Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton isn't removing ZeroAccess/netbt.sys


  • Please log in to reply
15 replies to this topic

#1 soozabelle

soozabelle

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 24 October 2012 - 09:09 PM

I recently purchased Norton because I have an online job that requires me to go to lots of websites. So the last few times I have run Norton, it tells me I have Trojan.ZeroAccess!kmem and Trojan.ZeroAccess!inf2. Norton program can't remove them so it said to use Norton's Fix Zero Access program.
Ran Norton Zero Access Remover: Says there is nothing. Next time I run Norton, same ZeroAccess. This time Norton tells me to run Norton Power Eraser.
Power Eraser says I have 2 problems: Combofix and netbt.sys. (I know Combofix isn't a problem... and there is no ZeroAccess viruses listed) Power eraser says it can't fix the problem with netbt.sys, so Norton says I need to reinstall part of Windows?!!? Is there a better way? I'm nervous about losing all my files if I need to reinstall part of windows.

An additional note: Malwarebytes says there are no malicious files on my computer.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:20 PM

Posted 24 October 2012 - 09:10 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 soozabelle

soozabelle
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 24 October 2012 - 09:47 PM

Here's the TDS:

22:17:30.0655 0404 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
22:17:30.0805 0404 ============================================================
22:17:30.0805 0404 Current date / time: 2012/10/24 22:17:30.0805
22:17:30.0805 0404 SystemInfo:
22:17:30.0805 0404
22:17:30.0806 0404 OS Version: 6.1.7600 ServicePack: 0.0
22:17:30.0806 0404 Product type: Workstation
22:17:30.0806 0404 ComputerName: PC-PC
22:17:30.0806 0404 UserName: pc
22:17:30.0806 0404 Windows directory: C:\Windows
22:17:30.0806 0404 System windows directory: C:\Windows
22:17:30.0806 0404 Processor architecture: Intel x86
22:17:30.0806 0404 Number of processors: 4
22:17:30.0806 0404 Page size: 0x1000
22:17:30.0806 0404 Boot type: Normal boot
22:17:30.0806 0404 ============================================================
22:17:32.0612 0404 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:17:32.0630 0404 ============================================================
22:17:32.0630 0404 \Device\Harddisk0\DR0:
22:17:32.0631 0404 MBR partitions:
22:17:32.0631 0404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:17:32.0631 0404 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
22:17:32.0631 0404 ============================================================
22:17:32.0657 0404 C: <-> \Device\Harddisk0\DR0\Partition2
22:17:32.0657 0404 ============================================================
22:17:32.0657 0404 Initialize success
22:17:32.0657 0404 ============================================================
22:18:00.0023 2544 ============================================================
22:18:00.0023 2544 Scan started
22:18:00.0023 2544 Mode: Manual; TDLFS;
22:18:00.0023 2544 ============================================================
22:18:01.0076 2544 ================ Scan system memory ========================
22:18:01.0076 2544 System memory - ok
22:18:01.0077 2544 ================ Scan services =============================
22:18:01.0238 2544 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:18:01.0241 2544 1394ohci - ok
22:18:01.0397 2544 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
22:18:01.0400 2544 ACDaemon - ok
22:18:01.0438 2544 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:18:01.0441 2544 ACPI - ok
22:18:01.0461 2544 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:18:01.0462 2544 AcpiPmi - ok
22:18:01.0499 2544 [ 0FF1F2F287E65A66A3B72484B9895785 ] ACPIVPC C:\Windows\system32\DRIVERS\AcpiVpc.sys
22:18:01.0499 2544 ACPIVPC - ok
22:18:01.0572 2544 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:18:01.0574 2544 AdobeARMservice - ok
22:18:01.0672 2544 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:18:01.0677 2544 AdobeFlashPlayerUpdateSvc - ok
22:18:01.0736 2544 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:18:01.0742 2544 adp94xx - ok
22:18:01.0794 2544 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:18:01.0798 2544 adpahci - ok
22:18:01.0829 2544 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:18:01.0831 2544 adpu320 - ok
22:18:01.0868 2544 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:18:01.0870 2544 AeLookupSvc - ok
22:18:01.0909 2544 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
22:18:01.0912 2544 AFD - ok
22:18:01.0947 2544 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:18:01.0948 2544 agp440 - ok
22:18:01.0978 2544 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
22:18:01.0979 2544 aic78xx - ok
22:18:02.0025 2544 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
22:18:02.0028 2544 ALG - ok
22:18:02.0057 2544 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:18:02.0058 2544 aliide - ok
22:18:02.0092 2544 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
22:18:02.0093 2544 amdagp - ok
22:18:02.0105 2544 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:18:02.0106 2544 amdide - ok
22:18:02.0121 2544 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:18:02.0122 2544 AmdK8 - ok
22:18:02.0153 2544 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:18:02.0155 2544 AmdPPM - ok
22:18:02.0194 2544 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:18:02.0195 2544 amdsata - ok
22:18:02.0255 2544 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:18:02.0256 2544 amdsbs - ok
22:18:02.0320 2544 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:18:02.0321 2544 amdxata - ok
22:18:02.0432 2544 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
22:18:02.0433 2544 AppID - ok
22:18:02.0470 2544 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:18:02.0472 2544 AppIDSvc - ok
22:18:02.0481 2544 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
22:18:02.0483 2544 Appinfo - ok
22:18:02.0556 2544 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:18:02.0558 2544 Apple Mobile Device - ok
22:18:02.0590 2544 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
22:18:02.0592 2544 AppMgmt - ok
22:18:02.0626 2544 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:18:02.0627 2544 arc - ok
22:18:02.0647 2544 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:18:02.0648 2544 arcsas - ok
22:18:02.0682 2544 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:18:02.0682 2544 AsyncMac - ok
22:18:02.0709 2544 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:18:02.0710 2544 atapi - ok
22:18:02.0759 2544 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:18:02.0770 2544 AudioEndpointBuilder - ok
22:18:02.0785 2544 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:18:02.0791 2544 Audiosrv - ok
22:18:02.0837 2544 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:18:02.0841 2544 AxInstSV - ok
22:18:02.0895 2544 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
22:18:02.0899 2544 b06bdrv - ok
22:18:02.0939 2544 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:18:02.0942 2544 b57nd60x - ok
22:18:03.0035 2544 [ CDA161020BF75B12728AE394196AD991 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
22:18:03.0056 2544 BCM43XX - ok
22:18:03.0095 2544 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:18:03.0098 2544 BDESVC - ok
22:18:03.0120 2544 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:18:03.0121 2544 Beep - ok
22:18:03.0171 2544 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
22:18:03.0181 2544 BFE - ok
22:18:03.0368 2544 [ 684B12018A54ADC1F856372EC5762B48 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20121005.002\BHDrvx86.sys
22:18:03.0390 2544 BHDrvx86 - ok
22:18:03.0443 2544 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll
22:18:03.0456 2544 BITS - ok
22:18:03.0482 2544 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:18:03.0483 2544 blbdrive - ok
22:18:03.0566 2544 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:18:03.0575 2544 Bonjour Service - ok
22:18:03.0608 2544 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:18:03.0609 2544 bowser - ok
22:18:03.0639 2544 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:18:03.0640 2544 BrFiltLo - ok
22:18:03.0650 2544 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:18:03.0651 2544 BrFiltUp - ok
22:18:03.0683 2544 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:18:03.0684 2544 BridgeMP - ok
22:18:03.0737 2544 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
22:18:03.0740 2544 Browser - ok
22:18:03.0783 2544 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:18:03.0787 2544 Brserid - ok
22:18:03.0823 2544 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:18:03.0824 2544 BrSerWdm - ok
22:18:03.0858 2544 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:18:03.0858 2544 BrUsbMdm - ok
22:18:03.0878 2544 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:18:03.0878 2544 BrUsbSer - ok
22:18:03.0902 2544 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:18:03.0903 2544 BTHMODEM - ok
22:18:03.0966 2544 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:18:03.0968 2544 bthserv - ok
22:18:04.0087 2544 catchme - ok
22:18:04.0209 2544 [ 41CD31307E054F878EA3FD7F7D2C2922 ] ccSet_NAV C:\Windows\system32\drivers\NAV\1401010.002\ccSetx86.sys
22:18:04.0214 2544 ccSet_NAV - ok
22:18:04.0278 2544 [ 41CD31307E054F878EA3FD7F7D2C2922 ] ccSet_NST C:\Windows\system32\drivers\NST\7DD01000.020\ccSetx86.sys
22:18:04.0282 2544 ccSet_NST - ok
22:18:04.0307 2544 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:18:04.0309 2544 cdfs - ok
22:18:04.0355 2544 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:18:04.0357 2544 cdrom - ok
22:18:04.0400 2544 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
22:18:04.0403 2544 CertPropSvc - ok
22:18:04.0432 2544 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:18:04.0433 2544 circlass - ok
22:18:04.0469 2544 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:18:04.0475 2544 CLFS - ok
22:18:04.0545 2544 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:18:04.0549 2544 clr_optimization_v2.0.50727_32 - ok
22:18:04.0624 2544 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:18:04.0627 2544 clr_optimization_v4.0.30319_32 - ok
22:18:04.0646 2544 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:18:04.0647 2544 CmBatt - ok
22:18:04.0661 2544 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:18:04.0662 2544 cmdide - ok
22:18:04.0704 2544 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
22:18:04.0708 2544 CNG - ok
22:18:04.0746 2544 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:18:04.0747 2544 Compbatt - ok
22:18:04.0790 2544 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:18:04.0790 2544 CompositeBus - ok
22:18:04.0804 2544 COMSysApp - ok
22:18:04.0836 2544 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:18:04.0836 2544 crcdisk - ok
22:18:04.0882 2544 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:18:04.0886 2544 CryptSvc - ok
22:18:04.0930 2544 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
22:18:04.0935 2544 CSC - ok
22:18:04.0965 2544 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
22:18:04.0976 2544 CscService - ok
22:18:05.0020 2544 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
22:18:05.0029 2544 DcomLaunch - ok
22:18:05.0052 2544 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:18:05.0057 2544 defragsvc - ok
22:18:05.0093 2544 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:18:05.0094 2544 DfsC - ok
22:18:05.0147 2544 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:18:05.0153 2544 Dhcp - ok
22:18:05.0170 2544 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:18:05.0171 2544 discache - ok
22:18:05.0219 2544 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:18:05.0220 2544 Disk - ok
22:18:05.0246 2544 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:18:05.0250 2544 Dnscache - ok
22:18:05.0286 2544 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
22:18:05.0291 2544 dot3svc - ok
22:18:05.0299 2544 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
22:18:05.0303 2544 DPS - ok
22:18:05.0333 2544 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:18:05.0334 2544 drmkaud - ok
22:18:05.0377 2544 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:18:05.0383 2544 DXGKrnl - ok
22:18:05.0410 2544 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:18:05.0413 2544 EapHost - ok
22:18:05.0527 2544 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
22:18:05.0556 2544 ebdrv - ok
22:18:05.0619 2544 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:18:05.0629 2544 eeCtrl - ok
22:18:05.0664 2544 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
22:18:05.0666 2544 EFS - ok
22:18:05.0731 2544 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:18:05.0744 2544 ehRecvr - ok
22:18:05.0779 2544 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
22:18:05.0782 2544 ehSched - ok
22:18:05.0821 2544 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:18:05.0825 2544 elxstor - ok
22:18:05.0873 2544 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:18:05.0876 2544 EraserUtilRebootDrv - ok
22:18:05.0905 2544 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:18:05.0905 2544 ErrDev - ok
22:18:05.0949 2544 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:18:05.0955 2544 EventSystem - ok
22:18:05.0978 2544 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:18:05.0980 2544 exfat - ok
22:18:05.0998 2544 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:18:05.0999 2544 fastfat - ok
22:18:06.0043 2544 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
22:18:06.0054 2544 Fax - ok
22:18:06.0085 2544 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:18:06.0086 2544 fdc - ok
22:18:06.0105 2544 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:18:06.0107 2544 fdPHost - ok
22:18:06.0122 2544 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:18:06.0124 2544 FDResPub - ok
22:18:06.0136 2544 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:18:06.0137 2544 FileInfo - ok
22:18:06.0161 2544 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:18:06.0162 2544 Filetrace - ok
22:18:06.0179 2544 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:18:06.0180 2544 flpydisk - ok
22:18:06.0205 2544 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:18:06.0207 2544 FltMgr - ok
22:18:06.0268 2544 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
22:18:06.0287 2544 FontCache - ok
22:18:06.0345 2544 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:18:06.0348 2544 FontCache3.0.0.0 - ok
22:18:06.0385 2544 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:18:06.0386 2544 FsDepends - ok
22:18:06.0421 2544 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
22:18:06.0422 2544 fssfltr - ok
22:18:06.0508 2544 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
22:18:06.0560 2544 fsssvc - ok
22:18:06.0588 2544 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:18:06.0589 2544 Fs_Rec - ok
22:18:06.0620 2544 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:18:06.0622 2544 fvevol - ok
22:18:06.0665 2544 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:18:06.0666 2544 gagp30kx - ok
22:18:06.0705 2544 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:18:06.0705 2544 GEARAspiWDM - ok
22:18:06.0737 2544 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
22:18:06.0749 2544 gpsvc - ok
22:18:06.0838 2544 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:18:06.0841 2544 gupdate - ok
22:18:06.0883 2544 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:18:06.0885 2544 gupdatem - ok
22:18:06.0925 2544 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:18:06.0926 2544 hcw85cir - ok
22:18:06.0980 2544 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:18:06.0983 2544 HdAudAddService - ok
22:18:07.0016 2544 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:18:07.0018 2544 HDAudBus - ok
22:18:07.0046 2544 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:18:07.0047 2544 HidBatt - ok
22:18:07.0068 2544 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:18:07.0070 2544 HidBth - ok
22:18:07.0095 2544 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:18:07.0096 2544 HidIr - ok
22:18:07.0124 2544 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
22:18:07.0127 2544 hidserv - ok
22:18:07.0159 2544 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:18:07.0160 2544 HidUsb - ok
22:18:07.0181 2544 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:18:07.0184 2544 hkmsvc - ok
22:18:07.0214 2544 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:18:07.0220 2544 HomeGroupListener - ok
22:18:07.0244 2544 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:18:07.0248 2544 HomeGroupProvider - ok
22:18:07.0284 2544 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:18:07.0285 2544 HpSAMD - ok
22:18:07.0325 2544 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:18:07.0330 2544 HTTP - ok
22:18:07.0343 2544 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:18:07.0344 2544 hwpolicy - ok
22:18:07.0409 2544 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:18:07.0410 2544 i8042prt - ok
22:18:07.0483 2544 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:18:07.0488 2544 iaStorV - ok
22:18:07.0549 2544 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:18:07.0552 2544 IDriverT - ok
22:18:07.0641 2544 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:18:07.0660 2544 idsvc - ok
22:18:07.0754 2544 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20121023.002\IDSvix86.sys
22:18:07.0763 2544 IDSVix86 - ok
22:18:07.0971 2544 [ 0DAB2D553BE272359BCCE55C3449937E ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
22:18:08.0013 2544 igfx - ok
22:18:08.0047 2544 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:18:08.0048 2544 iirsp - ok
22:18:08.0084 2544 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
22:18:08.0088 2544 IKEEXT - ok
22:18:08.0132 2544 [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
22:18:08.0135 2544 Impcd - ok
22:18:08.0186 2544 [ BF31740828A26AB451803E3B35432651 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:18:08.0189 2544 IntcDAud - ok
22:18:08.0216 2544 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:18:08.0217 2544 intelide - ok
22:18:08.0256 2544 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:18:08.0257 2544 intelppm - ok
22:18:08.0276 2544 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:18:08.0279 2544 IPBusEnum - ok
22:18:08.0299 2544 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:18:08.0300 2544 IpFilterDriver - ok
22:18:08.0326 2544 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:18:08.0327 2544 IPMIDRV - ok
22:18:08.0349 2544 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:18:08.0350 2544 IPNAT - ok
22:18:08.0398 2544 [ 3A6D4D8ABACF64292D060C9E06D2050D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:18:08.0412 2544 iPod Service - ok
22:18:08.0437 2544 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:18:08.0438 2544 IRENUM - ok
22:18:08.0476 2544 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:18:08.0477 2544 isapnp - ok
22:18:08.0502 2544 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:18:08.0504 2544 iScsiPrt - ok
22:18:08.0551 2544 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:18:08.0552 2544 kbdclass - ok
22:18:08.0574 2544 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:18:08.0575 2544 kbdhid - ok
22:18:08.0597 2544 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
22:18:08.0599 2544 KeyIso - ok
22:18:08.0640 2544 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:18:08.0641 2544 KSecDD - ok
22:18:08.0684 2544 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:18:08.0686 2544 KSecPkg - ok
22:18:08.0720 2544 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:18:08.0728 2544 KtmRm - ok
22:18:08.0762 2544 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll
22:18:08.0766 2544 LanmanServer - ok
22:18:08.0805 2544 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:18:08.0808 2544 LanmanWorkstation - ok
22:18:09.0013 2544 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
22:18:09.0156 2544 LeapFrog Connect Device Service - ok
22:18:09.0197 2544 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:18:09.0198 2544 lltdio - ok
22:18:09.0237 2544 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:18:09.0244 2544 lltdsvc - ok
22:18:09.0261 2544 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:18:09.0264 2544 lmhosts - ok
22:18:09.0306 2544 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:18:09.0307 2544 LSI_FC - ok
22:18:09.0329 2544 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:18:09.0330 2544 LSI_SAS - ok
22:18:09.0350 2544 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:18:09.0351 2544 LSI_SAS2 - ok
22:18:09.0376 2544 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:18:09.0377 2544 LSI_SCSI - ok
22:18:09.0395 2544 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:18:09.0396 2544 luafv - ok
22:18:09.0422 2544 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:18:09.0426 2544 Mcx2Svc - ok
22:18:09.0457 2544 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:18:09.0458 2544 megasas - ok
22:18:09.0491 2544 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:18:09.0493 2544 MegaSR - ok
22:18:09.0579 2544 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:18:09.0582 2544 Microsoft Office Groove Audit Service - ok
22:18:09.0617 2544 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:18:09.0620 2544 MMCSS - ok
22:18:09.0642 2544 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:18:09.0642 2544 Modem - ok
22:18:09.0685 2544 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:18:09.0686 2544 monitor - ok
22:18:09.0711 2544 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:18:09.0712 2544 mouclass - ok
22:18:09.0752 2544 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:18:09.0753 2544 mouhid - ok
22:18:09.0772 2544 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:18:09.0773 2544 mountmgr - ok
22:18:09.0869 2544 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:18:09.0873 2544 MozillaMaintenance - ok
22:18:09.0907 2544 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:18:09.0909 2544 mpio - ok
22:18:09.0929 2544 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:18:09.0930 2544 mpsdrv - ok
22:18:09.0951 2544 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:18:09.0953 2544 MRxDAV - ok
22:18:09.0990 2544 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:18:09.0992 2544 mrxsmb - ok
22:18:10.0027 2544 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:18:10.0029 2544 mrxsmb10 - ok
22:18:10.0040 2544 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:18:10.0042 2544 mrxsmb20 - ok
22:18:10.0068 2544 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:18:10.0069 2544 msahci - ok
22:18:10.0104 2544 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:18:10.0106 2544 msdsm - ok
22:18:10.0129 2544 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:18:10.0134 2544 MSDTC - ok
22:18:10.0174 2544 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:18:10.0175 2544 Msfs - ok
22:18:10.0204 2544 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:18:10.0204 2544 mshidkmdf - ok
22:18:10.0218 2544 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:18:10.0219 2544 msisadrv - ok
22:18:10.0263 2544 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:18:10.0267 2544 MSiSCSI - ok
22:18:10.0273 2544 msiserver - ok
22:18:10.0301 2544 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:18:10.0302 2544 MSKSSRV - ok
22:18:10.0321 2544 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:18:10.0321 2544 MSPCLOCK - ok
22:18:10.0356 2544 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:18:10.0357 2544 MSPQM - ok
22:18:10.0373 2544 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:18:10.0375 2544 MsRPC - ok
22:18:10.0394 2544 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:18:10.0395 2544 mssmbios - ok
22:18:10.0422 2544 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:18:10.0423 2544 MSTEE - ok
22:18:10.0447 2544 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:18:10.0448 2544 MTConfig - ok
22:18:10.0460 2544 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:18:10.0461 2544 Mup - ok
22:18:10.0498 2544 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
22:18:10.0506 2544 napagent - ok
22:18:10.0559 2544 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:18:10.0562 2544 NativeWifiP - ok
22:18:10.0630 2544 [ DFD8873E4DC08E621A8366C6CD98AB28 ] NAV C:\Program Files\Norton AntiVirus\Engine\20.1.1.2\ccSvcHst.exe
22:18:10.0634 2544 NAV - ok
22:18:10.0714 2544 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20121024.002\NAVENG.SYS
22:18:10.0718 2544 NAVENG - ok
22:18:10.0796 2544 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20121024.002\NAVEX15.SYS
22:18:10.0824 2544 NAVEX15 - ok
22:18:10.0897 2544 [ 8D11DA92F83D8C8281689739BEF05FD5 ] NCO C:\Program Files\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe
22:18:10.0901 2544 NCO - ok
22:18:10.0943 2544 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:18:10.0950 2544 NDIS - ok
22:18:10.0973 2544 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:18:10.0974 2544 NdisCap - ok
22:18:11.0020 2544 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:18:11.0021 2544 NdisTapi - ok
22:18:11.0038 2544 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:18:11.0039 2544 Ndisuio - ok
22:18:11.0054 2544 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:18:11.0056 2544 NdisWan - ok
22:18:11.0098 2544 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:18:11.0099 2544 NDProxy - ok
22:18:11.0120 2544 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:18:11.0121 2544 NetBIOS - ok
22:18:11.0134 2544 [ CEF096D84B7B058B993168EAF40CDE18 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:18:11.0137 2544 NetBT ( Virus.Win32.ZAccess.k ) - infected
22:18:11.0137 2544 NetBT - detected Virus.Win32.ZAccess.k (0)
22:18:11.0153 2544 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
22:18:11.0155 2544 Netlogon - ok
22:18:11.0189 2544 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:18:11.0196 2544 Netman - ok
22:18:11.0219 2544 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:18:11.0226 2544 netprofm - ok
22:18:11.0265 2544 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:18:11.0269 2544 NetTcpPortSharing - ok
22:18:11.0306 2544 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:18:11.0307 2544 nfrd960 - ok
22:18:11.0337 2544 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
22:18:11.0344 2544 NlaSvc - ok
22:18:11.0357 2544 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:18:11.0358 2544 Npfs - ok
22:18:11.0374 2544 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:18:11.0377 2544 nsi - ok
22:18:11.0403 2544 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:18:11.0404 2544 nsiproxy - ok
22:18:11.0469 2544 [ 5126C5402C730C2A953275D8497A4715 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:18:11.0483 2544 Ntfs - ok
22:18:11.0509 2544 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:18:11.0510 2544 Null - ok
22:18:11.0542 2544 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:18:11.0543 2544 nvraid - ok
22:18:11.0573 2544 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:18:11.0575 2544 nvstor - ok
22:18:11.0601 2544 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:18:11.0603 2544 nv_agp - ok
22:18:11.0753 2544 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:18:11.0764 2544 odserv - ok
22:18:11.0802 2544 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:18:11.0803 2544 ohci1394 - ok
22:18:11.0984 2544 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:18:12.0015 2544 ose - ok
22:18:12.0160 2544 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:18:12.0168 2544 p2pimsvc - ok
22:18:12.0190 2544 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:18:12.0199 2544 p2psvc - ok
22:18:12.0233 2544 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:18:12.0235 2544 Parport - ok
22:18:12.0268 2544 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:18:12.0269 2544 partmgr - ok
22:18:12.0286 2544 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:18:12.0287 2544 Parvdm - ok
22:18:12.0309 2544 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:18:12.0314 2544 PcaSvc - ok
22:18:12.0358 2544 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
22:18:12.0360 2544 pci - ok
22:18:12.0391 2544 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:18:12.0392 2544 pciide - ok
22:18:12.0432 2544 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:18:12.0434 2544 pcmcia - ok
22:18:12.0449 2544 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:18:12.0451 2544 pcw - ok
22:18:12.0478 2544 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:18:12.0483 2544 PEAUTH - ok
22:18:12.0541 2544 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:18:12.0564 2544 PeerDistSvc - ok
22:18:12.0650 2544 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
22:18:12.0679 2544 pla - ok
22:18:12.0715 2544 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:18:12.0720 2544 PlugPlay - ok
22:18:12.0734 2544 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:18:12.0737 2544 PNRPAutoReg - ok
22:18:12.0760 2544 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:18:12.0764 2544 PNRPsvc - ok
22:18:12.0793 2544 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:18:12.0801 2544 PolicyAgent - ok
22:18:12.0828 2544 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
22:18:12.0831 2544 Power - ok
22:18:12.0874 2544 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:18:12.0875 2544 PptpMiniport - ok
22:18:12.0924 2544 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:18:12.0925 2544 Processor - ok
22:18:13.0017 2544 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
22:18:13.0024 2544 ProfSvc - ok
22:18:13.0042 2544 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:18:13.0045 2544 ProtectedStorage - ok
22:18:13.0068 2544 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:18:13.0070 2544 Psched - ok
22:18:13.0121 2544 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:18:13.0133 2544 ql2300 - ok
22:18:13.0163 2544 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:18:13.0164 2544 ql40xx - ok
22:18:13.0196 2544 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:18:13.0202 2544 QWAVE - ok
22:18:13.0220 2544 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:18:13.0220 2544 QWAVEdrv - ok
22:18:13.0238 2544 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:18:13.0238 2544 RasAcd - ok
22:18:13.0272 2544 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:18:13.0273 2544 RasAgileVpn - ok
22:18:13.0305 2544 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:18:13.0309 2544 RasAuto - ok
22:18:13.0352 2544 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:18:13.0354 2544 Rasl2tp - ok
22:18:13.0395 2544 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
22:18:13.0404 2544 RasMan - ok
22:18:13.0431 2544 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:18:13.0432 2544 RasPppoe - ok
22:18:13.0440 2544 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:18:13.0441 2544 RasSstp - ok
22:18:13.0460 2544 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:18:13.0463 2544 rdbss - ok
22:18:13.0485 2544 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:18:13.0486 2544 rdpbus - ok
22:18:13.0501 2544 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:18:13.0501 2544 RDPCDD - ok
22:18:13.0569 2544 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:18:13.0571 2544 RDPDR - ok
22:18:13.0616 2544 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:18:13.0617 2544 RDPENCDD - ok
22:18:13.0639 2544 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:18:13.0640 2544 RDPREFMP - ok
22:18:13.0681 2544 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:18:13.0683 2544 RDPWD - ok
22:18:13.0722 2544 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:18:13.0724 2544 rdyboost - ok
22:18:13.0769 2544 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:18:13.0773 2544 RemoteAccess - ok
22:18:13.0791 2544 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:18:13.0797 2544 RemoteRegistry - ok
22:18:13.0826 2544 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:18:13.0830 2544 RpcEptMapper - ok
22:18:13.0864 2544 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:18:13.0867 2544 RpcLocator - ok
22:18:13.0889 2544 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
22:18:13.0894 2544 RpcSs - ok
22:18:13.0947 2544 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:18:13.0948 2544 rspndr - ok
22:18:13.0991 2544 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
22:18:13.0992 2544 RTL8167 - ok
22:18:14.0036 2544 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
22:18:14.0036 2544 s3cap - ok
22:18:14.0065 2544 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
22:18:14.0067 2544 SamSs - ok
22:18:14.0109 2544 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:18:14.0110 2544 sbp2port - ok
22:18:14.0248 2544 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
22:18:14.0271 2544 SBSDWSCService - ok
22:18:14.0307 2544 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:18:14.0311 2544 SCardSvr - ok
22:18:14.0336 2544 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:18:14.0337 2544 scfilter - ok
22:18:14.0390 2544 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
22:18:14.0403 2544 Schedule - ok
22:18:14.0412 2544 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:18:14.0413 2544 SCPolicySvc - ok
22:18:14.0435 2544 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:18:14.0440 2544 SDRSVC - ok
22:18:14.0480 2544 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:18:14.0480 2544 secdrv - ok
22:18:14.0495 2544 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:18:14.0497 2544 seclogon - ok
22:18:14.0527 2544 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
22:18:14.0530 2544 SENS - ok
22:18:14.0561 2544 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:18:14.0565 2544 SensrSvc - ok
22:18:14.0579 2544 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:18:14.0579 2544 Serenum - ok
22:18:14.0624 2544 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:18:14.0625 2544 Serial - ok
22:18:14.0662 2544 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:18:14.0663 2544 sermouse - ok
22:18:14.0700 2544 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
22:18:14.0704 2544 SessionEnv - ok
22:18:14.0734 2544 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:18:14.0735 2544 sffdisk - ok
22:18:14.0756 2544 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:18:14.0756 2544 sffp_mmc - ok
22:18:14.0773 2544 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:18:14.0774 2544 sffp_sd - ok
22:18:14.0795 2544 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:18:14.0796 2544 sfloppy - ok
22:18:14.0828 2544 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:18:14.0834 2544 SharedAccess - ok
22:18:14.0863 2544 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:18:14.0870 2544 ShellHWDetection - ok
22:18:14.0905 2544 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
22:18:14.0906 2544 sisagp - ok
22:18:14.0931 2544 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:18:14.0932 2544 SiSRaid2 - ok
22:18:14.0946 2544 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:18:14.0947 2544 SiSRaid4 - ok
22:18:14.0961 2544 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:18:14.0962 2544 Smb - ok
22:18:15.0023 2544 [ CDE05A7FB8F3707391716780427DC0FC ] SMR311 C:\Windows\system32\drivers\SMR311.SYS
22:18:15.0025 2544 SMR311 - ok
22:18:15.0097 2544 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:18:15.0101 2544 SNMPTRAP - ok
22:18:15.0148 2544 [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
22:18:15.0151 2544 Sony SCSI Helper Service - ok
22:18:15.0185 2544 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:18:15.0186 2544 spldr - ok
22:18:15.0229 2544 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
22:18:15.0238 2544 Spooler - ok
22:18:15.0334 2544 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
22:18:15.0414 2544 sppsvc - ok
22:18:15.0449 2544 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:18:15.0452 2544 sppuinotify - ok
22:18:15.0527 2544 [ 5CAC2130C217FF7DDBE6D59AC6131F1D ] SRTSP C:\Windows\System32\Drivers\NAV\1401010.002\SRTSP.SYS
22:18:15.0541 2544 SRTSP - ok
22:18:15.0561 2544 [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX C:\Windows\system32\drivers\NAV\1401010.002\SRTSPX.SYS
22:18:15.0564 2544 SRTSPX - ok
22:18:15.0599 2544 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:18:15.0602 2544 srv - ok
22:18:15.0617 2544 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:18:15.0620 2544 srv2 - ok
22:18:15.0654 2544 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:18:15.0656 2544 srvnet - ok
22:18:15.0688 2544 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:18:15.0691 2544 SSDPSRV - ok
22:18:15.0706 2544 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:18:15.0709 2544 SstpSvc - ok
22:18:15.0731 2544 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:18:15.0732 2544 stexstor - ok
22:18:15.0773 2544 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
22:18:15.0779 2544 StiSvc - ok
22:18:15.0808 2544 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
22:18:15.0809 2544 storflt - ok
22:18:15.0835 2544 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
22:18:15.0836 2544 storvsc - ok
22:18:15.0863 2544 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:18:15.0863 2544 swenum - ok
22:18:15.0902 2544 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
22:18:15.0907 2544 swprv - ok
22:18:15.0957 2544 [ 0004CCDD046A873CFF06427B06BE0B28 ] SymDS C:\Windows\system32\drivers\NAV\1401010.002\SYMDS.SYS
22:18:15.0966 2544 SymDS - ok
22:18:16.0000 2544 [ 4C24298500C31E84F5FDFAE6339902CD ] SymEFA C:\Windows\system32\drivers\NAV\1401010.002\SYMEFA.SYS
22:18:16.0016 2544 SymEFA - ok
22:18:16.0048 2544 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
22:18:16.0050 2544 SymEvent - ok
22:18:16.0087 2544 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\Windows\system32\drivers\NAV\1401010.002\Ironx86.SYS
22:18:16.0091 2544 SymIRON - ok
22:18:16.0116 2544 [ 21698476A90ACAA056B8CFE09A82785F ] SymNetS C:\Windows\System32\Drivers\NAV\1401010.002\SYMNETS.SYS
22:18:16.0122 2544 SymNetS - ok
22:18:16.0178 2544 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
22:18:16.0194 2544 SysMain - ok
22:18:16.0203 2544 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:18:16.0205 2544 TabletInputService - ok
22:18:16.0231 2544 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
22:18:16.0234 2544 TapiSrv - ok
22:18:16.0245 2544 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
22:18:16.0247 2544 TBS - ok
22:18:16.0310 2544 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:18:16.0321 2544 Tcpip - ok
22:18:16.0353 2544 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:18:16.0363 2544 TCPIP6 - ok
22:18:16.0400 2544 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:18:16.0401 2544 tcpipreg - ok
22:18:16.0414 2544 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:18:16.0415 2544 TDPIPE - ok
22:18:16.0448 2544 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:18:16.0449 2544 TDTCP - ok
22:18:16.0479 2544 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:18:16.0481 2544 tdx - ok
22:18:16.0498 2544 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:18:16.0499 2544 TermDD - ok
22:18:16.0530 2544 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
22:18:16.0537 2544 TermService - ok
22:18:16.0555 2544 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
22:18:16.0558 2544 Themes - ok
22:18:16.0574 2544 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
22:18:16.0576 2544 THREADORDER - ok
22:18:16.0608 2544 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
22:18:16.0611 2544 TrkWks - ok
22:18:16.0665 2544 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:18:16.0670 2544 TrustedInstaller - ok
22:18:16.0689 2544 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:18:16.0690 2544 tssecsrv - ok
22:18:16.0725 2544 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:18:16.0726 2544 tunnel - ok
22:18:16.0741 2544 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:18:16.0742 2544 uagp35 - ok
22:18:16.0765 2544 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:18:16.0768 2544 udfs - ok
22:18:16.0797 2544 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:18:16.0799 2544 UI0Detect - ok
22:18:16.0824 2544 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:18:16.0825 2544 uliagpkx - ok
22:18:16.0866 2544 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:18:16.0867 2544 umbus - ok
22:18:16.0889 2544 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:18:16.0889 2544 UmPass - ok
22:18:16.0939 2544 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
22:18:16.0942 2544 UmRdpService - ok
22:18:16.0969 2544 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
22:18:16.0973 2544 upnphost - ok
22:18:17.0005 2544 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
22:18:17.0005 2544 USBAAPL - ok
22:18:17.0031 2544 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:18:17.0032 2544 usbccgp - ok
22:18:17.0076 2544 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:18:17.0077 2544 usbcir - ok
22:18:17.0122 2544 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:18:17.0123 2544 usbehci - ok
22:18:17.0159 2544 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:18:17.0161 2544 usbhub - ok
22:18:17.0199 2544 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:18:17.0200 2544 usbohci - ok
22:18:17.0245 2544 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:18:17.0246 2544 usbprint - ok
22:18:17.0276 2544 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:18:17.0277 2544 usbscan - ok
22:18:17.0289 2544 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:18:17.0291 2544 USBSTOR - ok
22:18:17.0321 2544 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:18:17.0322 2544 usbuhci - ok
22:18:17.0360 2544 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:18:17.0362 2544 usbvideo - ok
22:18:17.0387 2544 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
22:18:17.0390 2544 UxSms - ok
22:18:17.0398 2544 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
22:18:17.0400 2544 VaultSvc - ok
22:18:17.0422 2544 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:18:17.0423 2544 vdrvroot - ok
22:18:17.0466 2544 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
22:18:17.0472 2544 vds - ok
22:18:17.0513 2544 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:18:17.0514 2544 vga - ok
22:18:17.0535 2544 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:18:17.0536 2544 VgaSave - ok
22:18:17.0566 2544 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:18:17.0568 2544 vhdmp - ok
22:18:17.0607 2544 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
22:18:17.0608 2544 viaagp - ok
22:18:17.0628 2544 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
22:18:17.0629 2544 ViaC7 - ok
22:18:17.0672 2544 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:18:17.0673 2544 viaide - ok
22:18:17.0702 2544 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
22:18:17.0704 2544 vmbus - ok
22:18:17.0723 2544 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
22:18:17.0724 2544 VMBusHID - ok
22:18:17.0751 2544 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:18:17.0752 2544 volmgr - ok
22:18:17.0782 2544 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:18:17.0785 2544 volmgrx - ok
22:18:17.0800 2544 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
22:18:17.0802 2544 volsnap - ok
22:18:17.0837 2544 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:18:17.0839 2544 vsmraid - ok
22:18:17.0888 2544 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
22:18:17.0899 2544 VSS - ok
22:18:17.0921 2544 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:18:17.0922 2544 vwifibus - ok
22:18:17.0928 2544 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:18:17.0929 2544 vwififlt - ok
22:18:17.0947 2544 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
22:18:17.0950 2544 W32Time - ok
22:18:17.0981 2544 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:18:17.0982 2544 WacomPen - ok
22:18:18.0009 2544 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:18:18.0011 2544 WANARP - ok
22:18:18.0018 2544 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:18:18.0019 2544 Wanarpv6 - ok
22:18:18.0101 2544 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:18:18.0126 2544 WatAdminSvc - ok
22:18:18.0169 2544 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
22:18:18.0177 2544 wbengine - ok
22:18:18.0188 2544 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:18:18.0191 2544 WbioSrvc - ok
22:18:18.0219 2544 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:18:18.0222 2544 wcncsvc - ok
22:18:18.0239 2544 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:18:18.0241 2544 WcsPlugInService - ok
22:18:18.0267 2544 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:18:18.0268 2544 Wd - ok
22:18:18.0292 2544 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:18:18.0295 2544 Wdf01000 - ok
22:18:18.0313 2544 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:18:18.0316 2544 WdiServiceHost - ok
22:18:18.0319 2544 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:18:18.0322 2544 WdiSystemHost - ok
22:18:18.0356 2544 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
22:18:18.0359 2544 WebClient - ok
22:18:18.0390 2544 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:18:18.0393 2544 Wecsvc - ok
22:18:18.0410 2544 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:18:18.0412 2544 wercplsupport - ok
22:18:18.0439 2544 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
22:18:18.0442 2544 WerSvc - ok
22:18:18.0475 2544 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:18:18.0476 2544 WfpLwf - ok
22:18:18.0496 2544 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:18:18.0496 2544 WIMMount - ok
22:18:18.0501 2544 WinHttpAutoProxySvc - ok
22:18:18.0556 2544 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:18:18.0558 2544 Winmgmt - ok
22:18:18.0596 2544 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
22:18:18.0605 2544 WinRM - ok
22:18:18.0660 2544 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:18:18.0661 2544 WinUsb - ok
22:18:18.0709 2544 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:18:18.0721 2544 Wlansvc - ok
22:18:18.0814 2544 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:18:18.0837 2544 wlcrasvc - ok
22:18:18.0958 2544 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:18:18.0993 2544 wlidsvc - ok
22:18:19.0028 2544 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:18:19.0029 2544 WmiAcpi - ok
22:18:19.0061 2544 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:18:19.0063 2544 wmiApSrv - ok
22:18:19.0129 2544 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:18:19.0150 2544 WMPNetworkSvc - ok
22:18:19.0174 2544 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:18:19.0177 2544 WPCSvc - ok
22:18:19.0199 2544 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:18:19.0203 2544 WPDBusEnum - ok
22:18:19.0211 2544 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:18:19.0212 2544 ws2ifsl - ok
22:18:19.0249 2544 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\system32\wscsvc.dll
22:18:19.0253 2544 wscsvc - ok
22:18:19.0257 2544 WSearch - ok
22:18:19.0341 2544 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:18:19.0357 2544 wuauserv - ok
22:18:19.0388 2544 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:18:19.0389 2544 WudfPf - ok
22:18:19.0421 2544 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:18:19.0423 2544 WUDFRd - ok
22:18:19.0454 2544 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:18:19.0461 2544 wudfsvc - ok
22:18:19.0489 2544 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:18:19.0493 2544 WwanSvc - ok
22:18:19.0511 2544 ================ Scan global ===============================
22:18:19.0560 2544 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
22:18:19.0611 2544 [ 43B34CADB516800794BDF486E493ED32 ] C:\Windows\system32\winsrv.dll
22:18:19.0628 2544 [ 43B34CADB516800794BDF486E493ED32 ] C:\Windows\system32\winsrv.dll
22:18:19.0658 2544 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:18:19.0683 2544 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:18:19.0690 2544 [Global] - ok
22:18:19.0691 2544 ================ Scan MBR ==================================
22:18:19.0705 2544 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:18:20.0830 2544 \Device\Harddisk0\DR0 - ok
22:18:20.0831 2544 ================ Scan VBR ==================================
22:18:20.0858 2544 [ 90AA85636B6B708B8CFCF921226BE7EC ] \Device\Harddisk0\DR0\Partition1
22:18:20.0860 2544 \Device\Harddisk0\DR0\Partition1 - ok
22:18:20.0876 2544 [ 2D262BBE957A586CED4ED5C030D2C703 ] \Device\Harddisk0\DR0\Partition2
22:18:20.0878 2544 \Device\Harddisk0\DR0\Partition2 - ok
22:18:20.0879 2544 ============================================================
22:18:20.0879 2544 Scan finished
22:18:20.0879 2544 ============================================================
22:18:20.0895 3532 Detected object count: 1
22:18:20.0895 3532 Actual detected object count: 1
22:19:38.0277 3532 C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine
22:19:44.0110 3532 Backup copy found, using it..
22:19:44.0319 3532 C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot
22:19:44.0399 3532 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
22:20:09.0909 3956 Deinitialize success


ASW:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-24 22:23:38
-----------------------------
22:23:38.773 OS Version: Windows 6.1.7600
22:23:38.773 Number of processors: 4 586 0x2505
22:23:38.773 ComputerName: PC-PC UserName: pc
22:23:56.042 Initialize success
22:25:02.086 AVAST engine defs: 12102500
22:27:21.336 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:27:21.352 Disk 0 Vendor: TOSHIBA_MK3265GSX GJ004E Size: 305245MB BusType: 11
22:27:21.461 Disk 0 MBR read successfully
22:27:21.461 Disk 0 MBR scan
22:27:21.477 Disk 0 Windows 7 default MBR code
22:27:21.477 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:27:21.508 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
22:27:21.524 Disk 0 scanning sectors +625139712
22:27:21.758 Disk 0 scanning C:\Windows\system32\drivers
22:27:34.544 Service scanning
22:28:26.074 Modules scanning
22:28:58.224 Disk 0 trace - called modules:
22:28:58.256 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
22:28:58.770 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863f5648]
22:28:58.770 3 CLASSPNP.SYS[8b58e59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x862a3030]
22:28:59.831 AVAST engine scan C:\Windows
22:29:04.059 AVAST engine scan C:\Windows\system32
22:31:53.593 AVAST engine scan C:\Windows\system32\drivers
22:32:08.039 AVAST engine scan C:\Users\pc
22:32:59.410 Disk 0 MBR has been saved successfully to "C:\Users\pc\Documents\MBR.dat"
22:32:59.410 The log file has been saved successfully to "C:\Users\pc\Documents\aswMBR.txt"



Eset is taking awhile-- I'll post the rest when it's finished...

#4 soozabelle

soozabelle
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 24 October 2012 - 10:47 PM

Eset says no threats found. Does this mean I'm clean again?

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:20 PM

Posted 24 October 2012 - 11:15 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#6 soozabelle

soozabelle
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 25 October 2012 - 09:04 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.25.01

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
pc :: PC-PC [administrator]

10/25/2012 9:42:33 PM
mbam-log-2012-10-25 (21-42-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219770
Time elapsed: 15 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MiniToolBox by Farbar Version: 23-07-2012
Ran by pc (administrator) on 25-10-2012 at 22:01:05
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 802.11n Network Adapter = Wireless Network Connection (Connected)
Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : pc-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : woh.rr.com

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : woh.rr.com
Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
Physical Address. . . . . . . . . : AC-81-12-3C-FD-28
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f060:afd5:8fe5:e8e1%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.124(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, October 24, 2012 10:21:10 PM
Lease Expires . . . . . . . . . . : Friday, October 26, 2012 9:40:35 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 330072338
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-AD-1A-06-1C-75-08-68-E8-36
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 1C-75-08-68-E8-36
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{E3EAB699-2D5E-4FBC-B2F9-6B2477A15D72}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.woh.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 2607:f8b0:4009:800::1009
74.125.225.72
74.125.225.73
74.125.225.78
74.125.225.64
74.125.225.65
74.125.225.66
74.125.225.67
74.125.225.68
74.125.225.69
74.125.225.70
74.125.225.71


Pinging google.com [74.125.225.37] with 32 bytes of data:
Reply from 74.125.225.37: bytes=32 time=35ms TTL=54
Reply from 74.125.225.37: bytes=32 time=51ms TTL=54

Ping statistics for 74.125.225.37:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 35ms, Maximum = 51ms, Average = 43ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=88ms TTL=51
Reply from 98.138.253.109: bytes=32 time=94ms TTL=50

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 88ms, Maximum = 94ms, Average = 91ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...ac 81 12 3c fd 28 ......Broadcom 802.11n Network Adapter
11...1c 75 08 68 e8 36 ......Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.124 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.124 281
192.168.1.124 255.255.255.255 On-link 192.168.1.124 281
192.168.1.255 255.255.255.255 On-link 192.168.1.124 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.124 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.124 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 281 fe80::/64 On-link
13 281 fe80::f060:afd5:8fe5:e8e1/128
On-link
1 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/24/2012 02:35:29 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (10/24/2012 02:35:29 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (10/23/2012 04:32:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (10/22/2012 10:23:10 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (10/22/2012 10:23:10 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (10/21/2012 03:13:53 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (10/21/2012 03:13:53 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (10/20/2012 09:49:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16450, time stamp: 0x503723f6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xffffcbe8
Faulting process id: 0x173c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/20/2012 06:12:09 PM) (Source: Bonjour Service) (User: )
Description: 340: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (10/20/2012 06:12:09 PM) (Source: Bonjour Service) (User: )
Description: 296: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)


System errors:
=============
Error: (10/24/2012 10:22:06 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (10/24/2012 10:21:09 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (10/24/2012 09:41:42 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (10/24/2012 09:41:27 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (10/24/2012 09:20:56 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (10/24/2012 09:20:37 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (10/24/2012 04:27:04 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (10/24/2012 04:26:40 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (10/23/2012 05:56:55 PM) (Source: DCOM) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (10/23/2012 04:38:44 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 2.7.0.19530)
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Panorama Maker 5 (Version: 5.0.1.25)
Bonjour (Version: 3.0.0.2)
Broadcom 802.11 Wireless Driver (Version: 1.0.0.0)
Coupon Printer for Windows (Version: 5.0.0.1)
D3DX10 (Version: 15.4.2368.0902)
EPSON Printer Software
Google Chrome (Version: 22.0.1229.94)
Google Update Helper (Version: 1.3.21.123)
GoToMeeting 5.2.0.952 (Version: 5.2.0.952)
HP Deskjet 1000 J110 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1000 J110 series Help (Version: 140.0.65.65)
HP Update (Version: 5.002.006.003)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2104)
iTunes (Version: 10.4.0.80)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 30 (Version: 6.0.300)
JavaFX 2.1.0 (Version: 2.1.0)
Junk Mail filter update (Version: 15.4.3502.0922)
LeapFrog Connect (Version: 3.2.19.13664)
LeapFrog MyOwnLeaptop Plugin (Version: 3.2.24.13754)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Firefox 16.0.1 (x86 en-US) (Version: 16.0.1)
Mozilla Maintenance Service (Version: 16.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nikon Message Center 2 (Version: 2.0.1)
Norton AntiVirus (Version: 20.1.1.2)
Norton Identity Safe (Version: 2013.1.0.32)
OverDrive Media Console (Version: 3.2.6)
Picture Control Utility (Version: 1.2.1)
PRS-500 USB driver (Version: 1.0.00.08110)
QuickTime (Version: 7.69.80.9)
Reader Library by Sony (Version: 3.3.00.07130)
Shutterfly Express Uploader (Version: 1.1.0)
Shutterfly Express Uploader (Version: 1.1.0.0)
Spotify (Version: 0.8.3.222.g317ab79d)
Spybot - Search & Destroy (Version: 1.6.2)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin) (Version: )
ViewNX 2 (Version: 2.1.0)
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080) (Version: 08/08/2006 1.0.03.08080)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 50%
Total physical RAM: 2998.85 MB
Available physical RAM: 1479.18 MB
Total Pagefile: 5995.98 MB
Available Pagefile: 3987.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.2 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:224.61 GB) NTFS
2 Drive d: (090220_2102) (CDROM) (Total:2.64 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\PC-PC

Administrator Guest pc

========================= Restore Points ==================================

24-10-2012 05:04:39 Scheduled Checkpoint

**** End of log ****

#7 soozabelle

soozabelle
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 25 October 2012 - 09:11 PM

# AdwCleaner v2.005 - Logfile created 10/25/2012 at 22:08:07
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : pc - PC-PC
# Boot Mode : Normal
# Running from : C:\Users\pc\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\1slqbyk5.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.44] : icon_url = "hxxp://www.ask.com/favicon.ico",
Deleted [l.50] : search_url = "hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&amp;o=15527&amp;prt=SWL&amp;chn=retail&amp;geo=US&amp;ver=2013&amp;locale=en_US&amp;tpr=111",

*************************

AdwCleaner[R1].txt - [1575 octets] - [25/10/2012 22:05:54]
AdwCleaner[S2].txt - [1363 octets] - [25/10/2012 22:08:07]

########## EOF - C:\AdwCleaner[S2].txt - [1423 octets] ##########

#8 soozabelle

soozabelle
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 25 October 2012 - 09:23 PM

Junkware Removal Tool (JRT) by Thisisu
Version: 2.1.8 (10.25.2012)
OS: Windows 7 Ultimate x86
Ran by pc on Thu 10/25/2012 at 22:12:35.93
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders:

Successfully deleted: [FOLDER] "C:\Program Files\coupons"



*** FireFox detected and repaired

Successfully deleted: [npCouponPrinter.dll] from [FF plugins]
Successfully deleted: [npMozCouponPrinter.dll] from [FF plugins]


*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Thu 10/25/2012 at 22:22:41.79
End of Report

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:20 PM

Posted 25 October 2012 - 09:27 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#10 soozabelle

soozabelle
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 25 October 2012 - 11:06 PM

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/26/2012 12:05:21 AM in x86 mode.
Windows Version: Windows 7 Ultimate

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/26/2012 12:05:49 AM
Execution time: 0 hours(s), 0 minute(s), and 27 seconds(s)

#11 soozabelle

soozabelle
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 25 October 2012 - 11:10 PM

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "ArcSoft Connection Service" "ArcSoft Connect Daemon" "ArcSoft Inc." "c:\program files\common files\arcsoft\connection service\bin\acdaemon.exe"
+ "GrooveMonitor" "GrooveMonitor Utility" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovemonitor.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files\hp\hp software update\hpwuschd2.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "Monitor" "Monitor Application" "LeapFrog Enterprises, Inc." "c:\program files\leapfrog\leapfrog connect\monitor.exe"
+ "Nikon Message Center 2" "Nikon Message Center 2" "Nikon Corporation" "c:\program files\nikon\nikon message center 2\nkmc2.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "Reader Library Launcher" "Reader Library Launcher" "Sony Corporation" "c:\program files\sony\reader\data\bin\launcher\reader library launcher.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "EPSON Stylus CX5000 Series" "EPSON Status Monitor 3" "SEIKO EPSON CORPORATION" "c:\windows\system32\spool\drivers\w32x86\3\e_fatibva.exe"
+ "Google Update" "Google Installer" "Google Inc." "c:\users\pc\appdata\local\google\update\googleupdate.exe"
+ "Spotify Web Helper" "" "" "c:\users\pc\appdata\roaming\spotify\data\spotifywebhelper.exe"
+ "SpybotSD TeaTimer" "System settings protector" "Safer-Networking Ltd." "c:\program files\spybot - search & destroy\teatimer.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "grooveLocalGWS" "GrooveSystemServices Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovesystemservices.dll"
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
+ "wlpg" "Windows Live Album Download Protocol Handler" "Microsoft Corporation" "c:\program files\windows live\photo gallery\albumdownloadprotocolhandler.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files\norton antivirus\engine\20.1.1.2\navshext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files\norton antivirus\engine\20.1.1.2\navshext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Groove GFS Browser Helper" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "Norton Identity Protection" "coIEPlugIn" "Symantec Corporation" "c:\program files\norton identity safe\engine\2013.1.0.32\coieplg.dll"
+ "Norton Vulnerability Protection" "IPS Browser Helper DLL" "Symantec Corporation" "c:\program files\norton antivirus\engine\20.1.1.2\ips\ipsbho.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
+ "Windows Live Messenger Companion Helper" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files\windows live\companion\companioncore.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Norton Identity Safe Toolbar" "coIEPlugIn" "Symantec Corporation" "c:\program files\norton identity safe\engine\2013.1.0.32\coieplg.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files\windows live\writer\writerbrowserextension.dll"
+ "Messenger Companion (Ctrl+Shift+C)" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files\windows live\companion\companioncore.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
+ "Spybot - Search & Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-1919792603-3416710250-1616214909-1000Core" "Google Installer" "Google Inc." "c:\users\pc\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-1919792603-3416710250-1616214909-1000UA" "Google Installer" "Google Inc." "c:\users\pc\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Norton AntiVirus\Norton Error Analyzer" "Symantec Error Reporting" "Symantec Corporation" "c:\program files\norton antivirus\engine\20.1.1.2\symerr.exe"
+ "\Norton Identity Safe\Norton Error Analyzer" "Symantec Error Reporting" "Symantec Corporation" "c:\program files\norton identity safe\engine\2013.1.0.32\symerr.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ACDaemon" "ArcSoft Connect Service" "ArcSoft Inc." "c:\program files\common files\arcsoft\connection service\bin\acservice.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "fsssvc" "This service enables Family Safety on the computer. If this service is not running, Family Safety will not work." "Microsoft Corporation" "c:\program files\windows live\family safety\fsssvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "LeapFrog Connect Device Service" "Manages LeapFrog Connect devices." "LeapFrog Enterprises, Inc." "c:\program files\leapfrog\leapfrog connect\commandservice.exe"
+ "Microsoft Office Groove Audit Service" "Groove Audit Service" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveauditservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "NAV" "Norton AntiVirus" "Symantec Corporation" "c:\program files\norton antivirus\engine\20.1.1.2\ccsvchst.exe"
+ "NCO" "Norton Identity Safe" "Symantec Corporation" "c:\program files\norton identity safe\engine\2013.1.0.32\ccsvchst.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "SBSDWSCService" "Spybot-S&D Security Center integration" "Safer Networking Ltd." "c:\program files\spybot - search & destroy\sdwinsec.exe"
+ "Sony SCSI Helper Service" "SCSI Helper Service" "Sony Corporation" "c:\program files\common files\sony shared\fsk\sonyscsihelperservice.exe"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ACPIVPC" "ACPI Virtual Power Controller Driver" "Lenovo Corporation" "c:\windows\system32\drivers\acpivpc.sys"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aic78xx" "Adaptec Ultra SCSI miniport" "Adaptec, Inc." "c:\windows\system32\drivers\djsvs.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows family" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbdx.sys"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl6.sys"
+ "BHDrvx86" "SONAR Engine Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.0.24\definitions\bashdefs\20121005.002\bhdrvx86.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "catchme" "" "" "File not found: C:\Users\pc\AppData\Local\Temp\catchme.sys"
+ "ccSet_NAV" "Common Client Settings Driver" "Symantec Corporation" "c:\windows\system32\drivers\nav\1401010.002\ccsetx86.sys"
+ "ccSet_NST" "Common Client Settings Driver" "Symantec Corporation" "c:\windows\system32\drivers\nst\7dd01000.020\ccsetx86.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbdx.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eectrl.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "IDSVix86" "Symantec Intrusion Prevention Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.0.24\definitions\ipsdefs\20121025.001\idsvix86.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "Impcd" "Intel® Turbo Boost Technology Driver" "Intel Corporation" "c:\windows\system32\drivers\impcd.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7 for x86" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.0.24\definitions\virusdefs\20121025.017\naveng.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.0.24\definitions\virusdefs\20121025.017\navex15.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8167" "Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver " "Realtek Corporation " "c:\windows\system32\drivers\rt86win7.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nav\1401010.002\srtsp.sys"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nav\1401010.002\srtspx.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SymDS" "Symantec Data Store" "Symantec Corporation" "c:\windows\system32\drivers\nav\1401010.002\symds.sys"
+ "SymEFA" "Symantec Extended File Attributes" "Symantec Corporation" "c:\windows\system32\drivers\nav\1401010.002\symefa.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent.sys"
+ "SymIRON" "Iron Driver" "Symantec Corporation" "c:\windows\system32\drivers\nav\1401010.002\ironx86.sys"
+ "SymNetS" "Network Security Driver" "Symantec Corporation" "c:\windows\system32\drivers\nav\1401010.002\symnets.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "Extractor" "Stream Data Extractor Filter" "Sony Corporation" "c:\program files\common files\sony shared\fsk\extractor.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Epson Inbox Language Monitor01" "Epson Printer Driver" "SEIKO EPSON CORPORATION" "c:\windows\system32\ep0slm01.dll"
+ "EPSON Stylus CX5000 Series 32MonitorBA" "EPSON Bi-directional Monitor x86" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_flbbva.dll"
+ "HP 8811 Status Monitor" "Print Status Language Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpinksts8811lm.dll"

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:20 PM

Posted 25 October 2012 - 11:15 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#13 soozabelle

soozabelle
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 26 October 2012 - 07:38 AM

Farbar Service Scanner Version: 26-10-2012
Ran by pc (administrator) on 26-10-2012 at 08:37:20
Running from "C:\Users\pc\Downloads"
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-10 13:39] - [2012-03-30 06:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED

C:\Windows\system32\dnsrslvr.dll
[2011-07-12 07:40] - [2011-03-03 01:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-13 19:53] - [2009-07-13 21:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 19:54] - [2009-07-13 21:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 19:23] - [2009-07-13 21:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 19:24] - [2009-07-13 21:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll
[2011-07-12 07:38] - [2010-12-21 01:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-07-13 19:30] - [2009-07-13 21:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-10 09:37] - [2012-06-02 00:45] - 0139264 ____A (Microsoft Corporation) F2FDE6C8DBAAD44CC58D1E07E4AF4EED

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:20 PM

Posted 26 October 2012 - 07:43 AM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#15 soozabelle

soozabelle
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 28 October 2012 - 01:43 PM

Thanks for all the help! Much appreciated!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users