SireFound Sirefef and BCMiner Trojans on my system

Jaguar2090 · July 10, 2012

Hi everyone,

My computer was recently infected with a virus, which, when I scanned it with MalwareBytes Free, brought up about 10 infections.

I quarantined and removed them using MBAM, but "BCMiner" and "Sirefef" still remain.

The biggest problem that is visible to me is random browser redirects, but there are probably other things going on beneath the surface.

Attach.txt

DDS.txt

Jaguar2090 · July 10, 2012

I'll paste the DDS log here to make the post more readable:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Home at 23:38:30 on 2012-07-09

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3007.1719 [GMT -4:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\ENAgent.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE

c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\System32\kmw_run.exe

C:\Users\Home\Local Settings\Apps\F.lux\flux.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\KMW_SHOW.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\taskhost.exe

C:\Users\Home\Downloads\OTL.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\notepad.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Windows\System32\svchost.exe" -k LocalServiceDns

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com/ie

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: E-Web Print: {201cf130-e29c-4e5c-a73f-cd197defa6ae} - c:\program files\epson software\e-web print\ewps_tb.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: IEHlprObjClass: {ce7c3cf0-4b15-11d1-abed-709549c10000} - c:\program files\kensington\mouseworks\IE_SPY.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: E-Web Print: {201cf130-e29c-4e5c-a73f-cd197defa6ae} - c:\program files\epson software\e-web print\ewps_tb.dll

EB: E-Web Print: {a60c1dc7-64b3-4ad9-8e67-035d11b8b2b0} - c:\program files\epson software\e-web print\ewps_tb.dll

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatihva.exe /ept "epltarget\P0000000000000000" /M "WorkForce 645" /EF "HKCU"

uRun: [spotify Web Helper] "c:\users\home\appdata\roaming\spotify\data\SpotifyWebHelper.exe"

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

uRun: [F.lux] "c:\users\home\local settings\apps\f.lux\flux.exe" /noshow

uRun: [XSECVA] c:\users\home\appdata\roaming\xsecva\xsecva.exe -s

uRun: [agsclm] rundll32.exe "c:\users\home\appdata\roaming\agsclm.dll",DeleteTable

uRun: [pnipo] "c:\windows\system32\rundll32.exe" "c:\users\home\appdata\roaming\pnipo.dll",CaptureStop

uRun: [Google Update] "c:\users\home\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [kmw_run.exe] kmw_run.exe

mRun: [MSWheel]

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [iRISCard 4 button manager] "c:\program files\iriscard 4 pro\bmana620.exe"

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript

StartupFolder: c:\users\home\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187

TCP: Interfaces\{B5B08068-3A94-477C-ADC7-E452B728FF9B} : DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187

TCP: Interfaces\{B5B08068-3A94-477C-ADC7-E452B728FF9B}\74F6C646D4F6E6B65697D27657563747 : DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187

TCP: Interfaces\{B5B08068-3A94-477C-ADC7-E452B728FF9B}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\home\appdata\roaming\mozilla\firefox\profiles\ml95xu16.default\

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\users\home\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

.

============= SERVICES / DRIVERS ===============

.

R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2009-7-13 4608]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

R2 ENAgent;Epson Redirect Agent;c:\windows\system32\ENAgent.exe [2012-2-25 4022272]

R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\common files\epson\epw!3 ssrp\E_JT50RP.EXE [2012-2-25 130944]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-4-20 92592]

R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]

S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-20 113120]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-30 1343400]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]

.

=============== Created Last 30 ================

.

2012-07-10 03:15:25 54016 ----a-w- c:\windows\system32\drivers\jtlds.sys

2012-07-08 17:49:10 -------- d-----w- c:\users\home\appdata\roaming\FixZeroAccess

2012-07-08 17:38:02 -------- d-----w- c:\users\home\appdata\local\{5ECF55EC-C89A-11E1-8270-B8AC6F996F26}

2012-07-08 14:35:16 -------- d-----w- c:\program files\ESET

2012-07-08 01:15:12 -------- d-----w- c:\users\home\appdata\local\{5ECF1E31-C89A-11E1-8270-B8AC6F996F26}

2012-07-08 01:15:07 380416 ----a-w- c:\users\home\appdata\roaming\pnipo.dll

2012-07-08 01:14:15 130560 ----a-w- c:\users\home\appdata\roaming\agsclm.dll

2012-07-08 01:14:03 -------- d-----w- c:\users\home\appdata\roaming\xsecva

2012-07-07 14:51:42 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-07-06 08:10:44 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6aa95656-c40c-4f40-8808-0b75b0049144}\mpengine.dll

2012-07-02 21:43:10 -------- d-----w- c:\users\home\appdata\roaming\ICAClient

2012-07-01 18:42:06 -------- d-----w- c:\users\home\appdata\roaming\Kscan

2012-07-01 18:36:44 -------- d-----w- c:\program files\IRISCard 4 Pro

2012-06-23 15:14:19 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-23 15:13:58 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-23 15:13:21 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-23 15:13:21 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-23 04:44:42 -------- d-----w- c:\programdata\TomTom

2012-06-23 04:40:17 -------- d-----w- c:\users\home\appdata\roaming\TomTom

2012-06-23 04:40:17 -------- d-----w- c:\users\home\appdata\local\TomTom

2012-06-23 04:40:03 -------- d-----w- c:\program files\TomTom International B.V

2012-06-23 04:39:49 -------- d-----w- c:\program files\TomTom HOME 2

2012-06-20 04:13:41 -------- d-----w- c:\program files\psykopaint

2012-06-15 23:33:57 -------- d-----w- c:\program files\Citrix

2012-06-13 08:05:26 2343936 ----a-w- c:\windows\system32\win32k.sys

2012-06-13 08:05:26 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 08:05:04 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-13 08:05:04 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-13 08:05:04 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

.

==================== Find3M ====================

.

2012-07-09 15:54:50 7304 ----a-w- c:\windows\TMP0001.TMP

2012-07-07 14:35:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-07 14:35:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 23:38:46.99 ===============

Maniac · July 10, 2012

Hello Jaguar2090 and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall µTorrent, because of our rules:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 4

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

TDSSKiller log
Malwarebytes' Anti-Malware log
OTL log with Extras.txt

Jaguar2090 · July 11, 2012

Thanks for helping!

In TDSSKiller, Cure was NOT an option given to me, so I skipped. Here is the log for TDSS:

21:00:32.0126 3140 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35

21:00:32.0145 3140 ============================================================

21:00:32.0145 3140 Current date / time: 2012/07/10 21:00:32.0145

21:00:32.0145 3140 SystemInfo:

21:00:32.0145 3140

21:00:32.0145 3140 OS Version: 6.1.7601 ServicePack: 1.0

21:00:32.0145 3140 Product type: Workstation

21:00:32.0145 3140 ComputerName: HOME-PC

21:00:32.0146 3140 UserName: Home

21:00:32.0146 3140 Windows directory: C:\Windows

21:00:32.0146 3140 System windows directory: C:\Windows

21:00:32.0146 3140 Processor architecture: Intel x86

21:00:32.0146 3140 Number of processors: 2

21:00:32.0146 3140 Page size: 0x1000

21:00:32.0146 3140 Boot type: Normal boot

21:00:32.0146 3140 ============================================================

21:00:33.0450 3140 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

21:00:33.0462 3140 Drive \Device\Harddisk5\DR5 - Size: 0x78000000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

21:00:33.0463 3140 ============================================================

21:00:33.0463 3140 \Device\Harddisk0\DR0:

21:00:33.0463 3140 MBR partitions:

21:00:33.0463 3140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C00E5BE

21:00:33.0463 3140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1C0124BE, BlocksNum 0x11B20C3

21:00:33.0463 3140 \Device\Harddisk5\DR5:

21:00:33.0464 3140 MBR partitions:

21:00:33.0464 3140 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3BBFE0

21:00:33.0464 3140 ============================================================

21:00:33.0489 3140 C: <-> \Device\Harddisk0\DR0\Partition0

21:00:33.0489 3140 D: <-> \Device\Harddisk0\DR0\Partition1

21:00:33.0489 3140 ============================================================

21:00:33.0490 3140 Initialize success

21:00:33.0490 3140 ============================================================

21:00:46.0295 4988 ============================================================

21:00:46.0295 4988 Scan started

21:00:46.0295 4988 Mode: Manual; SigCheck; TDLFS;

21:00:46.0295 4988 ============================================================

21:00:46.0958 4988 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys

21:00:47.0007 4988 1394ohci - ok

21:00:47.0051 4988 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

21:00:47.0071 4988 ACPI - ok

21:00:47.0099 4988 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

21:00:47.0116 4988 AcpiPmi - ok

21:00:47.0262 4988 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

21:00:47.0274 4988 AdobeARMservice - ok

21:00:47.0323 4988 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys

21:00:47.0343 4988 adp94xx - ok

21:00:47.0373 4988 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys

21:00:47.0390 4988 adpahci - ok

21:00:47.0426 4988 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys

21:00:47.0441 4988 adpu320 - ok

21:00:47.0502 4988 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

21:00:47.0530 4988 AeLookupSvc - ok

21:00:47.0611 4988 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

21:00:47.0628 4988 AFD - ok

21:00:47.0657 4988 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

21:00:47.0668 4988 agp440 - ok

21:00:47.0738 4988 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys

21:00:47.0750 4988 aic78xx - ok

21:00:47.0775 4988 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

21:00:47.0789 4988 ALG - ok

21:00:47.0811 4988 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

21:00:47.0824 4988 aliide - ok

21:00:47.0852 4988 amacpi (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\DRIVERS\null.sys

21:00:47.0882 4988 amacpi - ok

21:00:47.0902 4988 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

21:00:47.0916 4988 amdagp - ok

21:00:47.0934 4988 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

21:00:47.0947 4988 amdide - ok

21:00:48.0017 4988 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

21:00:48.0031 4988 AmdK8 - ok

21:00:48.0060 4988 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys

21:00:48.0076 4988 AmdPPM - ok

21:00:48.0114 4988 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys

21:00:48.0126 4988 amdsata - ok

21:00:48.0162 4988 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys

21:00:48.0176 4988 amdsbs - ok

21:00:48.0203 4988 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys

21:00:48.0215 4988 amdxata - ok

21:00:48.0240 4988 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

21:00:48.0268 4988 AppID - ok

21:00:48.0283 4988 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

21:00:48.0311 4988 AppIDSvc - ok

21:00:48.0339 4988 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll

21:00:48.0369 4988 Appinfo - ok

21:00:48.0541 4988 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

21:00:48.0551 4988 Apple Mobile Device - ok

21:00:48.0614 4988 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll

21:00:48.0628 4988 AppMgmt - ok

21:00:48.0657 4988 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys

21:00:48.0671 4988 arc - ok

21:00:48.0686 4988 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys

21:00:48.0700 4988 arcsas - ok

21:00:48.0842 4988 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

21:00:48.0855 4988 aspnet_state - ok

21:00:48.0884 4988 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

21:00:48.0915 4988 AsyncMac - ok

21:00:48.0944 4988 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

21:00:48.0957 4988 atapi - ok

21:00:49.0044 4988 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

21:00:49.0080 4988 AudioEndpointBuilder - ok

21:00:49.0091 4988 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

21:00:49.0126 4988 Audiosrv - ok

21:00:49.0170 4988 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll

21:00:49.0188 4988 AxInstSV - ok

21:00:49.0265 4988 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys

21:00:49.0284 4988 b06bdrv - ok

21:00:49.0389 4988 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

21:00:49.0405 4988 b57nd60x - ok

21:00:49.0557 4988 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys

21:00:49.0590 4988 BCM43XX - ok

21:00:49.0609 4988 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

21:00:49.0625 4988 BDESVC - ok

21:00:49.0651 4988 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

21:00:49.0680 4988 Beep - ok

21:00:49.0757 4988 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll

21:00:49.0793 4988 BITS - ok

21:00:49.0826 4988 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

21:00:49.0841 4988 blbdrive - ok

21:00:50.0029 4988 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

21:00:50.0045 4988 Bonjour Service - ok

21:00:50.0119 4988 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

21:00:50.0132 4988 bowser - ok

21:00:50.0163 4988 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys

21:00:50.0177 4988 BrFiltLo - ok

21:00:50.0191 4988 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys

21:00:50.0208 4988 BrFiltUp - ok

21:00:50.0231 4988 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll

21:00:50.0261 4988 Browser - ok

21:00:50.0288 4988 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

21:00:50.0305 4988 Brserid - ok

21:00:50.0333 4988 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

21:00:50.0350 4988 BrSerWdm - ok

21:00:50.0380 4988 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

21:00:50.0395 4988 BrUsbMdm - ok

21:00:50.0412 4988 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

21:00:50.0426 4988 BrUsbSer - ok

21:00:50.0442 4988 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys

21:00:50.0458 4988 BTHMODEM - ok

21:00:50.0532 4988 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

21:00:50.0561 4988 bthserv - ok

21:00:50.0618 4988 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

21:00:50.0647 4988 cdfs - ok

21:00:50.0685 4988 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

21:00:50.0701 4988 cdrom - ok

21:00:50.0737 4988 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

21:00:50.0765 4988 CertPropSvc - ok

21:00:50.0794 4988 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys

21:00:50.0811 4988 circlass - ok

21:00:50.0839 4988 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

21:00:50.0856 4988 CLFS - ok

21:00:50.0989 4988 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:00:51.0000 4988 clr_optimization_v2.0.50727_32 - ok

21:00:51.0101 4988 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:00:51.0115 4988 clr_optimization_v4.0.30319_32 - ok

21:00:51.0134 4988 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys

21:00:51.0150 4988 CmBatt - ok

21:00:51.0157 4988 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

21:00:51.0169 4988 cmdide - ok

21:00:51.0217 4988 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

21:00:51.0243 4988 CNG - ok

21:00:51.0269 4988 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys

21:00:51.0282 4988 Compbatt - ok

21:00:51.0321 4988 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys

21:00:51.0339 4988 CompositeBus - ok

21:00:51.0358 4988 COMSysApp - ok

21:00:51.0379 4988 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys

21:00:51.0391 4988 crcdisk - ok

21:00:51.0472 4988 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll

21:00:51.0500 4988 CryptSvc - ok

21:00:51.0579 4988 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

21:00:51.0599 4988 CSC - ok

21:00:51.0643 4988 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll

21:00:51.0664 4988 CscService - ok

21:00:51.0752 4988 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

21:00:51.0787 4988 DcomLaunch - ok

21:00:51.0868 4988 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

21:00:51.0901 4988 defragsvc - ok

21:00:52.0031 4988 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

21:00:52.0058 4988 DfsC - ok

21:00:52.0122 4988 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll

21:00:52.0153 4988 Dhcp - ok

21:00:52.0161 4988 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

21:00:52.0192 4988 discache - ok

21:00:52.0230 4988 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys

21:00:52.0242 4988 Disk - ok

21:00:52.0302 4988 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys

21:00:52.0315 4988 dmvsc - ok

21:00:52.0375 4988 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll

21:00:52.0390 4988 Dnscache - ok

21:00:52.0420 4988 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll

21:00:52.0451 4988 dot3svc - ok

21:00:52.0511 4988 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll

21:00:52.0540 4988 DPS - ok

21:00:52.0610 4988 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

21:00:52.0625 4988 drmkaud - ok

21:00:52.0695 4988 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

21:00:52.0721 4988 DXGKrnl - ok

21:00:52.0742 4988 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

21:00:52.0774 4988 EapHost - ok

21:00:52.0985 4988 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys

21:00:53.0041 4988 ebdrv - ok

21:00:53.0174 4988 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe

21:00:53.0189 4988 EFS - ok

21:00:53.0315 4988 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe

21:00:53.0336 4988 ehRecvr - ok

21:00:53.0354 4988 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

21:00:53.0370 4988 ehSched - ok

21:00:53.0406 4988 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys

21:00:53.0426 4988 elxstor - ok

21:00:53.0656 4988 ENAgent (9dec8224b8cf0448fcc4127215f6191a) C:\Windows\system32\ENAgent.exe

21:00:53.0725 4988 ENAgent - ok

21:00:53.0828 4988 EPSON_PM_RPCV4_05 (cef06a8df4ba42673f3297759fd62e80) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE

21:00:53.0841 4988 EPSON_PM_RPCV4_05 - ok

21:00:53.0989 4988 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

21:00:54.0001 4988 ErrDev - ok

21:00:54.0087 4988 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

21:00:54.0125 4988 EventSystem - ok

21:00:54.0159 4988 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

21:00:54.0190 4988 exfat - ok

21:00:54.0214 4988 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

21:00:54.0247 4988 fastfat - ok

21:00:54.0293 4988 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe

21:00:54.0314 4988 Fax - ok

21:00:54.0347 4988 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys

21:00:54.0364 4988 fdc - ok

21:00:54.0384 4988 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

21:00:54.0414 4988 fdPHost - ok

21:00:54.0428 4988 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

21:00:54.0460 4988 FDResPub - ok

21:00:54.0475 4988 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

21:00:54.0488 4988 FileInfo - ok

21:00:54.0504 4988 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

21:00:54.0536 4988 Filetrace - ok

21:00:54.0612 4988 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

21:00:54.0635 4988 FLEXnet Licensing Service - ok

21:00:54.0670 4988 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys

21:00:54.0684 4988 flpydisk - ok

21:00:54.0727 4988 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

21:00:54.0743 4988 FltMgr - ok

21:00:54.0809 4988 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll

21:00:54.0848 4988 FontCache - ok

21:00:55.0018 4988 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

21:00:55.0028 4988 FontCache3.0.0.0 - ok

21:00:55.0046 4988 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

21:00:55.0059 4988 FsDepends - ok

21:00:55.0096 4988 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys

21:00:55.0111 4988 Fs_Rec - ok

21:00:55.0184 4988 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

21:00:55.0203 4988 fvevol - ok

21:00:55.0235 4988 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys

21:00:55.0249 4988 gagp30kx - ok

21:00:55.0308 4988 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:00:55.0318 4988 GEARAspiWDM - ok

21:00:55.0402 4988 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll

21:00:55.0437 4988 gpsvc - ok

21:00:55.0490 4988 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

21:00:55.0502 4988 hcw85cir - ok

21:00:55.0586 4988 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

21:00:55.0606 4988 HdAudAddService - ok

21:00:55.0645 4988 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys

21:00:55.0661 4988 HDAudBus - ok

21:00:55.0668 4988 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys

21:00:55.0685 4988 HidBatt - ok

21:00:55.0709 4988 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys

21:00:55.0726 4988 HidBth - ok

21:00:55.0756 4988 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys

21:00:55.0772 4988 HidIr - ok

21:00:55.0790 4988 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll

21:00:55.0821 4988 hidserv - ok

21:00:55.0853 4988 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

21:00:55.0868 4988 HidUsb - ok

21:00:55.0917 4988 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll

21:00:55.0946 4988 hkmsvc - ok

21:00:55.0967 4988 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll

21:00:55.0985 4988 HomeGroupListener - ok

21:00:56.0048 4988 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll

21:00:56.0065 4988 HomeGroupProvider - ok

21:00:56.0094 4988 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

21:00:56.0107 4988 HpSAMD - ok

21:00:56.0163 4988 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

21:00:56.0198 4988 HTTP - ok

21:00:56.0214 4988 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

21:00:56.0227 4988 hwpolicy - ok

21:00:56.0266 4988 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

21:00:56.0280 4988 i8042prt - ok

21:00:56.0325 4988 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys

21:00:56.0342 4988 iaStorV - ok

21:00:56.0552 4988 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

21:00:56.0579 4988 idsvc - ok

21:00:56.0608 4988 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys

21:00:56.0622 4988 iirsp - ok

21:00:56.0720 4988 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll

21:00:56.0757 4988 IKEEXT - ok

21:00:56.0781 4988 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

21:00:56.0794 4988 intelide - ok

21:00:56.0857 4988 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\drivers\intelppm.sys

21:00:56.0872 4988 intelppm - ok

21:00:56.0921 4988 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

21:00:56.0954 4988 IPBusEnum - ok

21:00:57.0015 4988 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:00:57.0044 4988 IpFilterDriver - ok

21:00:57.0064 4988 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

21:00:57.0078 4988 IPMIDRV - ok

21:00:57.0099 4988 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

21:00:57.0129 4988 IPNAT - ok

21:00:57.0316 4988 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe

21:00:57.0340 4988 iPod Service - ok

21:00:57.0370 4988 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

21:00:57.0387 4988 IRENUM - ok

21:00:57.0408 4988 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

21:00:57.0421 4988 isapnp - ok

21:00:57.0452 4988 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

21:00:57.0468 4988 iScsiPrt - ok

21:00:57.0537 4988 ivusb (994ebb45c4b438e1f6ea0b958ae9b9a3) C:\Windows\system32\DRIVERS\ivusb.sys

21:00:57.0561 4988 ivusb - ok

21:00:57.0600 4988 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

21:00:57.0613 4988 kbdclass - ok

21:00:57.0650 4988 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys

21:00:57.0666 4988 kbdhid - ok

21:00:57.0688 4988 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

21:00:57.0702 4988 KeyIso - ok

21:00:57.0761 4988 KMW_KBD (ef936d3375d077952ad2664a2cdd7ba3) C:\Windows\system32\DRIVERS\KMW_KBD.sys

21:00:57.0774 4988 KMW_KBD - ok

21:00:57.0807 4988 KMW_SYS (9d158c26e9b9119787d5f17bf15ee02c) C:\Windows\system32\DRIVERS\KMW_SYS.sys

21:00:57.0822 4988 KMW_SYS - ok

21:00:57.0844 4988 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

21:00:57.0859 4988 KSecDD - ok

21:00:57.0890 4988 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

21:00:57.0906 4988 KSecPkg - ok

21:00:57.0977 4988 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

21:00:58.0012 4988 KtmRm - ok

21:00:58.0074 4988 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll

21:00:58.0106 4988 LanmanServer - ok

21:00:58.0166 4988 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll

21:00:58.0197 4988 LanmanWorkstation - ok

21:00:58.0279 4988 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

21:00:58.0309 4988 lltdio - ok

21:00:58.0416 4988 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

21:00:58.0457 4988 lltdsvc - ok

21:00:58.0477 4988 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

21:00:58.0518 4988 lmhosts - ok

21:00:58.0582 4988 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys

21:00:58.0662 4988 LSI_FC - ok

21:00:58.0696 4988 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys

21:00:58.0712 4988 LSI_SAS - ok

21:00:58.0750 4988 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys

21:00:58.0767 4988 LSI_SAS2 - ok

21:00:58.0790 4988 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys

21:00:58.0803 4988 LSI_SCSI - ok

21:00:58.0832 4988 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

21:00:58.0864 4988 luafv - ok

21:00:58.0919 4988 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll

21:00:58.0935 4988 Mcx2Svc - ok

21:00:58.0951 4988 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys

21:00:58.0963 4988 megasas - ok

21:00:58.0986 4988 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys

21:00:59.0002 4988 MegaSR - ok

21:00:59.0128 4988 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

21:00:59.0141 4988 Microsoft Office Groove Audit Service - ok

21:00:59.0159 4988 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

21:00:59.0193 4988 MMCSS - ok

21:00:59.0209 4988 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

21:00:59.0240 4988 Modem - ok

21:00:59.0299 4988 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

21:00:59.0315 4988 monitor - ok

21:00:59.0361 4988 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\Windows\system32\Drivers\motoandroid.sys

21:00:59.0381 4988 motandroidusb - ok

21:00:59.0401 4988 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

21:00:59.0414 4988 mouclass - ok

21:00:59.0454 4988 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

21:00:59.0467 4988 mouhid - ok

21:00:59.0482 4988 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

21:00:59.0495 4988 mountmgr - ok

21:00:59.0556 4988 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

21:00:59.0570 4988 MozillaMaintenance - ok

21:00:59.0625 4988 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

21:00:59.0639 4988 mpio - ok

21:00:59.0656 4988 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

21:00:59.0689 4988 mpsdrv - ok

21:00:59.0707 4988 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

21:00:59.0724 4988 MRxDAV - ok

21:00:59.0791 4988 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:00:59.0805 4988 mrxsmb - ok

21:00:59.0840 4988 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:00:59.0856 4988 mrxsmb10 - ok

21:00:59.0885 4988 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:00:59.0899 4988 mrxsmb20 - ok

21:00:59.0922 4988 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

21:00:59.0934 4988 msahci - ok

21:00:59.0955 4988 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

21:00:59.0968 4988 msdsm - ok

21:01:00.0028 4988 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

21:01:00.0043 4988 MSDTC - ok

21:01:00.0068 4988 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

21:01:00.0097 4988 Msfs - ok

21:01:00.0110 4988 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

21:01:00.0138 4988 mshidkmdf - ok

21:01:00.0149 4988 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

21:01:00.0162 4988 msisadrv - ok

21:01:00.0235 4988 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

21:01:00.0263 4988 MSiSCSI - ok

21:01:00.0271 4988 msiserver - ok

21:01:00.0307 4988 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

21:01:00.0336 4988 MSKSSRV - ok

21:01:00.0380 4988 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

21:01:00.0409 4988 MSPCLOCK - ok

21:01:00.0427 4988 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

21:01:00.0456 4988 MSPQM - ok

21:01:00.0481 4988 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

21:01:00.0496 4988 MsRPC - ok

21:01:00.0520 4988 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

21:01:00.0532 4988 mssmbios - ok

21:01:00.0547 4988 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

21:01:00.0576 4988 MSTEE - ok

21:01:00.0588 4988 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys

21:01:00.0601 4988 MTConfig - ok

21:01:00.0612 4988 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

21:01:00.0625 4988 Mup - ok

21:01:00.0699 4988 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll

21:01:00.0734 4988 napagent - ok

21:01:00.0776 4988 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

21:01:00.0795 4988 NativeWifiP - ok

21:01:00.0967 4988 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

21:01:00.0993 4988 NDIS - ok

21:01:01.0024 4988 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

21:01:01.0053 4988 NdisCap - ok

21:01:01.0072 4988 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

21:01:01.0100 4988 NdisTapi - ok

21:01:01.0156 4988 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

21:01:01.0187 4988 Ndisuio - ok

21:01:01.0202 4988 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

21:01:01.0230 4988 NdisWan - ok

21:01:01.0250 4988 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

21:01:01.0285 4988 NDProxy - ok

21:01:01.0314 4988 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

21:01:01.0344 4988 NetBIOS - ok

21:01:01.0403 4988 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

21:01:01.0436 4988 NetBT - ok

21:01:01.0478 4988 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

21:01:01.0492 4988 Netlogon - ok

21:01:01.0596 4988 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

21:01:01.0644 4988 Netman - ok

21:01:01.0800 4988 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

21:01:01.0814 4988 NetMsmqActivator - ok

21:01:01.0822 4988 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

21:01:01.0835 4988 NetPipeActivator - ok

21:01:01.0869 4988 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

21:01:01.0904 4988 netprofm - ok

21:01:01.0912 4988 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

21:01:01.0925 4988 NetTcpActivator - ok

21:01:01.0932 4988 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

21:01:01.0945 4988 NetTcpPortSharing - ok

21:01:01.0967 4988 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys

21:01:01.0979 4988 nfrd960 - ok

21:01:02.0047 4988 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll

21:01:02.0079 4988 NlaSvc - ok

21:01:02.0101 4988 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

21:01:02.0131 4988 Npfs - ok

21:01:02.0187 4988 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

21:01:02.0218 4988 nsi - ok

21:01:02.0235 4988 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

21:01:02.0263 4988 nsiproxy - ok

21:01:02.0349 4988 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys

21:01:02.0385 4988 Ntfs - ok

21:01:02.0402 4988 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

21:01:02.0432 4988 Null - ok

21:01:02.0512 4988 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys

21:01:02.0532 4988 NVENETFD - ok

21:01:03.0037 4988 nvlddmkm (b0881dda5a8160422561ffab7f0008b1) C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:01:03.0190 4988 nvlddmkm - ok

21:01:03.0575 4988 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys

21:01:03.0589 4988 nvraid - ok

21:01:03.0612 4988 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys

21:01:03.0626 4988 nvstor - ok

21:01:03.0655 4988 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

21:01:03.0668 4988 nv_agp - ok

21:01:03.0807 4988 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

21:01:03.0827 4988 odserv - ok

21:01:03.0845 4988 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

21:01:03.0870 4988 ohci1394 - ok

21:01:03.0928 4988 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:01:03.0941 4988 ose - ok

21:01:04.0031 4988 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

21:01:04.0047 4988 p2pimsvc - ok

21:01:04.0135 4988 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

21:01:04.0154 4988 p2psvc - ok

21:01:04.0180 4988 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys

21:01:04.0197 4988 Parport - ok

21:01:04.0274 4988 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys

21:01:04.0287 4988 partmgr - ok

21:01:04.0300 4988 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys

21:01:04.0313 4988 Parvdm - ok

21:01:04.0334 4988 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

21:01:04.0358 4988 PcaSvc - ok

21:01:04.0380 4988 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

21:01:04.0396 4988 pci - ok

21:01:04.0423 4988 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

21:01:04.0435 4988 pciide - ok

21:01:04.0460 4988 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys

21:01:04.0477 4988 pcmcia - ok

21:01:04.0501 4988 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

21:01:04.0514 4988 pcw - ok

21:01:04.0569 4988 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

21:01:04.0606 4988 PEAUTH - ok

21:01:04.0715 4988 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll

21:01:04.0746 4988 PeerDistSvc - ok

21:01:04.0903 4988 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll

21:01:04.0953 4988 pla - ok

21:01:05.0166 4988 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll

21:01:05.0184 4988 PlugPlay - ok

21:01:05.0208 4988 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

21:01:05.0222 4988 PNRPAutoReg - ok

21:01:05.0251 4988 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

21:01:05.0269 4988 PNRPsvc - ok

21:01:05.0354 4988 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll

21:01:05.0388 4988 PolicyAgent - ok

21:01:05.0455 4988 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll

21:01:05.0487 4988 Power - ok

21:01:05.0606 4988 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

21:01:05.0636 4988 PptpMiniport - ok

21:01:05.0702 4988 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys

21:01:05.0716 4988 Processor - ok

21:01:05.0929 4988 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll

21:01:05.0962 4988 ProfSvc - ok

21:01:06.0016 4988 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

21:01:06.0031 4988 ProtectedStorage - ok

21:01:06.0141 4988 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

21:01:06.0171 4988 Psched - ok

21:01:06.0434 4988 QBCFMonitorService (c8afe59e2d1fda67a6c5777a13082103) c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

21:01:06.0442 4988 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning

21:01:06.0442 4988 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)

21:01:06.0631 4988 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

21:01:06.0637 4988 QBFCService ( UnsignedFile.Multi.Generic ) - warning

21:01:06.0637 4988 QBFCService - detected UnsignedFile.Multi.Generic (1)

21:01:06.0732 4988 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys

21:01:06.0798 4988 ql2300 - ok

21:01:07.0017 4988 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys

21:01:07.0032 4988 ql40xx - ok

21:01:07.0097 4988 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

21:01:07.0117 4988 QWAVE - ok

21:01:07.0136 4988 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

21:01:07.0153 4988 QWAVEdrv - ok

21:01:07.0189 4988 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

21:01:07.0217 4988 RasAcd - ok

21:01:07.0300 4988 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

21:01:07.0327 4988 RasAgileVpn - ok

21:01:07.0346 4988 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

21:01:07.0376 4988 RasAuto - ok

21:01:07.0395 4988 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:01:07.0425 4988 Rasl2tp - ok

21:01:07.0454 4988 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll

21:01:07.0485 4988 RasMan - ok

21:01:07.0537 4988 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

21:01:07.0569 4988 RasPppoe - ok

21:01:07.0597 4988 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

21:01:07.0625 4988 RasSstp - ok

21:01:07.0655 4988 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

21:01:07.0684 4988 rdbss - ok

21:01:07.0702 4988 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

21:01:07.0719 4988 rdpbus - ok

21:01:07.0730 4988 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:01:07.0757 4988 RDPCDD - ok

21:01:07.0828 4988 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

21:01:07.0841 4988 RDPDR - ok

21:01:07.0859 4988 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

21:01:07.0887 4988 RDPENCDD - ok

21:01:07.0911 4988 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

21:01:07.0937 4988 RDPREFMP - ok

21:01:07.0997 4988 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys

21:01:08.0012 4988 RDPWD - ok

21:01:08.0058 4988 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

21:01:08.0073 4988 rdyboost - ok

21:01:08.0138 4988 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

21:01:08.0175 4988 RemoteAccess - ok

21:01:08.0203 4988 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

21:01:08.0234 4988 RemoteRegistry - ok

21:01:08.0270 4988 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys

21:01:08.0293 4988 RimUsb - ok

21:01:08.0337 4988 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

21:01:08.0381 4988 RpcEptMapper - ok

21:01:08.0459 4988 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

21:01:08.0473 4988 RpcLocator - ok

21:01:08.0725 4988 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

21:01:08.0760 4988 RpcSs - ok

21:01:08.0798 4988 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

21:01:08.0828 4988 rspndr - ok

21:01:08.0891 4988 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

21:01:08.0903 4988 s3cap - ok

21:01:08.0940 4988 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

21:01:08.0954 4988 SamSs - ok

21:01:08.0985 4988 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

21:01:08.0999 4988 sbp2port - ok

21:01:09.0031 4988 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

21:01:09.0061 4988 SCardSvr - ok

21:01:09.0105 4988 SCDEmu (9a8925f0e6919272a768d7c42232aa3a) C:\Windows\system32\drivers\SCDEmu.sys

21:01:09.0122 4988 SCDEmu - ok

21:01:09.0143 4988 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

21:01:09.0171 4988 scfilter - ok

21:01:09.0227 4988 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll

21:01:09.0271 4988 Schedule - ok

21:01:09.0366 4988 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

21:01:09.0392 4988 SCPolicySvc - ok

21:01:09.0410 4988 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll

21:01:09.0427 4988 SDRSVC - ok

21:01:09.0492 4988 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

21:01:09.0534 4988 secdrv - ok

21:01:09.0552 4988 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

21:01:09.0584 4988 seclogon - ok

21:01:09.0602 4988 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll

21:01:09.0634 4988 SENS - ok

21:01:09.0689 4988 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

21:01:09.0702 4988 SensrSvc - ok

21:01:09.0717 4988 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys

21:01:09.0730 4988 Serenum - ok

21:01:09.0747 4988 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys

21:01:09.0761 4988 Serial - ok

21:01:09.0781 4988 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys

21:01:09.0793 4988 sermouse - ok

21:01:09.0830 4988 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll

21:01:09.0860 4988 SessionEnv - ok

21:01:09.0887 4988 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

21:01:09.0902 4988 sffdisk - ok

21:01:09.0916 4988 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

21:01:09.0929 4988 sffp_mmc - ok

21:01:09.0946 4988 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

21:01:09.0959 4988 sffp_sd - ok

21:01:09.0972 4988 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys

21:01:09.0986 4988 sfloppy - ok

21:01:10.0066 4988 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll

21:01:10.0101 4988 ShellHWDetection - ok

21:01:10.0118 4988 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

21:01:10.0130 4988 sisagp - ok

21:01:10.0157 4988 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys

21:01:10.0169 4988 SiSRaid2 - ok

21:01:10.0209 4988 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys

21:01:10.0224 4988 SiSRaid4 - ok

21:01:10.0254 4988 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

21:01:10.0289 4988 Smb - ok

21:01:10.0332 4988 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

21:01:10.0347 4988 SNMPTRAP - ok

21:01:10.0358 4988 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

21:01:10.0372 4988 spldr - ok

21:01:10.0410 4988 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe

21:01:10.0448 4988 Spooler - ok

21:01:10.0650 4988 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe

21:01:10.0727 4988 sppsvc - ok

21:01:10.0902 4988 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll

21:01:10.0943 4988 sppuinotify - ok

21:01:11.0059 4988 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

21:01:11.0076 4988 srv - ok

21:01:11.0099 4988 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

21:01:11.0116 4988 srv2 - ok

21:01:11.0174 4988 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

21:01:11.0187 4988 srvnet - ok

21:01:11.0220 4988 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

21:01:11.0252 4988 SSDPSRV - ok

21:01:11.0266 4988 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

21:01:11.0296 4988 SstpSvc - ok

21:01:11.0401 4988 Steam Client Service - ok

21:01:11.0446 4988 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys

21:01:11.0460 4988 stexstor - ok

21:01:11.0539 4988 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll

21:01:11.0571 4988 StiSvc - ok

21:01:11.0652 4988 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

21:01:11.0667 4988 storflt - ok

21:01:11.0748 4988 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll

21:01:11.0774 4988 StorSvc - ok

21:01:11.0792 4988 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

21:01:11.0808 4988 storvsc - ok

21:01:11.0824 4988 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

21:01:11.0835 4988 swenum - ok

21:01:11.0903 4988 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

21:01:11.0944 4988 swprv - ok

21:01:12.0026 4988 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll

21:01:12.0060 4988 SysMain - ok

21:01:12.0081 4988 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll

21:01:12.0100 4988 TabletInputService - ok

21:01:12.0136 4988 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll

21:01:12.0167 4988 TapiSrv - ok

21:01:12.0191 4988 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

21:01:12.0222 4988 TBS - ok

21:01:12.0354 4988 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys

21:01:12.0393 4988 Tcpip - ok

21:01:12.0420 4988 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys

21:01:12.0457 4988 TCPIP6 - ok

21:01:12.0486 4988 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

21:01:12.0512 4988 tcpipreg - ok

21:01:12.0578 4988 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

21:01:12.0589 4988 TDPIPE - ok

21:01:12.0611 4988 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys

21:01:12.0623 4988 TDTCP - ok

21:01:12.0654 4988 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

21:01:12.0681 4988 tdx - ok

21:01:12.0701 4988 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys

21:01:12.0714 4988 TermDD - ok

21:01:12.0750 4988 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll

21:01:12.0789 4988 TermService - ok

21:01:12.0807 4988 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

21:01:12.0825 4988 Themes - ok

21:01:12.0884 4988 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

21:01:12.0914 4988 THREADORDER - ok

21:01:13.0077 4988 TomTomHOMEService (83682f469a3d65e8b6f06c28212318bd) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

21:01:13.0087 4988 TomTomHOMEService - ok

21:01:13.0103 4988 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

21:01:13.0138 4988 TrkWks - ok

21:01:13.0287 4988 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe

21:01:13.0321 4988 TrustedInstaller - ok

21:01:13.0424 4988 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:01:13.0456 4988 tssecsrv - ok

21:01:13.0482 4988 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

21:01:13.0495 4988 TsUsbFlt - ok

21:01:13.0553 4988 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys

21:01:13.0565 4988 TsUsbGD - ok

21:01:13.0601 4988 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

21:01:13.0629 4988 tunnel - ok

21:01:13.0649 4988 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys

21:01:13.0661 4988 uagp35 - ok

21:01:13.0693 4988 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

21:01:13.0724 4988 udfs - ok

21:01:13.0797 4988 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

21:01:13.0812 4988 UI0Detect - ok

21:01:13.0842 4988 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

21:01:13.0856 4988 uliagpkx - ok

21:01:13.0887 4988 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

21:01:13.0901 4988 umbus - ok

21:01:13.0926 4988 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys

21:01:13.0939 4988 UmPass - ok

21:01:14.0002 4988 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll

21:01:14.0019 4988 UmRdpService - ok

21:01:14.0045 4988 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

21:01:14.0081 4988 upnphost - ok

21:01:14.0125 4988 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

21:01:14.0136 4988 USBAAPL - ok

21:01:14.0210 4988 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys

21:01:14.0227 4988 usbaudio - ok

21:01:14.0250 4988 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys

21:01:14.0264 4988 usbccgp - ok

21:01:14.0280 4988 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

21:01:14.0296 4988 usbcir - ok

21:01:14.0321 4988 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\DRIVERS\usbehci.sys

21:01:14.0333 4988 usbehci - ok

21:01:14.0378 4988 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\DRIVERS\usbhub.sys

21:01:14.0396 4988 usbhub - ok

21:01:14.0424 4988 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

21:01:14.0438 4988 usbohci - ok

21:01:14.0457 4988 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys

21:01:14.0472 4988 usbprint - ok

21:01:14.0532 4988 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

21:01:14.0546 4988 usbscan - ok

21:01:14.0562 4988 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:01:14.0576 4988 USBSTOR - ok

21:01:14.0597 4988 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys

21:01:14.0610 4988 usbuhci - ok

21:01:14.0623 4988 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

21:01:14.0651 4988 UxSms - ok

21:01:14.0678 4988 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

21:01:14.0691 4988 VaultSvc - ok

21:01:14.0752 4988 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

21:01:14.0764 4988 vdrvroot - ok

21:01:14.0835 4988 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe

21:01:14.0872 4988 vds - ok

21:01:14.0898 4988 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

21:01:14.0914 4988 vga - ok

21:01:14.0930 4988 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

21:01:14.0960 4988 VgaSave - ok

21:01:14.0987 4988 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

21:01:15.0001 4988 vhdmp - ok

21:01:15.0031 4988 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

21:01:15.0045 4988 viaagp - ok

21:01:15.0061 4988 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys

21:01:15.0074 4988 ViaC7 - ok

21:01:15.0089 4988 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

21:01:15.0101 4988 viaide - ok

21:01:15.0163 4988 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

21:01:15.0178 4988 vmbus - ok

21:01:15.0197 4988 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

21:01:15.0210 4988 VMBusHID - ok

21:01:15.0235 4988 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

21:01:15.0235 4988 volmgr - ok

21:01:15.0282 4988 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

21:01:15.0297 4988 volmgrx - ok

21:01:15.0338 4988 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

21:01:15.0355 4988 volsnap - ok

21:01:15.0399 4988 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys

21:01:15.0414 4988 vsmraid - ok

21:01:15.0492 4988 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe

21:01:15.0539 4988 VSS - ok

21:01:15.0631 4988 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS

21:01:15.0650 4988 VSTHWBS2 - ok

21:01:15.0711 4988 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

21:01:15.0739 4988 VST_DPV - ok

21:01:15.0754 4988 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

21:01:15.0772 4988 vwifibus - ok

21:01:15.0790 4988 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

21:01:15.0806 4988 vwififlt - ok

21:01:15.0832 4988 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

21:01:15.0866 4988 W32Time - ok

21:01:15.0888 4988 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys

21:01:15.0904 4988 WacomPen - ok

21:01:15.0935 4988 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

21:01:15.0966 4988 WANARP - ok

21:01:15.0966 4988 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

21:01:15.0998 4988 Wanarpv6 - ok

21:01:16.0175 4988 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe

21:01:16.0215 4988 WatAdminSvc - ok

21:01:16.0336 4988 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe

21:01:16.0369 4988 wbengine - ok

21:01:16.0399 4988 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

21:01:16.0423 4988 WbioSrvc - ok

21:01:16.0454 4988 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll

21:01:16.0476 4988 wcncsvc - ok

21:01:16.0502 4988 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

21:01:16.0518 4988 WcsPlugInService - ok

21:01:16.0630 4988 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys

21:01:16.0643 4988 Wd - ok

21:01:16.0680 4988 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

21:01:16.0706 4988 Wdf01000 - ok

21:01:16.0736 4988 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

21:01:16.0761 4988 WdiServiceHost - ok

21:01:16.0778 4988 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

21:01:16.0804 4988 WdiSystemHost - ok

21:01:16.0836 4988 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll

21:01:16.0864 4988 WebClient - ok

21:01:16.0886 4988 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

21:01:16.0926 4988 Wecsvc - ok

21:01:16.0945 4988 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

21:01:16.0978 4988 wercplsupport - ok

21:01:17.0031 4988 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

21:01:17.0062 4988 WerSvc - ok

21:01:17.0101 4988 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

21:01:17.0129 4988 WfpLwf - ok

21:01:17.0146 4988 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

21:01:17.0159 4988 WIMMount - ok

21:01:17.0244 4988 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

21:01:17.0265 4988 winachsf - ok

21:01:17.0286 4988 WinHttpAutoProxySvc - ok

21:01:17.0401 4988 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

21:01:17.0430 4988 Winmgmt - ok

21:01:17.0535 4988 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll

21:01:17.0582 4988 WinRM - ok

21:01:17.0645 4988 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

21:01:17.0661 4988 WinUsb - ok

21:01:17.0754 4988 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

21:01:17.0786 4988 Wlansvc - ok

21:01:17.0817 4988 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

21:01:17.0833 4988 WmiAcpi - ok

21:01:17.0895 4988 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

21:01:17.0911 4988 wmiApSrv - ok

21:01:18.0114 4988 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

21:01:18.0145 4988 WMPNetworkSvc - ok

21:01:18.0161 4988 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

21:01:18.0176 4988 WPCSvc - ok

21:01:18.0192 4988 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll

21:01:18.0208 4988 WPDBusEnum - ok

21:01:18.0239 4988 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

21:01:18.0270 4988 ws2ifsl - ok

21:01:18.0301 4988 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys

21:01:18.0317 4988 WSDPrintDevice - ok

21:01:18.0333 4988 WSDScan (7dc0270cfd4a05b4112e3ebbf083b595) C:\Windows\system32\DRIVERS\WSDScan.sys

21:01:18.0348 4988 WSDScan - ok

21:01:18.0348 4988 WSearch - ok

21:01:18.0520 4988 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll

21:01:18.0567 4988 wuauserv - ok

21:01:18.0879 4988 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

21:01:18.0895 4988 WudfPf - ok

21:01:19.0286 4988 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:01:19.0317 4988 WUDFRd - ok

21:01:19.0333 4988 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll

21:01:19.0364 4988 wudfsvc - ok

21:01:19.0379 4988 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

21:01:19.0395 4988 WwanSvc - ok

21:01:19.0486 4988 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

21:01:19.0776 4988 \Device\Harddisk0\DR0 - ok

21:01:19.0784 4988 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5

21:01:23.0170 4988 \Device\Harddisk5\DR5 - ok

21:01:23.0186 4988 Boot (0x1200) (371900766b9d2135991bf5351a464aca) \Device\Harddisk0\DR0\Partition0

21:01:23.0186 4988 \Device\Harddisk0\DR0\Partition0 - ok

21:01:23.0217 4988 Boot (0x1200) (cccdaae39aaebdf4eaf807687e9ab8ae) \Device\Harddisk0\DR0\Partition1

21:01:23.0217 4988 \Device\Harddisk0\DR0\Partition1 - ok

21:01:23.0233 4988 Boot (0x1200) (6d8e833473d3d73f805b8258c7c1efe2) \Device\Harddisk5\DR5\Partition0

21:01:23.0233 4988 \Device\Harddisk5\DR5\Partition0 - ok

21:01:23.0233 4988 ============================================================

21:01:23.0233 4988 Scan finished

21:01:23.0233 4988 ============================================================

21:01:23.0264 4964 Detected object count: 2

21:01:23.0264 4964 Actual detected object count: 2

21:02:28.0817 4964 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user

21:02:28.0817 4964 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:02:28.0817 4964 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user

21:02:28.0817 4964 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Jaguar2090 · July 11, 2012

MBAM Log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.10.14

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Home :: HOME-PC [administrator]

7/10/2012 9:08:28 PM

mbam-log-2012-07-10 (21-08-28).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 235494

Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\00000004.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.

(end)

Jaguar2090 · July 11, 2012

OTL logfile created on: 7/10/2012 9:20:23 PM - Run 2

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Home\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 78.86% Memory free

5.36 Gb Paging File | 4.66 Gb Available in Paging File | 87.06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 224.03 Gb Total Space | 2.71 Gb Free Space | 1.21% Space Free | Partition Type: NTFS

Drive D: | 8.84 Gb Total Space | 0.56 Gb Free Space | 6.38% Space Free | Partition Type: FAT32

Drive J: | 1.87 Gb Total Space | 1.75 Gb Free Space | 93.79% Space Free | Partition Type: FAT

Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/10 20:54:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe

PRC - [2012/07/07 21:14:02 | 000,185,856 | ---- | M] () -- C:\Users\Home\AppData\Roaming\xsecva\xsecva.exe

PRC - [2012/06/02 10:40:09 | 000,932,528 | ---- | M] () -- C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2012/04/20 01:59:04 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2012/04/20 01:59:02 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2011/04/24 23:01:02 | 000,219,008 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHVA.EXE

PRC - [2011/04/24 23:00:02 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE

PRC - [2011/03/02 17:00:00 | 004,022,272 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\ENAgent.exe

PRC - [2010/11/20 17:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 17:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/12/16 19:02:16 | 000,045,056 | ---- | M] (Intuit) -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

PRC - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Home\Local Settings\Apps\F.lux\flux.exe

PRC - [2008/09/04 10:47:24 | 001,893,040 | ---- | M] (I.R.I.S.) -- C:\Program Files\IRISCard 4 Pro\bmana620.exe

PRC - [2003/05/27 14:48:58 | 000,106,496 | ---- | M] (Kensington Technology Group) -- C:\Windows\System32\kmw_run.exe

PRC - [2003/05/27 14:47:56 | 000,167,936 | ---- | M] () -- C:\Windows\System32\kmw_show.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/07 21:14:02 | 000,185,856 | ---- | M] () -- C:\Users\Home\AppData\Roaming\xsecva\xsecva.exe

MOD - [2012/06/02 10:40:09 | 000,932,528 | ---- | M] () -- C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MOD - [2010/11/20 17:29:12 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL

MOD - [2010/11/20 17:29:12 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll

MOD - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Home\Local Settings\Apps\F.lux\flux.exe

MOD - [2008/09/05 07:24:11 | 000,557,056 | ---- | M] () -- C:\Windows\twain_32\KScan\ppa620.ds

MOD - [2007/08/31 09:38:24 | 000,385,024 | ---- | M] () -- C:\Program Files\IRISCard 4 Pro\irscncolw.dll

MOD - [2003/05/27 14:47:56 | 000,167,936 | ---- | M] () -- C:\Windows\System32\kmw_show.exe

========== Win32 Services (SafeList) ==========

SRV - [2012/07/04 01:10:14 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/06/17 09:44:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/06/01 14:28:08 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012/04/20 01:59:04 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/12/30 04:00:48 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2011/04/24 23:00:02 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE -- (EPSON_PM_RPCV4_05) EPSON V3 Service4(05)

SRV - [2011/03/02 17:00:00 | 004,022,272 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Windows\System32\ENAgent.exe -- (ENAgent)

SRV - [2009/12/16 19:02:16 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | Unavailable | Unknown] -- -- (PnSson)

DRV - [2011/11/14 23:50:16 | 000,112,096 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 17:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 17:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)

DRV - [2010/11/20 17:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 17:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 17:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV - [2010/11/20 17:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 17:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010/07/29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)

DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2009/07/13 20:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)

DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)

DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)

DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb)

DRV - [2009/06/10 17:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2003/05/27 14:59:24 | 000,092,288 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMW_SYS.sys -- (KMW_SYS)

DRV - [2003/05/27 14:58:36 | 000,005,248 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kmw_kbd.sys -- (KMW_KBD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2064379631-886947475-513485053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-2064379631-886947475-513485053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKU\S-1-5-21-2064379631-886947475-513485053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2064379631-886947475-513485053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-2064379631-886947475-513485053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 F6 CB 9C 35 D1 CC 01 [binary data]

IE - HKU\S-1-5-21-2064379631-886947475-513485053-1000\..\SearchScopes,DefaultScope = {9BE80A7F-A875-45DA-9677-E5623CBA11E8}

IE - HKU\S-1-5-21-2064379631-886947475-513485053-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2064379631-886947475-513485053-1000\..\SearchScopes\{1FAF06D2-8F82-4A8A-99C4-11EA4968E9DD}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-2064379631-886947475-513485053-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=TB50TRie7

IE - HKU\S-1-5-21-2064379631-886947475-513485053-1000\..\SearchScopes\{9BE80A7F-A875-45DA-9677-E5623CBA11E8}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-2064379631-886947475-513485053-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2064379631-886947475-513485053-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\e-webprint@epson.com: C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2012/02/25 22:20:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/02 13:16:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 09:44:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/15 19:34:00 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5ECF1E31-C89A-11E1-8270-B8AC6F996F26}: C:\Users\Home\AppData\Local\{5ECF1E31-C89A-11E1-8270-B8AC6F996F26}\ [2012/07/07 21:15:12 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 09:44:21 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/15 19:34:00 | 000,000,000 | ---D | M]

[2012/06/23 00:40:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions

[2012/06/23 00:40:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

[2012/07/10 01:00:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ml95xu16.default\extensions

[2012/07/08 00:52:07 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ml95xu16.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012/05/20 16:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/07/07 21:15:12 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\HOME\APPDATA\LOCAL\{5ECF1E31-C89A-11E1-8270-B8AC6F996F26}

[2012/07/10 01:00:30 | 000,525,327 | ---- | M] () (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ML95XU16.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI

[2012/06/17 09:44:21 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2008/08/16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll

[2008/08/16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll

[2008/08/16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll

[2008/05/21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll

[2008/05/21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll

[2008/05/21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll

[2008/08/16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll

[2008/08/16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Home\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\clcbnchcgjcjphmnpndoelbdhakdlfkk\3.8.1_0\plugin/screen_capture.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Home\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: Kleki = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdndldkfimmnnfbagnkjgnemgpjadbag\0.12.3_0\

CHR - Extension: Adblock Plus (Beta) = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\

CHR - Extension: Quick Markup: Screen capture & Brainstorm = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\clcbnchcgjcjphmnpndoelbdhakdlfkk\3.8.1_0\

CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\7.0_0\

CHR - Extension: Picnik = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\

CHR - Extension: LineBall = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeclmehkhpookgkhkecnaanahhoglakj\1.2.0_0\

CHR - Extension: The Fancy Pants Adventure: World 2 = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk\14_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (IEHlprObjClass) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Kensington\MouseWorks\IE_SPY.DLL File not found

O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [iRISCard 4 button manager] C:\Program Files\IRISCard 4 Pro\bmana620.exe (I.R.I.S.)

O4 - HKLM..\Run: [kmw_run.exe] C:\Windows\System32\kmw_run.exe (Kensington Technology Group)

O4 - HKLM..\Run: [MSWheel] File not found

O4 - HKU\S-1-5-21-2064379631-886947475-513485053-1000..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHVA.EXE (SEIKO EPSON CORPORATION)

O4 - HKU\S-1-5-21-2064379631-886947475-513485053-1000..\Run: [F.lux] C:\Users\Home\Local Settings\Apps\F.lux\flux.exe ()

O4 - HKU\S-1-5-21-2064379631-886947475-513485053-1000..\Run: [pnipo] "C:\Windows\System32\rundll32.exe" "C:\Users\Home\AppData\Roaming\pnipo.dll",CaptureStop File not found

O4 - HKU\S-1-5-21-2064379631-886947475-513485053-1000..\Run: [spotify Web Helper] C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

O4 - HKU\S-1-5-21-2064379631-886947475-513485053-1000..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-2064379631-886947475-513485053-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O4 - HKU\S-1-5-21-2064379631-886947475-513485053-1000..\Run: [XSECVA] C:\Users\Home\AppData\Roaming\xsecva\xsecva.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5B08068-3A94-477C-ADC7-E452B728FF9B}: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187

O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2010/12/27 21:30:12 | 000,000,090 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2004/04/30 00:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]

O33 - MountPoints2\K\Shell - "" = AutoRun

O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\SETUP.EXE

O33 - MountPoints2\K\Shell\configure\command - "" = K:\SETUP.EXE

O33 - MountPoints2\K\Shell\install\command - "" = K:\SETUP.EXE

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/10 20:56:57 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe

[2012/07/09 23:37:29 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\dds.scr

[2012/07/09 22:58:51 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\eBay

[2012/07/09 22:56:30 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Tomi pics

[2012/07/08 13:49:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\FixZeroAccess

[2012/07/08 13:38:02 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{5ECF55EC-C89A-11E1-8270-B8AC6F996F26}

[2012/07/08 10:37:00 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\TDSSKiller.exe

[2012/07/08 10:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/07/08 01:22:30 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/07/07 21:15:12 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{5ECF1E31-C89A-11E1-8270-B8AC6F996F26}

[2012/07/07 21:14:03 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\xsecva

[2012/07/07 10:51:42 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%

[2012/07/06 20:46:16 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\rugged maniac

[2012/07/02 17:43:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\ICAClient

[2012/07/01 14:42:06 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Kscan

[2012/07/01 14:38:14 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\Cardiris 4 Pro

[2012/07/01 14:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\IRISCard 4 Pro

[2012/07/01 14:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. Applications

[2012/06/23 22:32:02 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux

[2012/06/23 00:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom

[2012/06/23 00:40:17 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\TomTom

[2012/06/23 00:40:17 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\TomTom

[2012/06/23 00:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom

[2012/06/23 00:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V

[2012/06/23 00:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2

[2012/06/20 00:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\psykopaint

[2012/06/15 19:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/10 21:26:10 | 000,031,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/10 21:26:10 | 000,031,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/10 21:26:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2064379631-886947475-513485053-1000UA.job

[2012/07/10 21:18:52 | 000,001,692 | ---- | M] () -- C:\Windows\System32\ÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øÙÚÛÜÝÞÿ

[2012/07/10 21:18:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/10 21:18:34 | 2364,448,768 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/10 21:01:50 | 000,388,475 | ---- | M] () -- C:\Users\Home\Desktop\df786ba8603944e9b7054658a18799a4.pdf

[2012/07/10 20:57:00 | 000,659,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/07/10 20:57:00 | 000,120,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/07/10 20:54:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe

[2012/07/10 20:51:40 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\TDSSKiller.exe

[2012/07/10 08:25:28 | 000,406,736 | ---- | M] () -- C:\Users\Home\Desktop\1338478717MYsBDB6ZXl.pdf

[2012/07/10 01:26:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2064379631-886947475-513485053-1000Core.job

[2012/07/10 00:22:38 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk

[2012/07/09 23:37:30 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\dds.scr

[2012/07/08 01:22:33 | 000,002,318 | ---- | M] () -- C:\Users\Home\Desktop\Google Chrome.lnk

[2012/07/07 19:51:30 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/07 10:57:41 | 000,026,968 | ---- | M] () -- C:\Users\Home\Desktop\refrigerators_Samsung_RS2534WW.JPG

[2012/07/01 14:37:33 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\IRISCard 4 Pro.lnk

[2012/06/14 07:30:50 | 000,424,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/06/13 20:10:51 | 000,393,473 | ---- | M] () -- C:\Users\Home\Desktop\OLSAT Test Preparation Guides - Sample.pdf

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/10 21:20:35 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\00000008.@

[2012/07/10 21:19:13 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\80000000.@

[2012/07/10 21:19:11 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\00000004.@

[2012/07/10 21:19:11 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\000000cb.@

[2012/07/10 21:01:37 | 000,388,475 | ---- | C] () -- C:\Users\Home\Desktop\df786ba8603944e9b7054658a18799a4.pdf

[2012/07/10 08:25:24 | 000,406,736 | ---- | C] () -- C:\Users\Home\Desktop\1338478717MYsBDB6ZXl.pdf

[2012/07/10 00:22:38 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk

[2012/07/08 11:44:40 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\80000032.@

[2012/07/08 01:22:33 | 000,002,318 | ---- | C] () -- C:\Users\Home\Desktop\Google Chrome.lnk

[2012/07/08 01:21:44 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2064379631-886947475-513485053-1000UA.job

[2012/07/08 01:21:41 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2064379631-886947475-513485053-1000Core.job

[2012/07/07 19:51:30 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/07 10:57:39 | 000,026,968 | ---- | C] () -- C:\Users\Home\Desktop\refrigerators_Samsung_RS2534WW.JPG

[2012/07/07 10:34:45 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\L\00000004.@

[2012/07/01 14:37:33 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\IRISCard 4 Pro.lnk

[2012/06/13 20:10:50 | 000,393,473 | ---- | C] () -- C:\Users\Home\Desktop\OLSAT Test Preparation Guides - Sample.pdf

[2012/05/28 11:03:59 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini

[2012/05/19 07:33:43 | 000,167,936 | ---- | C] () -- C:\Windows\System32\kmw_show.exe

[2012/01/11 15:27:24 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\@

[2012/01/11 15:27:24 | 000,002,048 | -HS- | C] () -- C:\Users\Home\AppData\Local\{30beea25-5fb3-e2a2-857a-532aed82542e}\@

[2010/11/20 17:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2012/05/21 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\AnvSoft

[2012/07/08 13:49:10 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\FixZeroAccess

[2012/04/03 09:52:23 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\HandBrake

[2012/07/02 17:48:14 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ICAClient

[2012/05/19 23:11:05 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Kensington

[2012/07/01 14:43:12 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Kscan

[2012/06/04 16:45:41 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\net.psykosoft.psykopaint

[2012/06/02 11:48:46 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Spotify

[2012/06/23 00:40:17 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TomTom

[2012/07/07 21:22:15 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\xsecva

[2012/05/19 00:52:44 | 000,000,000 | ---D | M] -- C:\Users\Tomi\AppData\Roaming\HandBrake

[2012/05/19 07:36:30 | 000,000,000 | ---D | M] -- C:\Users\Tomi\AppData\Roaming\Kensington

[2012/05/21 14:50:06 | 000,000,000 | ---D | M] -- C:\Users\Tomi\AppData\Roaming\uTorrent

[2009/07/14 00:53:46 | 000,015,136 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Jaguar2090 · July 11, 2012

I am not able to find the "Extras" file.

Maniac · July 11, 2012

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
MOD - [2012/07/07 21:14:02 | 000,185,856 | ---- | M] () -- C:\Users\Home\AppData\Roaming\xsecva\xsecva.exe
O4 - HKU\S-1-5-21-2064379631-886947475-513485053-1000..\Run: [XSECVA] C:\Users\Home\AppData\Roaming\xsecva\xsecva.exe ()
O4 - HKU\S-1-5-21-2064379631-886947475-513485053-1000..\Run: [pnipo] "C:\Windows\System32\rundll32.exe" "C:\Users\Home\AppData\Roaming\pnipo.dll",CaptureStop File not found
[2012/07/10 21:20:35 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\00000008.@
[2012/07/10 21:19:13 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\80000000.@
[2012/07/10 21:19:11 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\00000004.@
[2012/07/10 21:19:11 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\000000cb.@
[2012/07/08 11:44:40 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\80000032.@
[2012/07/07 10:34:45 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\L\00000004.@
[2012/01/11 15:27:24 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\@
[2012/01/11 15:27:24 | 000,002,048 | -HS- | C] () -- C:\Users\Home\AppData\Local\{30beea25-5fb3-e2a2-857a-532aed82542e}\@

:files
C:\Users\Home\AppData\Roaming\xsecva
C:\Users\Home\AppData\Roaming\pnipo.dll
C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}
C:\Users\Home\AppData\Local\{30beea25-5fb3-e2a2-857a-532aed82542e}
[2012/05/21 14:50:06 | 000,000,000 | ---D | M] -- C:\Users\Tomi\AppData\Roaming\uTorrent
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[clearallrestorepoints]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Jaguar2090 · July 12, 2012

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-2064379631-886947475-513485053-1000\Software\Microsoft\Windows\CurrentVersion\Run\\XSECVA deleted successfully.

C:\Users\Home\AppData\Roaming\xsecva\xsecva.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-2064379631-886947475-513485053-1000\Software\Microsoft\Windows\CurrentVersion\Run\\pnipo deleted successfully.

C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\00000008.@ moved successfully.

C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\80000000.@ moved successfully.

C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\00000004.@ moved successfully.

C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\000000cb.@ moved successfully.

C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\80000032.@ moved successfully.

C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\L\00000004.@ moved successfully.

C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\@ moved successfully.

C:\Users\Home\AppData\Local\{30beea25-5fb3-e2a2-857a-532aed82542e}\@ moved successfully.

========== FILES ==========

C:\Users\Home\AppData\Roaming\xsecva folder moved successfully.

File\Folder C:\Users\Home\AppData\Roaming\pnipo.dll not found.

C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U folder moved successfully.

C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e} scheduled to be moved on reboot.

C:\Users\Home\AppData\Local\{30beea25-5fb3-e2a2-857a-532aed82542e}\U folder moved successfully.

C:\Users\Home\AppData\Local\{30beea25-5fb3-e2a2-857a-532aed82542e}\L folder moved successfully.

C:\Users\Home\AppData\Local\{30beea25-5fb3-e2a2-857a-532aed82542e} folder moved successfully.

Invalid Switch: 21 14:50:06 | 000,000,000 | ---D | M] -- C:\Users\Tomi\AppData\Roaming\uTorrent

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Home\Desktop\cmd.bat deleted successfully.

C:\Users\Home\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56478 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Home

->Temp folder emptied: 1538209700 bytes

->Temporary Internet Files folder emptied: 398546506 bytes

->Java cache emptied: 353659 bytes

->FireFox cache emptied: 413753483 bytes

->Google Chrome cache emptied: 367573005 bytes

->Flash cache emptied: 130616 bytes

User: Public

User: Tomi

->Temp folder emptied: 10317845 bytes

->Temporary Internet Files folder emptied: 237250857 bytes

->FireFox cache emptied: 596365152 bytes

->Flash cache emptied: 12269 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 7304 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 66743378 bytes

RecycleBin emptied: 2070642882 bytes

Total Files Cleaned = 5,436.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07112012_223240

Files\Folders moved on Reboot...

C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U folder moved successfully.

C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e} folder moved successfully.

C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0BN5XU0\7762280[1].htm moved successfully.

C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2RM24YG\ad[4].htm moved successfully.

C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2RM24YG\ad[5].htm moved successfully.

C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN7W0TFG\learn[1].htm moved successfully.

C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIKUGKOA\Register[1].htm moved successfully.

C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\675BLPJS\iu3[5].htm moved successfully.

PendingFileRenameOperations files...

File C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e} not found!

File C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!

File C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0BN5XU0\7762280[1].htm not found!

File C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2RM24YG\ad[4].htm not found!

File C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2RM24YG\ad[5].htm not found!

File C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN7W0TFG\learn[1].htm not found!

File C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIKUGKOA\Register[1].htm not found!

File C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\675BLPJS\iu3[5].htm not found!

Registry entries deleted on Reboot...

Maniac · July 12, 2012

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Jaguar2090 · July 14, 2012

ComboFix 12-07-14.01 - Home 07/14/2012 19:25:25.1.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3007.2296 [GMT -4:00]

Running from: c:\users\Home\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Home\AppData\Local\TempDIR

c:\users\Home\WINDOWS

c:\users\Tomi\WINDOWS

D:\Autorun.inf

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

.

((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))

.

2012-07-14 23:39 . 2012-07-14 23:41 -------- d-----w- c:\users\Home\AppData\Local\temp

2012-07-14 05:31 . 2012-07-14 05:31 -------- d-----w- c:\users\Home\AppData\Local\Macromedia

2012-07-12 10:25 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-12 10:25 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-12 10:25 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-12 10:25 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll

2012-07-12 10:25 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-12 03:11 . 2012-06-02 09:08 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2012-07-12 03:11 . 2012-06-02 08:27 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-07-12 03:11 . 2012-06-02 08:26 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2012-07-12 03:11 . 2012-06-02 08:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-12 03:03 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-12 02:42 . 2012-07-14 23:40 7304 ----a-w- c:\windows\TMP0001.TMP

2012-07-12 02:32 . 2012-07-12 02:32 -------- d-----w- C:\_OTL

2012-07-10 04:22 . 2009-12-09 04:00 341504 ----a-w- c:\windows\system32\esw2ud.dll

2012-07-10 04:22 . 2009-10-16 04:00 132560 ----a-w- c:\windows\system32\esdevapp.exe

2012-07-10 04:22 . 2009-10-16 04:00 12800 ----a-w- c:\windows\system32\escdev.dll

2012-07-08 17:49 . 2012-07-08 17:49 -------- d-----w- c:\users\Home\AppData\Roaming\FixZeroAccess

2012-07-08 17:38 . 2012-07-08 17:38 -------- d-----w- c:\users\Home\AppData\Local\{5ECF55EC-C89A-11E1-8270-B8AC6F996F26}

2012-07-08 14:35 . 2012-07-08 14:35 -------- d-----w- c:\program files\ESET

2012-07-08 01:15 . 2012-07-08 01:15 -------- d-----w- c:\users\Home\AppData\Local\{5ECF1E31-C89A-11E1-8270-B8AC6F996F26}

2012-07-07 14:51 . 2012-07-07 14:51 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-07-06 08:10 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AA95656-C40C-4F40-8808-0B75B0049144}\mpengine.dll

2012-07-02 21:43 . 2012-07-02 21:48 -------- d-----w- c:\users\Home\AppData\Roaming\ICAClient

2012-07-01 18:42 . 2012-07-01 18:43 -------- d-----w- c:\users\Home\AppData\Roaming\Kscan

2012-07-01 18:36 . 2012-07-01 18:37 -------- d-----w- c:\program files\IRISCard 4 Pro

2012-06-23 15:14 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-23 15:14 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-23 15:14 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-23 15:14 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-23 15:13 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-23 15:13 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-23 15:13 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-23 15:13 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-23 15:13 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-23 04:44 . 2012-06-23 04:44 -------- d-----w- c:\programdata\TomTom

2012-06-23 04:40 . 2012-06-23 04:40 -------- d-----w- c:\users\Home\AppData\Roaming\TomTom

2012-06-23 04:40 . 2012-06-23 04:40 -------- d-----w- c:\users\Home\AppData\Local\TomTom

2012-06-23 04:40 . 2012-06-23 04:40 -------- d-----w- c:\program files\TomTom International B.V

2012-06-23 04:39 . 2012-06-23 04:39 -------- d-----w- c:\program files\TomTom HOME 2

2012-06-20 04:13 . 2012-06-20 04:13 -------- d-----w- c:\program files\psykopaint

2012-06-15 23:33 . 2012-06-15 23:33 -------- d-----w- c:\program files\Citrix

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-14 05:21 . 2012-05-20 20:55 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-14 05:21 . 2011-12-28 03:17 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-28 03:17 . 2012-06-13 08:05 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 04:45 . 2012-06-13 08:05 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 04:45 . 2012-06-13 08:05 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 04:41 . 2012-06-13 08:05 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2012-06-17 13:44 . 2012-05-20 20:02 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\Steam.exe" [2011-12-30 1242448]

"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIHVA.EXE" [2011-04-25 219008]

"Spotify Web Helper"="c:\users\Home\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-02 932528]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-04-20 247728]

"F.lux"="c:\users\Home\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"kmw_run.exe"="kmw_run.exe" [2003-05-27 106496]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-11-26 1087752]

"IRISCard 4 button manager"="c:\program files\IRISCard 4 Pro\bmana620.exe" [2008-09-04 1893040]

.

c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-12-16 1153824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]

R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 ENAgent;Epson Redirect Agent;c:\windows\system32\ENAgent.exe [x]

S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [x]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]

S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]

S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [x]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2064379631-886947475-513485053-1000Core.job

- c:\users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-08 05:21]

.

2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2064379631-886947475-513485053-1000UA.job

- c:\users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-08 05:21]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride =

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187

FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ml95xu16.default\

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-MSWheel - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(892)

c:\windows\System32\ieframe.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2012-07-14 19:48:01 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-14 23:48

.

Pre-Run: 6,457,417,728 bytes free

Post-Run: 7,189,901,312 bytes free

.

- - End Of File - - B8CB91FC70F1E402A487CEDA4DD754F4

Maniac · July 15, 2012

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Jaguar2090 · July 15, 2012

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=84f767024b7ba341a1965fbccc29690b

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-08 04:04:37

# local_time=2012-07-08 12:04:37 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 66 94 0 93303131 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=241066

# found=30

# cleaned=28

# scan_time=5137

C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0079a1 a variant of Win32/OpenInstall application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4ESUQB1P\jquery.jscrollpane.min[1].js JS/Agent.NEF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4ESUQB1P\paginademedia[1].js JS/Agent.NEF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5URAQDV9\jquery.colorbox-min[1].js JS/Agent.NEF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5URAQDV9\swfobject[1].js JS/Agent.NEF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CQ75WLT7\l10n[1].js JS/Agent.NEF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G9NVJVFQ\jquery-colorbox-wrapper-min[1].js JS/Agent.NEF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MEXXT63H\audio-player[1].js JS/Agent.NEF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MEXXT63H\swfobject[1].js JS/Agent.NEF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3G6CNX8\jquery.equalheights[1].js JS/Agent.NEF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W4S21BRN\jquery.ceebox-min[1].js JS/Agent.NEF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W4S21BRN\jquery.jcarousel.min[1].js JS/Agent.NEF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W4S21BRN\jquery.swfobject.1-1-1.min[1].js JS/Agent.NEF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\AppData\Local\Temp\HyperCam.exe a variant of Win32/Somoto.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\AppData\Local\Temp\Main.class Java/TrojanDownloader.Agent.NEC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\AppData\Local\Temp\somoto-master.exe Win32/Somoto application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\AppData\Local\Temp\ICReinstall\cnet2_PowerISO49_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\AppData\Local\TempDIR\BetterInstaller.exe a variant of Win32/Somoto.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\AppData\Local\{30beea25-5fb3-e2a2-857a-532aed82542e}\n Win32/Sirefef.EV trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\AppData\Local\{5ECF1E31-C89A-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\Desktop\New folder\Microsoft Word 2010 + Crack {LCD}\Crack !!!\ACTIVATION V3.2 {LCD}.exe a variant of Win32/HackKMS.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\Downloads\cnet2_PowerISO49_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\Downloads\oi_USB_Drivers_64_bit_465zip (1).exe a variant of Win32/OpenInstall application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\Downloads\oi_USB_Drivers_64_bit_465zip (2).exe a variant of Win32/OpenInstall application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Home\Downloads\oi_USB_Drivers_64_bit_465zip.exe a variant of Win32/OpenInstall application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\n Win32/Sirefef.EV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\80000000.@ a variant of Win32/Sirefef.FA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\services.exe Win32/Sirefef.FC trojan (unable to clean) 00000000000000000000000000000000 I

${Memory} multiple threats 00000000000000000000000000000000 I

Maniac · July 16, 2012

Your system seems to be re-infected.

Please generate a new fresh OTL log files.

LDTate · July 21, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

SireFound Sirefef and BCMiner Trojans on my system

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information