19:55:09.0194 2496 ================ Scan global ===============================
19:55:09.0210 2496 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:55:09.0241 2496 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:55:09.0256 2496 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:55:09.0288 2496 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:55:09.0303 2496 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:55:09.0319 2496 [Global] - ok
19:55:09.0319 2496 ================ Scan MBR ==================================
19:55:09.0334 2496 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:55:09.0475 2496 \Device\Harddisk1\DR1 - ok
19:55:09.0475 2496 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:55:09.0490 2496 \Device\Harddisk0\DR0 - ok
19:55:09.0490 2496 [ 66D0B28C8B44E531D0C19F436252ABAA ] \Device\Harddisk2\DR4
19:55:09.0506 2496 \Device\Harddisk2\DR4 - ok
19:55:09.0506 2496 ================ Scan VBR ==================================
19:55:09.0506 2496 [ 3521CD8F895506B11C07CA738B251A2B ] \Device\Harddisk1\DR1\Partition1
19:55:09.0506 2496 \Device\Harddisk1\DR1\Partition1 - ok
19:55:09.0522 2496 [ 01B4F31209D9177D74E451D1424E3291 ] \Device\Harddisk1\DR1\Partition2
19:55:09.0522 2496 \Device\Harddisk1\DR1\Partition2 - ok
19:55:09.0522 2496 [ 33D39E6D018421BB656A532945E5A011 ] \Device\Harddisk0\DR0\Partition1
19:55:09.0537 2496 \Device\Harddisk0\DR0\Partition1 - ok
19:55:09.0537 2496 [ C57340A439F08E2E2DEEAA3BF5DF5A4F ] \Device\Harddisk0\DR0\Partition2
19:55:09.0537 2496 \Device\Harddisk0\DR0\Partition2 - ok
19:55:09.0553 2496 [ 2E5664B003E1851A54ED83AD2ABDB809 ] \Device\Harddisk2\DR4\Partition1
19:55:09.0553 2496 \Device\Harddisk2\DR4\Partition1 - ok
19:55:09.0553 2496 ============================================================
19:55:09.0553 2496 Scan finished
19:55:09.0553 2496 ============================================================
19:55:09.0568 4580 Detected object count: 1
19:55:09.0568 4580 Actual detected object count: 1
19:55:29.0646 4580 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:55:29.0646 4580 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:35 AM

Posted 23 August 2012 - 05:45 AM

That looks good. The system looks clean.

  • Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Please update your Java to the latest version. See : http://www.java.com/en/download/help/java_update.xml

    Please uninstall any older Java if the Java updater didn't remove it automatically.
  • To Clear the Java Runtime Environment (JRE) cache, do this:
    • Click Start > Settings > Control Panel.
    • Double-click the Java icon.
      -The Java Control Panel appears.
    • Click "Settings" under Temporary Internet Files.
      -The Temporary Files Settings dialog box appears.
    • Click "Delete Files".
      -The Delete Temporary Files dialog box appears.
      -There are three options on this window to clear the cache.
    • Make sure all the options are checked.
    • Click "OK" on Delete Temporary Files window.
      -Note: This deletes all the Downloaded Applications and Applets from the cache.
    • Click "OK" on Temporary Files Settings window.
    • Close the Java Control Panel.
    You can also view these instructions along with screenshots here.
  • This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/

    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
  • Please tell me what happens when you remove the current account(s) from Outlook and add your account anian?


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:35 AM

Posted 28 August 2012 - 08:07 AM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a Private Message within two days and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users