Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus redirecting pages to ad sites


  • Please log in to reply
8 replies to this topic

#1 Arsen U.

Arsen U.

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 26 September 2012 - 02:14 PM

Hi Guys,

I need some help. I have a virus or trojan that is redirecting some of the sites to various AD sites. Including a redirection to a "Norton Antivrius" page (see below). Also get various pop-up ads as well.

It's also slowing down some of my browsing. I've tried many different tools to remove it, but no success. I ran Malwarebytes Anti-Malware, Spybot, Ad-aware, etc. Nothing works.

Can you please help me out?

Thank you so much!!!
- Arsen

Posted Image

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:04 AM

Posted 26 September 2012 - 02:16 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Arsen U.

Arsen U.
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 27 September 2012 - 11:41 AM

Thank you for helping me. Here is the LOG from TDSSkiller..



12:39:06.0537 6232 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:39:06.0769 6232 ============================================================
12:39:06.0769 6232 Current date / time: 2012/09/27 12:39:06.0769
12:39:06.0769 6232 SystemInfo:
12:39:06.0769 6232
12:39:06.0769 6232 OS Version: 6.1.7601 ServicePack: 1.0
12:39:06.0769 6232 Product type: Workstation
12:39:06.0769 6232 ComputerName: ARSEN-PC
12:39:06.0769 6232 UserName: Arsen
12:39:06.0769 6232 Windows directory: C:\Windows
12:39:06.0769 6232 System windows directory: C:\Windows
12:39:06.0769 6232 Running under WOW64
12:39:06.0769 6232 Processor architecture: Intel x64
12:39:06.0769 6232 Number of processors: 6
12:39:06.0769 6232 Page size: 0x1000
12:39:06.0769 6232 Boot type: Normal boot
12:39:06.0769 6232 ============================================================
12:39:07.0367 6232 Drive \Device\Harddisk0\DR0 - Size: 0x15D3EF70000 (1396.98 Gb), SectorSize: 0x200, Cylinders: 0x2C85C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:39:07.0396 6232 ============================================================
12:39:07.0396 6232 \Device\Harddisk0\DR0:
12:39:07.0397 6232 MBR partitions:
12:39:07.0397 6232 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:39:07.0397 6232 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAC80C000
12:39:07.0397 6232 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAC83E800, BlocksNum 0x21B8800
12:39:07.0397 6232 ============================================================
12:39:07.0418 6232 C: <-> \Device\Harddisk0\DR0\Partition2
12:39:07.0490 6232 D: <-> \Device\Harddisk0\DR0\Partition3
12:39:07.0490 6232 ============================================================
12:39:07.0490 6232 Initialize success
12:39:07.0490 6232 ============================================================
12:39:26.0229 7060 ============================================================
12:39:26.0229 7060 Scan started
12:39:26.0229 7060 Mode: Manual; TDLFS;
12:39:26.0229 7060 ============================================================
12:39:26.0636 7060 ================ Scan system memory ========================
12:39:26.0636 7060 System memory - ok
12:39:26.0636 7060 ================ Scan services =============================
12:39:26.0800 7060 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:39:26.0804 7060 1394ohci - ok
12:39:26.0833 7060 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:39:26.0838 7060 ACPI - ok
12:39:26.0849 7060 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:39:26.0850 7060 AcpiPmi - ok
12:39:26.0913 7060 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:39:26.0914 7060 AdobeARMservice - ok
12:39:27.0012 7060 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:39:27.0015 7060 AdobeFlashPlayerUpdateSvc - ok
12:39:27.0036 7060 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:39:27.0042 7060 adp94xx - ok
12:39:27.0061 7060 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:39:27.0065 7060 adpahci - ok
12:39:27.0086 7060 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:39:27.0088 7060 adpu320 - ok
12:39:27.0112 7060 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:39:27.0114 7060 AeLookupSvc - ok
12:39:27.0195 7060 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
12:39:27.0196 7060 AESTFilters - ok
12:39:27.0246 7060 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:39:27.0251 7060 AFD - ok
12:39:27.0282 7060 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:39:27.0284 7060 agp440 - ok
12:39:27.0306 7060 [ A31F4D7C3243341E06155D1AC09A7E98 ] ahcix64s C:\Windows\system32\drivers\ahcix64s.sys
12:39:27.0308 7060 ahcix64s - ok
12:39:27.0317 7060 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:39:27.0319 7060 ALG - ok
12:39:27.0329 7060 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:39:27.0330 7060 aliide - ok
12:39:27.0344 7060 [ A592CA3EC9A5AF7F74D5169D556B976F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:39:27.0346 7060 AMD External Events Utility - ok
12:39:27.0365 7060 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:39:27.0365 7060 amdide - ok
12:39:27.0379 7060 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:39:27.0381 7060 AmdK8 - ok
12:39:27.0547 7060 [ 1512CEEDC3657082F396A0818528B5E8 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:39:27.0724 7060 amdkmdag - ok
12:39:27.0768 7060 [ 3D00276750E2D6F35228E12868CF1A46 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:39:27.0772 7060 amdkmdap - ok
12:39:27.0799 7060 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
12:39:27.0800 7060 AmdPPM - ok
12:39:27.0817 7060 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:39:27.0819 7060 amdsata - ok
12:39:27.0838 7060 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:39:27.0842 7060 amdsbs - ok
12:39:27.0859 7060 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:39:27.0860 7060 amdxata - ok
12:39:27.0901 7060 [ 84F51BF343DAA771C37892275236F56B ] AMD_RAIDXpert C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
12:39:27.0903 7060 AMD_RAIDXpert - ok
12:39:27.0936 7060 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:39:27.0939 7060 AppID - ok
12:39:27.0961 7060 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:39:27.0963 7060 AppIDSvc - ok
12:39:27.0970 7060 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:39:27.0972 7060 Appinfo - ok
12:39:28.0020 7060 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
12:39:28.0023 7060 arc - ok
12:39:28.0035 7060 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:39:28.0037 7060 arcsas - ok
12:39:28.0102 7060 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:39:28.0104 7060 aspnet_state - ok
12:39:28.0121 7060 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:39:28.0123 7060 AsyncMac - ok
12:39:28.0133 7060 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:39:28.0134 7060 atapi - ok
12:39:28.0162 7060 [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:39:28.0163 7060 AtiHDAudioService - ok
12:39:28.0189 7060 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:39:28.0199 7060 AudioEndpointBuilder - ok
12:39:28.0212 7060 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:39:28.0219 7060 AudioSrv - ok
12:39:28.0244 7060 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:39:28.0247 7060 AxInstSV - ok
12:39:28.0264 7060 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:39:28.0269 7060 b06bdrv - ok
12:39:28.0288 7060 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:39:28.0291 7060 b57nd60a - ok
12:39:28.0346 7060 [ FDE8C8DC07E75347E4C6B455A0964217 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
12:39:28.0363 7060 BCM43XX - ok
12:39:28.0378 7060 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:39:28.0380 7060 BDESVC - ok
12:39:28.0391 7060 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:39:28.0393 7060 Beep - ok
12:39:28.0425 7060 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:39:28.0438 7060 BFE - ok
12:39:28.0493 7060 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
12:39:28.0510 7060 BITS - ok
12:39:28.0532 7060 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
12:39:28.0534 7060 blbdrive - ok
12:39:28.0581 7060 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:39:28.0587 7060 Bonjour Service - ok
12:39:28.0622 7060 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:39:28.0624 7060 bowser - ok
12:39:28.0642 7060 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:39:28.0643 7060 BrFiltLo - ok
12:39:28.0653 7060 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:39:28.0654 7060 BrFiltUp - ok
12:39:28.0666 7060 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:39:28.0668 7060 BridgeMP - ok
12:39:28.0699 7060 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:39:28.0701 7060 Browser - ok
12:39:28.0721 7060 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:39:28.0726 7060 Brserid - ok
12:39:28.0740 7060 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:39:28.0741 7060 BrSerWdm - ok
12:39:28.0746 7060 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:39:28.0746 7060 BrUsbMdm - ok
12:39:28.0758 7060 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:39:28.0759 7060 BrUsbSer - ok
12:39:28.0780 7060 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
12:39:28.0782 7060 BthEnum - ok
12:39:28.0798 7060 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:39:28.0800 7060 BTHMODEM - ok
12:39:28.0816 7060 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:39:28.0818 7060 BthPan - ok
12:39:28.0849 7060 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
12:39:28.0856 7060 BTHPORT - ok
12:39:28.0870 7060 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:39:28.0872 7060 bthserv - ok
12:39:28.0893 7060 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
12:39:28.0895 7060 BTHUSB - ok
12:39:28.0951 7060 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
12:39:28.0955 7060 BTWAMPFL - ok
12:39:28.0981 7060 [ 7CF028CE78696882B327FF13D2DFA534 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
12:39:28.0982 7060 btwaudio - ok
12:39:29.0001 7060 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
12:39:29.0003 7060 btwavdt - ok
12:39:29.0077 7060 [ 1AD3A2BAF31C4327DCBB2B0ECA4A23BB ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:39:29.0087 7060 btwdins - ok
12:39:29.0117 7060 [ 346B4051B3D7FF70E8F027869B8ECA6E ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
12:39:29.0117 7060 btwl2cap - ok
12:39:29.0132 7060 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
12:39:29.0133 7060 btwrchid - ok
12:39:29.0293 7060 [ ED1CB67CA2FEE5A44CF90D065D01B76B ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
12:39:29.0427 7060 CarboniteService - ok
12:39:29.0438 7060 catchme - ok
12:39:29.0454 7060 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:39:29.0456 7060 cdfs - ok
12:39:29.0471 7060 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:39:29.0473 7060 cdrom - ok
12:39:29.0487 7060 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:39:29.0489 7060 CertPropSvc - ok
12:39:29.0496 7060 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
12:39:29.0497 7060 circlass - ok
12:39:29.0515 7060 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:39:29.0520 7060 CLFS - ok
12:39:29.0570 7060 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:39:29.0571 7060 clr_optimization_v2.0.50727_32 - ok
12:39:29.0608 7060 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:39:29.0611 7060 clr_optimization_v2.0.50727_64 - ok
12:39:29.0683 7060 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:39:29.0685 7060 clr_optimization_v4.0.30319_32 - ok
12:39:29.0693 7060 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:39:29.0695 7060 clr_optimization_v4.0.30319_64 - ok
12:39:29.0709 7060 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
12:39:29.0711 7060 CmBatt - ok
12:39:29.0730 7060 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:39:29.0730 7060 cmdide - ok
12:39:29.0771 7060 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:39:29.0780 7060 CNG - ok
12:39:29.0791 7060 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:39:29.0792 7060 Compbatt - ok
12:39:29.0818 7060 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:39:29.0820 7060 CompositeBus - ok
12:39:29.0825 7060 COMSysApp - ok
12:39:29.0837 7060 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:39:29.0838 7060 crcdisk - ok
12:39:29.0872 7060 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:39:29.0875 7060 CryptSvc - ok
12:39:29.0911 7060 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:39:29.0921 7060 DcomLaunch - ok
12:39:29.0940 7060 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:39:29.0946 7060 defragsvc - ok
12:39:29.0965 7060 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:39:29.0968 7060 DfsC - ok
12:39:30.0003 7060 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:39:30.0009 7060 Dhcp - ok
12:39:30.0023 7060 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:39:30.0024 7060 discache - ok
12:39:30.0041 7060 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
12:39:30.0043 7060 Disk - ok
12:39:30.0060 7060 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:39:30.0064 7060 Dnscache - ok
12:39:30.0082 7060 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:39:30.0088 7060 dot3svc - ok
12:39:30.0135 7060 [ A1EBB409E265DF9061F7995D5A3F2A97 ] DpHost C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
12:39:30.0139 7060 DpHost - ok
12:39:30.0163 7060 [ 1DA17AB1AB496963949DF99184796DBC ] dpK00701 C:\Windows\system32\DRIVERS\dpK00701.sys
12:39:30.0165 7060 dpK00701 - ok
12:39:30.0175 7060 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:39:30.0178 7060 DPS - ok
12:39:30.0201 7060 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:39:30.0202 7060 drmkaud - ok
12:39:30.0239 7060 [ 3EEF0B3489EDBF725564E17C77CABAFD ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
12:39:30.0240 7060 dsNcAdpt - ok
12:39:30.0287 7060 [ BC4851B8CD478B93FCAEDB95052A824D ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
12:39:30.0299 7060 dsNcService - ok
12:39:30.0362 7060 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:39:30.0368 7060 DXGKrnl - ok
12:39:30.0394 7060 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:39:30.0398 7060 EapHost - ok
12:39:30.0467 7060 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:39:30.0526 7060 ebdrv - ok
12:39:30.0550 7060 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:39:30.0551 7060 EFS - ok
12:39:30.0613 7060 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:39:30.0626 7060 ehRecvr - ok
12:39:30.0652 7060 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:39:30.0654 7060 ehSched - ok
12:39:30.0742 7060 ekrn - ok
12:39:30.0773 7060 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:39:30.0781 7060 elxstor - ok
12:39:30.0801 7060 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:39:30.0801 7060 ErrDev - ok
12:39:30.0838 7060 esgiguard - ok
12:39:30.0879 7060 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:39:30.0885 7060 EventSystem - ok
12:39:30.0903 7060 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:39:30.0907 7060 exfat - ok
12:39:30.0922 7060 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:39:30.0926 7060 fastfat - ok
12:39:30.0953 7060 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:39:30.0964 7060 Fax - ok
12:39:30.0982 7060 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
12:39:30.0984 7060 fdc - ok
12:39:31.0001 7060 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:39:31.0003 7060 fdPHost - ok
12:39:31.0013 7060 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:39:31.0016 7060 FDResPub - ok
12:39:31.0033 7060 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:39:31.0036 7060 FileInfo - ok
12:39:31.0046 7060 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:39:31.0048 7060 Filetrace - ok
12:39:31.0061 7060 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:39:31.0063 7060 flpydisk - ok
12:39:31.0082 7060 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:39:31.0087 7060 FltMgr - ok
12:39:31.0130 7060 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:39:31.0162 7060 FontCache - ok
12:39:31.0202 7060 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:39:31.0203 7060 FontCache3.0.0.0 - ok
12:39:31.0214 7060 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:39:31.0216 7060 FsDepends - ok
12:39:31.0248 7060 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:39:31.0248 7060 Fs_Rec - ok
12:39:31.0262 7060 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:39:31.0264 7060 fvevol - ok
12:39:31.0274 7060 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:39:31.0276 7060 gagp30kx - ok
12:39:31.0303 7060 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:39:31.0315 7060 gpsvc - ok
12:39:31.0327 7060 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:39:31.0328 7060 hcw85cir - ok
12:39:31.0342 7060 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:39:31.0345 7060 HdAudAddService - ok
12:39:31.0373 7060 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:39:31.0375 7060 HDAudBus - ok
12:39:31.0384 7060 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:39:31.0386 7060 HidBatt - ok
12:39:31.0400 7060 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:39:31.0401 7060 HidBth - ok
12:39:31.0407 7060 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
12:39:31.0409 7060 HidIr - ok
12:39:31.0419 7060 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
12:39:31.0421 7060 hidserv - ok
12:39:31.0438 7060 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:39:31.0439 7060 HidUsb - ok
12:39:31.0453 7060 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:39:31.0455 7060 hkmsvc - ok
12:39:31.0474 7060 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:39:31.0477 7060 HomeGroupListener - ok
12:39:31.0496 7060 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:39:31.0499 7060 HomeGroupProvider - ok
12:39:31.0540 7060 HP Support Assistant Service - ok
12:39:31.0594 7060 [ 7B8C1B09C11E8DB7C4480ABD7D17E821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
12:39:31.0607 7060 HPAuto - ok
12:39:31.0625 7060 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
12:39:31.0630 7060 HPClientSvc - ok
12:39:31.0645 7060 hpqwmiex - ok
12:39:31.0655 7060 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:39:31.0657 7060 HpSAMD - ok
12:39:31.0703 7060 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:39:31.0716 7060 HTTP - ok
12:39:31.0728 7060 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:39:31.0728 7060 hwpolicy - ok
12:39:31.0744 7060 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:39:31.0748 7060 i8042prt - ok
12:39:31.0771 7060 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:39:31.0776 7060 iaStorV - ok
12:39:31.0821 7060 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:39:31.0836 7060 idsvc - ok
12:39:31.0975 7060 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:39:32.0086 7060 igfx - ok
12:39:32.0111 7060 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:39:32.0112 7060 iirsp - ok
12:39:32.0135 7060 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:39:32.0144 7060 IKEEXT - ok
12:39:32.0165 7060 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:39:32.0165 7060 intelide - ok
12:39:32.0178 7060 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
12:39:32.0180 7060 intelppm - ok
12:39:32.0200 7060 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:39:32.0203 7060 IPBusEnum - ok
12:39:32.0209 7060 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:39:32.0211 7060 IpFilterDriver - ok
12:39:32.0221 7060 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:39:32.0222 7060 IPMIDRV - ok
12:39:32.0240 7060 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:39:32.0243 7060 IPNAT - ok
12:39:32.0255 7060 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:39:32.0256 7060 IRENUM - ok
12:39:32.0267 7060 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:39:32.0267 7060 isapnp - ok
12:39:32.0278 7060 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:39:32.0281 7060 iScsiPrt - ok
12:39:32.0297 7060 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:39:32.0298 7060 kbdclass - ok
12:39:32.0310 7060 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:39:32.0312 7060 kbdhid - ok
12:39:32.0317 7060 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:39:32.0318 7060 KeyIso - ok
12:39:32.0345 7060 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:39:32.0347 7060 KSecDD - ok
12:39:32.0363 7060 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:39:32.0365 7060 KSecPkg - ok
12:39:32.0380 7060 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:39:32.0383 7060 ksthunk - ok
12:39:32.0398 7060 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:39:32.0403 7060 KtmRm - ok
12:39:32.0434 7060 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:39:32.0439 7060 LanmanServer - ok
12:39:32.0460 7060 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:39:32.0467 7060 LanmanWorkstation - ok
12:39:32.0551 7060 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:39:32.0557 7060 LBTServ - ok
12:39:32.0604 7060 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:39:32.0605 7060 LHidFilt - ok
12:39:32.0621 7060 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:39:32.0623 7060 lltdio - ok
12:39:32.0663 7060 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:39:32.0691 7060 lltdsvc - ok
12:39:32.0723 7060 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:39:32.0726 7060 lmhosts - ok
12:39:32.0735 7060 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:39:32.0736 7060 LMouFilt - ok
12:39:32.0762 7060 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:39:32.0765 7060 LSI_FC - ok
12:39:32.0776 7060 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:39:32.0779 7060 LSI_SAS - ok
12:39:32.0793 7060 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:39:32.0795 7060 LSI_SAS2 - ok
12:39:32.0806 7060 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:39:32.0809 7060 LSI_SCSI - ok
12:39:32.0821 7060 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:39:32.0825 7060 luafv - ok
12:39:32.0854 7060 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:39:32.0855 7060 MBAMProtector - ok
12:39:32.0899 7060 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:39:32.0903 7060 MBAMScheduler - ok
12:39:32.0935 7060 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:39:32.0942 7060 MBAMService - ok
12:39:32.0973 7060 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:39:32.0978 7060 Mcx2Svc - ok
12:39:33.0005 7060 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
12:39:33.0007 7060 megasas - ok
12:39:33.0026 7060 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:39:33.0031 7060 MegaSR - ok
12:39:33.0092 7060 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:39:33.0094 7060 Microsoft Office Groove Audit Service - ok
12:39:33.0109 7060 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:39:33.0114 7060 MMCSS - ok
12:39:33.0129 7060 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:39:33.0132 7060 Modem - ok
12:39:33.0146 7060 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:39:33.0147 7060 monitor - ok
12:39:33.0164 7060 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:39:33.0165 7060 mouclass - ok
12:39:33.0179 7060 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:39:33.0181 7060 mouhid - ok
12:39:33.0198 7060 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:39:33.0200 7060 mountmgr - ok
12:39:33.0248 7060 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:39:33.0250 7060 MozillaMaintenance - ok
12:39:33.0268 7060 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:39:33.0272 7060 mpio - ok
12:39:33.0284 7060 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:39:33.0287 7060 mpsdrv - ok
12:39:33.0316 7060 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:39:33.0333 7060 MpsSvc - ok
12:39:33.0348 7060 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:39:33.0351 7060 MRxDAV - ok
12:39:33.0373 7060 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:39:33.0374 7060 mrxsmb - ok
12:39:33.0395 7060 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:39:33.0398 7060 mrxsmb10 - ok
12:39:33.0405 7060 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:39:33.0407 7060 mrxsmb20 - ok
12:39:33.0423 7060 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:39:33.0424 7060 msahci - ok
12:39:33.0442 7060 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:39:33.0443 7060 msdsm - ok
12:39:33.0457 7060 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:39:33.0460 7060 MSDTC - ok
12:39:33.0467 7060 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:39:33.0468 7060 Msfs - ok
12:39:33.0481 7060 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:39:33.0483 7060 mshidkmdf - ok
12:39:33.0508 7060 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:39:33.0508 7060 msisadrv - ok
12:39:33.0534 7060 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:39:33.0539 7060 MSiSCSI - ok
12:39:33.0545 7060 msiserver - ok
12:39:33.0569 7060 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:39:33.0571 7060 MSKSSRV - ok
12:39:33.0586 7060 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:39:33.0588 7060 MSPCLOCK - ok
12:39:33.0601 7060 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:39:33.0603 7060 MSPQM - ok
12:39:33.0620 7060 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:39:33.0625 7060 MsRPC - ok
12:39:33.0650 7060 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:39:33.0650 7060 mssmbios - ok
12:39:33.0662 7060 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:39:33.0665 7060 MSTEE - ok
12:39:33.0680 7060 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:39:33.0681 7060 MTConfig - ok
12:39:33.0709 7060 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:39:33.0710 7060 Mup - ok
12:39:33.0742 7060 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:39:33.0786 7060 napagent - ok
12:39:33.0815 7060 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:39:33.0819 7060 NativeWifiP - ok
12:39:33.0875 7060 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:39:33.0889 7060 NDIS - ok
12:39:33.0914 7060 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:39:33.0917 7060 NdisCap - ok
12:39:33.0937 7060 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:39:33.0939 7060 NdisTapi - ok
12:39:33.0963 7060 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:39:33.0965 7060 Ndisuio - ok
12:39:33.0977 7060 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:39:33.0980 7060 NdisWan - ok
12:39:33.0996 7060 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:39:34.0000 7060 NDProxy - ok
12:39:34.0012 7060 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:39:34.0013 7060 NetBIOS - ok
12:39:34.0026 7060 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:39:34.0030 7060 NetBT - ok
12:39:34.0044 7060 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:39:34.0046 7060 Netlogon - ok
12:39:34.0073 7060 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:39:34.0080 7060 Netman - ok
12:39:34.0095 7060 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:39:34.0097 7060 NetMsmqActivator - ok
12:39:34.0104 7060 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:39:34.0105 7060 NetPipeActivator - ok
12:39:34.0138 7060 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:39:34.0147 7060 netprofm - ok
12:39:34.0154 7060 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:39:34.0155 7060 NetTcpActivator - ok
12:39:34.0160 7060 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:39:34.0162 7060 NetTcpPortSharing - ok
12:39:34.0184 7060 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:39:34.0186 7060 nfrd960 - ok
12:39:34.0209 7060 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:39:34.0213 7060 NlaSvc - ok
12:39:34.0222 7060 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:39:34.0223 7060 Npfs - ok
12:39:34.0237 7060 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:39:34.0239 7060 nsi - ok
12:39:34.0248 7060 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:39:34.0248 7060 nsiproxy - ok
12:39:34.0296 7060 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:39:34.0327 7060 Ntfs - ok
12:39:34.0340 7060 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:39:34.0341 7060 Null - ok
12:39:34.0354 7060 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:39:34.0356 7060 nvraid - ok
12:39:34.0374 7060 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:39:34.0377 7060 nvstor - ok
12:39:34.0409 7060 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:39:34.0411 7060 nv_agp - ok
12:39:34.0477 7060 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:39:34.0482 7060 odserv - ok
12:39:34.0502 7060 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:39:34.0506 7060 ohci1394 - ok
12:39:34.0529 7060 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:39:34.0531 7060 ose - ok
12:39:34.0557 7060 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:39:34.0564 7060 p2pimsvc - ok
12:39:34.0596 7060 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:39:34.0604 7060 p2psvc - ok
12:39:34.0632 7060 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
12:39:34.0635 7060 Parport - ok
12:39:34.0668 7060 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:39:34.0671 7060 partmgr - ok
12:39:34.0704 7060 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:39:34.0709 7060 PcaSvc - ok
12:39:34.0722 7060 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:39:34.0725 7060 pci - ok
12:39:34.0733 7060 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:39:34.0734 7060 pciide - ok
12:39:34.0753 7060 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:39:34.0756 7060 pcmcia - ok
12:39:34.0765 7060 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:39:34.0766 7060 pcw - ok
12:39:34.0788 7060 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:39:34.0798 7060 PEAUTH - ok
12:39:34.0860 7060 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:39:34.0863 7060 PerfHost - ok
12:39:34.0904 7060 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:39:34.0926 7060 pla - ok
12:39:34.0950 7060 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:39:34.0955 7060 PlugPlay - ok
12:39:34.0965 7060 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:39:34.0967 7060 PNRPAutoReg - ok
12:39:34.0974 7060 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:39:34.0976 7060 PNRPsvc - ok
12:39:34.0997 7060 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:39:35.0003 7060 PolicyAgent - ok
12:39:35.0031 7060 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:39:35.0034 7060 Power - ok
12:39:35.0088 7060 [ 4DB7DC5AA61974B616EA2AA16E04F5F2 ] ppped C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
12:39:35.0100 7060 ppped - ok
12:39:35.0124 7060 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:39:35.0127 7060 PptpMiniport - ok
12:39:35.0140 7060 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
12:39:35.0142 7060 Processor - ok
12:39:35.0188 7060 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:39:35.0195 7060 ProfSvc - ok
12:39:35.0205 7060 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:39:35.0207 7060 ProtectedStorage - ok
12:39:35.0216 7060 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:39:35.0218 7060 Psched - ok
12:39:35.0270 7060 [ 2631FC0676CC310B2E85FDE46B1560D9 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
12:39:35.0271 7060 QBCFMonitorService - ok
12:39:35.0306 7060 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
12:39:35.0308 7060 QBFCService - ok
12:39:35.0343 7060 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:39:35.0363 7060 ql2300 - ok
12:39:35.0382 7060 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:39:35.0385 7060 ql40xx - ok
12:39:35.0419 7060 QuickBooksDB20 - ok
12:39:35.0437 7060 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:39:35.0442 7060 QWAVE - ok
12:39:35.0454 7060 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:39:35.0456 7060 QWAVEdrv - ok
12:39:35.0464 7060 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:39:35.0466 7060 RasAcd - ok
12:39:35.0476 7060 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:39:35.0478 7060 RasAgileVpn - ok
12:39:35.0493 7060 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:39:35.0498 7060 RasAuto - ok
12:39:35.0505 7060 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:39:35.0507 7060 Rasl2tp - ok
12:39:35.0530 7060 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:39:35.0536 7060 RasMan - ok
12:39:35.0551 7060 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:39:35.0554 7060 RasPppoe - ok
12:39:35.0566 7060 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:39:35.0568 7060 RasSstp - ok
12:39:35.0583 7060 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:39:35.0586 7060 rdbss - ok
12:39:35.0593 7060 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
12:39:35.0594 7060 rdpbus - ok
12:39:35.0606 7060 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:39:35.0606 7060 RDPCDD - ok
12:39:35.0621 7060 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:39:35.0622 7060 RDPENCDD - ok
12:39:35.0634 7060 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:39:35.0634 7060 RDPREFMP - ok
12:39:35.0671 7060 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:39:35.0674 7060 RDPWD - ok
12:39:35.0694 7060 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:39:35.0697 7060 rdyboost - ok
12:39:35.0748 7060 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:39:35.0754 7060 RemoteAccess - ok
12:39:35.0786 7060 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:39:35.0793 7060 RemoteRegistry - ok
12:39:35.0822 7060 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:39:35.0825 7060 RFCOMM - ok
12:39:35.0855 7060 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:39:35.0861 7060 RpcEptMapper - ok
12:39:35.0880 7060 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:39:35.0884 7060 RpcLocator - ok
12:39:35.0911 7060 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:39:35.0921 7060 RpcSs - ok
12:39:35.0935 7060 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:39:35.0938 7060 rspndr - ok
12:39:35.0966 7060 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:39:35.0973 7060 RTL8167 - ok
12:39:35.0983 7060 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:39:35.0984 7060 SamSs - ok
12:39:36.0061 7060 [ 6090BCB4345D615070D3155A0A2EB60F ] Samsung Network Fax Server C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
12:39:36.0065 7060 Samsung Network Fax Server - ok
12:39:36.0083 7060 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:39:36.0086 7060 sbp2port - ok
12:39:36.0107 7060 SBRE - ok
12:39:36.0151 7060 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
12:39:36.0160 7060 SBSDWSCService - ok
12:39:36.0190 7060 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:39:36.0233 7060 SCardSvr - ok
12:39:36.0270 7060 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:39:36.0273 7060 scfilter - ok
12:39:36.0318 7060 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:39:36.0351 7060 Schedule - ok
12:39:36.0375 7060 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:39:36.0377 7060 SCPolicySvc - ok
12:39:36.0401 7060 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:39:36.0408 7060 SDRSVC - ok
12:39:36.0428 7060 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:39:36.0428 7060 secdrv - ok
12:39:36.0443 7060 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:39:36.0446 7060 seclogon - ok
12:39:36.0470 7060 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
12:39:36.0473 7060 SENS - ok
12:39:36.0499 7060 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:39:36.0503 7060 SensrSvc - ok
12:39:36.0519 7060 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
12:39:36.0520 7060 Serenum - ok
12:39:36.0528 7060 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
12:39:36.0530 7060 Serial - ok
12:39:36.0547 7060 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:39:36.0549 7060 sermouse - ok
12:39:36.0570 7060 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:39:36.0574 7060 SessionEnv - ok
12:39:36.0584 7060 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:39:36.0584 7060 sffdisk - ok
12:39:36.0596 7060 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:39:36.0596 7060 sffp_mmc - ok
12:39:36.0611 7060 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:39:36.0612 7060 sffp_sd - ok
12:39:36.0615 7060 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:39:36.0616 7060 sfloppy - ok
12:39:36.0654 7060 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:39:36.0659 7060 SharedAccess - ok
12:39:36.0680 7060 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:39:36.0685 7060 ShellHWDetection - ok
12:39:36.0692 7060 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:39:36.0693 7060 SiSRaid2 - ok
12:39:36.0700 7060 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:39:36.0702 7060 SiSRaid4 - ok
12:39:36.0714 7060 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:39:36.0717 7060 Smb - ok
12:39:36.0750 7060 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:39:36.0753 7060 SNMPTRAP - ok
12:39:36.0764 7060 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:39:36.0764 7060 spldr - ok
12:39:36.0792 7060 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:39:36.0800 7060 Spooler - ok
12:39:36.0911 7060 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:39:36.0964 7060 sppsvc - ok
12:39:36.0987 7060 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:39:36.0990 7060 sppuinotify - ok
12:39:37.0008 7060 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:39:37.0012 7060 srv - ok
12:39:37.0024 7060 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:39:37.0028 7060 srv2 - ok
12:39:37.0040 7060 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:39:37.0042 7060 srvnet - ok
12:39:37.0080 7060 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:39:37.0084 7060 SSDPSRV - ok
12:39:37.0116 7060 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
12:39:37.0117 7060 SSPORT - ok
12:39:37.0130 7060 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:39:37.0136 7060 SstpSvc - ok
12:39:37.0196 7060 [ D343109DF7DAFEC3C75AC65446F5A1A9 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
12:39:37.0202 7060 STacSV - ok
12:39:37.0231 7060 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:39:37.0231 7060 stexstor - ok
12:39:37.0260 7060 [ 8C490A03D0E44165D8BB48CEA4787F47 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
12:39:37.0267 7060 STHDA - ok
12:39:37.0288 7060 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:39:37.0297 7060 stisvc - ok
12:39:37.0311 7060 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:39:37.0311 7060 swenum - ok
12:39:37.0331 7060 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:39:37.0340 7060 swprv - ok
12:39:37.0383 7060 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:39:37.0415 7060 SysMain - ok
12:39:37.0436 7060 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:39:37.0440 7060 TabletInputService - ok
12:39:37.0455 7060 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:39:37.0462 7060 TapiSrv - ok
12:39:37.0476 7060 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:39:37.0478 7060 TBS - ok
12:39:37.0534 7060 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:39:37.0584 7060 Tcpip - ok
12:39:37.0646 7060 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:39:37.0663 7060 TCPIP6 - ok
12:39:37.0687 7060 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:39:37.0689 7060 tcpipreg - ok
12:39:37.0701 7060 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:39:37.0702 7060 TDPIPE - ok
12:39:37.0725 7060 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:39:37.0727 7060 TDTCP - ok
12:39:37.0740 7060 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:39:37.0743 7060 tdx - ok
12:39:37.0763 7060 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:39:37.0764 7060 TermDD - ok
12:39:37.0787 7060 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:39:37.0793 7060 TermService - ok
12:39:37.0801 7060 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:39:37.0804 7060 Themes - ok
12:39:37.0825 7060 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:39:37.0827 7060 THREADORDER - ok
12:39:37.0857 7060 [ DA632FAE7B5629032B2C24E1BE29168B ] tihub3 C:\Windows\system32\drivers\tihub3.sys
12:39:37.0858 7060 tihub3 - ok
12:39:37.0891 7060 [ E2083499BD967396B3449C56EC8CFA70 ] tixhci C:\Windows\system32\drivers\tixhci.sys
12:39:37.0894 7060 tixhci - ok
12:39:37.0905 7060 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:39:37.0909 7060 TrkWks - ok
12:39:37.0942 7060 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:39:37.0944 7060 TrustedInstaller - ok
12:39:37.0956 7060 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:39:37.0958 7060 tssecsrv - ok
12:39:37.0973 7060 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:39:37.0975 7060 TsUsbFlt - ok
12:39:37.0989 7060 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
12:39:37.0989 7060 TsUsbGD - ok
12:39:38.0013 7060 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:39:38.0016 7060 tunnel - ok
12:39:38.0030 7060 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:39:38.0032 7060 uagp35 - ok
12:39:38.0051 7060 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:39:38.0055 7060 udfs - ok
12:39:38.0073 7060 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:39:38.0076 7060 UI0Detect - ok
12:39:38.0111 7060 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:39:38.0114 7060 uliagpkx - ok
12:39:38.0127 7060 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:39:38.0128 7060 umbus - ok
12:39:38.0139 7060 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
12:39:38.0140 7060 UmPass - ok
12:39:38.0153 7060 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:39:38.0158 7060 upnphost - ok
12:39:38.0172 7060 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:39:38.0175 7060 usbccgp - ok
12:39:38.0188 7060 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:39:38.0190 7060 usbcir - ok
12:39:38.0219 7060 [ 4846D37BBA87B2E6138074EE076E367E ] usbdpfp C:\Windows\system32\DRIVERS\usbdpfp.sys
12:39:38.0220 7060 usbdpfp - ok
12:39:38.0235 7060 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:39:38.0237 7060 usbehci - ok
12:39:38.0252 7060 [ 573D192E268F0C5B486B7E96F661E538 ] usbfilter C:\Windows\system32\drivers\usbfilter.sys
12:39:38.0252 7060 usbfilter - ok
12:39:38.0271 7060 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
12:39:38.0275 7060 usbhub - ok
12:39:38.0281 7060 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:39:38.0282 7060 usbohci - ok
12:39:38.0300 7060 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:39:38.0302 7060 usbprint - ok
12:39:38.0310 7060 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:39:38.0312 7060 USBSTOR - ok
12:39:38.0320 7060 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:39:38.0321 7060 usbuhci - ok
12:39:38.0328 7060 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:39:38.0331 7060 UxSms - ok
12:39:38.0336 7060 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:39:38.0337 7060 VaultSvc - ok
12:39:38.0362 7060 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:39:38.0363 7060 vdrvroot - ok
12:39:38.0376 7060 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:39:38.0384 7060 vds - ok
12:39:38.0398 7060 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:39:38.0399 7060 vga - ok
12:39:38.0409 7060 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:39:38.0411 7060 VgaSave - ok
12:39:38.0422 7060 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:39:38.0425 7060 vhdmp - ok
12:39:38.0444 7060 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:39:38.0444 7060 viaide - ok
12:39:38.0455 7060 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:39:38.0456 7060 volmgr - ok
12:39:38.0469 7060 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:39:38.0473 7060 volmgrx - ok
12:39:38.0484 7060 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:39:38.0486 7060 volsnap - ok
12:39:38.0496 7060 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:39:38.0498 7060 vsmraid - ok
12:39:38.0532 7060 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:39:38.0545 7060 VSS - ok
12:39:38.0568 7060 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:39:38.0569 7060 vwifibus - ok
12:39:38.0583 7060 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:39:38.0585 7060 vwififlt - ok
12:39:38.0603 7060 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:39:38.0613 7060 W32Time - ok
12:39:38.0627 7060 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:39:38.0628 7060 WacomPen - ok
12:39:38.0638 7060 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:39:38.0640 7060 WANARP - ok
12:39:38.0644 7060 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:39:38.0645 7060 Wanarpv6 - ok
12:39:38.0700 7060 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:39:38.0727 7060 WatAdminSvc - ok
12:39:38.0763 7060 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:39:38.0795 7060 wbengine - ok
12:39:38.0806 7060 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:39:38.0811 7060 WbioSrvc - ok
12:39:38.0831 7060 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:39:38.0838 7060 wcncsvc - ok
12:39:38.0852 7060 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:39:38.0856 7060 WcsPlugInService - ok
12:39:38.0868 7060 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
12:39:38.0869 7060 Wd - ok
12:39:38.0894 7060 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:39:38.0902 7060 Wdf01000 - ok
12:39:38.0913 7060 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:39:38.0918 7060 WdiServiceHost - ok
12:39:38.0922 7060 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:39:38.0924 7060 WdiSystemHost - ok
12:39:38.0940 7060 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:39:38.0945 7060 WebClient - ok
12:39:38.0963 7060 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:39:38.0969 7060 Wecsvc - ok
12:39:38.0980 7060 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:39:38.0984 7060 wercplsupport - ok
12:39:39.0006 7060 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:39:39.0010 7060 WerSvc - ok
12:39:39.0018 7060 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:39:39.0019 7060 WfpLwf - ok
12:39:39.0037 7060 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:39:39.0038 7060 WIMMount - ok
12:39:39.0050 7060 WinDefend - ok
12:39:39.0057 7060 WinHttpAutoProxySvc - ok
12:39:39.0095 7060 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:39:39.0099 7060 Winmgmt - ok
12:39:39.0154 7060 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:39:39.0208 7060 WinRM - ok
12:39:39.0268 7060 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:39:39.0270 7060 WinUsb - ok
12:39:39.0304 7060 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:39:39.0323 7060 Wlansvc - ok
12:39:39.0375 7060 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:39:39.0377 7060 wlcrasvc - ok
12:39:39.0451 7060 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:39:39.0492 7060 wlidsvc - ok
12:39:39.0559 7060 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:39:39.0560 7060 WmiAcpi - ok
12:39:39.0586 7060 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:39:39.0591 7060 wmiApSrv - ok
12:39:39.0600 7060 WMPNetworkSvc - ok
12:39:39.0615 7060 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:39:39.0620 7060 WPCSvc - ok
12:39:39.0650 7060 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:39:39.0668 7060 WPDBusEnum - ok
12:39:39.0684 7060 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:39:39.0685 7060 ws2ifsl - ok
12:39:39.0708 7060 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
12:39:39.0717 7060 wscsvc - ok
12:39:39.0757 7060 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
12:39:39.0758 7060 WSDPrintDevice - ok
12:39:39.0781 7060 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
12:39:39.0782 7060 WSDScan - ok
12:39:39.0786 7060 WSearch - ok
12:39:39.0878 7060 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:39:39.0921 7060 wuauserv - ok
12:39:39.0946 7060 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:39:39.0949 7060 WudfPf - ok
12:39:39.0974 7060 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:39:39.0978 7060 WUDFRd - ok
12:39:39.0998 7060 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:39:40.0006 7060 wudfsvc - ok
12:39:40.0025 7060 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:39:40.0033 7060 WwanSvc - ok
12:39:40.0056 7060 ================ Scan global ===============================
12:39:40.0077 7060 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:39:40.0096 7060 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:39:40.0111 7060 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:39:40.0133 7060 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:39:40.0156 7060 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:39:40.0161 7060 [Global] - ok
12:39:40.0162 7060 ================ Scan MBR ==================================
12:39:40.0170 7060 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:39:40.0533 7060 \Device\Harddisk0\DR0 - ok
12:39:40.0533 7060 ================ Scan VBR ==================================
12:39:40.0537 7060 [ 9A8646FB35EAEEE6466E3C8E79E52CDD ] \Device\Harddisk0\DR0\Partition1
12:39:40.0539 7060 \Device\Harddisk0\DR0\Partition1 - ok
12:39:40.0567 7060 [ E2B326B4E33A33D73D652525158211D7 ] \Device\Harddisk0\DR0\Partition2
12:39:40.0569 7060 \Device\Harddisk0\DR0\Partition2 - ok
12:39:40.0595 7060 [ A54D12A64B8B7F04C7840BF7B4F2F6BD ] \Device\Harddisk0\DR0\Partition3
12:39:40.0597 7060 \Device\Harddisk0\DR0\Partition3 - ok
12:39:40.0597 7060 ============================================================
12:39:40.0597 7060 Scan finished
12:39:40.0597 7060 ============================================================
12:39:40.0609 5264 Detected object count: 0
12:39:40.0609 5264 Actual detected object count: 0
12:40:01.0341 1064 Deinitialize success

#4 Arsen U.

Arsen U.
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 27 September 2012 - 02:46 PM

Here is the LOG from aswMBR.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-27 12:42:24
-----------------------------
12:42:24.228 OS Version: Windows x64 6.1.7601 Service Pack 1
12:42:24.228 Number of processors: 6 586 0x102
12:42:24.228 ComputerName: ARSEN-PC UserName: Arsen
12:42:31.084 Initialize success
12:43:15.269 AVAST engine defs: 12092700
12:43:21.035 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
12:43:21.039 Disk 0 Vendor: Seagate HP16____ Size: 1430511MB BusType: 8
12:43:21.061 Disk 0 MBR read successfully
12:43:21.066 Disk 0 MBR scan
12:43:21.074 Disk 0 Windows 7 default MBR code
12:43:21.088 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:43:21.104 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1413144 MB offset 206848
12:43:21.141 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17265 MB offset 2894325760
12:43:21.195 Disk 0 scanning C:\Windows\system32\drivers
12:43:32.979 Service scanning
12:43:51.978 Modules scanning
12:43:51.994 Disk 0 trace - called modules:
12:43:52.017 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
12:43:52.026 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a0d7790]
12:43:52.039 3 CLASSPNP.SYS[fffff880011b443f] -> nt!IofCallDriver -> \Device\00000063[0xfffffa80093f39c0]
12:43:55.706 AVAST engine scan C:\Windows
12:43:59.001 AVAST engine scan C:\Windows\system32
12:47:07.048 AVAST engine scan C:\Windows\system32\drivers
12:47:22.635 AVAST engine scan C:\Users\Arsen
12:50:28.146 AVAST engine scan C:\ProgramData
12:52:35.352 Scan finished successfully
12:53:25.458 Disk 0 MBR has been saved successfully to "C:\Users\Arsen\Desktop\MBR.dat"
12:53:25.463 The log file has been saved successfully to "C:\Users\Arsen\Desktop\aswMBR log.txt"


Here is the LOG from ESET Online Scanner


C:\Qoobox\Quarantine\C\Users\Arsen\AppData\Roaming\probd.dll.vir a variant of Win32/Medfos.DE trojan cleaned by deleting - quarantined
C:\Users\Arsen\AppData\Local\{B97FD29F-01B1-11E2-8271-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined


Please let me know what to do next. Thank you

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:04 AM

Posted 27 September 2012 - 02:51 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Launch it and after scan gets completed,post the generated log here.

NOTE: For vista and windows 7 right click on the tool and select run as administrator

Edited by narenxp, 28 September 2012 - 10:17 AM.


#6 Arsen U.

Arsen U.
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 28 September 2012 - 10:39 AM

Ok. Followed all the instructions above... Here are the logs from all the steps.

Malwarebytes

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.27.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Arsen :: ARSEN-PC [administrator]

Protection: Enabled

9/27/2012 4:18:11 PM
mbam-log-2012-09-27 (16-18-11).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 364678
Time elapsed: 40 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Mini Toolbox

MiniToolBox by Farbar Version: 23-07-2012
Ran by Arsen (administrator) on 28-09-2012 at 10:57:00
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Broadcom WLAN Adapter = Wireless Network Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set subinterface interface=?+$ subinterface=ethernet_9 mtu=1477


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ARSEN-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter
Physical Address. . . . . . . . . : 00-FF-10-D0-0E-0C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 74-DE-2B-78-D7-04
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom WLAN Adapter
Physical Address. . . . . . . . . : 9C-B7-0D-31-68-44
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 50-E5-49-D2-EE-11
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b43e:644e:40f8:81bf%12(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.10.150(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, September 26, 2012 3:17:47 AM
Lease Expires . . . . . . . . . . : Wednesday, October 03, 2012 3:17:47 AM
Default Gateway . . . . . . . . . : 10.1.10.1
DHCP Server . . . . . . . . . . . : 10.1.10.1
DHCPv6 IAID . . . . . . . . . . . : 273737033
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-87-00-F6-50-E5-49-D2-EE-11
DNS Servers . . . . . . . . . . . : 10.1.10.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{690D0690-911A-4A4A-AA0E-354BAF6B1E2A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{469D15B6-FEB0-4597-86BC-B3C43A14F75F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A648BCB8-2B2A-4D40-A2C4-11C59C56BD5B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: www
Address: 10.1.10.1

Name: google.com
Addresses: 2607:f8b0:4006:800::1005
74.125.226.238
74.125.226.232
74.125.226.226
74.125.226.233
74.125.226.225
74.125.226.231
74.125.226.224
74.125.226.227
74.125.226.229
74.125.226.230
74.125.226.228


Pinging google.com [173.194.43.14] with 32 bytes of data:
Reply from 173.194.43.14: bytes=32 time=17ms TTL=55
Reply from 173.194.43.14: bytes=32 time=16ms TTL=55

Ping statistics for 173.194.43.14:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 17ms, Average = 16ms
Server: www
Address: 10.1.10.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=760ms TTL=52
Reply from 98.139.183.24: bytes=32 time=795ms TTL=52

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 760ms, Maximum = 795ms, Average = 777ms
Server: www
Address: 10.1.10.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=5ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 5ms, Average = 3ms
===========================================================================
Interface List
17...00 ff 10 d0 0e 0c ......Juniper Network Connect Virtual Adapter
15...74 de 2b 78 d7 04 ......Bluetooth Device (Personal Area Network)
13...9c b7 0d 31 68 44 ......Broadcom WLAN Adapter
12...50 e5 49 d2 ee 11 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.10.1 10.1.10.150 10
10.1.10.0 255.255.255.0 On-link 10.1.10.150 266
10.1.10.150 255.255.255.255 On-link 10.1.10.150 266
10.1.10.255 255.255.255.255 On-link 10.1.10.150 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.1.10.150 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.1.10.150 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 266 fe80::/64 On-link
12 266 fe80::b43e:644e:40f8:81bf/128
On-link
1 306 ff00::/8 On-link
12 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/28/2012 10:22:17 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
DMError Information:-6069Additional Info:An Invalid Id or password was specified.

Error: (09/28/2012 10:22:17 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1036 from function:'DBMgr::DBConnPool::init'

Error: (09/28/2012 10:22:17 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
Connection String:CON=QBConnectionPool-Probe-QB_ARSEN-PC_20;;DBF=C:\Users\Arsen\Quickbooks Company Files\SarahCare of Jenkintown.QBW;CommLinks="tcpip(IP=10.1.10.150;TO=5;DOBROADCAST=NONE;port=55338)";ServerName=QB_ARSEN-PC_20;DBN=637fe7f0f35b4c528c46eb8e24ed16bb

Error: (09/28/2012 10:22:17 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
Connection Error:Invalid user ID or password

Error: (09/28/2012 10:22:16 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1036 from function:'DBMgr::DBConnPool::init'

Error: (09/28/2012 10:22:16 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
Connection String:CON=QBConnectionPool-Probe-QB_ARSEN-PC_20;;DBF=C:\Users\Arsen\Quickbooks Company Files\SarahCare of Jenkintown.QBW;CommLinks="tcpip(IP=10.1.10.150;TO=5;DOBROADCAST=NONE;port=55338)";ServerName=QB_ARSEN-PC_20;DBN=3bad3e4ad3d84058a8a99236d9fe9bba

Error: (09/28/2012 10:22:16 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
Connection Error:Invalid user ID or password

Error: (09/28/2012 10:22:10 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1036 from function:'DBMgr::DBConnPool::init'

Error: (09/28/2012 10:22:10 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
Connection String:CON=QBConnectionPool-Probe-QB_ARSEN-PC_20;;DBF=C:\Users\Arsen\Quickbooks Company Files\SarahCare of Jenkintown.QBW;CommLinks="tcpip(IP=10.1.10.150;TO=5;DOBROADCAST=NONE;port=55338)";ServerName=QB_ARSEN-PC_20;DBN=d1af3065205a4c409d26189dd63f4e3f

Error: (09/28/2012 10:22:10 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
Connection Error:Invalid user ID or password


System errors:
=============
Error: (09/27/2012 00:18:39 PM) (Source: Service Control Manager) (User: )
Description: The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).

Error: (09/27/2012 00:00:13 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{3b8249b3-2de0-11e1-b332-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{78BCA6C7-8E37-4CEE-914F-850F0CBFAFA8}

Error: (09/27/2012 00:00:08 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{3b8249b3-2de0-11e1-b332-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{F95F3730-F253-4B60-BD50-8B305483E2C3}

Error: (09/26/2012 03:55:39 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{3b8249b3-2de0-11e1-b332-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E65EE024-B111-453D-A8B8-2F9B1D822E65}

Error: (09/26/2012 03:55:31 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{3b8249b3-2de0-11e1-b332-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{B3B312EC-6BEF-4BD4-8D90-DC66D09750DA}

Error: (09/26/2012 03:20:23 AM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2

Error: (09/26/2012 03:18:51 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a29\??\C:\Users\Arsen\ntuser.dat

Error: (09/26/2012 03:18:22 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (09/26/2012 03:18:01 AM) (Source: Service Control Manager) (User: )
Description: The ESET Service service failed to start due to the following error:
%%2

Error: (09/26/2012 03:17:42 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:15:36 AM on ?9/?26/?2012 was unexpected.


Microsoft Office Sessions:
=========================
Error: (09/27/2012 04:38:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/19/2012 11:08:48 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 68542 seconds with 660 seconds of active time. This session ended with a crash.

Error: (08/27/2012 01:08:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/12/2012 04:08:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 36 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/17/2012 00:23:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1630 seconds with 240 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 2.6.0.19120)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AMD APP SDK Runtime (Version: 2.5.732.1)
AMD Catalyst Install Manager (Version: 3.0.842.0)
AMD VISION Engine Control Center (Version: 2011.1024.117.375)
AMLocal (Version: 3.0.0)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
Bluetooth by hp (Version: 6.3.0.8200)
Bonjour (Version: 3.0.0.10)
Business Series Terminals Desktop Assistant v 1.4 (Version: 1.00.000)
Carbonite (Version: 5.1.0 build 925 (Dec-05-2011))
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.1024.117.375)
Catalyst Control Center InstallProxy (Version: 2011.1024.117.375)
Catalyst Control Center Localization All (Version: 2011.1024.117.375)
Catalyst Control Center Profiles Desktop (Version: 2011.1024.117.375)
ccc-utility64 (Version: 2011.1024.117.375)
CCC Help Chinese Standard (Version: 2011.1024.0116.375)
CCC Help Chinese Traditional (Version: 2011.1024.0116.375)
CCC Help Czech (Version: 2011.1024.0116.375)
CCC Help Danish (Version: 2011.1024.0116.375)
CCC Help Dutch (Version: 2011.1024.0116.375)
CCC Help English (Version: 2011.1024.0116.375)
CCC Help Finnish (Version: 2011.1024.0116.375)
CCC Help French (Version: 2011.1024.0116.375)
CCC Help German (Version: 2011.1024.0116.375)
CCC Help Greek (Version: 2011.1024.0116.375)
CCC Help Hungarian (Version: 2011.1024.0116.375)
CCC Help Italian (Version: 2011.1024.0116.375)
CCC Help Japanese (Version: 2011.1024.0116.375)
CCC Help Korean (Version: 2011.1024.0116.375)
CCC Help Norwegian (Version: 2011.1024.0116.375)
CCC Help Polish (Version: 2011.1024.0116.375)
CCC Help Portuguese (Version: 2011.1024.0116.375)
CCC Help Russian (Version: 2011.1024.0116.375)
CCC Help Spanish (Version: 2011.1024.0116.375)
CCC Help Swedish (Version: 2011.1024.0116.375)
CCC Help Thai (Version: 2011.1024.0116.375)
CCC Help Turkish (Version: 2011.1024.0116.375)
Common Desktop Agent (Version: 1.53.0)
CyberPower PowerPanel Personal Edition 1.2.3 (Version: 1.2.3)
D3DX10 (Version: 15.4.2368.0902)
DigitalPersona One Touch for Windows SDK (Version: 1.6.1.965)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
eReg (Version: 1.20.138.34)
ESET Online Scanner v3
Google Talk (remove only)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (Version: 6.0.1.8)
HP LinkUp (Version: 2.01.029)
HP Notes (Version: 5.1.4274.30382)
HP Odometer (Version: 2.10.0000)
HP Support Information (Version: 11.00.0001)
HP Update (Version: 5.003.001.001)
HP Vision Hardware Diagnostics (Version: 2.12.1.0)
HydraVision (Version: 4.2.212.0)
iCloud (Version: 1.1.0.40)
ISScript (Version: 3.00.185)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 31 (Version: 6.0.310)
JavaFX 2.1.1 (Version: 2.1.1)
Juniper Networks Network Connect 7.1.0 (Version: 7.1.0.18671)
Juniper Networks, Inc. Setup Client (Version: 7.1.3.11013)
Juniper Networks, Inc. Setup Client Activex Control (Version: 2.1.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
Logitech SetPoint 6.32 (Version: 6.32.20)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Metric Converter (Version: 1.0.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mathematics (Version: 4.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Nortel Networks Desktop Assistant v 1.4 (Version: 1.00.000)
opensource (Version: 1.0.14960.3876)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
PressReader (Version: 5.11.0721.0)
QuickBooks (Version: 20.0.4016.807)
QuickBooks Pro 2010 (Version: 20.0.4016.807)
QuickTime (Version: 7.72.80.56)
RAIDXpert (Version: 3.3.1540.9)
Recovery Manager (Version: 5.5.0.4424)
Remote Graphics Receiver (Version: 5.4.5)
Samsung Easy Printer Manager (Version: 1.01.16.00)
Samsung Network PC Fax (Version: 1.05.23.04)
Samsung Printer Live Update
Samsung Scan Assistant (Version: 1.04.24.00)
Samsung SCX-472x Series
Sperry Software - Auto Print (Version: 4.0)
Spot (Version: 1.0.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
Time Clock MTS Fingerprint Scanner Support V1.2
Time Clock MTS V3.3.2
TSHostedAppLauncher (Version: 5.1.15.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 10014.9 MB
Available physical RAM: 6801.33 MB
Total Pagefile: 20027.99 MB
Available Pagefile: 16467.81 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.97 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:1380.02 GB) (Free:1312.84 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:16.86 GB) (Free:2.11 GB) NTFS

========================= Users: ========================================

User accounts for \\ARSEN-PC

Administrator Arsen Guest
QBDataServiceUser20

========================= Restore Points ==================================

19-09-2012 14:26:01 Installed Java 7 Update 7
24-09-2012 19:15:42 Installed SpyHunter
24-09-2012 19:53:01 Windows Update
25-09-2012 07:00:11 Windows Update
25-09-2012 14:43:55 Removed SpyHunter
26-09-2012 07:00:11 Windows Update
27-09-2012 07:00:11 Windows Update

**** End of log ****


FSS

Farbar Service Scanner Version: 19-09-2012
Ran by Arsen (administrator) on 28-09-2012 at 10:58:15
Running from "C:\Users\Arsen\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Adware Cleaner

# AdwCleaner v2.003 - Logfile created 09/28/2012 at 10:58:54
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Arsen - ARSEN-PC
# Boot Mode : Normal
# Running from : C:\Users\Arsen\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKU\S-1-5-21-1328341009-3620618171-3248730421-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKU\S-1-5-21-1328341009-3620618171-3248730421-1004\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default [Profil par défaut]
File : C:\Users\Arsen\AppData\Roaming\Mozilla\Firefox\Profiles\y0m3b7za.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Arsen\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1953 octets] - [28/09/2012 10:58:54]

########## EOF - C:\AdwCleaner[R1].txt - [2013 octets] ##########


Junkware Removal Tool

Junkware Removal Tool (JRT) by Thisisu
Version: 1.1.2 (09.28.2012)
OS: Windows 7 Home Premium x64
Ran by Arsen on Fri 09/28/2012 at 11:22:11.82
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
Successfully deleted: [KEY] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Fri 09/28/2012 at 11:22:26.28
End of Report



I think that's it... Please advise what I need to do next. Thank you!

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:04 AM

Posted 28 September 2012 - 11:13 AM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#8 Arsen U.

Arsen U.
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 28 September 2012 - 11:25 AM

Here is the LOG from Rkill

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/28/2012 12:22:34 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe (PID: 3664) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* iphlpsvc [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 09/28/2012 12:22:48 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)


And the LOG from Autoruns.exe

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "BeatsOSDApp" "HP Beats" "Hewlett-Packard " "c:\program files\idt\wdm\beats64.exe"
+ "DpTsClnt" "Terminal Services Client" "DigitalPersona, Inc." "c:\program files\digitalpersona\bin\dptsclnt.dll"
+ "EvtMgr6" "Logitech SetPoint Event Manager (UNICODE)" "Logitech, Inc." "c:\program files\logitech\setpointp\setpoint.exe"
+ "hpsysdrv" "hpsysdrv" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe"
+ "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray64.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "Carbonite Backup" "Carbonite User Interface" "Carbonite, Inc." "c:\program files (x86)\carbonite\carbonite backup\carboniteui.exe"
+ "googletalk" "Google Talk" "Google" "c:\program files (x86)\google\google talk\googletalk.exe"
+ "GrooveMonitor" "GrooveMonitor Utility" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\groovemonitor.exe"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files (x86)\hp\hp software update\hpwuschd2.exe"
+ "Intuit SyncManager" "IntuitSyncManager" "Intuit Inc. All rights reserved." "c:\program files (x86)\common files\intuit\sync\intuitsyncmanager.exe"
+ "PowerPanel Personal Edition User Interaction" "PowerPanel Personal Edition User Interaction" "Cyber Power Systems, Inc." "c:\program files (x86)\cyberpower powerpanel personal edition\pppeuser.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "QuickBooks Update Agent.lnk" "QuickBooks Automatic Update" "Intuit Inc." "c:\program files (x86)\common files\intuit\quickbooks\qbupdate\qbupdate.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "iCloudServices" "iCloud" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\icloudservices.exe"
+ "MobileDocuments" "ubd.exe" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\ubd.exe"
+ "SpybotSD TeaTimer" "System settings protector" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy\teatimer.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "!NetFax0" "Samsung Network PC Fax (FaxShell)" "Samsung Electronics Co., Ltd." "c:\windows\system32\spool\drivers\x64\3\netfaxshell64.dll"
+ "!NetFax1" "Samsung Network PC Fax (FaxShell)" "Samsung Electronics Co., Ltd." "c:\windows\system32\spool\drivers\x64\3\netfaxshell64.dll"
+ "!NetFax2" "Samsung Network PC Fax (FaxShell)" "Samsung Electronics Co., Ltd." "c:\windows\system32\spool\drivers\x64\3\netfaxshell64.dll"
+ "!NetFax3" "Samsung Network PC Fax (FaxShell)" "Samsung Electronics Co., Ltd." "c:\windows\system32\spool\drivers\x64\3\netfaxshell64.dll"
+ "!NetFax4" "Samsung Network PC Fax (FaxShell)" "Samsung Electronics Co., Ltd." "c:\windows\system32\spool\drivers\x64\3\netfaxshell64.dll"
+ "!NetFax5" "Samsung Network PC Fax (FaxShell)" "Samsung Electronics Co., Ltd." "c:\windows\system32\spool\drivers\x64\3\netfaxshell64.dll"
+ "!NetFax6" "Samsung Network PC Fax (FaxShell)" "Samsung Electronics Co., Ltd." "c:\windows\system32\spool\drivers\x64\3\netfaxshell64.dll"
+ "!NetFax7" "Samsung Network PC Fax (FaxShell)" "Samsung Electronics Co., Ltd." "c:\windows\system32\spool\drivers\x64\3\netfaxshell64.dll"
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "ESET Smart Security - Context Menu Shell Extension" "" "" "File not found: C:\Program Files\ESET\ESET Smart Security\shellExt.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files (x86)\carbonite\carbonite backup\carbonitense.dll"
+ "ESET Smart Security - Context Menu Shell Extension" "" "" "File not found: C:\Program Files\ESET\ESET Smart Security\x86\shellExt.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files (x86)\carbonite\carbonite backup\carbonitense.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "LinkUpMenuExt" "HP LinkUp File Transfer Extension" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp linkup\linkupext64.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files (x86)\carbonite\carbonite backup\carbonitense.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Monitor" "BTNCopy Module" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btncopy.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "ESET Smart Security - Context Menu Shell Extension" "" "" "File not found: C:\Program Files\ESET\ESET Smart Security\shellExt.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "ESET Smart Security - Context Menu Shell Extension" "" "" "File not found: C:\Program Files\ESET\ESET Smart Security\x86\shellExt.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files (x86)\carbonite\carbonite backup\carbonitense.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Carbonite.Green" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "Carbonite.Partial" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "Carbonite.Yellow" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Carbonite.Green" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files (x86)\carbonite\carbonite backup\carbonitense.dll"
+ "Carbonite.Partial" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files (x86)\carbonite\carbonite backup\carbonitense.dll"
+ "Carbonite.Yellow" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files (x86)\carbonite\carbonite backup\carbonitense.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Groove GFS Browser Helper" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files (x86)\spybot - search & destroy\sdhelper.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Send to &Bluetooth Device..." "" "" "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\onbttnie.dll"
+ "Send to &Bluetooth Device..." "" "" "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
+ "Spybot - Search & Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files (x86)\spybot - search & destroy\sdhelper.dll"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\Hewlett-Packard\HP Support Assistant\First Boot" "" "" "File not found: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe"
+ "\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" "" "" "File not found: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe"
+ "\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start" "" "" "File not found: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Defender\MpIdleTask" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\SetupManager" "" "" "File not found: C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe"
+ "\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}" "" "" "File not found: C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AESTFilters" "Andrea filters APO access service (64-bit)" "Andrea Electronics Corporation" "c:\program files\idt\wdm\aestsr64.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "AMD_RAIDXpert" "AMD RAIDXpert Server" "AMD" "c:\program files (x86)\amd\raidxpert\bin\raidxpertservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "btwdins" "Handles installation and removal of Bluetooth devices." "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btwdins.exe"
+ "CarboniteService" "Carbonite Backup Service" "Carbonite, Inc. (www.carbonite.com)" "c:\program files\carbonite\carbonite backup\carboniteservice.exe"
+ "DpHost" "Provides fingerprint authentication of account logon." "DigitalPersona, Inc." "c:\program files (x86)\digitalpersona\bin\dphostw.exe"
+ "dsNcService" "Manages secure network connections" "Juniper Networks" "c:\program files (x86)\juniper networks\common files\dsncservice.exe"
+ "ekrn" "ESET Service" "" "File not found: C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
+ "HP Support Assistant Service" "HP Support Assistant Service" "" "File not found: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
+ "HPAuto" "HP Usage Improvement Tracking" "Hewlett-Packard" "c:\program files\hewlett-packard\hp auto\hpauto.exe"
+ "HPClientSvc" "HP Client Services" "Hewlett-Packard Company" "c:\program files\hewlett-packard\hp client services\hpclientservices.exe"
+ "hpqwmiex" "" "" "File not found: C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
+ "LBTServ" "Logitech Bluetooth Service" "Logitech, Inc." "c:\program files\common files\logishrd\bluetooth\lbtserv.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "Microsoft Office Groove Audit Service" "Groove Audit Service" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveauditservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "ppped" "PowerPanel Personal Edition Service minitor the battery backup activity and take protect while power." "Cyber Power Systems, Inc." "c:\program files (x86)\cyberpower powerpanel personal edition\ppped.exe"
+ "QBCFMonitorService" "QuickBooks Company File Monitoring Service" "Intuit" "c:\program files (x86)\common files\intuit\quickbooks\qbcfmonitorservice.exe"
+ "QBFCService" "QuickBooks FCS module" "Intuit Inc." "c:\program files (x86)\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe"
+ "QuickBooksDB20" "Quickbooks database service" "Intuit, Inc." "c:\program files (x86)\intuit\quickbooks 2010\qbdbmgrn.exe"
+ "Samsung Network Fax Server" "Implements execution of extra features of Samsung fax printer driver." "Samsung Electronics Co., Ltd." "c:\windows\system32\spool\drivers\x64\3\netfaxserver64.exe"
+ "SBSDWSCService" "Spybot-S&D Security Center integration" "Safer Networking Ltd." "c:\program files (x86)\spybot - search & destroy\sdwinsec.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\program files\idt\wdm\stacsv64.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "ahcix64s" "AMD AHCI Compatible Controller Driver for Windows - AMD64 platform" "Advanced Micro Devices, Inc" "c:\windows\system32\drivers\ahcix64s.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AtiHDAudioService" "AMD High Definition Audio Function Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\atihdw76.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl664.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "BTWAMPFL" "btwampfl Bluetooth filter driver" "Broadcom Corporation." "c:\windows\system32\drivers\btwampfl.sys"
+ "btwaudio" "Bluetooth Audio Device" "Broadcom Corporation." "c:\windows\system32\drivers\btwaudio.sys"
+ "btwavdt" "Broadcom Bluetooth AVDT Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwavdt.sys"
+ "btwl2cap" "Broadcom Bluetooth L2CAP Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwl2cap.sys"
+ "btwrchid" "Bluetooth Remote Control HID Minidriver" "Broadcom Corporation." "c:\windows\system32\drivers\btwrchid.sys"
+ "catchme" "" "" "File not found: C:\ComboFix\catchme.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "dpK00701" "Fingerprint Reader streaming driver" "DigitalPersona, Inc." "c:\windows\system32\drivers\dpk00701.sys"
+ "dsNcAdpt" "dsNcAdapter" "Juniper Networks" "c:\windows\system32\drivers\dsncadpt.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "esgiguard" "" "" "File not found: C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "LHidFilt" "Logitech HID Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lhidfilt.sys"
+ "LMouFilt" "Logitech Mouse Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lmoufilt.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "SBRE" "" "" "File not found: C:\Windows\system32\drivers\SBREdrv.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SSPORT" "Port Contention Driver" "Samsung Electronics" "c:\windows\system32\drivers\ssport.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\stwrt64.sys"
+ "tihub3" "TI USB3 Hub Driver" "Texas Instruments Incorporated" "c:\windows\system32\drivers\tihub3.sys"
+ "tixhci" "TI XHCI Host Controller Driver" "Texas Instruments Incorporated" "c:\windows\system32\drivers\tixhci.sys"
+ "usbdpfp" "DigitalPersona USB Biometric Class Driver" "DigitalPersona, Inc." "c:\windows\system32\drivers\usbdpfp.sys"
+ "usbfilter" "AMD USB Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\usbfilter.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files\playready\prdmowrapper.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prdmowrapper.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "BtwCredentialProvider" "BtwCP DLL" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btwcp.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers" "" "" ""
+ "dsNcCredentialProvider" "Network Connect Credential Provider" "Juniper Networks" "c:\windows\system32\dsnccredprov.dll"
+ "dsNcSmartCardProvider" "Network Connect Smart Card Credential Provider" "Juniper Networks" "c:\windows\system32\dsncsmartcardprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "LBTWlgn" "Logitech Bluetooth Service" "Logitech, Inc." "c:\program files\common files\logishrd\bluetooth\lbtwlgn.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "RICOH Language Monitor2" "RICOH BIDI Language Monitor" "RICOH CO.,Ltd." "c:\windows\system32\rc4mon64.dll"
+ "Samsung Network PC Fax Port" "Samsung Network PC Fax (PortMonitor)" "Samsung Electronics Co., Ltd." "c:\windows\system32\netfaxport64.dll"
+ "ssa3m Langmon" "Language Monitor for Status Monitor" "" "c:\windows\system32\ssa3mlm.dll"


Please advise on what to do next. Thank you for your help!

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:04 AM

Posted 28 September 2012 - 12:43 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP-http://support.microsoft.com/kb/310405

Vista & windows 7-http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users