Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: Peter Jordan on May 26, 2012, 07:37:02 PM
-
Just recently I have started receiving messages from Kaspersky indicating they have blocked a malicious URL from loading.
The message reads:
C:\\Windows\Explorer.Exe (PID:5084): Loading Object http:/...?worker.php?action=get%5Fscript%5Fhash...containing malicious URL
hXXp://76.191.112.2/scripts/worker.php?action=get %5F scrips %5hash&ver=1.1
Shortly afterwards, Windows Explorer shuts down and they restarts. This cycle repeats itself continuously.
I have conducted full scans using Kaspersky, Malewyrebytes, and Super-Antispyware, none of which detected anything.
A scan using Combofix did find and delete a dll called devil and the problem was remedied until the computer was rebooted at which point the issues recommenced.
Your help would be greatly appreciated.
<Mod Edit> - Malicious IP munged. Please do not intentionally post live links that are infected.
-
76.191.112.2 is a dangerous IP addresses such as:
- Attackers who try to spy or remotely control others' computers by means such Microsoft remote terminal, SSH, Telnet or shared desktops.
- Threats for email servers or users: spiders/bots, account hijacking, etc.
- Sites spreading virus, trojans, spyware, etc. or just being used by them to let their authors know that a new computer has been infected.
- Threats for servers: exploits, fake identities/agents, DDoS attackers, etc.
- Port scans, which are the first step towards more dangerous actions.
- Malicious P2P sharers or bad peers who spread malware, inject bad traffic or share fake archives.
http://www.mywot.com/en/scorecard/76.191.112.2
Can you post the ComboFix log please. It can be found in C:\combofix.txt
-
ComboFix 12-05-26.02 - Peter 05/26/2012 7:42.9.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1857 [GMT -4:00]
Running from: c:\users\Peter\Downloads\ComboFix2.exe
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\11335636341.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-26 11:54 . 2012-05-26 11:54 -------- d-----w- c:\users\Peter\AppData\Local\temp
2012-05-26 11:54 . 2012-05-26 11:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-26 11:54 . 2012-05-26 11:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-26 11:54 . 2012-05-26 11:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-25 12:00 . 2012-05-25 12:20 -------- d-----w- C:\ComboFix2
2012-05-25 11:16 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A98B41E2-3CD0-436E-857D-6C3F85B85985}\mpengine.dll
2012-05-17 11:42 . 2012-05-17 11:42 -------- d-----w- c:\programdata\RemoteAutomator
2012-05-17 11:42 . 2012-05-17 11:42 -------- d-----w- c:\program files\RemoteAutomator
2012-05-09 21:01 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 21:01 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 21:01 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 21:01 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 21:01 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 21:01 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 21:01 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 21:01 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 21:01 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:00 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 10:39 . 2012-03-29 22:59 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:39 . 2011-05-13 13:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-09 00:21 . 2010-08-16 11:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2010-12-03 22:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 14:00 . 2012-04-13 11:20 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2012-03-01 05:46 . 2012-04-13 01:17 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-13 01:17 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-13 01:17 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 01:17 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-13 01:29 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-13 01:29 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 01:29 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-13 01:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-27 00:14 . 2011-02-27 00:14 7808600 ----a-w- c:\program files\PowerPack3.exe
2011-02-27 00:13 . 2011-02-27 00:13 5404768 ----a-w- c:\program files\RegCleaner603.exe
2010-08-19 16:59 . 2010-08-19 16:59 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
2012-04-25 16:31 . 2011-03-24 10:59 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{64d23501-5195-4224-9446-e2b0fb64e859}"= "c:\program files\HiGames\tbHiGa.dll" [2009-10-27 2325528]
.
[HKEY_CLASSES_ROOT\clsid\{64d23501-5195-4224-9446-e2b0fb64e859}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64d23501-5195-4224-9446-e2b0fb64e859}]
2009-10-27 15:45 2325528 ----a-w- c:\program files\HiGames\tbHiGa.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{64d23501-5195-4224-9446-e2b0fb64e859}"= "c:\program files\HiGames\tbHiGa.dll" [2009-10-27 2325528]
"{583F8E79-0A89-4EBA-9DE2-479E57F64506}"= "c:\users\Peter\Documents\AP_Rewards_AutoEARN\aanpb.dll" [2010-04-26 333192]
.
[HKEY_CLASSES_ROOT\clsid\{64d23501-5195-4224-9446-e2b0fb64e859}]
.
[HKEY_CLASSES_ROOT\clsid\{583f8e79-0a89-4eba-9de2-479e57f64506}]
[HKEY_CLASSES_ROOT\Loader.MToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{E6BDE3C5-7B88-43b4-AB35-8EEEAB2CED76}]
[HKEY_CLASSES_ROOT\Loader.MToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-08-19 16:59 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
"aanpm"="c:\users\Peter\Documents\AP_Rewards_AutoEARN\aanpt.exe" [2010-04-26 574856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-23 740216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-06 7703072]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-08-06 3575808]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-28 1130504]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 421888]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2011-03-21 340520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files\NoMoreTime\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SYNND RemoteAutomator.lnk - c:\program files\RemoteAutomator\AppStart.exe [2012-5-17 28480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2009-06-26 17:05 568072 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=
backup=c:\windows\pss\CaptureWiz.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aanpm]
2010-04-26 23:10 574856 ----a-w- c:\users\Peter\Documents\AP_Rewards_AutoEARN\aanpt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-07-28 13:10 1406824 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\NoMoreTime\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 19:56 981680 ----a-w- c:\program files\NoMoreTime\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 16:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-01-13 15:41 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2010-11-24 20:26 1233856 ----a-w- c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-02-23 11:11 740216 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Free]
2010-08-08 01:40 5324800 ----a-w- c:\program files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SABKUTIL;SABKUTIL;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-19 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
R4 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-08-06 3453440]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MBAMService;MBAMService;c:\program files\NoMoreTime\mbamservice.exe [2012-04-04 654408]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-05-07 52128]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-05-07 42144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:39]
.
2012-05-26 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-06-29 17:37]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mls.gsmls.com/member/index.jsp
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8231A03-DFF0-4AB2-A7B4-7FC36769BFC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} - hxxp://www2.stlu.com/plugins/Plugin0501.0125/streetnoagent7.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://msx.mlxchange.com/5.5.07.24643/Control/IRCSharc.cab
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\m4fqy7os.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-26 07:58:06
ComboFix-quarantined-files.txt 2012-05-26 11:58
ComboFix2.txt 2012-05-26 11:04
ComboFix3.txt 2012-05-25 12:20
ComboFix4.txt 2011-08-05 13:31
ComboFix5.txt 2012-05-26 11:40
.
Pre-Run: 58,943,561,728 bytes free
Post-Run: 58,867,740,672 bytes free
.
- - End Of File - - 535A778FB9CA6625142A2E97D153F3BC
-
Are you able to get online with the computer?
If so:
ESET Online Scan
Scan your computer with the ESET FREE Online Virus Scan (http://eset.com/onlinescan)
* Click the ESET Online Scanner button.
* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.
* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.
In your next reply please include the ESET Online Scan Log
-
Sorry for the delay but I was only recently able to run a full scan online.
Thanks for your patience.
C:\Users\Peter\AppData\Local\temp\hdF7B7.tmp probably unknown NewHeur_PE virus
-
ComboFix- be sure to delete it and download a new copy.
Download ComboFix© by sUBs from one of the below links. Be sure to save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://www.forospyware.com/sUBs/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
----------
Download DDS from |HERE| (http://download.bleepingcomputer.com/sUBs/dds.scr) or |HERE| (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista and Windows 7 users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
----------
Please add all 3 logs in the next reply.
-
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Peter at 19:27:42 on 2012-05-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1737 [GMT -4:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Acer Bio Protection\CompPtcVUI.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\Dwm.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Windows\system32\taskhost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mls.gsmls.com/member/index.jsp/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
uRun: [Jing] c:\program files\techsmith\jing\Jing.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [VitaKeyPdtWzd] "c:\program files\acer bio protection\PdtWzd.exe"
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\peter\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{CA7B98B4-C4D7-4F55-B82D-B7BDC61C4E3F} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{CA7B98B4-C4D7-4F55-B82D-B7BDC61C4E3F}\05E4A405 : DhcpNameServer = 192.168.126.1
TCP: Interfaces\{CA7B98B4-C4D7-4F55-B82D-B7BDC61C4E3F}\07E6A607 : DhcpNameServer = 192.168.126.1
TCP: Interfaces\{CA7B98B4-C4D7-4F55-B82D-B7BDC61C4E3F}\876696E696479777966696 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8231A03-DFF0-4AB2-A7B4-7FC36769BFC9} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\peter\appdata\roaming\mozilla\firefox\profiles\m4fqy7os.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstm32.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-23 176128]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-5-31 260648]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-5-7 52128]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-5-7 42144]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-10-23 27320]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 257696]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-10-23 29472]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-20 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-19 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-10-6 24576]
S4 Greg_Service;GRegService;c:\program files\acer\registration\GregHSRW.exe [2009-8-28 1150496]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-17 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-17 135664]
S4 IGBASVC;EgisTec Service;c:\program files\acer bio protection\BASVC.exe [2009-8-5 3453440]
S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2009-6-17 50432]
S4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2009-6-17 144640]
S4 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-10-23 253952]
S4 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2009-9-24 240160]
.
=============== Created Last 30 ================
.
2012-05-31 23:15:27 -------- d-----w- c:\users\peter\appdata\local\temp
2012-05-31 23:15:26 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-31 22:57:08 -------- d-----w- C:\ComboFix
2012-05-31 16:43:16 208896 ----a-w- c:\windows\MBR.exe
2012-05-31 16:43:15 98816 ----a-w- c:\windows\sed.exe
2012-05-31 16:43:15 518144 ----a-w- c:\windows\SWREG.exe
2012-05-31 16:43:15 256000 ----a-w- c:\windows\PEV.exe
2012-05-29 14:24:12 -------- d-----w- c:\users\peter\appdata\roaming\SUPERAntiSpyware.com
2012-05-29 14:23:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-29 11:22:53 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2bae9a0a-5c89-43b5-be19-958e7a4bc1dc}\mpengine.dll
2012-05-28 17:11:10 -------- d-----w- C:\sh4ldr
2012-05-28 17:09:44 -------- d-----w- c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-05-26 23:36:01 -------- d-----w- c:\program files\Trend Micro
2012-05-26 22:29:48 -------- d-----w- c:\program files\Oracle
2012-05-26 22:28:28 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-26 14:21:59 -------- d-----w- C:\ComboFix29460C
2012-05-26 11:40:37 -------- d-----w- C:\ComboFix29482C
2012-05-26 11:34:12 -------- d-----w- C:\ComboFix231802C
2012-05-26 10:47:26 -------- d-----w- C:\ComboFix21380C
2012-05-25 12:00:58 -------- d-----w- C:\ComboFix2
2012-05-17 11:42:16 -------- d-----w- c:\programdata\RemoteAutomator
2012-05-17 11:42:16 -------- d-----w- c:\program files\RemoteAutomator
2012-05-09 21:01:25 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 21:01:19 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-09 21:01:18 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-09 21:01:17 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-09 21:01:17 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-09 21:01:09 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 21:01:08 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 21:01:08 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 21:01:00 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:00:59 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
==================== Find3M ====================
.
2012-05-05 10:39:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 10:39:09 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 22:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-26 14:00:41 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2011-02-27 00:14:39 7808600 ----a-w- c:\program files\PowerPack3.exe
2011-02-27 00:13:20 5404768 ----a-w- c:\program files\RegCleaner603.exe
2010-08-19 16:59:19 197632 ----a-w- c:\program files\common files\OnlineFilesManager.dll
.
============= FINISH: 19:29:06.27 ===============
-
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/17/2010 9:06:52 PM
System Uptime: 5/31/2012 7:19:52 PM (0 hours ago)
.
Motherboard: Acer | | Olan
Processor: AMD Athlon(tm) X2 Dual-Core QL-65 | Socket S1G2 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 70.599 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SABKUTIL
Device ID: ROOT\LEGACY_SABKUTIL\0000
Manufacturer:
Name: SABKUTIL
PNP Device ID: ROOT\LEGACY_SABKUTIL\0000
Service: SABKUTIL
.
==== System Restore Points ===================
.
RP535: 5/31/2012 8:17:35 AM - New
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
32 Bit HP CIO Components Installer
7-Zip 9.20
Able2Extract Professional v5.0
AC3Filter ACM AC3/DTS codec (remove only)
Acer Assist
Acer Bio Protection
Acer Crystal Eye Webcam
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer GridVista
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Allok Video Joiner 4.0.1019
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Bonjour
Broadcom Gigabit Integrated Controller
Business Contact Manager for Outlook 2007 SP2
CamStudio
Camtasia Studio 7
CaptureWizPro 4.30
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDex - Open Source Digital Audio CD Extractor
CuratorUtilities
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectVobSub (remove only)
DivX Setup
Dropbox
DVD Flick 1.3.0.7
Easy Video Joiner 5.21
Elite Proxy Switcher 1.10
Email Verifier
Encoder
eSobi v2
EZ MPEG TO AVI Converter 3.00
FastStone Image Viewer 4.2
Final Media Player 2010
Fingerprint Solution
Free Mp3 Wma Converter V 1.9
Free Video to MP3 Converter version 4.0
Free YouTube to MP3 Converter version 3.10.15.1228
Garmin Lifetime Updater
GIMP 2.6.11
Google Update Helper
GoToMeeting 5.1.0.880
HandBrake 0.9.5
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
HP Color LaserJet 3600 (02/27/2007 61.063.461.41)
iCloud
Identity Card
ImgBurn
InterVideo WinDVD 8
iTunes
IZArc 4.1.2
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 7 Update 4
JavaFX 2.1.0
Jing
Junk Mail filter update
K-Lite Codec Pack 6.3.0 (Basic)
Kaspersky Anti-Virus 2010
Kyocera Product Library
LameXP
Learn.com Player (Uninstall Only)
LockHunter version 1.0 beta 3, 32 bit edition
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Edition 2003
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft PowerPoint 2010
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ Run Time Lib Setup
mkv2vob
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Shadow
O2Micro Flash Memory Card Reader Driver
OGA Notifier 2.0.0048.0
OJOsoft DVD AVI Converter Suite
OJOsoft MKV Converter
OJOsoft Total Video Converter
PageOne Curator
Photozig Albums 1.0
QuickTime
Real Alternative 2.0.2
Realtek High Definition Audio Driver
RER Video Converter
Safari
save2pc Light 4.14
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
SEO SpyGlass
SliQ Submitter Plus
SPBA 5.8
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
TextPad 5
The Ultimate Troubleshooter
ToolkitCMA
TOP YouTube Downloader V1.0.0
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Video mp3 Extractor
VLC media player 1.1.4
Voxware Audio decoder 1.6
Welcome Center
WIDCOMM Bluetooth Software
Win7codecs
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
WinZip 14.5
Wisdom-soft Set up ScreenHunter 5.1 Free
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
5/31/2012 7:22:56 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
5/31/2012 7:21:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/31/2012 7:20:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL
5/31/2012 7:11:47 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/30/2012 2:14:54 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
5/29/2012 9:05:49 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
5/29/2012 4:28:03 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.104, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
5/28/2012 9:21:15 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-01D72DB4B8 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CA7B98B4-C4D7-4F55-B82D-B7. The master browser is stopping or an election is being forced.
5/26/2012 7:44:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x000000ff, 0x00000008, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052612-26676-01.
5/26/2012 7:29:17 AM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
-
ComboFix 12-05-31.02 - Peter 05/31/2012 18:58:35.13.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1741 [GMT -4:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))))
.
.
2012-05-31 23:11 . 2012-05-31 23:11 -------- d-----w- c:\users\Peter\AppData\Local\temp
2012-05-31 23:11 . 2012-05-31 23:11 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-31 23:11 . 2012-05-31 23:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-31 23:11 . 2012-05-31 23:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-29 14:24 . 2012-05-29 14:24 -------- d-----w- c:\users\Peter\AppData\Roaming\SUPERAntiSpyware.com
2012-05-29 14:23 . 2012-05-29 14:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-29 11:22 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BAE9A0A-5C89-43B5-BE19-958E7A4BC1DC}\mpengine.dll
2012-05-28 17:11 . 2012-05-31 11:28 -------- d-----w- C:\sh4ldr
2012-05-28 17:09 . 2012-05-31 12:10 -------- d-----w- c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-05-26 23:36 . 2012-05-26 23:36 -------- d-----w- c:\program files\Trend Micro
2012-05-26 22:31 . 2012-05-26 22:31 -------- d-----w- c:\program files\Common Files\Java
2012-05-26 22:29 . 2012-05-26 22:29 -------- d-----w- c:\program files\Oracle
2012-05-26 22:28 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-17 11:42 . 2012-05-26 18:58 -------- d-----w- c:\program files\RemoteAutomator
2012-05-17 11:42 . 2012-05-26 18:58 -------- d-----w- c:\programdata\RemoteAutomator
2012-05-09 21:01 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 21:01 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 21:01 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 21:01 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 21:01 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 21:01 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 21:01 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 21:01 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 21:01 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:00 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 10:39 . 2012-03-29 22:59 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:39 . 2011-05-13 13:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:47 . 2010-08-16 11:32 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-26 14:00 . 2012-04-13 11:20 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2011-02-27 00:14 . 2011-02-27 00:14 7808600 ----a-w- c:\program files\PowerPack3.exe
2011-02-27 00:13 . 2011-02-27 00:13 5404768 ----a-w- c:\program files\RegCleaner603.exe
2010-08-19 16:59 . 2010-08-19 16:59 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
2012-04-25 16:31 . 2011-03-24 10:59 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-08-19 16:59 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-06 7703072]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-08-06 3575808]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-28 1130504]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 421888]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2011-03-21 340520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2009-06-26 17:05 568072 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=
backup=c:\windows\pss\CaptureWiz.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-07-28 13:10 1406824 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 16:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-21 20:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Free]
2010-08-08 01:40 5324800 ----a-w- c:\program files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SABKUTIL;SABKUTIL;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-19 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
R4 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-08-06 3453440]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-05-07 52128]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-05-07 42144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:39]
.
2012-05-31 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-06-29 17:37]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-05-30 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 60fc887a-e1bc-430b-8168-7cc7eb16481f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-05-31 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c06bd2ec-6f4c-4c57-9272-dde63d1a23fb.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mls.gsmls.com/member/index.jsp/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8231A03-DFF0-4AB2-A7B4-7FC36769BFC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\m4fqy7os.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-TweakNow PowerPack 2011_is1 - c:\program files\TweakNow PowerPack 2011\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-31 19:15:23
ComboFix-quarantined-files.txt 2012-05-31 23:15
ComboFix2.txt 2012-05-31 17:02
.
Pre-Run: 75,732,156,416 bytes free
Post-Run: 75,668,303,872 bytes free
.
- - End Of File - - 05E4C3665415651A4C88642E1A9BDCAF
-
If you already have Malwarebytes be sure to update it before running the scan!
Download Malwarebytes' Anti-Malware (MBAM) (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to the following:
* Update Malwarebytes' Anti-Malware
* Launch Malwarebytes' Anti-Malware
* Then click Finish
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
----------
Download TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) (v2.4.0.0) from Kaspersky Labs and save it to your desktop. <-Important!!!
* Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator (http://vistasupport.mvps.org/run_as_administrator.htm)
* If TDSSKiller does not run, try renaming it.
* To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension (http://www.mediacollege.com/microsoft/windows/extension-change.html)
* Click the Start Scan button.
* Do not use the computer during the scan.
* If the scan completes with nothing found, click Close to exit.
* If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
* Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
* A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_14.17.05_ log.txt) will be created and saved to the root directory ( usually Local Disk C ).
* Post this log to your next message.
If needed see the TDSS Rootkit Removing Tool (http://support.kaspersky.com/viruses/solutions?qid=208280684) website for detailed instructions on running TDSSkiller.
-
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.31.08
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Peter :: PETER-PC [administrator]
5/31/2012 9:25:20 PM
mbam-log-2012-05-31 (21-25-20).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208274
Time elapsed: 7 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
21:55:33.0773 5604 System windows directory: C:\Windows
21:55:33.0773 5604 Processor architecture: Intel x86
21:55:33.0773 5604 Number of processors: 2
21:55:33.0773 5604 Page size: 0x1000
21:55:33.0773 5604 Boot type: Normal boot
21:55:33.0773 5604 ============================================================
21:55:35.0234 5604 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:55:35.0238 5604 ============================================================
21:55:35.0238 5604 \Device\Harddisk0\DR0:
21:55:35.0239 5604 MBR partitions:
21:55:35.0239 5604 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
21:55:35.0239 5604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x1BA22970
21:55:35.0239 5604 ============================================================
21:55:35.0282 5604 C: <-> \Device\Harddisk0\DR0\Partition1
21:55:35.0283 5604 ============================================================
21:55:35.0283 5604 Initialize success
21:55:35.0283 5604 ============================================================
21:56:22.0285 1072 ============================================================
21:56:22.0285 1072 Scan started
21:56:22.0285 1072 Mode: Manual; SigCheck; TDLFS;
21:56:22.0285 1072 ============================================================
21:56:23.0539 1072 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:56:23.0743 1072 !SASCORE - ok
21:56:23.0914 1072 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:56:24.0264 1072 1394ohci - ok
21:56:24.0325 1072 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:56:24.0411 1072 ACPI - ok
21:56:24.0427 1072 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:56:24.0551 1072 AcpiPmi - ok
21:56:24.0691 1072 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:56:24.0839 1072 AdobeARMservice - ok
21:56:24.0964 1072 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:56:25.0016 1072 AdobeFlashPlayerUpdateSvc - ok
21:56:25.0073 1072 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:56:25.0108 1072 adp94xx - ok
21:56:25.0136 1072 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:56:25.0169 1072 adpahci - ok
21:56:25.0186 1072 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:56:25.0221 1072 adpu320 - ok
21:56:25.0256 1072 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:56:25.0330 1072 AeLookupSvc - ok
21:56:25.0393 1072 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:56:25.0641 1072 AFD - ok
21:56:25.0676 1072 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:56:25.0761 1072 agp440 - ok
21:56:25.0782 1072 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:56:25.0810 1072 aic78xx - ok
21:56:25.0843 1072 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:56:25.0974 1072 ALG - ok
21:56:26.0052 1072 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:56:26.0151 1072 aliide - ok
21:56:26.0189 1072 AMD External Events Utility (92543da5bb9775978fdbc1650c24a058) C:\Windows\system32\atiesrxx.exe
21:56:26.0361 1072 AMD External Events Utility - ok
21:56:26.0459 1072 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:56:26.0676 1072 amdagp - ok
21:56:26.0769 1072 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:56:26.0968 1072 amdide - ok
21:56:27.0066 1072 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:56:27.0174 1072 AmdK8 - ok
21:56:27.0193 1072 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:56:27.0223 1072 AmdPPM - ok
21:56:27.0238 1072 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:56:27.0437 1072 amdsata - ok
21:56:27.0475 1072 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:56:27.0507 1072 amdsbs - ok
21:56:27.0530 1072 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:56:27.0745 1072 amdxata - ok
21:56:27.0785 1072 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:56:27.0984 1072 AppID - ok
21:56:28.0059 1072 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:56:28.0112 1072 AppIDSvc - ok
21:56:28.0156 1072 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:56:28.0245 1072 Appinfo - ok
21:56:28.0390 1072 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:56:28.0518 1072 Apple Mobile Device - ok
21:56:28.0635 1072 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
21:56:28.0893 1072 AppMgmt - ok
21:56:28.0972 1072 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:56:29.0002 1072 arc - ok
21:56:29.0021 1072 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:56:29.0067 1072 arcsas - ok
21:56:29.0201 1072 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:56:29.0620 1072 aspnet_state - ok
21:56:29.0646 1072 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:56:29.0964 1072 AsyncMac - ok
21:56:30.0003 1072 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:56:30.0289 1072 atapi - ok
21:56:30.0415 1072 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
21:56:30.0618 1072 athr - ok
21:56:30.0773 1072 AtiHdmiService (bb9e7c7f937714f05a4e05c287d6ddff) C:\Windows\system32\drivers\AtiHdmi.sys
21:56:31.0436 1072 AtiHdmiService - ok
21:56:31.0857 1072 atikmdag (632a5be70d168b84f658a82ac8dbbead) C:\Windows\system32\DRIVERS\atikmdag.sys
21:56:32.0054 1072 atikmdag - ok
21:56:32.0286 1072 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:56:32.0351 1072 AtiPcie - ok
21:56:32.0516 1072 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:56:32.0678 1072 AudioEndpointBuilder - ok
21:56:32.0687 1072 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:56:32.0735 1072 Audiosrv - ok
21:56:32.0888 1072 AVP (df9586377384df3808d42090242cc23b) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
21:56:32.0960 1072 AVP - ok
21:56:33.0014 1072 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:56:33.0151 1072 AxInstSV - ok
21:56:33.0283 1072 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:56:33.0366 1072 b06bdrv - ok
21:56:33.0401 1072 b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:56:33.0428 1072 b57nd60x - ok
21:56:33.0532 1072 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:56:33.0580 1072 BcmSqlStartupSvc - ok
21:56:33.0611 1072 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:56:33.0730 1072 BDESVC - ok
21:56:33.0823 1072 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:56:33.0868 1072 Beep - ok
21:56:34.0168 1072 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:56:34.0260 1072 BFE - ok
21:56:34.0316 1072 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
21:56:34.0398 1072 BITS - ok
21:56:34.0414 1072 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:56:34.0465 1072 blbdrive - ok
21:56:34.0607 1072 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:56:34.0653 1072 Bonjour Service - ok
21:56:34.0710 1072 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:56:34.0995 1072 bowser - ok
21:56:35.0026 1072 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:56:35.0100 1072 BrFiltLo - ok
21:56:35.0128 1072 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:56:35.0155 1072 BrFiltUp - ok
21:56:35.0219 1072 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
21:56:35.0298 1072 BridgeMP - ok
21:56:35.0355 1072 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:56:35.0437 1072 Browser - ok
21:56:35.0482 1072 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:56:35.0537 1072 Brserid - ok
21:56:35.0566 1072 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:56:35.0595 1072 BrSerWdm - ok
21:56:35.0613 1072 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:56:35.0642 1072 BrUsbMdm - ok
21:56:35.0652 1072 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:56:35.0680 1072 BrUsbSer - ok
21:56:35.0727 1072 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
21:56:35.0790 1072 BthEnum - ok
21:56:35.0818 1072 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:56:35.0847 1072 BTHMODEM - ok
21:56:35.0874 1072 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
21:56:35.0996 1072 BthPan - ok
21:56:36.0069 1072 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
21:56:36.0152 1072 BTHPORT - ok
21:56:36.0184 1072 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:56:36.0232 1072 bthserv - ok
21:56:36.0281 1072 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
21:56:36.0424 1072 BTHUSB - ok
21:56:36.0455 1072 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
21:56:36.0525 1072 btwaudio - ok
21:56:36.0550 1072 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys
21:56:36.0631 1072 btwavdt - ok
21:56:36.0736 1072 btwdins (528aaea4bea415f7dbc30653ef2cdca5) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:56:36.0803 1072 btwdins - ok
21:56:36.0828 1072 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:56:36.0903 1072 btwl2cap - ok
21:56:36.0915 1072 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
21:56:36.0984 1072 btwrchid - ok
21:56:37.0092 1072 catchme - ok
21:56:37.0138 1072 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:56:37.0207 1072 cdfs - ok
21:56:37.0256 1072 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:56:37.0389 1072 cdrom - ok
21:56:37.0435 1072 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:56:37.0524 1072 CertPropSvc - ok
21:56:37.0540 1072 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:56:37.0571 1072 circlass - ok
21:56:37.0614 1072 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:56:37.0644 1072 CLFS - ok
21:56:37.0724 1072 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:56:37.0763 1072 clr_optimization_v2.0.50727_32 - ok
21:56:37.0839 1072 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:56:37.0895 1072 clr_optimization_v4.0.30319_32 - ok
21:56:37.0928 1072 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:56:37.0956 1072 CmBatt - ok
21:56:38.0002 1072 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:56:38.0072 1072 cmdide - ok
21:56:38.0141 1072 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:56:38.0222 1072 CNG - ok
21:56:38.0235 1072 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:56:38.0260 1072 Compbatt - ok
21:56:38.0301 1072 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:56:38.0488 1072 CompositeBus - ok
21:56:38.0493 1072 COMSysApp - ok
21:56:38.0542 1072 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:56:38.0564 1072 crcdisk - ok
21:56:38.0622 1072 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
21:56:38.0702 1072 CryptSvc - ok
21:56:38.0771 1072 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:56:38.0859 1072 CSC - ok
21:56:38.0912 1072 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
21:56:38.0989 1072 CscService - ok
21:56:39.0029 1072 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:56:39.0078 1072 DcomLaunch - ok
21:56:39.0120 1072 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:56:39.0171 1072 defragsvc - ok
21:56:39.0248 1072 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:56:39.0322 1072 DfsC - ok
21:56:39.0371 1072 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:56:39.0449 1072 Dhcp - ok
21:56:39.0474 1072 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:56:39.0528 1072 discache - ok
21:56:39.0562 1072 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:56:39.0612 1072 Disk - ok
21:56:39.0645 1072 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
21:56:39.0727 1072 DKbFltr - ok
21:56:39.0791 1072 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:56:39.0983 1072 Dnscache - ok
21:56:40.0055 1072 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:56:40.0150 1072 dot3svc - ok
21:56:40.0208 1072 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:56:40.0306 1072 DPS - ok
21:56:40.0331 1072 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:56:40.0361 1072 drmkaud - ok
21:56:40.0403 1072 dwshd - ok
21:56:40.0527 1072 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:56:40.0622 1072 DXGKrnl - ok
21:56:40.0677 1072 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:56:40.0743 1072 EapHost - ok
21:56:41.0013 1072 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:56:41.0086 1072 ebdrv - ok
21:56:41.0233 1072 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:56:41.0362 1072 EFS - ok
21:56:41.0498 1072 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:56:41.0621 1072 ehRecvr - ok
21:56:41.0654 1072 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:56:41.0749 1072 ehSched - ok
21:56:41.0849 1072 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:56:41.0912 1072 elxstor - ok
21:56:41.0953 1072 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:56:42.0047 1072 ErrDev - ok
21:56:42.0124 1072 esgiguard - ok
21:56:42.0197 1072 ETService (2f6d55dc521c557880116b51925a792a) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
21:56:42.0253 1072 ETService ( UnsignedFile.Multi.Generic ) - warning
21:56:42.0253 1072 ETService - detected UnsignedFile.Multi.Generic (1)
21:56:42.0317 1072 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:56:42.0385 1072 EventSystem - ok
21:56:42.0427 1072 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:56:42.0475 1072 exfat - ok
21:56:42.0506 1072 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:56:42.0551 1072 fastfat - ok
21:56:42.0645 1072 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:56:42.0753 1072 Fax - ok
21:56:42.0773 1072 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:56:42.0801 1072 fdc - ok
21:56:42.0826 1072 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:56:42.0875 1072 fdPHost - ok
21:56:42.0892 1072 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:56:43.0006 1072 FDResPub - ok
21:56:43.0022 1072 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:56:43.0049 1072 FileInfo - ok
21:56:43.0068 1072 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:56:43.0112 1072 Filetrace - ok
21:56:43.0132 1072 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:56:43.0159 1072 flpydisk - ok
21:56:43.0188 1072 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:56:43.0215 1072 FltMgr - ok
21:56:43.0322 1072 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:56:43.0539 1072 FontCache - ok
21:56:43.0618 1072 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:56:43.0661 1072 FontCache3.0.0.0 - ok
21:56:43.0694 1072 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:56:43.0720 1072 FsDepends - ok
21:56:43.0770 1072 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:56:43.0847 1072 Fs_Rec - ok
21:56:43.0910 1072 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:56:43.0993 1072 fvevol - ok
21:56:44.0010 1072 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:56:44.0034 1072 gagp30kx - ok
21:56:44.0078 1072 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:56:44.0099 1072 GEARAspiWDM - ok
21:56:44.0362 1072 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:56:44.0464 1072 gpsvc - ok
21:56:44.0619 1072 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files\Acer\Registration\GregHSRW.exe
21:56:44.0690 1072 Greg_Service - ok
21:56:44.0774 1072 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:56:44.0850 1072 gupdate - ok
21:56:44.0898 1072 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:56:44.0936 1072 gupdatem - ok
21:56:45.0074 1072 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:56:45.0153 1072 hcw85cir - ok
21:56:45.0222 1072 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:56:45.0331 1072 HdAudAddService - ok
21:56:45.0432 1072 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:56:45.0553 1072 HDAudBus - ok
21:56:45.0573 1072 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:56:45.0600 1072 HidBatt - ok
21:56:45.0627 1072 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:56:45.0658 1072 HidBth - ok
21:56:45.0668 1072 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:56:45.0699 1072 HidIr - ok
21:56:45.0728 1072 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
21:56:45.0776 1072 hidserv - ok
21:56:45.0789 1072 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:56:45.0863 1072 HidUsb - ok
21:56:45.0915 1072 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:56:45.0994 1072 hkmsvc - ok
21:56:46.0020 1072 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:56:46.0142 1072 HomeGroupListener - ok
21:56:46.0237 1072 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:56:46.0266 1072 HomeGroupProvider - ok
21:56:46.0314 1072 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:56:46.0421 1072 HpSAMD - ok
21:56:46.0468 1072 HsfXAudioService (210388fd8225b02bd83d77628aae64a9) C:\Windows\system32\XAudio32.dll
21:56:46.0630 1072 HsfXAudioService - ok
21:56:46.0787 1072 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:56:46.0921 1072 HSF_DPV - ok
21:56:47.0036 1072 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:56:47.0127 1072 HSXHWAZL - ok
21:56:47.0208 1072 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:56:47.0285 1072 HTTP - ok
21:56:47.0333 1072 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:56:47.0408 1072 hwpolicy - ok
21:56:47.0467 1072 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:56:47.0562 1072 i8042prt - ok
21:56:47.0605 1072 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:56:47.0681 1072 iaStorV - ok
21:56:47.0842 1072 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:56:47.0918 1072 idsvc - ok
21:56:48.0287 1072 IGBASVC (884243a20eccf90f747854e2f0954719) c:\Program Files\Acer Bio Protection\BASVC.exe
21:56:48.0381 1072 IGBASVC ( UnsignedFile.Multi.Generic ) - warning
21:56:48.0382 1072 IGBASVC - detected UnsignedFile.Multi.Generic (1)
21:56:48.0939 1072 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:56:49.0047 1072 igfx - ok
21:56:49.0247 1072 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:56:49.0289 1072 iirsp - ok
21:56:49.0546 1072 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:56:49.0656 1072 IKEEXT - ok
21:56:49.0687 1072 int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys
21:56:49.0738 1072 int15 - ok
21:56:49.0943 1072 IntcAzAudAddService (b29e79c67f3779e70ba187e31b639ebc) C:\Windows\system32\drivers\RTKVHDA.sys
21:56:50.0070 1072 IntcAzAudAddService - ok
21:56:50.0220 1072 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:56:50.0344 1072 intelide - ok
21:56:50.0364 1072 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:56:50.0395 1072 intelppm - ok
21:56:50.0446 1072 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:56:50.0531 1072 IPBusEnum - ok
21:56:50.0554 1072 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:56:50.0602 1072 IpFilterDriver - ok
21:56:50.0775 1072 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:56:50.0854 1072 iphlpsvc - ok
21:56:50.0903 1072 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:56:50.0985 1072 IPMIDRV - ok
21:56:51.0025 1072 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:56:51.0070 1072 IPNAT - ok
21:56:51.0244 1072 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
21:56:51.0283 1072 iPod Service - ok
21:56:51.0291 1072 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:56:51.0360 1072 IRENUM - ok
21:56:51.0397 1072 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:56:51.0469 1072 isapnp - ok
21:56:51.0500 1072 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:56:51.0573 1072 iScsiPrt - ok
21:56:51.0645 1072 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:56:51.0680 1072 IviRegMgr - ok
21:56:51.0700 1072 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:56:51.0774 1072 kbdclass - ok
21:56:51.0825 1072 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
21:56:51.0900 1072 kbdhid - ok
21:56:51.0944 1072 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:56:51.0971 1072 KeyIso - ok
21:56:52.0038 1072 kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
21:56:52.0093 1072 kl1 - ok
21:56:52.0129 1072 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\Windows\system32\drivers\klbg.sys
21:56:52.0181 1072 klbg - ok
21:56:52.0234 1072 KLIF (de6c14fb8438ef932d9f58f269a19b85) C:\Windows\system32\DRIVERS\klif.sys
21:56:52.0286 1072 KLIF - ok
21:56:52.0332 1072 KLIM6 (892cc162dc88ab084c86485879526c59) C:\Windows\system32\DRIVERS\klim6.sys
21:56:52.0386 1072 KLIM6 - ok
21:56:52.0429 1072 klmouflt (aa63a815876a76987b5dbce6af7478e9) C:\Windows\system32\DRIVERS\klmouflt.sys
21:56:52.0480 1072 klmouflt - ok
21:56:52.0526 1072 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:56:52.0581 1072 KSecDD - ok
21:56:52.0606 1072 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:56:52.0667 1072 KSecPkg - ok
21:56:52.0712 1072 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:56:52.0765 1072 KtmRm - ok
21:56:52.0791 1072 L1E (8c804b1ffad1efa952b747e8285c3b76) C:\Windows\system32\DRIVERS\L1E62x86.sys
21:56:52.0818 1072 L1E - ok
21:56:52.0894 1072 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
21:56:52.0963 1072 LanmanServer - ok
21:56:53.0015 1072 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:56:53.0083 1072 LanmanWorkstation - ok
21:56:53.0106 1072 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:56:53.0151 1072 lltdio - ok
21:56:53.0186 1072 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:56:53.0234 1072 lltdsvc - ok
21:56:53.0251 1072 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:56:53.0296 1072 lmhosts - ok
21:56:53.0332 1072 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:56:53.0357 1072 LSI_FC - ok
21:56:53.0372 1072 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:56:53.0401 1072 LSI_SAS - ok
21:56:53.0420 1072 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:56:53.0446 1072 LSI_SAS2 - ok
21:56:53.0463 1072 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:56:53.0488 1072 LSI_SCSI - ok
21:56:53.0509 1072 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:56:53.0554 1072 luafv - ok
21:56:53.0633 1072 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:56:53.0785 1072 Mcx2Svc - ok
21:56:53.0805 1072 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:56:53.0986 1072 mdmxsdk - ok
21:56:54.0024 1072 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:56:54.0068 1072 megasas - ok
21:56:54.0104 1072 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:56:54.0131 1072 MegaSR - ok
21:56:54.0238 1072 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:56:54.0261 1072 Microsoft Office Groove Audit Service - ok
21:56:54.0294 1072 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:56:54.0340 1072 MMCSS - ok
21:56:54.0358 1072 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:56:54.0401 1072 Modem - ok
21:56:54.0420 1072 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:56:54.0450 1072 monitor - ok
21:56:54.0486 1072 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:56:54.0558 1072 mouclass - ok
21:56:54.0679 1072 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:56:54.0729 1072 mouhid - ok
21:56:54.0914 1072 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:56:54.0991 1072 mountmgr - ok
21:56:55.0073 1072 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:56:55.0219 1072 MozillaMaintenance - ok
21:56:55.0328 1072 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:56:55.0441 1072 mpio - ok
21:56:55.0475 1072 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:56:55.0519 1072 mpsdrv - ok
21:56:55.0606 1072 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:56:55.0708 1072 MpsSvc - ok
21:56:55.0758 1072 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:56:55.0830 1072 MRxDAV - ok
21:56:55.0886 1072 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:56:56.0103 1072 mrxsmb - ok
21:56:56.0164 1072 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:56:56.0262 1072 mrxsmb10 - ok
21:56:56.0287 1072 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:56:56.0426 1072 mrxsmb20 - ok
21:56:56.0516 1072 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:56:56.0588 1072 msahci - ok
21:56:56.0645 1072 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:56:56.0742 1072 msdsm - ok
21:56:56.0776 1072 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:56:56.0850 1072 MSDTC - ok
21:56:56.0876 1072 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:56:56.0922 1072 Msfs - ok
21:56:56.0937 1072 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:56:56.0981 1072 mshidkmdf - ok
21:56:56.0995 1072 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:56:57.0065 1072 msisadrv - ok
21:56:57.0104 1072 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:56:57.0167 1072 MSiSCSI - ok
21:56:57.0175 1072 msiserver - ok
21:56:57.0191 1072 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:56:57.0241 1072 MSKSSRV - ok
21:56:57.0249 1072 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:56:57.0297 1072 MSPCLOCK - ok
21:56:57.0305 1072 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:56:57.0366 1072 MSPQM - ok
21:56:57.0391 1072 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:56:57.0420 1072 MsRPC - ok
21:56:57.0471 1072 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:56:57.0591 1072 mssmbios - ok
21:56:57.0668 1072 MSSQL$MSSMLBIZ - ok
21:56:57.0744 1072 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:56:57.0953 1072 MSSQLServerADHelper - ok
21:56:58.0008 1072 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:56:58.0052 1072 MSTEE - ok
21:56:58.0061 1072 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:56:58.0092 1072 MTConfig - ok
21:56:58.0116 1072 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:56:58.0142 1072 Mup - ok
21:56:58.0206 1072 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:56:58.0288 1072 napagent - ok
21:56:58.0325 1072 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:56:58.0360 1072 NativeWifiP - ok
21:56:58.0420 1072 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:56:58.0496 1072 NDIS - ok
21:56:58.0515 1072 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:56:58.0561 1072 NdisCap - ok
21:56:58.0581 1072 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:56:58.0624 1072 NdisTapi - ok
21:56:58.0664 1072 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:56:58.0709 1072 Ndisuio - ok
21:56:58.0758 1072 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:56:58.0803 1072 NdisWan - ok
21:56:58.0853 1072 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:56:58.0923 1072 NDProxy - ok
21:56:58.0976 1072 Net Driver HPZ12 (90eb97c8dbf11bb0016c51946ac5ecd6) C:\Windows\system32\HPZinw12.dll
21:56:59.0005 1072 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:56:59.0005 1072 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:56:59.0043 1072 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:56:59.0088 1072 NetBIOS - ok
21:56:59.0141 1072 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:56:59.0218 1072 NetBT - ok
21:56:59.0256 1072 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:56:59.0285 1072 Netlogon - ok
21:56:59.0339 1072 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:56:59.0391 1072 Netman - ok
21:56:59.0521 1072 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0568 1072 NetMsmqActivator - ok
21:56:59.0575 1072 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0599 1072 NetPipeActivator - ok
21:56:59.0629 1072 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:56:59.0680 1072 netprofm - ok
21:56:59.0687 1072 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0714 1072 NetTcpActivator - ok
21:56:59.0721 1072 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0748 1072 NetTcpPortSharing - ok
21:56:59.0780 1072 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:56:59.0806 1072 nfrd960 - ok
21:56:59.0874 1072 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:56:59.0968 1072 NlaSvc - ok
21:56:59.0988 1072 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:57:00.0033 1072 Npfs - ok
21:57:00.0069 1072 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:57:00.0125 1072 nsi - ok
21:57:00.0154 1072 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:57:00.0199 1072 nsiproxy - ok
21:57:00.0360 1072 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:57:00.0528 1072 Ntfs - ok
21:57:00.0687 1072 NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
21:57:00.0758 1072 NTIBackupSvc - ok
21:57:00.0888 1072 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
21:57:00.0956 1072 NTIDrvr - ok
21:57:00.0995 1072 NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
21:57:01.0057 1072 NTISchedulerSvc - ok
21:57:01.0097 1072 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:57:01.0152 1072 Null - ok
21:57:01.0211 1072 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:57:01.0354 1072 nvraid - ok
21:57:01.0390 1072 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:57:01.0526 1072 nvstor - ok
21:57:01.0609 1072 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:57:01.0728 1072 nv_agp - ok
21:57:01.0788 1072 O2FLASH (d955d5de998db2476bf0892be3a96c26) C:\Windows\system32\DRIVERS\o2flash.exe
21:57:01.0957 1072 O2FLASH - ok
21:57:02.0000 1072 O2MDRDR (922046f114ac0c1b2484bcdd5ca43c07) C:\Windows\system32\DRIVERS\o2media.sys
21:57:02.0070 1072 O2MDRDR - ok
21:57:02.0087 1072 O2SDRDR (51c368f577513feb59ed70b45e930076) C:\Windows\system32\DRIVERS\o2sd.sys
21:57:02.0163 1072 O2SDRDR - ok
21:57:02.0301 1072 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:57:02.0332 1072 odserv - ok
21:57:02.0378 1072 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:57:02.0454 1072 ohci1394 - ok
21:57:02.0504 1072 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:57:02.0530 1072 ose - ok
21:57:03.0004 1072 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:57:03.0143 1072 osppsvc - ok
21:57:03.0331 1072 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:57:03.0477 1072 p2pimsvc - ok
21:57:03.0511 1072 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:57:03.0553 1072 p2psvc - ok
21:57:03.0606 1072 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:57:03.0653 1072 Parport - ok
21:57:03.0697 1072 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:57:03.0735 1072 partmgr - ok
21:57:03.0756 1072 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:57:03.0785 1072 Parvdm - ok
21:57:03.0816 1072 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:57:03.0854 1072 PcaSvc - ok
21:57:03.0911 1072 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:57:03.0997 1072 pci - ok
21:57:04.0025 1072 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:57:04.0096 1072 pciide - ok
21:57:04.0138 1072 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:57:04.0191 1072 pcmcia - ok
21:57:04.0218 1072 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:57:04.0255 1072 pcw - ok
21:57:04.0311 1072 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:57:04.0373 1072 PEAUTH - ok
21:57:04.0465 1072 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
21:57:04.0591 1072 PeerDistSvc - ok
21:57:04.0794 1072 pgfilter - ok
21:57:05.0150 1072 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:57:05.0247 1072 pla - ok
21:57:05.0420 1072 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:57:05.0684 1072 PlugPlay - ok
21:57:05.0745 1072 Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\Windows\system32\HPZipm12.dll
21:57:05.0852 1072 Pml Driver HPZ12 - ok
21:57:05.0880 1072 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:57:05.0915 1072 PNRPAutoReg - ok
21:57:05.0952 1072 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:57:05.0985 1072 PNRPsvc - ok
21:57:06.0062 1072 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:57:06.0151 1072 PolicyAgent - ok
21:57:06.0211 1072 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:57:06.0297 1072 Power - ok
21:57:06.0363 1072 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:57:06.0429 1072 PptpMiniport - ok
21:57:06.0448 1072 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:57:06.0476 1072 Processor - ok
21:57:06.0504 1072 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
21:57:06.0576 1072 ProfSvc - ok
21:57:06.0623 1072 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:57:06.0669 1072 ProtectedStorage - ok
21:57:06.0695 1072 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:57:06.0742 1072 Psched - ok
21:57:06.0818 1072 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
21:57:06.0869 1072 PSI_SVC_2 - ok
21:57:06.0984 1072 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:57:07.0059 1072 ql2300 - ok
21:57:07.0219 1072 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:57:07.0266 1072 ql40xx - ok
21:57:07.0320 1072 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:57:07.0367 1072 QWAVE - ok
21:57:07.0392 1072 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:57:07.0427 1072 QWAVEdrv - ok
21:57:07.0442 1072 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:57:07.0487 1072 RasAcd - ok
21:57:07.0519 1072 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:57:07.0579 1072 RasAgileVpn - ok
21:57:07.0601 1072 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:57:07.0698 1072 RasAuto - ok
21:57:07.0733 1072 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:57:07.0793 1072 Rasl2tp - ok
21:57:07.0868 1072 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:57:07.0940 1072 RasMan - ok
21:57:07.0971 1072 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:57:08.0033 1072 RasPppoe - ok
21:57:08.0054 1072 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:57:08.0112 1072 RasSstp - ok
21:57:08.0144 1072 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:57:08.0213 1072 rdbss - ok
21:57:08.0233 1072 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:57:08.0277 1072 rdpbus - ok
21:57:08.0322 1072 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:57:08.0396 1072 RDPCDD - ok
21:57:08.0456 1072 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:57:08.0610 1072 RDPDR - ok
21:57:08.0677 1072 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:57:08.0747 1072 RDPENCDD - ok
21:57:08.0784 1072 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:57:08.0826 1072 RDPREFMP - ok
21:57:08.0891 1072 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
21:57:08.0946 1072 RDPWD - ok
21:57:09.0008 1072 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:57:09.0061 1072 rdyboost - ok
21:57:09.0092 1072 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
21:57:09.0161 1072 regi - ok
21:57:09.0210 1072 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:57:09.0301 1072 RemoteAccess - ok
21:57:09.0342 1072 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:57:09.0400 1072 RemoteRegistry - ok
21:57:09.0440 1072 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
21:57:09.0558 1072 RFCOMM - ok
21:57:09.0587 1072 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:57:09.0641 1072 RpcEptMapper - ok
21:57:09.0658 1072 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:57:09.0750 1072 RpcLocator - ok
21:57:09.0967 1072 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:57:10.0017 1072 RpcSs - ok
21:57:10.0064 1072 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:57:10.0126 1072 rspndr - ok
21:57:10.0224 1072 RS_Service (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files\Acer\Acer VCM\RS_Service.exe
21:57:10.0264 1072 RS_Service ( UnsignedFile.Multi.Generic ) - warning
21:57:10.0264 1072 RS_Service - detected UnsignedFile.Multi.Generic (1)
21:57:10.0306 1072 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:57:10.0459 1072 s3cap - ok
21:57:10.0519 1072 SABKUTIL - ok
21:57:10.0556 1072 SABProcEnum - ok
21:57:10.0600 1072 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:57:10.0629 1072 SamSs - ok
21:57:10.0745 1072 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:57:10.0793 1072 SASDIFSV - ok
21:57:10.0817 1072 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:57:10.0847 1072 SASKUTIL - ok
21:57:10.0903 1072 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:57:11.0010 1072 sbp2port - ok
21:57:11.0048 1072 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:57:11.0101 1072 SCardSvr - ok
21:57:11.0143 1072 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:57:11.0188 1072 scfilter - ok
21:57:11.0294 1072 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:57:11.0386 1072 Schedule - ok
21:57:11.0436 1072 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:57:11.0507 1072 SCPolicySvc - ok
21:57:11.0554 1072 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
21:57:11.0644 1072 sdbus - ok
21:57:11.0669 1072 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:57:11.0762 1072 SDRSVC - ok
21:57:11.0924 1072 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:57:11.0997 1072 secdrv - ok
21:57:12.0034 1072 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:57:12.0095 1072 seclogon - ok
21:57:12.0126 1072 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
21:57:12.0176 1072 SENS - ok
21:57:12.0200 1072 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:57:12.0274 1072 SensrSvc - ok
21:57:12.0294 1072 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:57:12.0321 1072 Serenum - ok
21:57:12.0345 1072 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:57:12.0375 1072 Serial - ok
21:57:12.0430 1072 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:57:12.0527 1072 sermouse - ok
21:57:12.0594 1072 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:57:12.0682 1072 SessionEnv - ok
21:57:12.0726 1072 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:57:12.0828 1072 sffdisk - ok
21:57:12.0846 1072 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:57:12.0920 1072 sffp_mmc - ok
21:57:12.0930 1072 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:57:13.0019 1072 sffp_sd - ok
21:57:13.0047 1072 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:57:13.0074 1072 sfloppy - ok
21:57:13.0167 1072 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:57:13.0224 1072 SharedAccess - ok
21:57:13.0285 1072 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:57:13.0403 1072 ShellHWDetection - ok
21:57:13.0447 1072 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:57:13.0573 1072 sisagp - ok
21:57:13.0603 1072 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:57:13.0632 1072 SiSRaid2 - ok
21:57:13.0662 1072 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:57:13.0689 1072 SiSRaid4 - ok
21:57:13.0710 1072 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:57:13.0760 1072 Smb - ok
21:57:13.0828 1072 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:57:13.0860 1072 SNMPTRAP - ok
21:57:13.0887 1072 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:57:13.0914 1072 spldr - ok
21:57:13.0984 1072 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:57:14.0078 1072 Spooler - ok
21:57:14.0361 1072 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:57:14.0493 1072 sppsvc - ok
21:57:14.0710 1072 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:57:14.0786 1072 sppuinotify - ok
21:57:14.0903 1072 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:57:15.0037 1072 SQLBrowser - ok
21:57:15.0055 1072 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:57:15.0092 1072 SQLWriter - ok
21:57:15.0347 1072 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:57:15.0532 1072 srv - ok
21:57:15.0599 1072 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:57:15.0759 1072 srv2 - ok
21:57:15.0815 1072 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:57:15.0881 1072 SrvHsfHDA - ok
21:57:15.0970 1072 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:57:16.0052 1072 SrvHsfV92 - ok
21:57:16.0128 1072 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:57:16.0204 1072 SrvHsfWinac - ok
21:57:16.0254 1072 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:57:16.0394 1072 srvnet - ok
21:57:16.0512 1072 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:57:16.0588 1072 SSDPSRV - ok
21:57:16.0622 1072 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:57:16.0672 1072 SstpSvc - ok
21:57:16.0708 1072 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:57:16.0733 1072 stexstor - ok
21:57:16.0804 1072 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:57:16.0916 1072 StiSvc - ok
21:57:16.0967 1072 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:57:17.0076 1072 storflt - ok
21:57:17.0203 1072 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
21:57:17.0340 1072 StorSvc - ok
21:57:17.0360 1072 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
21:57:17.0464 1072 storvsc - ok
21:57:17.0485 1072 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:57:17.0599 1072 swenum - ok
21:57:17.0648 1072 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:57:17.0717 1072 swprv - ok
21:57:17.0762 1072 SynTP (47183e3520c88fadd5b0c87d57040da5) C:\Windows\system3
-
It looks like the bottom part of the TDSS log is cut off?
-
21:55:33.0254 5604 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:55:33.0771 5604 ============================================================
21:55:33.0771 5604 Current date / time: 2012/05/31 21:55:33.0771
21:55:33.0771 5604 SystemInfo:
21:55:33.0771 5604
21:55:33.0771 5604 OS Version: 6.1.7601 ServicePack: 1.0
21:55:33.0771 5604 Product type: Workstation
21:55:33.0772 5604 ComputerName: PETER-PC
21:55:33.0772 5604 UserName: Peter
21:55:33.0772 5604 Windows directory: C:\Windows
21:55:33.0773 5604 System windows directory: C:\Windows
21:55:33.0773 5604 Processor architecture: Intel x86
21:55:33.0773 5604 Number of processors: 2
21:55:33.0773 5604 Page size: 0x1000
21:55:33.0773 5604 Boot type: Normal boot
21:55:33.0773 5604 ============================================================
21:55:35.0234 5604 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:55:35.0238 5604 ============================================================
21:55:35.0238 5604 \Device\Harddisk0\DR0:
21:55:35.0239 5604 MBR partitions:
21:55:35.0239 5604 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
21:55:35.0239 5604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x1BA22970
21:55:35.0239 5604 ============================================================
21:55:35.0282 5604 C: <-> \Device\Harddisk0\DR0\Partition1
21:55:35.0283 5604 ============================================================
21:55:35.0283 5604 Initialize success
21:55:35.0283 5604 ============================================================
21:56:22.0285 1072 ============================================================
21:56:22.0285 1072 Scan started
21:56:22.0285 1072 Mode: Manual; SigCheck; TDLFS;
21:56:22.0285 1072 ============================================================
21:56:23.0539 1072 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:56:23.0743 1072 !SASCORE - ok
21:56:23.0914 1072 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:56:24.0264 1072 1394ohci - ok
21:56:24.0325 1072 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:56:24.0411 1072 ACPI - ok
21:56:24.0427 1072 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:56:24.0551 1072 AcpiPmi - ok
21:56:24.0691 1072 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:56:24.0839 1072 AdobeARMservice - ok
21:56:24.0964 1072 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:56:25.0016 1072 AdobeFlashPlayerUpdateSvc - ok
21:56:25.0073 1072 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:56:25.0108 1072 adp94xx - ok
21:56:25.0136 1072 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:56:25.0169 1072 adpahci - ok
21:56:25.0186 1072 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:56:25.0221 1072 adpu320 - ok
21:56:25.0256 1072 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:56:25.0330 1072 AeLookupSvc - ok
21:56:25.0393 1072 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:56:25.0641 1072 AFD - ok
21:56:25.0676 1072 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:56:25.0761 1072 agp440 - ok
21:56:25.0782 1072 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:56:25.0810 1072 aic78xx - ok
21:56:25.0843 1072 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:56:25.0974 1072 ALG - ok
21:56:26.0052 1072 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:56:26.0151 1072 aliide - ok
21:56:26.0189 1072 AMD External Events Utility (92543da5bb9775978fdbc1650c24a058) C:\Windows\system32\atiesrxx.exe
21:56:26.0361 1072 AMD External Events Utility - ok
21:56:26.0459 1072 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:56:26.0676 1072 amdagp - ok
21:56:26.0769 1072 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:56:26.0968 1072 amdide - ok
21:56:27.0066 1072 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:56:27.0174 1072 AmdK8 - ok
21:56:27.0193 1072 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:56:27.0223 1072 AmdPPM - ok
21:56:27.0238 1072 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:56:27.0437 1072 amdsata - ok
21:56:27.0475 1072 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:56:27.0507 1072 amdsbs - ok
21:56:27.0530 1072 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:56:27.0745 1072 amdxata - ok
21:56:27.0785 1072 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:56:27.0984 1072 AppID - ok
21:56:28.0059 1072 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:56:28.0112 1072 AppIDSvc - ok
21:56:28.0156 1072 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:56:28.0245 1072 Appinfo - ok
21:56:28.0390 1072 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:56:28.0518 1072 Apple Mobile Device - ok
21:56:28.0635 1072 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
21:56:28.0893 1072 AppMgmt - ok
21:56:28.0972 1072 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:56:29.0002 1072 arc - ok
21:56:29.0021 1072 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:56:29.0067 1072 arcsas - ok
21:56:29.0201 1072 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:56:29.0620 1072 aspnet_state - ok
21:56:29.0646 1072 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:56:29.0964 1072 AsyncMac - ok
21:56:30.0003 1072 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:56:30.0289 1072 atapi - ok
21:56:30.0415 1072 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
21:56:30.0618 1072 athr - ok
21:56:30.0773 1072 AtiHdmiService (bb9e7c7f937714f05a4e05c287d6ddff) C:\Windows\system32\drivers\AtiHdmi.sys
21:56:31.0436 1072 AtiHdmiService - ok
21:56:31.0857 1072 atikmdag (632a5be70d168b84f658a82ac8dbbead) C:\Windows\system32\DRIVERS\atikmdag.sys
21:56:32.0054 1072 atikmdag - ok
21:56:32.0286 1072 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:56:32.0351 1072 AtiPcie - ok
21:56:32.0516 1072 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:56:32.0678 1072 AudioEndpointBuilder - ok
21:56:32.0687 1072 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:56:32.0735 1072 Audiosrv - ok
21:56:32.0888 1072 AVP (df9586377384df3808d42090242cc23b) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
21:56:32.0960 1072 AVP - ok
21:56:33.0014 1072 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:56:33.0151 1072 AxInstSV - ok
21:56:33.0283 1072 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:56:33.0366 1072 b06bdrv - ok
21:56:33.0401 1072 b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:56:33.0428 1072 b57nd60x - ok
21:56:33.0532 1072 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:56:33.0580 1072 BcmSqlStartupSvc - ok
21:56:33.0611 1072 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:56:33.0730 1072 BDESVC - ok
21:56:33.0823 1072 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:56:33.0868 1072 Beep - ok
21:56:34.0168 1072 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:56:34.0260 1072 BFE - ok
21:56:34.0316 1072 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
21:56:34.0398 1072 BITS - ok
21:56:34.0414 1072 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:56:34.0465 1072 blbdrive - ok
21:56:34.0607 1072 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:56:34.0653 1072 Bonjour Service - ok
21:56:34.0710 1072 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:56:34.0995 1072 bowser - ok
21:56:35.0026 1072 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:56:35.0100 1072 BrFiltLo - ok
21:56:35.0128 1072 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:56:35.0155 1072 BrFiltUp - ok
21:56:35.0219 1072 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
21:56:35.0298 1072 BridgeMP - ok
21:56:35.0355 1072 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:56:35.0437 1072 Browser - ok
21:56:35.0482 1072 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:56:35.0537 1072 Brserid - ok
21:56:35.0566 1072 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:56:35.0595 1072 BrSerWdm - ok
21:56:35.0613 1072 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:56:35.0642 1072 BrUsbMdm - ok
21:56:35.0652 1072 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:56:35.0680 1072 BrUsbSer - ok
21:56:35.0727 1072 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
21:56:35.0790 1072 BthEnum - ok
21:56:35.0818 1072 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:56:35.0847 1072 BTHMODEM - ok
21:56:35.0874 1072 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
21:56:35.0996 1072 BthPan - ok
21:56:36.0069 1072 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
21:56:36.0152 1072 BTHPORT - ok
21:56:36.0184 1072 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:56:36.0232 1072 bthserv - ok
21:56:36.0281 1072 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
21:56:36.0424 1072 BTHUSB - ok
21:56:36.0455 1072 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
21:56:36.0525 1072 btwaudio - ok
21:56:36.0550 1072 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys
21:56:36.0631 1072 btwavdt - ok
21:56:36.0736 1072 btwdins (528aaea4bea415f7dbc30653ef2cdca5) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:56:36.0803 1072 btwdins - ok
21:56:36.0828 1072 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:56:36.0903 1072 btwl2cap - ok
21:56:36.0915 1072 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
21:56:36.0984 1072 btwrchid - ok
21:56:37.0092 1072 catchme - ok
21:56:37.0138 1072 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:56:37.0207 1072 cdfs - ok
21:56:37.0256 1072 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:56:37.0389 1072 cdrom - ok
21:56:37.0435 1072 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:56:37.0524 1072 CertPropSvc - ok
21:56:37.0540 1072 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:56:37.0571 1072 circlass - ok
21:56:37.0614 1072 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:56:37.0644 1072 CLFS - ok
21:56:37.0724 1072 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:56:37.0763 1072 clr_optimization_v2.0.50727_32 - ok
21:56:37.0839 1072 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:56:37.0895 1072 clr_optimization_v4.0.30319_32 - ok
21:56:37.0928 1072 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:56:37.0956 1072 CmBatt - ok
21:56:38.0002 1072 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:56:38.0072 1072 cmdide - ok
21:56:38.0141 1072 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:56:38.0222 1072 CNG - ok
21:56:38.0235 1072 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:56:38.0260 1072 Compbatt - ok
21:56:38.0301 1072 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:56:38.0488 1072 CompositeBus - ok
21:56:38.0493 1072 COMSysApp - ok
21:56:38.0542 1072 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:56:38.0564 1072 crcdisk - ok
21:56:38.0622 1072 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
21:56:38.0702 1072 CryptSvc - ok
21:56:38.0771 1072 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:56:38.0859 1072 CSC - ok
21:56:38.0912 1072 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
21:56:38.0989 1072 CscService - ok
21:56:39.0029 1072 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:56:39.0078 1072 DcomLaunch - ok
21:56:39.0120 1072 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:56:39.0171 1072 defragsvc - ok
21:56:39.0248 1072 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:56:39.0322 1072 DfsC - ok
21:56:39.0371 1072 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:56:39.0449 1072 Dhcp - ok
21:56:39.0474 1072 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:56:39.0528 1072 discache - ok
21:56:39.0562 1072 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:56:39.0612 1072 Disk - ok
21:56:39.0645 1072 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
21:56:39.0727 1072 DKbFltr - ok
21:56:39.0791 1072 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:56:39.0983 1072 Dnscache - ok
21:56:40.0055 1072 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:56:40.0150 1072 dot3svc - ok
21:56:40.0208 1072 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:56:40.0306 1072 DPS - ok
21:56:40.0331 1072 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:56:40.0361 1072 drmkaud - ok
21:56:40.0403 1072 dwshd - ok
21:56:40.0527 1072 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:56:40.0622 1072 DXGKrnl - ok
21:56:40.0677 1072 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:56:40.0743 1072 EapHost - ok
21:56:41.0013 1072 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:56:41.0086 1072 ebdrv - ok
21:56:41.0233 1072 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:56:41.0362 1072 EFS - ok
21:56:41.0498 1072 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:56:41.0621 1072 ehRecvr - ok
21:56:41.0654 1072 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:56:41.0749 1072 ehSched - ok
21:56:41.0849 1072 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:56:41.0912 1072 elxstor - ok
21:56:41.0953 1072 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:56:42.0047 1072 ErrDev - ok
21:56:42.0124 1072 esgiguard - ok
21:56:42.0197 1072 ETService (2f6d55dc521c557880116b51925a792a) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
21:56:42.0253 1072 ETService ( UnsignedFile.Multi.Generic ) - warning
21:56:42.0253 1072 ETService - detected UnsignedFile.Multi.Generic (1)
21:56:42.0317 1072 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:56:42.0385 1072 EventSystem - ok
21:56:42.0427 1072 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:56:42.0475 1072 exfat - ok
21:56:42.0506 1072 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:56:42.0551 1072 fastfat - ok
21:56:42.0645 1072 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:56:42.0753 1072 Fax - ok
21:56:42.0773 1072 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:56:42.0801 1072 fdc - ok
21:56:42.0826 1072 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:56:42.0875 1072 fdPHost - ok
21:56:42.0892 1072 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:56:43.0006 1072 FDResPub - ok
21:56:43.0022 1072 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:56:43.0049 1072 FileInfo - ok
21:56:43.0068 1072 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:56:43.0112 1072 Filetrace - ok
21:56:43.0132 1072 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:56:43.0159 1072 flpydisk - ok
21:56:43.0188 1072 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:56:43.0215 1072 FltMgr - ok
21:56:43.0322 1072 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:56:43.0539 1072 FontCache - ok
21:56:43.0618 1072 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:56:43.0661 1072 FontCache3.0.0.0 - ok
21:56:43.0694 1072 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:56:43.0720 1072 FsDepends - ok
21:56:43.0770 1072 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:56:43.0847 1072 Fs_Rec - ok
21:56:43.0910 1072 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:56:43.0993 1072 fvevol - ok
21:56:44.0010 1072 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:56:44.0034 1072 gagp30kx - ok
21:56:44.0078 1072 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:56:44.0099 1072 GEARAspiWDM - ok
21:56:44.0362 1072 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:56:44.0464 1072 gpsvc - ok
21:56:44.0619 1072 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files\Acer\Registration\GregHSRW.exe
21:56:44.0690 1072 Greg_Service - ok
21:56:44.0774 1072 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:56:44.0850 1072 gupdate - ok
21:56:44.0898 1072 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:56:44.0936 1072 gupdatem - ok
21:56:45.0074 1072 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:56:45.0153 1072 hcw85cir - ok
21:56:45.0222 1072 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:56:45.0331 1072 HdAudAddService - ok
21:56:45.0432 1072 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:56:45.0553 1072 HDAudBus - ok
21:56:45.0573 1072 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:56:45.0600 1072 HidBatt - ok
21:56:45.0627 1072 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:56:45.0658 1072 HidBth - ok
21:56:45.0668 1072 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:56:45.0699 1072 HidIr - ok
21:56:45.0728 1072 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
21:56:45.0776 1072 hidserv - ok
21:56:45.0789 1072 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:56:45.0863 1072 HidUsb - ok
21:56:45.0915 1072 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:56:45.0994 1072 hkmsvc - ok
21:56:46.0020 1072 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:56:46.0142 1072 HomeGroupListener - ok
21:56:46.0237 1072 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:56:46.0266 1072 HomeGroupProvider - ok
21:56:46.0314 1072 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:56:46.0421 1072 HpSAMD - ok
21:56:46.0468 1072 HsfXAudioService (210388fd8225b02bd83d77628aae64a9) C:\Windows\system32\XAudio32.dll
21:56:46.0630 1072 HsfXAudioService - ok
21:56:46.0787 1072 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:56:46.0921 1072 HSF_DPV - ok
21:56:47.0036 1072 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:56:47.0127 1072 HSXHWAZL - ok
21:56:47.0208 1072 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:56:47.0285 1072 HTTP - ok
21:56:47.0333 1072 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:56:47.0408 1072 hwpolicy - ok
21:56:47.0467 1072 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:56:47.0562 1072 i8042prt - ok
21:56:47.0605 1072 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:56:47.0681 1072 iaStorV - ok
21:56:47.0842 1072 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:56:47.0918 1072 idsvc - ok
21:56:48.0287 1072 IGBASVC (884243a20eccf90f747854e2f0954719) c:\Program Files\Acer Bio Protection\BASVC.exe
21:56:48.0381 1072 IGBASVC ( UnsignedFile.Multi.Generic ) - warning
21:56:48.0382 1072 IGBASVC - detected UnsignedFile.Multi.Generic (1)
21:56:48.0939 1072 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:56:49.0047 1072 igfx - ok
21:56:49.0247 1072 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:56:49.0289 1072 iirsp - ok
21:56:49.0546 1072 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:56:49.0656 1072 IKEEXT - ok
21:56:49.0687 1072 int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys
21:56:49.0738 1072 int15 - ok
21:56:49.0943 1072 IntcAzAudAddService (b29e79c67f3779e70ba187e31b639ebc) C:\Windows\system32\drivers\RTKVHDA.sys
21:56:50.0070 1072 IntcAzAudAddService - ok
21:56:50.0220 1072 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:56:50.0344 1072 intelide - ok
21:56:50.0364 1072 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:56:50.0395 1072 intelppm - ok
21:56:50.0446 1072 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:56:50.0531 1072 IPBusEnum - ok
21:56:50.0554 1072 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:56:50.0602 1072 IpFilterDriver - ok
21:56:50.0775 1072 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:56:50.0854 1072 iphlpsvc - ok
21:56:50.0903 1072 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:56:50.0985 1072 IPMIDRV - ok
21:56:51.0025 1072 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:56:51.0070 1072 IPNAT - ok
21:56:51.0244 1072 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
21:56:51.0283 1072 iPod Service - ok
21:56:51.0291 1072 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:56:51.0360 1072 IRENUM - ok
21:56:51.0397 1072 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:56:51.0469 1072 isapnp - ok
21:56:51.0500 1072 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:56:51.0573 1072 iScsiPrt - ok
21:56:51.0645 1072 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:56:51.0680 1072 IviRegMgr - ok
21:56:51.0700 1072 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:56:51.0774 1072 kbdclass - ok
21:56:51.0825 1072 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
21:56:51.0900 1072 kbdhid - ok
21:56:51.0944 1072 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:56:51.0971 1072 KeyIso - ok
21:56:52.0038 1072 kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
21:56:52.0093 1072 kl1 - ok
21:56:52.0129 1072 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\Windows\system32\drivers\klbg.sys
21:56:52.0181 1072 klbg - ok
21:56:52.0234 1072 KLIF (de6c14fb8438ef932d9f58f269a19b85) C:\Windows\system32\DRIVERS\klif.sys
21:56:52.0286 1072 KLIF - ok
21:56:52.0332 1072 KLIM6 (892cc162dc88ab084c86485879526c59) C:\Windows\system32\DRIVERS\klim6.sys
21:56:52.0386 1072 KLIM6 - ok
21:56:52.0429 1072 klmouflt (aa63a815876a76987b5dbce6af7478e9) C:\Windows\system32\DRIVERS\klmouflt.sys
21:56:52.0480 1072 klmouflt - ok
21:56:52.0526 1072 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:56:52.0581 1072 KSecDD - ok
21:56:52.0606 1072 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:56:52.0667 1072 KSecPkg - ok
21:56:52.0712 1072 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:56:52.0765 1072 KtmRm - ok
21:56:52.0791 1072 L1E (8c804b1ffad1efa952b747e8285c3b76) C:\Windows\system32\DRIVERS\L1E62x86.sys
21:56:52.0818 1072 L1E - ok
21:56:52.0894 1072 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
21:56:52.0963 1072 LanmanServer - ok
21:56:53.0015 1072 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:56:53.0083 1072 LanmanWorkstation - ok
21:56:53.0106 1072 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:56:53.0151 1072 lltdio - ok
21:56:53.0186 1072 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:56:53.0234 1072 lltdsvc - ok
21:56:53.0251 1072 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:56:53.0296 1072 lmhosts - ok
21:56:53.0332 1072 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:56:53.0357 1072 LSI_FC - ok
21:56:53.0372 1072 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:56:53.0401 1072 LSI_SAS - ok
21:56:53.0420 1072 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:56:53.0446 1072 LSI_SAS2 - ok
21:56:53.0463 1072 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:56:53.0488 1072 LSI_SCSI - ok
21:56:53.0509 1072 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:56:53.0554 1072 luafv - ok
21:56:53.0633 1072 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:56:53.0785 1072 Mcx2Svc - ok
21:56:53.0805 1072 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:56:53.0986 1072 mdmxsdk - ok
21:56:54.0024 1072 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:56:54.0068 1072 megasas - ok
21:56:54.0104 1072 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:56:54.0131 1072 MegaSR - ok
21:56:54.0238 1072 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:56:54.0261 1072 Microsoft Office Groove Audit Service - ok
21:56:54.0294 1072 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:56:54.0340 1072 MMCSS - ok
21:56:54.0358 1072 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:56:54.0401 1072 Modem - ok
21:56:54.0420 1072 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:56:54.0450 1072 monitor - ok
21:56:54.0486 1072 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:56:54.0558 1072 mouclass - ok
21:56:54.0679 1072 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:56:54.0729 1072 mouhid - ok
21:56:54.0914 1072 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:56:54.0991 1072 mountmgr - ok
21:56:55.0073 1072 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:56:55.0219 1072 MozillaMaintenance - ok
21:56:55.0328 1072 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:56:55.0441 1072 mpio - ok
21:56:55.0475 1072 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:56:55.0519 1072 mpsdrv - ok
21:56:55.0606 1072 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:56:55.0708 1072 MpsSvc - ok
21:56:55.0758 1072 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:56:55.0830 1072 MRxDAV - ok
21:56:55.0886 1072 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:56:56.0103 1072 mrxsmb - ok
21:56:56.0164 1072 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:56:56.0262 1072 mrxsmb10 - ok
21:56:56.0287 1072 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:56:56.0426 1072 mrxsmb20 - ok
21:56:56.0516 1072 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:56:56.0588 1072 msahci - ok
21:56:56.0645 1072 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:56:56.0742 1072 msdsm - ok
21:56:56.0776 1072 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:56:56.0850 1072 MSDTC - ok
21:56:56.0876 1072 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:56:56.0922 1072 Msfs - ok
21:56:56.0937 1072 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:56:56.0981 1072 mshidkmdf - ok
21:56:56.0995 1072 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:56:57.0065 1072 msisadrv - ok
21:56:57.0104 1072 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:56:57.0167 1072 MSiSCSI - ok
21:56:57.0175 1072 msiserver - ok
21:56:57.0191 1072 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:56:57.0241 1072 MSKSSRV - ok
21:56:57.0249 1072 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:56:57.0297 1072 MSPCLOCK - ok
21:56:57.0305 1072 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:56:57.0366 1072 MSPQM - ok
21:56:57.0391 1072 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:56:57.0420 1072 MsRPC - ok
21:56:57.0471 1072 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:56:57.0591 1072 mssmbios - ok
21:56:57.0668 1072 MSSQL$MSSMLBIZ - ok
21:56:57.0744 1072 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:56:57.0953 1072 MSSQLServerADHelper - ok
21:56:58.0008 1072 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:56:58.0052 1072 MSTEE - ok
21:56:58.0061 1072 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:56:58.0092 1072 MTConfig - ok
21:56:58.0116 1072 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:56:58.0142 1072 Mup - ok
21:56:58.0206 1072 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:56:58.0288 1072 napagent - ok
21:56:58.0325 1072 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:56:58.0360 1072 NativeWifiP - ok
21:56:58.0420 1072 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:56:58.0496 1072 NDIS - ok
21:56:58.0515 1072 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:56:58.0561 1072 NdisCap - ok
21:56:58.0581 1072 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:56:58.0624 1072 NdisTapi - ok
21:56:58.0664 1072 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:56:58.0709 1072 Ndisuio - ok
21:56:58.0758 1072 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:56:58.0803 1072 NdisWan - ok
21:56:58.0853 1072 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:56:58.0923 1072 NDProxy - ok
21:56:58.0976 1072 Net Driver HPZ12 (90eb97c8dbf11bb0016c51946ac5ecd6) C:\Windows\system32\HPZinw12.dll
21:56:59.0005 1072 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:56:59.0005 1072 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:56:59.0043 1072 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:56:59.0088 1072 NetBIOS - ok
21:56:59.0141 1072 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:56:59.0218 1072 NetBT - ok
21:56:59.0256 1072 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:56:59.0285 1072 Netlogon - ok
21:56:59.0339 1072 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:56:59.0391 1072 Netman - ok
21:56:59.0521 1072 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0568 1072 NetMsmqActivator - ok
21:56:59.0575 1072 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0599 1072 NetPipeActivator - ok
21:56:59.0629 1072 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:56:59.0680 1072 netprofm - ok
21:56:59.0687 1072 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0714 1072 NetTcpActivator - ok
21:56:59.0721 1072 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0748 1072 NetTcpPortSharing - ok
21:56:59.0780 1072 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:56:59.0806 1072 nfrd960 - ok
21:56:59.0874 1072 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:56:59.0968 1072 NlaSvc - ok
21:56:59.0988 1072 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:57:00.0033 1072 Npfs - ok
21:57:00.0069 1072 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:57:00.0125 1072 nsi - ok
21:57:00.0154 1072 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:57:00.0199 1072 nsiproxy - ok
21:57:00.0360 1072 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:57:00.0528 1072 Ntfs - ok
21:57:00.0687 1072 NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
21:57:00.0758 1072 NTIBackupSvc - ok
21:57:00.0888 1072 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
21:57:00.0956 1072 NTIDrvr - ok
21:57:00.0995 1072 NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
21:57:01.0057 1072 NTISchedulerSvc - ok
21:57:01.0097 1072 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:57:01.0152 1072 Null - ok
21:57:01.0211 1072 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:57:01.0354 1072 nvraid - ok
21:57:01.0390 1072 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:57:01.0526 1072 nvstor - ok
21:57:01.0609 1072 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:57:01.0728 1072 nv_agp - ok
21:57:01.0788 1072 O2FLASH (d955d5de998db2476bf0892be3a96c26) C:\Windows\system32\DRIVERS\o2flash.exe
21:57:01.0957 1072 O2FLASH - ok
21:57:02.0000 1072 O2MDRDR (922046f114ac0c1b2484bcdd5ca43c07) C:\Windows\system32\DRIVERS\o2media.sys
21:57:02.0070 1072 O2MDRDR - ok
21:57:02.0087 1072 O2SDRDR (51c368f577513feb59ed70b45e930076) C:\Windows\system32\DRIVERS\o2sd.sys
21:57:02.0163 1072 O2SDRDR - ok
21:57:02.0301 1072 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:57:02.0332 1072 odserv - ok
21:57:02.0378 1072 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:57:02.0454 1072 ohci1394 - ok
21:57:02.0504 1072 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:57:02.0530 1072 ose - ok
21:57:03.0004 1072 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:57:03.0143 1072 osppsvc - ok
21:57:03.0331 1072 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:57:03.0477 1072 p2pimsvc - ok
21:57:03.0511 1072 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:57:03.0553 1072 p2psvc - ok
21:57:03.0606 1072 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:57:03.0653 1072 Parport - ok
21:57:03.0697 1072 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:57:03.0735 1072 partmgr - ok
21:57:03.0756 1072 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:57:03.0785 1072 Parvdm - ok
21:57:03.0816 1072 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:57:03.0854 1072 PcaSvc - ok
21:57:03.0911 1072 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:57:03.0997 1072 pci - ok
21:57:04.0025 1072 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:57:04.0096 1072 pciide - ok
21:57:04.0138 1072 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:57:04.0191 1072 pcmcia - ok
21:57:04.0218 1072 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:57:04.0255 1072 pcw - ok
21:57:04.0311 1072 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:57:04.0373 1072 PEAUTH - ok
21:57:04.0465 1072 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
21:57:04.0591 1072 PeerDistSvc - ok
21:57:04.0794 1072 pgfilter - ok
21:57:05.0150 1072 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:57:05.0247 1072 pla - ok
21:57:05.0420 1072 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:57:05.0684 1072 PlugPlay - ok
21:57:05.0745 1072 Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\Windows\system32\HPZipm12.dll
21:57:05.0852 1072 Pml Driver HPZ12 - ok
21:57:05.0880 1072 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:57:05.0915 1072 PNRPAutoReg - ok
21:57:05.0952 1072 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:57:05.0985 1072 PNRPsvc - ok
21:57:06.0062 1072 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:57:06.0151 1072 PolicyAgent - ok
21:57:06.0211 1072 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:57:06.0297 1072 Power - ok
21:57:06.0363 1072 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:57:06.0429 1072 PptpMiniport - ok
21:57:06.0448 1072 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:57:06.0476 1072 Processor - ok
21:57:06.0504 1072 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
21:57:06.0576 1072 ProfSvc - ok
21:57:06.0623 1072 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:57:06.0669 1072 ProtectedStorage - ok
21:57:06.0695 1072 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:57:06.0742 1072 Psched - ok
21:57:06.0818 1072 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
21:57:06.0869 1072 PSI_SVC_2 - ok
21:57:06.0984 1072 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:57:07.0059 1072 ql2300 - ok
21:57:07.0219 1072 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:57:07.0266 1072 ql40xx - ok
21:57:07.0320 1072 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:57:07.0367 1072 QWAVE - ok
21:57:07.0392 1072 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:57:07.0427 1072 QWAVEdrv - ok
21:57:07.0442 1072 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:57:07.0487 1072 RasAcd - ok
21:57:07.0519 1072 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:57:07.0579 1072 RasAgileVpn - ok
21:57:07.0601 1072 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:57:07.0698 1072 RasAuto - ok
21:57:07.0733 1072 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:57:07.0793 1072 Rasl2tp - ok
21:57:07.0868 1072 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:57:07.0940 1072 RasMan - ok
21:57:07.0971 1072 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:57:08.0033 1072 RasPppoe - ok
21:57:08.0054 1072 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:57:08.0112 1072 RasSstp - ok
21:57:08.0144 1072 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:57:08.0213 1072 rdbss - ok
21:57:08.0233 1072 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:57:08.0277 1072 rdpbus - ok
21:57:08.0322 1072 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:57:08.0396 1072 RDPCDD - ok
21:57:08.0456 1072 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:57:08.0610 1072 RDPDR - ok
21:57:08.0677 1072 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:57:08.0747 1072 RDPENCDD - ok
21:57:08.0784 1072 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:57:08.0826 1072 RDPREFMP - ok
21:57:08.0891 1072 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
21:57:08.0946 1072 RDPWD - ok
21:57:09.0008 1072 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:57:09.0061 1072 rdyboost - ok
21:57:09.0092 1072 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
21:57:09.0161 1072 regi - ok
21:57:09.0210 1072 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:57:09.0301 1072 RemoteAccess - ok
21:57:09.0342 1072 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:57:09.0400 1072 RemoteRegistry - ok
21:57:09.0440 1072 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
21:57:09.0558 1072 RFCOMM - ok
21:57:09.0587 1072 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:57:09.0641 1072 RpcEptMapper - ok
21:57:09.0658 1072 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:57:09.0750 1072 RpcLocator - ok
21:57:09.0967 1072 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:57:10.0017 1072 RpcSs - ok
21:57:10.0064 1072 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:57:10.0126 1072 rspndr - ok
21:57:10.0224 1072 RS_Service (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files\Acer\Acer VCM\RS_Service.exe
21:57:10.0264 1072 RS_Service ( UnsignedFile.Multi.Generic ) - warning
21:57:10.0264 1072 RS_Service - detected UnsignedFile.Multi.Generic (1)
21:57:10.0306 1072 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:57:10.0459 1072 s3cap - ok
21:57:10.0519 1072 SABKUTIL - ok
21:57:10.0556 1072 SABProcEnum - ok
21:57:10.0600 1072 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:57:10.0629 1072 SamSs - ok
21:57:10.0745 1072 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:57:10.0793 1072 SASDIFSV - ok
21:57:10.0817 1072 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:57:10.0847 1072 SASKUTIL - ok
21:57:10.0903 1072 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:57:11.0010 1072 sbp2port - ok
21:57:11.0048 1072 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:57:11.0101 1072 SCardSvr - ok
21:57:11.0143 1072 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:57:11.0188 1072 scfilter - ok
21:57:11.0294 1072 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:57:11.0386 1072 Schedule - ok
21:57:11.0436 1072 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:57:11.0507 1072 SCPolicySvc - ok
21:57:11.0554 1072 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
21:57:11.0644 1072 sdbus - ok
21:57:11.0669 1072 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:57:11.0762 1072 SDRSVC - ok
21:57:11.0924 1072 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:57:11.0997 1072 secdrv - ok
21:57:12.0034 1072 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:57:12.0095 1072 seclogon - ok
21:57:12.0126 1072 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
21:57:12.0176 1072 SENS - ok
21:57:12.0200 1072 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:57:12.0274 1072 SensrSvc - ok
21:57:12.0294 1072 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:57:12.0321 1072 Serenum - ok
21:57:12.0345 1072 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:57:12.0375 1072 Serial - ok
21:57:12.0430 1072 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:57:12.0527 1072 sermouse - ok
21:57:12.0594 1072 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:57:12.0682 1072 SessionEnv - ok
21:57:12.0726 1072 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:57:12.0828 1072 sffdisk - ok
21:57:12.0846 1072 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:57:12.0920 1072 sffp_mmc - ok
21:57:12.0930 1072 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:57:13.0019 1072 sffp_sd - ok
21:57:13.0047 1072 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:57:13.0074 1072 sfloppy - ok
21:57:13.0167 1072 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:57:13.0224 1072 SharedAccess - ok
21:57:13.0285 1072 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:57:13.0403 1072 ShellHWDetection - ok
21:57:13.0447 1072 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:57:13.0573 1072 sisagp - ok
21:57:13.0603 1072 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:57:13.0632 1072 SiSRaid2 - ok
21:57:13.0662 1072 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:57:13.0689 1072 SiSRaid4 - ok
21:57:13.0710 1072 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:57:13.0760 1072 Smb - ok
21:57:13.0828 1072 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:57:13.0860 1072 SNMPTRAP - ok
21:57:13.0887 1072 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:57:13.0914 1072 spldr - ok
21:57:13.0984 1072 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:57:14.0078 1072 Spooler - ok
21:57:14.0361 1072 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:57:14.0493 1072 sppsvc - ok
21:57:14.0710 1072 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:57:14.0786 1072 sppuinotify - ok
21:57:14.0903 1072 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:57:15.0037 1072 SQLBrowser - ok
21:57:15.0055 1072 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:57:15.0092 1072 SQLWriter - ok
21:57:15.0347 1072 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:57:15.0532 1072 srv - ok
21:57:15.0599 1072 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:57:15.0759 1072 srv2 - ok
21:57:15.0815 1072 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:57:15.0881 1072 SrvHsfHDA - ok
21:57:15.0970 1072 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:57:16.0052 1072 SrvHsfV92 - ok
21:57:16.0128 1072 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:57:16.0204 1072 SrvHsfWinac - ok
21:57:16.0254 1072 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:57:16.0394 1072 srvnet - ok
21:57:16.0512 1072 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:57:16.0588 1072 SSDPSRV - ok
21:57:16.0622 1072 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:57:16.0672 1072 SstpSvc - ok
21:57:16.0708 1072 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:57:16.0733 1072 stexstor - ok
21:57:16.0804 1072 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:57:16.0916 1072 StiSvc - ok
21:57:16.0967 1072 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:57:17.0076 1072 storflt - ok
21:57:17.0203 1072 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
21:57:17.0340 1072 StorSvc - ok
21:57:17.0360 1072 storvsc (dcaffd62259e0bdb433
-
22:13:15.0323 4984 storvsc - ok
22:13:15.0383 4984 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:13:15.0495 4984 swenum - ok
22:13:15.0566 4984 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:13:15.0650 4984 swprv - ok
22:13:15.0706 4984 SynTP (47183e3520c88fadd5b0c87d57040da5) C:\Windows\system32\DRIVERS\SynTP.sys
22:13:15.0808 4984 SynTP - ok
22:13:16.0004 4984 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
22:13:16.0141 4984 SysMain - ok
22:13:16.0188 4984 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
22:13:16.0304 4984 TabletInputService - ok
22:13:16.0395 4984 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
22:13:16.0556 4984 TapiSrv - ok
22:13:16.0599 4984 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:13:16.0664 4984 TBS - ok
22:13:16.0842 4984 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
22:13:16.0925 4984 Tcpip - ok
22:13:17.0180 4984 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
22:13:17.0230 4984 TCPIP6 - ok
22:13:17.0431 4984 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:13:17.0529 4984 tcpipreg - ok
22:13:17.0593 4984 TcUsb (51d4e3f5d221539c0a4a186a27c09ad7) C:\Windows\system32\Drivers\tcusb.sys
22:13:17.0694 4984 TcUsb - ok
22:13:17.0734 4984 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:13:17.0844 4984 TDPIPE - ok
22:13:17.0907 4984 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
22:13:18.0004 4984 TDTCP - ok
22:13:18.0053 4984 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:13:18.0149 4984 tdx - ok
22:13:18.0221 4984 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:13:18.0369 4984 TermDD - ok
22:13:18.0473 4984 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
22:13:18.0601 4984 TermService - ok
22:13:18.0661 4984 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:13:18.0707 4984 Themes - ok
22:13:18.0791 4984 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:13:18.0850 4984 THREADORDER - ok
22:13:18.0909 4984 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:13:18.0962 4984 TrkWks - ok
22:13:19.0057 4984 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
22:13:19.0184 4984 TrustedInstaller - ok
22:13:19.0223 4984 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:13:19.0355 4984 tssecsrv - ok
22:13:19.0445 4984 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:13:19.0607 4984 TsUsbFlt - ok
22:13:19.0685 4984 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:13:19.0840 4984 tunnel - ok
22:13:19.0902 4984 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:13:20.0014 4984 uagp35 - ok
22:13:20.0046 4984 UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
22:13:20.0117 4984 UBHelper - ok
22:13:20.0184 4984 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:13:20.0314 4984 udfs - ok
22:13:20.0370 4984 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:13:20.0503 4984 UI0Detect - ok
22:13:20.0548 4984 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:13:20.0753 4984 uliagpkx - ok
22:13:20.0818 4984 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
22:13:21.0006 4984 umbus - ok
22:13:21.0035 4984 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:13:21.0192 4984 UmPass - ok
22:13:21.0258 4984 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
22:13:21.0385 4984 UmRdpService - ok
22:13:21.0503 4984 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
22:13:21.0570 4984 Updater Service - ok
22:13:21.0623 4984 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:13:21.0684 4984 upnphost - ok
22:13:21.0741 4984 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
22:13:21.0916 4984 USBAAPL - ok
22:13:21.0993 4984 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
22:13:22.0123 4984 usbaudio - ok
22:13:22.0154 4984 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:13:22.0409 4984 usbccgp - ok
22:13:22.0432 4984 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:13:22.0576 4984 usbcir - ok
22:13:22.0606 4984 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:13:22.0741 4984 usbehci - ok
22:13:22.0779 4984 usbfilter (0150b06d3e73f6c27afcb963fd931820) C:\Windows\system32\DRIVERS\usbfilter.sys
22:13:22.0877 4984 usbfilter - ok
22:13:22.0922 4984 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:13:23.0049 4984 usbhub - ok
22:13:23.0111 4984 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
22:13:23.0167 4984 usbohci - ok
22:13:23.0210 4984 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:13:23.0306 4984 usbprint - ok
22:13:23.0325 4984 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:13:23.0509 4984 USBSTOR - ok
22:13:23.0568 4984 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
22:13:23.0719 4984 usbuhci - ok
22:13:23.0904 4984 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
22:13:24.0065 4984 usbvideo - ok
22:13:24.0126 4984 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:13:24.0175 4984 UxSms - ok
22:13:24.0221 4984 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:13:24.0252 4984 VaultSvc - ok
22:13:24.0318 4984 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:13:24.0436 4984 vdrvroot - ok
22:13:24.0547 4984 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
22:13:24.0724 4984 vds - ok
22:13:24.0760 4984 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:13:24.0912 4984 vga - ok
22:13:24.0938 4984 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:13:25.0108 4984 VgaSave - ok
22:13:25.0161 4984 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:13:25.0388 4984 vhdmp - ok
22:13:25.0445 4984 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:13:25.0637 4984 viaagp - ok
22:13:25.0678 4984 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:13:25.0853 4984 ViaC7 - ok
22:13:25.0883 4984 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:13:26.0002 4984 viaide - ok
22:13:26.0094 4984 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
22:13:26.0234 4984 vmbus - ok
22:13:26.0251 4984 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
22:13:26.0398 4984 VMBusHID - ok
22:13:26.0460 4984 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:13:26.0575 4984 volmgr - ok
22:13:26.0625 4984 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:13:26.0724 4984 volmgrx - ok
22:13:26.0809 4984 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:13:26.0955 4984 volsnap - ok
22:13:26.0999 4984 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:13:27.0100 4984 vsmraid - ok
22:13:27.0259 4984 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
22:13:27.0416 4984 VSS - ok
22:13:27.0499 4984 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
22:13:27.0610 4984 vwifibus - ok
22:13:27.0633 4984 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
22:13:27.0734 4984 vwififlt - ok
22:13:27.0789 4984 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
22:13:27.0883 4984 vwifimp - ok
22:13:27.0951 4984 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:13:28.0044 4984 W32Time - ok
22:13:28.0095 4984 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:13:28.0186 4984 WacomPen - ok
22:13:28.0255 4984 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:13:28.0349 4984 WANARP - ok
22:13:28.0358 4984 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:13:28.0407 4984 Wanarpv6 - ok
22:13:28.0589 4984 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
22:13:28.0665 4984 WatAdminSvc - ok
22:13:28.0977 4984 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
22:13:29.0162 4984 wbengine - ok
22:13:29.0222 4984 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
22:13:29.0302 4984 WbioSrvc - ok
22:13:29.0378 4984 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
22:13:29.0556 4984 wcncsvc - ok
22:13:29.0589 4984 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
22:13:29.0739 4984 WcsPlugInService - ok
22:13:29.0801 4984 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:13:29.0955 4984 Wd - ok
22:13:30.0019 4984 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:13:30.0099 4984 Wdf01000 - ok
22:13:30.0133 4984 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:13:30.0251 4984 WdiServiceHost - ok
22:13:30.0263 4984 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:13:30.0298 4984 WdiSystemHost - ok
22:13:30.0357 4984 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
22:13:30.0461 4984 WebClient - ok
22:13:30.0489 4984 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
22:13:30.0545 4984 Wecsvc - ok
22:13:30.0570 4984 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
22:13:30.0620 4984 wercplsupport - ok
22:13:30.0662 4984 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
22:13:30.0715 4984 WerSvc - ok
22:13:30.0754 4984 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:13:30.0842 4984 WfpLwf - ok
22:13:30.0862 4984 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:13:30.0936 4984 WIMMount - ok
22:13:31.0002 4984 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:13:31.0161 4984 winachsf - ok
22:13:31.0305 4984 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:13:31.0394 4984 WinDefend - ok
22:13:31.0423 4984 WinHttpAutoProxySvc - ok
22:13:31.0650 4984 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
22:13:31.0711 4984 Winmgmt - ok
22:13:31.0852 4984 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
22:13:31.0962 4984 WinRM - ok
22:13:32.0083 4984 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
22:13:32.0171 4984 WinUsb - ok
22:13:32.0291 4984 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
22:13:32.0351 4984 Wlansvc - ok
22:13:32.0667 4984 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:13:32.0753 4984 wlidsvc - ok
22:13:32.0927 4984 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:13:33.0028 4984 WmiAcpi - ok
22:13:33.0109 4984 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
22:13:33.0229 4984 wmiApSrv - ok
22:13:33.0413 4984 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:13:33.0629 4984 WMPNetworkSvc - ok
22:13:33.0742 4984 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
22:13:33.0868 4984 WPCSvc - ok
22:13:33.0935 4984 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
22:13:34.0045 4984 WPDBusEnum - ok
22:13:34.0254 4984 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:13:34.0360 4984 ws2ifsl - ok
22:13:34.0390 4984 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
22:13:34.0429 4984 wscsvc - ok
22:13:34.0495 4984 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:13:34.0656 4984 WSDPrintDevice - ok
22:13:34.0668 4984 WSearch - ok
22:13:34.0911 4984 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
22:13:35.0030 4984 wuauserv - ok
22:13:35.0195 4984 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:13:35.0335 4984 WudfPf - ok
22:13:35.0374 4984 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:13:35.0460 4984 WUDFRd - ok
22:13:35.0520 4984 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
22:13:35.0645 4984 wudfsvc - ok
22:13:35.0698 4984 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
22:13:35.0761 4984 WwanSvc - ok
22:13:35.0796 4984 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
22:13:35.0869 4984 XAudio - ok
22:13:36.0022 4984 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:13:36.0099 4984 YahooAUService - ok
22:13:36.0158 4984 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0
22:13:39.0553 4984 \Device\Harddisk0\DR0 - ok
22:13:39.0587 4984 Boot (0x1200) (f6db4357816cb62e20c12650128fa49f) \Device\Harddisk0\DR0\Partition0
22:13:39.0590 4984 \Device\Harddisk0\DR0\Partition0 - ok
22:13:39.0612 4984 Boot (0x1200) (8724746da5f04487e5f43566f61d6ad3) \Device\Harddisk0\DR0\Partition1
22:13:39.0615 4984 \Device\Harddisk0\DR0\Partition1 - ok
22:13:39.0616 4984 ============================================================
22:13:39.0616 4984 Scan finished
22:13:39.0616 4984 ============================================================
22:13:39.0640 5312 Detected object count: 0
22:13:39.0640 5312 Actual detected object count: 0
22:13:45.0411 5400 Deinitialize success
-
Thank you.
How is the computer doing now?
-
Exactly the same -- url warnings followed by WE shut down and restart.
Very frustrating...
What else could it be?
-
Download the MBR Rootkit Detector (http://www2.gmer.net/mbr/mbr.exe) to your desktop.
* Doubleclick mbr.exe and follow prompts.
* A black DOS window will quickly appear then disappear.
* When mbr.exe is finished it will create a log on your desktop.
* Copy and paste contents of that log file to your next reply.
-
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: Hitachi_HTS543225L9A300 rev.FBEOC40C -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
-
I'm really not sure what is going on.
Is Kaspersky updated?
-
Yes, in fact I just do another manual update to be sure and then a full scan, which took nearly 6 hrs to complete. Still no change.
-
Apparently you have something installed that is trying to connect to 76.191.112.2.
You are not using any cracked software are you?
-
No cracked software installed.
-
Please download aswMBR.exe (http://http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i62.servimg.com/u/f62/15/92/84/26/aswmbr14.jpg)
Click the "Scan" button to start scan
(http://i62.servimg.com/u/f62/15/92/84/26/aswmbr10.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
-
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-02 08:04:08
-----------------------------
08:04:08.477 OS Version: Windows 6.1.7601 Service Pack 1
08:04:08.477 Number of processors: 2 586 0x301
08:04:08.477 ComputerName: PETER-PC UserName: Peter
08:04:10.397 Initialize success
08:04:22.661 AVAST engine defs: 12060200
08:04:48.198 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:04:48.214 Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40C Size: 238475MB BusType: 11
08:04:48.260 Disk 0 MBR read successfully
08:04:48.260 Disk 0 MBR scan
08:04:48.276 Disk 0 unknown MBR code
08:04:48.292 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
08:04:48.307 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 24578048
08:04:48.323 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 226373 MB offset 24782848
08:04:48.338 Disk 0 scanning sectors +488395120
08:04:48.416 Disk 0 scanning C:\Windows\system32\drivers
08:05:04.796 Service scanning
08:05:52.408 Modules scanning
08:06:08.351 Disk 0 trace - called modules:
08:06:08.897 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
08:06:08.913 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863dc648]
08:06:08.928 3 CLASSPNP.SYS[8afae59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8639f908]
08:06:09.942 AVAST engine scan C:\Windows
08:06:15.326 AVAST engine scan C:\Windows\system32
08:13:05.941 AVAST engine scan C:\Windows\system32\drivers
08:13:25.207 AVAST engine scan C:\Users\Peter
08:32:25.864 AVAST engine scan C:\ProgramData
08:42:24.304 Scan finished successfully
09:04:08.333 Disk 0 MBR has been saved successfully to "C:\Users\Peter\Documents\MBR.dat"
09:04:08.349 The log file has been saved successfully to "C:\Users\Peter\Documents\aswMBR6212.txt"
-
I'm not sure what significance this has but the malicious URL warning and WE shut-down occurs only when I use Firefox -- but not IE.
Any idea why that would be?
Thanks for your continued help and advice.
Peter
-
Can you start Firefox in Safe Mode?
Hold down the shift key while starting Firefox.
Does it give the warning then?
-
Edit: Just got some more information from SuperDave.
We need to fix the Master Boot Record (http://en.wikipedia.org/wiki/Master_boot_record) using aswMBR now.
- Double click aswMBR.exe to run it like before
- Once the scan finishes click FixMBR to remove the infection as illustrated below
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_FixMBR.jpg)
- Once the scan finishes click Save log to save the log to your Desktop
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
- Copy and paste the contents of aswMBR.txt back here for review
.
-
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-02 16:00:33
-----------------------------
16:00:33.618 OS Version: Windows 6.1.7601 Service Pack 1
16:00:33.618 Number of processors: 2 586 0x301
16:00:33.621 ComputerName: PETER-PC UserName: Peter
16:00:34.839 Initialize success
16:00:43.947 AVAST engine defs: 12060200
16:00:52.810 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:00:52.814 Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40C Size: 238475MB BusType: 11
16:00:52.837 Disk 0 MBR read successfully
16:00:52.841 Disk 0 MBR scan
16:00:52.875 Disk 0 unknown MBR code
16:00:52.881 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
16:00:52.910 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 24578048
16:00:52.936 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 226373 MB offset 24782848
16:00:52.953 Disk 0 scanning sectors +488395120
16:00:53.022 Disk 0 scanning C:\Windows\system32\drivers
16:01:28.311 Service scanning
16:02:34.396 Modules scanning
16:02:46.690 Disk 0 trace - called modules:
16:02:47.073 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
16:02:47.087 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863a93b8]
16:02:47.103 3 CLASSPNP.SYS[8adbf59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8639f908]
16:02:48.210 AVAST engine scan C:\Windows
16:02:55.353 AVAST engine scan C:\Windows\system32
16:11:36.090 AVAST engine scan C:\Windows\system32\drivers
16:12:14.140 AVAST engine scan C:\Users\Peter
16:41:39.043 AVAST engine scan C:\ProgramData
16:55:51.118 Scan finished successfully
17:10:02.603 Verifying
17:10:12.626 Disk 0 Windows 601 MBR fixed successfully
17:10:29.696 Disk 0 MBR has been saved successfully to "C:\Users\Peter\Documents\MBR.dat"
17:10:29.706 The log file has been saved successfully to "C:\Users\Peter\Documents\aswMBR.txt"
-
Hopefully you will see an improvement in how the computer is running now?
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe)
Link 2 (http://ad13.geekstogo.com/MBRCheck.exe)
Link 3 (http://www.kernelmode.info/MBRCheck.exe)
Double-click on MBRCheck.exe to run it.
It will open a black window...please do not fix anything (if it gives you an option).
When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
Please copy and paste the contents of that log in your next reply.
-
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: TravelMate 5530
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 214):
0x8303A000 \SystemRoot\system32\ntkrnlpa.exe
0x83003000 \SystemRoot\system32\halmacpi.dll
0x80BAF000 \SystemRoot\system32\kdcom.dll
0x8360D000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x83618000 \SystemRoot\system32\PSHED.dll
0x83629000 \SystemRoot\system32\BOOTVID.dll
0x83631000 \SystemRoot\system32\CLFS.SYS
0x83673000 \SystemRoot\system32\CI.dll
0x8371E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8378F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8379D000 \SystemRoot\system32\drivers\ACPI.sys
0x837E5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x837EE000 \SystemRoot\system32\drivers\msisadrv.sys
0x8AA1E000 \SystemRoot\system32\drivers\pci.sys
0x8AA48000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8AA53000 \SystemRoot\System32\drivers\partmgr.sys
0x8AA64000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8AA6C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AA77000 \SystemRoot\system32\drivers\volmgr.sys
0x8AA87000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AAD2000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AAE8000 \SystemRoot\system32\drivers\vmbus.sys
0x8AB12000 \SystemRoot\system32\drivers\winhv.sys
0x8AB24000 \SystemRoot\system32\drivers\atapi.sys
0x8AB2D000 \SystemRoot\system32\drivers\ataport.SYS
0x8AB50000 \SystemRoot\system32\drivers\msahci.sys
0x8AB5A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8AB68000 \SystemRoot\system32\drivers\amdxata.sys
0x8AB71000 \SystemRoot\system32\drivers\fltmgr.sys
0x8ABA5000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AC06000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AD35000 \SystemRoot\System32\Drivers\msrpc.sys
0x8AD60000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AD73000 \SystemRoot\System32\Drivers\cng.sys
0x8ADD0000 \SystemRoot\System32\drivers\pcw.sys
0x8ADDE000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8AE24000 \SystemRoot\system32\drivers\ndis.sys
0x8AEDB000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AF19000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B02E000 \SystemRoot\System32\drivers\tcpip.sys
0x8B179000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B1AA000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8B1B3000 \SystemRoot\system32\drivers\volsnap.sys
0x8B1F2000 \SystemRoot\System32\Drivers\spldr.sys
0x8B000000 \SystemRoot\System32\drivers\rdyboost.sys
0x8AF3E000 \SystemRoot\System32\Drivers\mup.sys
0x8AF4E000 \SystemRoot\system32\drivers\klbg.sys
0x8AF5B000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8AF63000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8AF95000 \SystemRoot\system32\DRIVERS\disk.sys
0x8AFA6000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8AFCB000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8ABB6000 \SystemRoot\system32\drivers\cdrom.sys
0x94014000 \SystemRoot\system32\DRIVERS\klif.sys
0x94065000 \SystemRoot\System32\Drivers\Null.SYS
0x9406C000 \SystemRoot\System32\Drivers\Beep.SYS
0x94073000 \SystemRoot\System32\drivers\vga.sys
0x9407F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x940A0000 \SystemRoot\System32\drivers\watchdog.sys
0x940AD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x940B5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x940BD000 \SystemRoot\system32\drivers\rdprefmp.sys
0x940C5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x940D0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x940DE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x940F5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x94101000 \SystemRoot\System32\DRIVERS\netbt.sys
0x95A2D000 \SystemRoot\system32\DRIVERS\kl1.sys
0x95F4D000 \SystemRoot\system32\drivers\afd.sys
0x95FA7000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x95FB0000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x95FB7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x95FD6000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x95FE7000 \SystemRoot\system32\DRIVERS\klim6.sys
0x95FEE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x95A00000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x95A13000 \SystemRoot\system32\drivers\termdd.sys
0x94133000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x95A24000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x94155000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x94196000 \SystemRoot\system32\drivers\nsiproxy.sys
0x941A0000 \SystemRoot\system32\drivers\mssmbios.sys
0x941AA000 \SystemRoot\System32\drivers\discache.sys
0x95627000 \SystemRoot\system32\drivers\csc.sys
0x9568B000 \SystemRoot\System32\Drivers\dfsc.sys
0x956A3000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x956B1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x956D2000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x956E3000 \SystemRoot\system32\drivers\wmiacpi.sys
0x96633000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x96B48000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x956EC000 \SystemRoot\System32\drivers\dxgmms1.sys
0x96600000 \SystemRoot\system32\drivers\HDAudBus.sys
0x95725000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x96C3A000 \SystemRoot\system32\DRIVERS\athr.sys
0x96D67000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x96D71000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x96D79000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x96D81000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x96D87000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x96D91000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x96DDC000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x96DE2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x96DF1000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x96C00000 \SystemRoot\system32\drivers\i8042prt.sys
0x96C18000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x96C22000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x95766000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x96C2F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x96C31000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x9661F000 \SystemRoot\system32\drivers\mouclass.sys
0x95799000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x96DF5000 \SystemRoot\system32\DRIVERS\o2sd.sys
0x957C7000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x957ED000 \SystemRoot\system32\DRIVERS\o2media.sys
0x95600000 \SystemRoot\system32\drivers\CompositeBus.sys
0x9560D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x941B6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x941CE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x941D9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8ADE7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8ABD5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AA00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x94000000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x96DFE000 \SystemRoot\system32\drivers\swenum.sys
0x9781E000 \SystemRoot\system32\drivers\ks.sys
0x97852000 \SystemRoot\system32\DRIVERS\umbus.sys
0x97860000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x978A4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x978B5000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x978D1000 \SystemRoot\system32\drivers\portcls.sys
0x97900000 \SystemRoot\system32\drivers\drmk.sys
0x99203000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x994A0000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x994DD000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x97919000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x995DF000 \SystemRoot\system32\drivers\modem.sys
0x9A310000 \SystemRoot\System32\win32k.sys
0x995EC000 \SystemRoot\System32\drivers\Dxapi.sys
0x979CE000 \SystemRoot\System32\Drivers\tcusb.sys
0x979D9000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x979E4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8AFD3000 \SystemRoot\System32\Drivers\usbvideo.sys
0x97800000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A570000 \SystemRoot\System32\TSDDD.dll
0x9A5A0000 \SystemRoot\System32\cdd.dll
0x8AE00000 \SystemRoot\system32\drivers\luafv.sys
0x82237000 \SystemRoot\system32\drivers\WudfPf.sys
0x82251000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x82261000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x822A7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x822B7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x822CA000 \SystemRoot\system32\DRIVERS\udfs.sys
0x8230A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x82317000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x82322000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x8232C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8233D000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x82346000 \SystemRoot\system32\drivers\HTTP.sys
0x823CB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x823E4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x82200000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA460C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA4647000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA467A000 \??\C:\Windows\system32\drivers\int15.sys
0xA4682000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA4686000 \SystemRoot\system32\drivers\peauth.sys
0xA471D000 \SystemRoot\system32\drivers\regi.sys
0xA471F000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA4729000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA474A000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA4757000 \SystemRoot\system32\DRIVERS\XAudio32.sys
0xA475F000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA4003000 \SystemRoot\System32\DRIVERS\srv.sys
0xA4055000 \SystemRoot\System32\drivers\ipnat.sys
0x77390000 \Windows\System32\ntdll.dll
0x47EF0000 \Windows\System32\smss.exe
0x775D0000 \Windows\System32\apisetschema.dll
0x00240000 \Windows\System32\autochk.exe
0x775A0000 \Windows\System32\sechost.dll
0x77230000 \Windows\System32\ole32.dll
0x774D0000 \Windows\System32\msctf.dll
0x771A0000 \Windows\System32\clbcatq.dll
0x770D0000 \Windows\System32\user32.dll
0x77080000 \Windows\System32\gdi32.dll
0x76FF0000 \Windows\System32\oleaut32.dll
0x76F70000 \Windows\System32\comdlg32.dll
0x76F20000 \Windows\System32\Wldap32.dll
0x76F10000 \Windows\System32\lpk.dll
0x76F00000 \Windows\System32\psapi.dll
0x76E50000 \Windows\System32\msvcrt.dll
0x76E10000 \Windows\System32\ws2_32.dll
0x76D30000 \Windows\System32\kernel32.dll
0x76D10000 \Windows\System32\imm32.dll
0x76D00000 \Windows\System32\nsi.dll
0x76BE0000 \Windows\System32\wininet.dll
0x76A20000 \Windows\System32\iertutil.dll
0x76880000 \Windows\System32\setupapi.dll
0x76820000 \Windows\System32\difxapi.dll
0x76780000 \Windows\System32\usp10.dll
0x766D0000 \Windows\System32\rpcrt4.dll
0x766C0000 \Windows\System32\normaliz.dll
0x76690000 \Windows\System32\imagehlp.dll
0x76630000 \Windows\System32\shlwapi.dll
0x76590000 \Windows\System32\advapi32.dll
0x76470000 \Windows\System32\urlmon.dll
0x75820000 \Windows\System32\shell32.dll
0x757F0000 \Windows\System32\wintrust.dll
0x756D0000 \Windows\System32\crypt32.dll
0x756B0000 \Windows\System32\devobj.dll
0x75680000 \Windows\System32\cfgmgr32.dll
0x75630000 \Windows\System32\KernelBase.dll
0x755A0000 \Windows\System32\comctl32.dll
0x75590000 \Windows\System32\msasn1.dll
Processes (total 71):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
460 csrss.exe
536 C:\Windows\System32\wininit.exe
552 csrss.exe
596 C:\Windows\System32\services.exe
612 C:\Windows\System32\lsass.exe
620 C:\Windows\System32\lsm.exe
756 C:\Windows\System32\winlogon.exe
788 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\atiesrxx.exe
992 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\audiodg.exe
1236 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\atieclxx.exe
1412 C:\Windows\System32\svchost.exe
1524 C:\Program Files\Common Files\SPBA\upeksvr.exe
1648 C:\Windows\System32\spoolsv.exe
1748 C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
1768 C:\Windows\System32\svchost.exe
1896 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1920 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1940 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1972 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
2008 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
284 C:\Windows\System32\svchost.exe
480 C:\Windows\System32\svchost.exe
380 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\taskhost.exe
1732 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
804 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2164 C:\Windows\System32\dwm.exe
2252 C:\Windows\System32\svchost.exe
2408 C:\Windows\System32\svchost.exe
2456 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2668 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3172 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3200 C:\Program Files\Acer Bio Protection\PdtWzd.exe
3828 C:\Windows\System32\alg.exe
2160 C:\Windows\System32\SearchIndexer.exe
2356 C:\Windows\System32\svchost.exe
3296 C:\Program Files\Windows Media Player\wmpnetwk.exe
3516 C:\Program Files\Launch Manager\LManager.exe
3988 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
4028 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
2860 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2400 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2380 C:\Windows\System32\wbem\unsecapp.exe
2616 WmiPrvSE.exe
4416 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4724 C:\Windows\System32\svchost.exe
5208 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5844 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
5856 dllhost.exe
3008 C:\Windows\System32\taskeng.exe
4328 C:\Windows\System32\rundll32.exe
6120 C:\Program Files\Mozilla Firefox\firefox.exe
4360 C:\Program Files\Mozilla Firefox\plugin-container.exe
1276 C:\Windows\System32\taskeng.exe
2324 C:\Windows\System32\svchost.exe
4196 C:\Windows\explorer.exe
4496 C:\Windows\System32\SearchProtocolHost.exe
5380 C:\Windows\System32\SearchFilterHost.exe
2592 C:\Users\Peter\Desktop\MBRCheck.exe
2864 C:\Windows\System32\conhost.exe
5428 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`f4500000 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS543225L9A300, Rev: FBEOC40C
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: F37A9776F0E98E38BD78E91425829D97888CEEF C
Done!
-
* Click START then RUN - Vista/Windows 7 users press the Windows Key and the R keys for the Run box.
* Now type (or copy/paste) in the runbox:
"%userprofile%\Desktop\combofix" /uninstall* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter
* The above procedure will remove ComboFix and its associated files and folders.
----------
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
----------
ESET Online Scan
Scan your computer with the ESET FREE Online Virus Scan (http://eset.com/onlinescan)
* Click the ESET Online Scanner button.
* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.
* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.
In your next reply please include the ESET Online Scan Log
-
I ran the scans you asked me to, but thusfar no change has been noted.
I ran another Kaspersky update and a full scan -- but again no change.
A second run of TDSS RK, however, produced the following 4 entries. I took no action on them, as I was uncertain as to whether they posed true threats or were possible false positives, etc. Will await your advice.
Meanwhile, I will run the ESET scan overnight and post the results in the morning as it typically takes around 8 hours.
Thanks for your efforts. Hopefully we'll get to the bottom of it soon.
Peter
21:10:49.0635 4372 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:10:50.0042 4372 ============================================================
21:10:50.0043 4372 Current date / time: 2012/06/02 21:10:50.0042
21:10:50.0043 4372 SystemInfo:
21:10:50.0043 4372
21:10:50.0043 4372 OS Version: 6.1.7601 ServicePack: 1.0
21:10:50.0043 4372 Product type: Workstation
21:10:50.0043 4372 ComputerName: PETER-PC
21:10:50.0047 4372 UserName: Peter
21:10:50.0047 4372 Windows directory: C:\Windows
21:10:50.0047 4372 System windows directory: C:\Windows
21:10:50.0047 4372 Processor architecture: Intel x86
21:10:50.0047 4372 Number of processors: 2
21:10:50.0047 4372 Page size: 0x1000
21:10:50.0047 4372 Boot type: Normal boot
21:10:50.0047 4372 ============================================================
21:10:52.0297 4372 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:10:52.0299 4372 ============================================================
21:10:52.0299 4372 \Device\Harddisk0\DR0:
21:10:52.0299 4372 MBR partitions:
21:10:52.0299 4372 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
21:10:52.0299 4372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x1BA22970
21:10:52.0299 4372 ============================================================
21:10:52.0335 4372 C: <-> \Device\Harddisk0\DR0\Partition1
21:10:52.0335 4372 ============================================================
21:10:52.0335 4372 Initialize success
21:10:52.0335 4372 ============================================================
21:10:59.0391 1432 ============================================================
21:10:59.0391 1432 Scan started
21:10:59.0391 1432 Mode: Manual; SigCheck; TDLFS;
21:10:59.0391 1432 ============================================================
21:11:00.0468 1432 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:11:00.0599 1432 !SASCORE - ok
21:11:00.0810 1432 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:11:00.0988 1432 1394ohci - ok
21:11:01.0078 1432 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:11:01.0214 1432 ACPI - ok
21:11:01.0234 1432 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:11:01.0407 1432 AcpiPmi - ok
21:11:01.0598 1432 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:11:01.0643 1432 AdobeARMservice - ok
21:11:01.0758 1432 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:11:01.0819 1432 AdobeFlashPlayerUpdateSvc - ok
21:11:01.0880 1432 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:11:01.0947 1432 adp94xx - ok
21:11:01.0971 1432 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:11:02.0022 1432 adpahci - ok
21:11:02.0038 1432 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:11:02.0097 1432 adpu320 - ok
21:11:02.0149 1432 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:11:02.0204 1432 AeLookupSvc - ok
21:11:02.0262 1432 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:11:02.0393 1432 AFD - ok
21:11:02.0473 1432 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:11:02.0580 1432 agp440 - ok
21:11:02.0602 1432 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:11:02.0648 1432 aic78xx - ok
21:11:02.0684 1432 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:11:02.0735 1432 ALG - ok
21:11:02.0771 1432 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:11:02.0885 1432 aliide - ok
21:11:02.0931 1432 AMD External Events Utility (92543da5bb9775978fdbc1650c24a058) C:\Windows\system32\atiesrxx.exe
21:11:03.0015 1432 AMD External Events Utility - ok
21:11:03.0033 1432 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:11:03.0126 1432 amdagp - ok
21:11:03.0165 1432 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:11:03.0266 1432 amdide - ok
21:11:03.0295 1432 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:11:03.0358 1432 AmdK8 - ok
21:11:03.0377 1432 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:11:03.0419 1432 AmdPPM - ok
21:11:03.0444 1432 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:11:03.0546 1432 amdsata - ok
21:11:03.0570 1432 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:11:03.0629 1432 amdsbs - ok
21:11:03.0675 1432 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:11:03.0791 1432 amdxata - ok
21:11:03.0883 1432 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:11:04.0044 1432 AppID - ok
21:11:04.0085 1432 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:11:04.0162 1432 AppIDSvc - ok
21:11:04.0208 1432 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:11:04.0281 1432 Appinfo - ok
21:11:04.0420 1432 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:11:04.0464 1432 Apple Mobile Device - ok
21:11:04.0496 1432 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
21:11:04.0544 1432 AppMgmt - ok
21:11:04.0577 1432 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:11:04.0618 1432 arc - ok
21:11:04.0635 1432 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:11:04.0678 1432 arcsas - ok
21:11:04.0808 1432 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:11:04.0933 1432 aspnet_state - ok
21:11:04.0953 1432 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:11:05.0014 1432 AsyncMac - ok
21:11:05.0054 1432 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:11:05.0078 1432 atapi - ok
21:11:05.0197 1432 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
21:11:05.0368 1432 athr - ok
21:11:05.0746 1432 AtiHdmiService (bb9e7c7f937714f05a4e05c287d6ddff) C:\Windows\system32\drivers\AtiHdmi.sys
21:11:05.0890 1432 AtiHdmiService - ok
21:11:06.0226 1432 atikmdag (632a5be70d168b84f658a82ac8dbbead) C:\Windows\system32\DRIVERS\atikmdag.sys
21:11:06.0493 1432 atikmdag - ok
21:11:06.0630 1432 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:11:06.0700 1432 AtiPcie - ok
21:11:06.0763 1432 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:11:06.0875 1432 AudioEndpointBuilder - ok
21:11:06.0884 1432 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:11:06.0936 1432 Audiosrv - ok
21:11:07.0090 1432 AVP (df9586377384df3808d42090242cc23b) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
21:11:07.0370 1432 AVP - ok
21:11:07.0433 1432 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:11:07.0590 1432 AxInstSV - ok
21:11:07.0640 1432 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:11:07.0728 1432 b06bdrv - ok
21:11:07.0787 1432 b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:11:07.0851 1432 b57nd60x - ok
21:11:07.0950 1432 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:11:08.0039 1432 BcmSqlStartupSvc - ok
21:11:08.0073 1432 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:11:08.0136 1432 BDESVC - ok
21:11:08.0158 1432 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:11:08.0222 1432 Beep - ok
21:11:08.0327 1432 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:11:08.0516 1432 BFE - ok
21:11:08.0592 1432 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
21:11:08.0677 1432 BITS - ok
21:11:08.0699 1432 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:11:08.0756 1432 blbdrive - ok
21:11:08.0901 1432 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:11:08.0982 1432 Bonjour Service - ok
21:11:09.0025 1432 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:11:09.0149 1432 bowser - ok
21:11:09.0166 1432 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:11:09.0224 1432 BrFiltLo - ok
21:11:09.0257 1432 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:11:09.0302 1432 BrFiltUp - ok
21:11:09.0359 1432 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
21:11:09.0446 1432 BridgeMP - ok
21:11:09.0516 1432 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:11:09.0594 1432 Browser - ok
21:11:09.0633 1432 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:11:09.0695 1432 Brserid - ok
21:11:09.0717 1432 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:11:09.0763 1432 BrSerWdm - ok
21:11:09.0776 1432 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:11:09.0821 1432 BrUsbMdm - ok
21:11:09.0837 1432 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:11:09.0880 1432 BrUsbSer - ok
21:11:09.0933 1432 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
21:11:10.0018 1432 BthEnum - ok
21:11:10.0047 1432 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:11:10.0116 1432 BTHMODEM - ok
21:11:10.0147 1432 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
21:11:10.0263 1432 BthPan - ok
21:11:10.0341 1432 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
21:11:10.0545 1432 BTHPORT - ok
21:11:10.0580 1432 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:11:10.0675 1432 bthserv - ok
21:11:10.0732 1432 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
21:11:10.0922 1432 BTHUSB - ok
21:11:10.0961 1432 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
21:11:11.0109 1432 btwaudio - ok
21:11:11.0134 1432 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys
21:11:11.0254 1432 btwavdt - ok
21:11:11.0351 1432 btwdins (528aaea4bea415f7dbc30653ef2cdca5) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:11:11.0433 1432 btwdins - ok
21:11:11.0457 1432 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:11:11.0572 1432 btwl2cap - ok
21:11:11.0587 1432 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
21:11:11.0692 1432 btwrchid - ok
21:11:11.0815 1432 catchme - ok
21:11:11.0856 1432 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:11:11.0942 1432 cdfs - ok
21:11:11.0986 1432 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:11:12.0126 1432 cdrom - ok
21:11:12.0174 1432 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:11:12.0266 1432 CertPropSvc - ok
21:11:12.0280 1432 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:11:12.0325 1432 circlass - ok
21:11:12.0364 1432 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:11:12.0417 1432 CLFS - ok
21:11:12.0475 1432 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:11:12.0533 1432 clr_optimization_v2.0.50727_32 - ok
21:11:12.0591 1432 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:11:12.0650 1432 clr_optimization_v4.0.30319_32 - ok
21:11:12.0691 1432 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:11:12.0741 1432 CmBatt - ok
21:11:12.0787 1432 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:11:12.0905 1432 cmdide - ok
21:11:12.0964 1432 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:11:13.0038 1432 CNG - ok
21:11:13.0053 1432 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:11:13.0093 1432 Compbatt - ok
21:11:13.0141 1432 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:11:13.0339 1432 CompositeBus - ok
21:11:13.0344 1432 COMSysApp - ok
21:11:13.0449 1432 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:11:13.0506 1432 crcdisk - ok
21:11:13.0560 1432 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
21:11:13.0637 1432 CryptSvc - ok
21:11:13.0710 1432 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:11:13.0849 1432 CSC - ok
21:11:13.0978 1432 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
21:11:14.0056 1432 CscService - ok
21:11:14.0101 1432 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:11:14.0176 1432 DcomLaunch - ok
21:11:14.0214 1432 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:11:14.0284 1432 defragsvc - ok
21:11:14.0367 1432 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:11:14.0447 1432 DfsC - ok
21:11:14.0500 1432 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:11:14.0567 1432 Dhcp - ok
21:11:14.0591 1432 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:11:14.0651 1432 discache - ok
21:11:14.0680 1432 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:11:14.0751 1432 Disk - ok
21:11:14.0774 1432 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
21:11:14.0889 1432 DKbFltr - ok
21:11:14.0940 1432 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:11:15.0187 1432 Dnscache - ok
21:11:15.0236 1432 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:11:15.0330 1432 dot3svc - ok
21:11:15.0389 1432 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:11:15.0496 1432 DPS - ok
21:11:15.0527 1432 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:11:15.0596 1432 drmkaud - ok
21:11:15.0634 1432 dwshd - ok
21:11:15.0932 1432 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:11:16.0010 1432 DXGKrnl - ok
21:11:16.0048 1432 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:11:16.0142 1432 EapHost - ok
21:11:16.0373 1432 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:11:16.0492 1432 ebdrv - ok
21:11:16.0618 1432 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:11:16.0682 1432 EFS - ok
21:11:16.0809 1432 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:11:16.0957 1432 ehRecvr - ok
21:11:16.0982 1432 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:11:17.0020 1432 ehSched - ok
21:11:17.0108 1432 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:11:17.0182 1432 elxstor - ok
21:11:17.0226 1432 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:11:17.0358 1432 ErrDev - ok
21:11:17.0419 1432 esgiguard - ok
21:11:17.0507 1432 ETService (2f6d55dc521c557880116b51925a792a) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
21:11:17.0551 1432 ETService ( UnsignedFile.Multi.Generic ) - warning
21:11:17.0551 1432 ETService - detected UnsignedFile.Multi.Generic (1)
21:11:17.0623 1432 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:11:17.0705 1432 EventSystem - ok
21:11:17.0745 1432 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:11:17.0806 1432 exfat - ok
21:11:17.0833 1432 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:11:17.0904 1432 fastfat - ok
21:11:17.0993 1432 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:11:18.0115 1432 Fax - ok
21:11:18.0135 1432 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:11:18.0178 1432 fdc - ok
21:11:18.0211 1432 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:11:18.0276 1432 fdPHost - ok
21:11:18.0287 1432 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:11:18.0347 1432 FDResPub - ok
21:11:18.0362 1432 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:11:18.0401 1432 FileInfo - ok
21:11:18.0420 1432 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:11:18.0478 1432 Filetrace - ok
21:11:18.0505 1432 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:11:18.0547 1432 flpydisk - ok
21:11:18.0572 1432 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:11:18.0615 1432 FltMgr - ok
21:11:18.0708 1432 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:11:18.0803 1432 FontCache - ok
21:11:18.0870 1432 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:11:18.0929 1432 FontCache3.0.0.0 - ok
21:11:18.0956 1432 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:11:19.0000 1432 FsDepends - ok
21:11:19.0044 1432 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:11:19.0074 1432 Fs_Rec - ok
21:11:19.0139 1432 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:11:19.0194 1432 fvevol - ok
21:11:19.0216 1432 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:11:19.0258 1432 gagp30kx - ok
21:11:19.0307 1432 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:11:19.0353 1432 GEARAspiWDM - ok
21:11:19.0446 1432 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:11:19.0529 1432 gpsvc - ok
21:11:19.0784 1432 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files\Acer\Registration\GregHSRW.exe
21:11:19.0870 1432 Greg_Service - ok
21:11:19.0981 1432 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:11:20.0017 1432 gupdate - ok
21:11:20.0073 1432 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:11:20.0097 1432 gupdatem - ok
21:11:20.0247 1432 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:11:20.0343 1432 hcw85cir - ok
21:11:20.0454 1432 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:11:20.0822 1432 HdAudAddService - ok
21:11:20.0848 1432 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:11:21.0108 1432 HDAudBus - ok
21:11:21.0124 1432 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:11:21.0252 1432 HidBatt - ok
21:11:21.0309 1432 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:11:21.0415 1432 HidBth - ok
21:11:21.0447 1432 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:11:21.0584 1432 HidIr - ok
21:11:21.0612 1432 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
21:11:21.0737 1432 hidserv - ok
21:11:21.0785 1432 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:11:21.0968 1432 HidUsb - ok
21:11:22.0055 1432 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:11:22.0128 1432 hkmsvc - ok
21:11:22.0162 1432 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:11:22.0374 1432 HomeGroupListener - ok
21:11:22.0444 1432 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:11:22.0572 1432 HomeGroupProvider - ok
21:11:22.0723 1432 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:11:22.0885 1432 HpSAMD - ok
21:11:23.0021 1432 HsfXAudioService (210388fd8225b02bd83d77628aae64a9) C:\Windows\system32\XAudio32.dll
21:11:23.0145 1432 HsfXAudioService - ok
21:11:23.0237 1432 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:11:23.0354 1432 HSF_DPV - ok
21:11:23.0474 1432 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:11:23.0598 1432 HSXHWAZL - ok
21:11:23.0677 1432 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:11:23.0784 1432 HTTP - ok
21:11:23.0828 1432 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:11:23.0880 1432 hwpolicy - ok
21:11:23.0939 1432 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:11:24.0051 1432 i8042prt - ok
21:11:24.0102 1432 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:11:24.0234 1432 iaStorV - ok
21:11:24.0396 1432 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:11:24.0470 1432 idsvc - ok
21:11:24.0837 1432 IGBASVC (884243a20eccf90f747854e2f0954719) c:\Program Files\Acer Bio Protection\BASVC.exe
21:11:24.0958 1432 IGBASVC ( UnsignedFile.Multi.Generic ) - warning
21:11:24.0958 1432 IGBASVC - detected UnsignedFile.Multi.Generic (1)
21:11:25.0442 1432 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:11:25.0709 1432 igfx - ok
21:11:25.0831 1432 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:11:25.0947 1432 iirsp - ok
21:11:26.0041 1432 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:11:26.0113 1432 IKEEXT - ok
21:11:26.0139 1432 int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys
21:11:26.0226 1432 int15 - ok
21:11:26.0450 1432 IntcAzAudAddService (b29e79c67f3779e70ba187e31b639ebc) C:\Windows\system32\drivers\RTKVHDA.sys
21:11:26.0670 1432 IntcAzAudAddService - ok
21:11:26.0827 1432 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:11:27.0019 1432 intelide - ok
21:11:27.0038 1432 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:11:27.0160 1432 intelppm - ok
21:11:27.0208 1432 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:11:27.0323 1432 IPBusEnum - ok
21:11:27.0416 1432 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:11:27.0554 1432 IpFilterDriver - ok
21:11:27.0636 1432 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:11:27.0725 1432 iphlpsvc - ok
21:11:27.0778 1432 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:11:27.0899 1432 IPMIDRV - ok
21:11:27.0942 1432 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:11:28.0063 1432 IPNAT - ok
21:11:28.0249 1432 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
21:11:28.0311 1432 iPod Service - ok
21:11:28.0322 1432 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:11:28.0422 1432 IRENUM - ok
21:11:28.0460 1432 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:11:28.0579 1432 isapnp - ok
21:11:28.0618 1432 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:11:28.0727 1432 iScsiPrt - ok
21:11:28.0810 1432 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:11:28.0884 1432 IviRegMgr - ok
21:11:28.0908 1432 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:11:29.0001 1432 kbdclass - ok
21:11:29.0044 1432 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
21:11:29.0140 1432 kbdhid - ok
21:11:29.0185 1432 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:11:29.0222 1432 KeyIso - ok
21:11:29.0314 1432 kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
21:11:29.0376 1432 kl1 - ok
21:11:29.0404 1432 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\Windows\system32\drivers\klbg.sys
21:11:29.0439 1432 klbg - ok
21:11:29.0497 1432 KLIF (de6c14fb8438ef932d9f58f269a19b85) C:\Windows\system32\DRIVERS\klif.sys
21:11:29.0555 1432 KLIF - ok
21:11:29.0618 1432 KLIM6 (892cc162dc88ab084c86485879526c59) C:\Windows\system32\DRIVERS\klim6.sys
21:11:29.0678 1432 KLIM6 - ok
21:11:29.0704 1432 klmouflt (aa63a815876a76987b5dbce6af7478e9) C:\Windows\system32\DRIVERS\klmouflt.sys
21:11:29.0737 1432 klmouflt - ok
21:11:29.0779 1432 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:11:29.0816 1432 KSecDD - ok
21:11:29.0835 1432 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:11:29.0875 1432 KSecPkg - ok
21:11:29.0920 1432 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:11:30.0033 1432 KtmRm - ok
21:11:30.0064 1432 L1E (8c804b1ffad1efa952b747e8285c3b76) C:\Windows\system32\DRIVERS\L1E62x86.sys
21:11:30.0136 1432 L1E - ok
21:11:30.0214 1432 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
21:11:30.0304 1432 LanmanServer - ok
21:11:30.0356 1432 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:11:30.0419 1432 LanmanWorkstation - ok
21:11:30.0436 1432 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:11:30.0523 1432 lltdio - ok
21:11:30.0560 1432 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:11:30.0669 1432 lltdsvc - ok
21:11:30.0692 1432 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:11:30.0804 1432 lmhosts - ok
21:11:30.0850 1432 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:11:30.0954 1432 LSI_FC - ok
21:11:30.0969 1432 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:11:31.0092 1432 LSI_SAS - ok
21:11:31.0173 1432 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:11:31.0309 1432 LSI_SAS2 - ok
21:11:31.0337 1432 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:11:31.0459 1432 LSI_SCSI - ok
21:11:31.0483 1432 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:11:31.0628 1432 luafv - ok
21:11:31.0708 1432 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:11:31.0777 1432 Mcx2Svc - ok
21:11:31.0802 1432 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:11:31.0894 1432 mdmxsdk - ok
21:11:31.0921 1432 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:11:31.0996 1432 megasas - ok
21:11:32.0022 1432 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:11:32.0096 1432 MegaSR - ok
21:11:32.0213 1432 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:11:32.0259 1432 Microsoft Office Groove Audit Service - ok
21:11:32.0290 1432 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:11:32.0378 1432 MMCSS - ok
21:11:32.0399 1432 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:11:32.0486 1432 Modem - ok
21:11:32.0506 1432 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:11:32.0578 1432 monitor - ok
21:11:32.0627 1432 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:11:32.0723 1432 mouclass - ok
21:11:32.0760 1432 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:11:32.0829 1432 mouhid - ok
21:11:32.0876 1432 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:11:32.0919 1432 mountmgr - ok
21:11:33.0023 1432 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:11:33.0061 1432 MozillaMaintenance - ok
21:11:33.0110 1432 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:11:33.0207 1432 mpio - ok
21:11:33.0236 1432 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:11:33.0322 1432 mpsdrv - ok
21:11:33.0392 1432 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:11:33.0469 1432 MpsSvc - ok
21:11:33.0520 1432 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:11:33.0592 1432 MRxDAV - ok
21:11:33.0648 1432 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:11:33.0819 1432 mrxsmb - ok
21:11:33.0879 1432 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:11:34.0016 1432 mrxsmb10 - ok
21:11:34.0038 1432 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:11:34.0137 1432 mrxsmb20 - ok
21:11:34.0178 1432 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:11:34.0296 1432 msahci - ok
21:11:34.0350 1432 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:11:34.0445 1432 msdsm - ok
21:11:34.0482 1432 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:11:34.0603 1432 MSDTC - ok
21:11:34.0649 1432 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:11:34.0771 1432 Msfs - ok
21:11:34.0788 1432 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:11:34.0908 1432 mshidkmdf - ok
21:11:34.0924 1432 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:11:35.0105 1432 msisadrv - ok
21:11:35.0143 1432 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:11:35.0270 1432 MSiSCSI - ok
21:11:35.0277 1432 msiserver - ok
21:11:35.0298 1432 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:11:35.0437 1432 MSKSSRV - ok
21:11:35.0447 1432 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:11:35.0591 1432 MSPCLOCK - ok
21:11:35.0599 1432 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:11:35.0794 1432 MSPQM - ok
21:11:35.0831 1432 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:11:35.0969 1432 MsRPC - ok
21:11:36.0023 1432 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:11:36.0260 1432 mssmbios - ok
21:11:36.0397 1432 MSSQL$MSSMLBIZ - ok
21:11:36.0440 1432 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:11:36.0619 1432 MSSQLServerADHelper - ok
21:11:36.0637 1432 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:11:36.0771 1432 MSTEE - ok
21:11:36.0779 1432 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:11:36.0896 1432 MTConfig - ok
21:11:36.0922 1432 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:11:37.0034 1432 Mup - ok
21:11:37.0099 1432 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:11:37.0206 1432 napagent - ok
21:11:37.0241 1432 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:11:37.0333 1432 NativeWifiP - ok
21:11:37.0401 1432 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:11:37.0459 1432 NDIS - ok
21:11:37.0488 1432 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:11:37.0575 1432 NdisCap - ok
21:11:37.0599 1432 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:11:37.0690 1432 NdisTapi - ok
21:11:37.0737 1432 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:11:37.0793 1432 Ndisuio - ok
21:11:37.0844 1432 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:11:37.0910 1432 NdisWan - ok
21:11:37.0960 1432 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:11:38.0039 1432 NDProxy - ok
21:11:38.0082 1432 Net Driver HPZ12 (90eb97c8dbf11bb0016c51946ac5ecd6) C:\Windows\system32\HPZinw12.dll
21:11:38.0115 1432 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:11:38.0115 1432 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:11:38.0150 1432 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:11:38.0276 1432 NetBIOS - ok
21:11:38.0325 1432 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:11:38.0440 1432 NetBT - ok
21:11:38.0485 1432 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:11:38.0514 1432 Netlogon - ok
21:11:38.0573 1432 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:11:38.0664 1432 Netman - ok
21:11:38.0806 1432 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:11:38.0882 1432 NetMsmqActivator - ok
21:11:38.0891 1432 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:11:38.0916 1432 NetPipeActivator - ok
21:11:38.0985 1432 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:11:39.0081 1432 netprofm - ok
21:11:39.0089 1432 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:11:39.0116 1432 NetTcpActivator - ok
21:11:39.0122 1432 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:11:39.0144 1432 NetTcpPortSharing - ok
21:11:39.0210 1432 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:11:39.0308 1432 nfrd960 - ok
21:11:39.0379 1432 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:11:39.0453 1432 NlaSvc - ok
21:11:39.0473 1432 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:11:39.0570 1432 Npfs - ok
21:11:39.0598 1432 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:11:39.0681 1432 nsi - ok
21:11:39.0694 1432 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:11:39.0783 1432 nsiproxy - ok
21:11:39.0933 1432 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:11:40.0103 1432 Ntfs - ok
21:11:40.0214 1432 NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
21:11:40.0270 1432 NTIBackupSvc - ok
21:11:40.0395 1432 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
21:11:40.0470 1432 NTIDrvr - ok
21:11:40.0513 1432 NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
21:11:40.0592 1432 NTISchedulerSvc - ok
21:11:40.0626 1432 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:11:40.0760 1432 Null - ok
21:11:40.0816 1432 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:11:40.0987 1432 nvraid - ok
21:11:41.0020 1432 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:11:41.0182 1432 nvstor - ok
21:11:41.0205 1432 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:11:41.0378 1432 nv_agp - ok
21:11:41.0500 1432 O2FLASH (d955d5de998db2476bf0892be3a96c26) C:\Windows\system32\DRIVERS\o2flash.exe
21:11:41.0645 1432 O2FLASH - ok
21:11:41.0661 1432 O2MDRDR (922046f114ac0c1b2484bcdd5ca43c07) C:\Windows\system32\DRIVERS\o2media.sys
21:11:41.0740 1432 O2MDRDR - ok
21:11:41.0761 1432 O2SDRDR (51c368f577513feb59ed70b45e930076) C:\Windows\system32\DRIVERS\o2sd.sys
21:11:41.0832 1432 O2SDRDR - ok
21:11:41.0963 1432 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:11:41.0998 1432 odserv - ok
21:11:42.0052 1432 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:11:42.0223 1432 ohci1394 - ok
21:11:42.0282 1432 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:11:42.0356 1432 ose - ok
21:11:42.0761 1432 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:11:42.0892 1432 osppsvc - ok
21:11:43.0126 1432 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:11:43.0279 1432 p2pimsvc - ok
21:11:43.0318 1432 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:11:43.0399 1432 p2psvc - ok
21:11:43.0445 1432 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:11:43.0528 1432 Parport - ok
21:11:43.0582 1432 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:11:43.0617 1432 partmgr - ok
21:11:43.0641 1432 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:11:43.0712 1432 Parvdm - ok
21:11:43.0757 1432 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:11:43.0829 1432 PcaSvc - ok
21:11:43.0885 1432 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:11:44.0030 1432 pci - ok
21:11:44.0087 1432 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:11:44.0210 1432 pciide - ok
21:11:44.0243 1432 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:11:44.0324 1432 pcmcia - ok
21:11:44.0347 1432 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:11:44.0415 1432 pcw - ok
21:11:44.0475 1432 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:11:44.0582 1432 PEAUTH - ok
21:11:44.0685 1432 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
21:11:44.0816 1432 PeerDistSvc - ok
21:11:44.0979 1432 pgfilter - ok
21:11:45.0172 1432 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:11:45.0266 1432 pla - ok
21:11:45.0459 1432 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:11:45.0694 1432 PlugPlay - ok
21:11:45.0740 1432 Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\Windows\system32\HPZipm12.dll
21:11:45.0884 1432 Pml Driver HPZ12 - ok
21:11:45.0907 1432 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:11:46.0067 1432 PNRPAutoReg - ok
21:11:46.0104 1432 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:11:46.0150 1432 PNRPsvc - ok
21:11:46.0223 1432 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:11:46.0326 1432 PolicyAgent - ok
21:11:46.0394 1432 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:11:46.0491 1432 Power - ok
21:11:46.0565 1432 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:11:46.0683 1432 PptpMiniport - ok
21:11:46.0711 1432 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:11:46.0817 1432 Processor - ok
21:11:46.0844 1432 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
21:11:46.0935 1432 ProfSvc - ok
21:11:46.0974 1432 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:11:47.0003 1432 ProtectedStorage - ok
21:11:47.0024 1432 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:11:47.0176 1432 Psched - ok
21:11:47.0247 1432 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
21:11:47.0337 1432 PSI_SVC_2 - ok
21:11:47.0490 1432 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:11:47.0591 1432 ql2300 - ok
21:11:47.0748 1432 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:11:47.0836 1432 ql40xx - ok
21:11:47.0880 1432 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:11:47.0970 1432 QWAVE - ok
21:11:47.0987 1432 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:11:48.0062 1432 QWAVEdrv - ok
21:11:48.0083 1432 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:11:48.0170 1432 RasAcd - ok
21:11:48.0192 1432 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:11:48.0251 1432 RasAgileVpn - ok
21:11:48.0275 1432 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:11:48.0341 1432 RasAuto - ok
21:11:48.0361 1432 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:11:48.0423 1432 Rasl2tp - ok
21:11:48.0496 1432 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:11:48.0589 1432 RasMan - ok
21:11:48.0612 1432 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:11:48.0678 1432 RasPppoe - ok
21:11:48.0705 1432 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:11:48.0767 1432 RasSstp - ok
21:11:48.0807 1432 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:11:48.0868 1432 rdbss - ok
21:11:48.0884 1432 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:11:48.0939 1432 rdpbus - ok
21:11:48.0984 1432 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:11:49.0045 1432 RDPCDD - ok
21:11:49.0109 1432 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:11:49.0206 1432 RDPDR - ok
21:11:49.0217 1432 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:11:49.0303 1432 RDPENCDD - ok
21:11:49.0335 1432 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:11:49.0431 1432 RDPREFMP - ok
21:11:49.0494 1432 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
21:11:49.0585 1432 RDPWD - ok
21:11:49.0662 1432 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:11:49.0731 1432 rdyboost - ok
21:11:49.0755 1432 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
21:11:49.0844 1432 regi - ok
21:11:49.0894 1432 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:11:49.0972 1432 RemoteAccess - ok
21:11:50.0014 1432 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:11:50.0087 1432 RemoteRegistry - ok
21:11:50.0124 1432 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
21:11:50.0220 1432 RFCOMM - ok
21:11:50.0249 1432 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:11:50.0333 1432 RpcEptMapper - ok
21:11:50.0374 1432 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:11:50.0457 1432 RpcLocator - ok
21:11:50.0525 1432 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:11:50.0594 1432 RpcSs - ok
21:11:50.0619 1432 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:11:50.0717 1432 rspndr - ok
21:11:50.0853 1432 RS_Service (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files\Acer\Acer VCM\RS_Service.exe
21:11:50.0923 1432 RS_Service ( UnsignedFile.Multi.Generic ) - warning
21:11:50.0923 1432 RS_Service - detected UnsignedFile.Multi.Generic (1)
21:11:50.0970 1432 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:11:51.0190 1432 s3cap - ok
21:11:51.0237 1432 SABKUTIL - ok
21:11:51.0264 1432 SABProcEnum - ok
21:11:51.0307 1432 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:11:51.0335 1432 SamSs - ok
21:11:51.0452 1432 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:11:51.0482 1432 SASDIFSV - ok
21:11:51.0502 1432 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:11:51.0534 1432 SASKUTIL - ok
21:11:51.0626 1432 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:11:51.0777 1432 sbp2port - ok
21:11:51.0913 1432 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:11:52.0003 1432 SCardSvr - ok
21:11:52.0050 1432 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:11:52.0107 1432 scfilter - ok
21:11:52.0216 1432 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:11:52.0309 1432 Schedule - ok
21:11:52.0365 1432 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:11:52.0432 1432 SCPolicySvc - ok
21:11:52.0498 1432 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
21:11:52.0577 1432 sdbus - ok
21:11:52.0610 1432 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:11:52.0732 1432 SDRSVC - ok
21:11:52.0764 1432 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:11:52.0852 1432 secdrv - ok
21:11:52.0886 1432 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:11:52.0968 1432 seclogon - ok
21:11:53.0010 1432 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
21:11:53.0102 1432 SENS - ok
21:11:53.0140 1432 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:11:53.0244 1432 SensrSvc - ok
21:11:53.0267 1432 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:11:53.0362 1432 Serenum - ok
21:11:53.0385 1432 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:11:53.0457 1432 Serial - ok
21:11:53.0514 1432 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:11:53.0652 1432 sermouse - ok
21:11:53.0723 1432 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:11:53.0799 1432 SessionEnv - ok
21:11:53.0844 1432 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:11:53.0962 1432 sffdisk - ok
21:11:53.0987 1432 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:11:54.0082 1432 sffp_mmc - ok
21:11:54.0092 1432 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:11:54.0191 1432 sffp_sd - ok
21:11:54.0221 1432 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:11:54.0292 1432 sfloppy - ok
21:11:54.0368 1432 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:11:54.0473 1432 SharedAccess - ok
21:11:54.0535 1432 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:11:54.0601 1432 ShellHWDetection - ok
21:11:54.0643 1432 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:11:54.0819 1432 sisagp - ok
21:11:54.0843 1432 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:11:54.0963 1432 SiSRaid2 - ok
21:11:55.0015 1432 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:11:55.0076 1432 SiSRaid4 - ok
21:11:55.0105 1432 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:11:55.0250 1432 Smb - ok
21:11:55.0289 1432 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:11:55.0417 1432 SNMPTRAP - ok
21:11:55.0450 1432 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:11:55.0551 1432 spldr - ok
21:11:55.0588 1432 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:11:55.0663 1432 Spooler - ok
21:11:55.0929 1432 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:11:56.0048 1432 sppsvc - ok
21:11:56.0217 1432 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:11:56.0305 1432 sppuinotify - ok
21:11:56.0419 1432 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:11:56.0525 1432 SQLBrowser - ok
21:11:56.0551 1432 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:11:56.0600 1432 SQLWriter - ok
21:11:56.0709 1432 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:11:56.0887 1432 srv - ok
21:11:56.0926 1432 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:11:57.0047 1432 srv2 - ok
21:11:57.0097 1432 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:11:57.0168 1432 SrvHsfHDA - ok
21:11:57.0258 1432 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:11:57.0322 1432 SrvHsfV92 - ok
21:11:57.0399 1432 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:11:57.0479 1432 SrvHsfWinac - ok
21:11:57.0530 1432 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:11:57.0644 1432 srvnet - ok
21:11:57.0707 1432 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:11:57.0811 1432 SSDPSRV - ok
21:11:57.0840 1432 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:11:57.0922 1432 SstpSvc - ok
21:11:57.0960 1432 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Wi
-
The bottom of the log is cut off.
Yes we may need the ESET log.
-
21:11:58.0029 1432 stexstor - ok
21:11:58.0106 1432 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:11:58.0209 1432 StiSvc - ok
21:11:58.0253 1432 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:11:58.0360 1432 storflt - ok
21:11:58.0411 1432 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
21:11:58.0515 1432 StorSvc - ok
21:11:58.0535 1432 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
21:11:58.0629 1432 storvsc - ok
21:11:58.0648 1432 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:11:58.0745 1432 swenum - ok
21:11:58.0809 1432 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:11:58.0916 1432 swprv - ok
21:11:58.0962 1432 SynTP (47183e3520c88fadd5b0c87d57040da5) C:\Windows\system32\DRIVERS\SynTP.sys
21:11:59.0107 1432 SynTP - ok
21:11:59.0232 1432 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
21:11:59.0297 1432 SysMain - ok
21:11:59.0342 1432 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
21:11:59.0410 1432 TabletInputService - ok
21:11:59.0470 1432 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
21:11:59.0563 1432 TapiSrv - ok
21:11:59.0597 1432 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:11:59.0746 1432 TBS - ok
21:11:59.0913 1432 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
21:12:00.0011 1432 Tcpip - ok
21:12:00.0271 1432 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
21:12:00.0316 1432 TCPIP6 - ok
21:12:00.0485 1432 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:12:00.0560 1432 tcpipreg - ok
21:12:00.0599 1432 TcUsb (51d4e3f5d221539c0a4a186a27c09ad7) C:\Windows\system32\Drivers\tcusb.sys
21:12:00.0760 1432 TcUsb - ok
21:12:00.0822 1432 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:12:00.0884 1432 TDPIPE - ok
21:12:00.0947 1432 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
21:12:01.0006 1432 TDTCP - ok
21:12:01.0030 1432 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:12:01.0086 1432 tdx - ok
21:12:01.0133 1432 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:12:01.0241 1432 TermDD - ok
21:12:01.0328 1432 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
21:12:01.0413 1432 TermService - ok
21:12:01.0454 1432 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:12:01.0523 1432 Themes - ok
21:12:01.0557 1432 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:12:01.0604 1432 THREADORDER - ok
21:12:01.0630 1432 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:12:01.0714 1432 TrkWks - ok
21:12:01.0854 1432 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
21:12:01.0949 1432 TrustedInstaller - ok
21:12:01.0999 1432 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:12:02.0055 1432 tssecsrv - ok
21:12:02.0133 1432 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:12:02.0259 1432 TsUsbFlt - ok
21:12:02.0313 1432 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:12:02.0383 1432 tunnel - ok
21:12:02.0411 1432 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:12:02.0479 1432 uagp35 - ok
21:12:02.0510 1432 UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
21:12:02.0552 1432 UBHelper - ok
21:12:02.0615 1432 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:12:02.0675 1432 udfs - ok
21:12:02.0724 1432 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:12:02.0800 1432 UI0Detect - ok
21:12:02.0858 1432 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:12:02.0994 1432 uliagpkx - ok
21:12:03.0038 1432 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
21:12:03.0078 1432 umbus - ok
21:12:03.0111 1432 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:12:03.0182 1432 UmPass - ok
21:12:03.0244 1432 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
21:12:03.0294 1432 UmRdpService - ok
21:12:03.0402 1432 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
21:12:03.0471 1432 Updater Service - ok
21:12:03.0520 1432 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:12:03.0624 1432 upnphost - ok
21:12:03.0673 1432 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
21:12:03.0750 1432 USBAAPL - ok
21:12:03.0814 1432 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
21:12:04.0001 1432 usbaudio - ok
21:12:04.0028 1432 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:12:04.0259 1432 usbccgp - ok
21:12:04.0287 1432 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:12:04.0496 1432 usbcir - ok
21:12:04.0516 1432 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:12:04.0689 1432 usbehci - ok
21:12:04.0722 1432 usbfilter (0150b06d3e73f6c27afcb963fd931820) C:\Windows\system32\DRIVERS\usbfilter.sys
21:12:04.0868 1432 usbfilter - ok
21:12:04.0906 1432 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:12:05.0097 1432 usbhub - ok
21:12:05.0143 1432 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
21:12:05.0177 1432 usbohci - ok
21:12:05.0208 1432 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:12:05.0345 1432 usbprint - ok
21:12:05.0369 1432 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:12:05.0486 1432 USBSTOR - ok
21:12:05.0511 1432 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
21:12:05.0608 1432 usbuhci - ok
21:12:05.0691 1432 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
21:12:05.0822 1432 usbvideo - ok
21:12:05.0847 1432 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:12:05.0928 1432 UxSms - ok
21:12:05.0975 1432 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:12:06.0022 1432 VaultSvc - ok
21:12:06.0072 1432 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:12:06.0191 1432 vdrvroot - ok
21:12:06.0285 1432 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
21:12:06.0394 1432 vds - ok
21:12:06.0434 1432 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:12:06.0507 1432 vga - ok
21:12:06.0537 1432 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:12:06.0624 1432 VgaSave - ok
21:12:06.0681 1432 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:12:06.0820 1432 vhdmp - ok
21:12:06.0876 1432 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:12:06.0970 1432 viaagp - ok
21:12:07.0014 1432 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:12:07.0090 1432 ViaC7 - ok
21:12:07.0131 1432 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:12:07.0223 1432 viaide - ok
21:12:07.0271 1432 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
21:12:07.0375 1432 vmbus - ok
21:12:07.0386 1432 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
21:12:07.0482 1432 VMBusHID - ok
21:12:07.0504 1432 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:12:07.0601 1432 volmgr - ok
21:12:07.0645 1432 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:12:07.0728 1432 volmgrx - ok
21:12:07.0801 1432 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:12:07.0899 1432 volsnap - ok
21:12:07.0952 1432 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:12:08.0037 1432 vsmraid - ok
21:12:08.0153 1432 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
21:12:08.0268 1432 VSS - ok
21:12:08.0319 1432 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
21:12:08.0465 1432 vwifibus - ok
21:12:08.0486 1432 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:12:08.0618 1432 vwififlt - ok
21:12:08.0665 1432 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
21:12:08.0791 1432 vwifimp - ok
21:12:08.0848 1432 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:12:08.0963 1432 W32Time - ok
21:12:08.0993 1432 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:12:09.0111 1432 WacomPen - ok
21:12:09.0154 1432 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:12:09.0254 1432 WANARP - ok
21:12:09.0263 1432 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:12:09.0304 1432 Wanarpv6 - ok
21:12:09.0430 1432 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
21:12:09.0551 1432 WatAdminSvc - ok
21:12:09.0781 1432 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
21:12:09.0919 1432 wbengine - ok
21:12:09.0961 1432 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:12:10.0033 1432 WbioSrvc - ok
21:12:10.0111 1432 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
21:12:10.0190 1432 wcncsvc - ok
21:12:10.0208 1432 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:12:10.0291 1432 WcsPlugInService - ok
21:12:10.0344 1432 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:12:10.0410 1432 Wd - ok
21:12:10.0470 1432 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:12:10.0558 1432 Wdf01000 - ok
21:12:10.0599 1432 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:12:10.0744 1432 WdiServiceHost - ok
21:12:10.0754 1432 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:12:10.0787 1432 WdiSystemHost - ok
21:12:10.0854 1432 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
21:12:10.0904 1432 WebClient - ok
21:12:10.0941 1432 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:12:11.0043 1432 Wecsvc - ok
21:12:11.0068 1432 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:12:11.0157 1432 wercplsupport - ok
21:12:11.0182 1432 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:12:11.0265 1432 WerSvc - ok
21:12:11.0297 1432 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:12:11.0385 1432 WfpLwf - ok
21:12:11.0405 1432 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:12:11.0471 1432 WIMMount - ok
21:12:11.0546 1432 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:12:11.0670 1432 winachsf - ok
21:12:11.0814 1432 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:12:11.0901 1432 WinDefend - ok
21:12:11.0925 1432 WinHttpAutoProxySvc - ok
21:12:12.0237 1432 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:12:12.0348 1432 Winmgmt - ok
21:12:12.0474 1432 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
21:12:12.0593 1432 WinRM - ok
21:12:12.0703 1432 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
21:12:12.0770 1432 WinUsb - ok
21:12:12.0873 1432 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:12:12.0999 1432 Wlansvc - ok
21:12:13.0253 1432 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:12:13.0384 1432 wlidsvc - ok
21:12:13.0513 1432 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:12:13.0687 1432 WmiAcpi - ok
21:12:13.0762 1432 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:12:13.0902 1432 wmiApSrv - ok
21:12:14.0079 1432 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:12:14.0203 1432 WMPNetworkSvc - ok
21:12:14.0337 1432 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:12:14.0479 1432 WPCSvc - ok
21:12:14.0541 1432 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
21:12:14.0695 1432 WPDBusEnum - ok
21:12:14.0762 1432 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:12:14.0847 1432 ws2ifsl - ok
21:12:14.0877 1432 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
21:12:14.0947 1432 wscsvc - ok
21:12:15.0003 1432 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
21:12:15.0125 1432 WSDPrintDevice - ok
21:12:15.0136 1432 WSearch - ok
21:12:15.0338 1432 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
21:12:15.0455 1432 wuauserv - ok
21:12:15.0602 1432 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:12:15.0673 1432 WudfPf - ok
21:12:15.0704 1432 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:12:15.0760 1432 WUDFRd - ok
21:12:15.0805 1432 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
21:12:15.0871 1432 wudfsvc - ok
21:12:15.0917 1432 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:12:15.0989 1432 WwanSvc - ok
21:12:16.0016 1432 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
21:12:16.0095 1432 XAudio - ok
21:12:16.0247 1432 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:12:16.0319 1432 YahooAUService - ok
21:12:16.0388 1432 MBR (0x1B8) (af00fc1920e1cf861b39b90a4375edf3) \Device\Harddisk0\DR0
21:12:16.0756 1432 \Device\Harddisk0\DR0 - ok
21:12:16.0778 1432 Boot (0x1200) (f6db4357816cb62e20c12650128fa49f) \Device\Harddisk0\DR0\Partition0
21:12:16.0781 1432 \Device\Harddisk0\DR0\Partition0 - ok
21:12:16.0810 1432 Boot (0x1200) (8724746da5f04487e5f43566f61d6ad3) \Device\Harddisk0\DR0\Partition1
21:12:16.0811 1432 \Device\Harddisk0\DR0\Partition1 - ok
21:12:16.0812 1432 ============================================================
21:12:16.0812 1432 Scan finished
21:12:16.0812 1432 ============================================================
21:12:16.0838 5484 Detected object count: 4
21:12:16.0838 5484 Actual detected object count: 4
21:12:20.0638 5484 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
21:12:20.0639 5484 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:12:20.0644 5484 IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:12:20.0645 5484 IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:12:20.0649 5484 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:12:20.0649 5484 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:12:20.0653 5484 RS_Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:12:20.0653 5484 RS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
-
I'm checking on this. Be back with you ASAP.
-
ESET scan was clean ("no threats detected"). I neglected to save a copy of the log, sorry.
-
Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe), save it to your desktop and run it.
Checkmark the following checkboxes:
Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size.
List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Did this help?
-
No change noted after using
MiniToolBox by Farbar Version: 14-01-2012
Ran by Peter (administrator) on 03-06-2012 at 07:21:16
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
ProxyServer: :0
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Atheros AR5B91 Wireless Network Adapter = Wireless Network Connection (Connected)
Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : Peter-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.nj.comcast.net.
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 0A-60-76-2D-2C-DB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.nj.comcast.net.
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-26-2D-5B-76-65
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : hsd1.nj.comcast.net.
Description . . . . . . . . . . . : Atheros AR5B91 Wireless Network Adapter
Physical Address. . . . . . . . . : 0C-60-76-2D-2C-DB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a120:9ca4:f379:bc0d%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, June 03, 2012 7:14:27 AM
Lease Expires . . . . . . . . . . : Monday, June 04, 2012 7:14:27 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 168583286
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-73-FC-B8-0C-60-76-2D-2C-DB
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.hsd1.nj.comcast.net.:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.nj.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:185a:25b7:b38a:9686(Preferred)
Link-local IPv6 Address . . . . . : fe80::185a:25b7:b38a:9686%26(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{08D35869-7729-45CE-9D3C-8922241D989E}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75
Name: google.com
Addresses: 74.125.226.229
74.125.226.227
74.125.226.232
74.125.226.225
74.125.226.238
74.125.226.228
74.125.226.226
74.125.226.233
74.125.226.231
74.125.226.224
74.125.226.230
Pinging google.com [74.125.226.192] with 32 bytes of data:
Reply from 74.125.226.192: bytes=32 time=12ms TTL=55
Reply from 74.125.226.192: bytes=32 time=13ms TTL=55
Ping statistics for 74.125.226.192:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 13ms, Average = 12ms
Server: cdns01.comcast.net
Address: 75.75.75.75
Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24
Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=53ms TTL=49
Reply from 209.191.122.70: bytes=32 time=53ms TTL=49
Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 53ms, Maximum = 53ms, Average = 53ms
Server: cdns01.comcast.net
Address: 75.75.75.75
Name: bleepingcomputer.com
Address: 208.43.87.2
Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...0a 60 76 2d 2c db ......Microsoft Virtual WiFi Miniport Adapter
11...00 26 2d 5b 76 65 ......Broadcom NetXtreme Gigabit Ethernet
10...0c 60 76 2d 2c db ......Atheros AR5B91 Wireless Network Adapter
1...........................Software Loopback Interface 1
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
26...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
46...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.102 281
192.168.1.102 255.255.255.255 On-link 192.168.1.102 281
192.168.1.255 255.255.255.255 On-link 192.168.1.102 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.102 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.102 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
26 58 ::/0 On-link
1 306 ::1/128 On-link
26 58 2001::/32 On-link
26 306 2001:0:4137:9e76:185a:25b7:b38a:9686/128
On-link
10 281 fe80::/64 On-link
26 306 fe80::/64 On-link
26 306 fe80::185a:25b7:b38a:9686/128
On-link
10 281 fe80::a120:9ca4:f379:bc0d/128
On-link
1 306 ff00::/8 On-link
26 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Event log errors: ===============================
Application errors:
==================
Error: (06/03/2012 07:19:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0xa78
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Error: (06/03/2012 07:16:47 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0x8c8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Error: (06/03/2012 02:22:28 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0x177c
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3
Error: (06/03/2012 02:19:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0x8c8
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3
Error: (06/03/2012 02:17:22 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0xc08
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3
Error: (06/03/2012 02:14:48 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0x14e0
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3
Error: (06/03/2012 02:12:15 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0xca8
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3
Error: (06/03/2012 02:09:53 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0x1564
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3
Error: (06/03/2012 01:15:32 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0x6a0
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3
Error: (06/02/2012 11:33:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0xf50
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3
System errors:
=============
Error: (06/03/2012 07:15:33 AM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (06/03/2012 07:14:47 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SABKUTIL
Error: (06/03/2012 07:14:24 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:12:38 AM on ?6/?3/?2012 was unexpected.
Error: (06/03/2012 07:12:10 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (06/03/2012 07:12:10 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (06/03/2012 07:12:10 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (06/03/2012 06:52:39 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (06/03/2012 06:18:35 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (06/03/2012 05:44:08 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (06/03/2012 05:08:36 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Microsoft Office Sessions:
=========================
Error: (12/18/2011 06:53:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23270 seconds with 840 seconds of active time. This session ended with a crash.
Error: (11/25/2011 00:05:00 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3552 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/26/2011 11:23:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6164 seconds with 720 seconds of active time. This session ended with a crash.
Error: (06/20/2010 11:50:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 213 seconds with 180 seconds of active time. This session ended with a crash.
Error: (06/20/2010 11:46:09 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1577 seconds with 1440 seconds of active time. This session ended with a crash.
=========================== Installed Programs ============================
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system (Version: 12.0.6612.1000)
32 Bit HP CIO Components Installer (Version: 7.1.5)
7-Zip 9.20
Able2Extract Professional v5.0
AC3Filter ACM AC3/DTS codec (remove only)
Acer Assist
Acer Bio Protection (Version: 6.2.48)
Acer Crystal Eye Webcam (Version: 5.2.7.1)
Acer Empowering Technology (Version: 3.0.3016)
Acer ePower Management (Version: 3.0.3019)
Acer eRecovery Management (Version: 4.05.3003)
Acer GridVista (Version: 3.01.0730)
Acer Registration (Version: 1.02.3006)
Acer ScreenSaver (Version: 1.1.0812)
Acer Updater (Version: 1.01.3014)
Acer VCM (Version: 4.05.3000)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 3.2.0.2070)
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Allok Video Joiner 4.0.1019
AMD USB Filter Driver (Version: 1.0.11.86)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit Integrated Controller (Version: 12.24.02)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
CamStudio
Camtasia Studio 7 (Version: 7.0.0)
CaptureWizPro 4.30
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Full Existing (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Full New (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Light (Version: 2009.0702.1239.20840)
Catalyst Control Center InstallProxy (Version: 2009.0702.1239.20840)
Catalyst Control Center Localization All (Version: 2009.0702.1239.20840)
ccc-core-static (Version: 2009.0702.1239.20840)
ccc-utility (Version: 2009.0702.1239.20840)
CCC Help Chinese Standard (Version: 2009.0702.1238.20840)
CCC Help Chinese Traditional (Version: 2009.0702.1238.20840)
CCC Help Czech (Version: 2009.0702.1238.20840)
CCC Help Danish (Version: 2009.0702.1238.20840)
CCC Help Dutch (Version: 2009.0702.1238.20840)
CCC Help English (Version: 2009.0702.1238.20840)
CCC Help Finnish (Version: 2009.0702.1238.20840)
CCC Help French (Version: 2009.0702.1238.20840)
CCC Help German (Version: 2009.0702.1238.20840)
CCC Help Greek (Version: 2009.0702.1238.20840)
CCC Help Hungarian (Version: 2009.0702.1238.20840)
CCC Help Italian (Version: 2009.0702.1238.20840)
CCC Help Japanese (Version: 2009.0702.1238.20840)
CCC Help Korean (Version: 2009.0702.1238.20840)
CCC Help Norwegian (Version: 2009.0702.1238.20840)
CCC Help Polish (Version: 2009.0702.1238.20840)
CCC Help Portuguese (Version: 2009.0702.1238.20840)
CCC Help Russian (Version: 2009.0702.1238.20840)
CCC Help Spanish (Version: 2009.0702.1238.20840)
CCC Help Swedish (Version: 2009.0702.1238.20840)
CCC Help Thai (Version: 2009.0702.1238.20840)
CCC Help Turkish (Version: 2009.0702.1238.20840)
CCleaner (Version: 3.19)
CDex - Open Source Digital Audio CD Extractor (Version: 1.70.4.2009)
CuratorUtilities (Version: 0.0.0)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectVobSub (remove only)
DivX Setup (Version: 2.6.1.8)
Dropbox (Version: 1.1.35)
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
Easy Video Joiner 5.21
Elite Proxy Switcher 1.10
Email Verifier
Email Verifier (Version: 6.2)
Encoder (Version: 1.0.0)
eSobi v2 (Version: 2.0.4.000274)
EZ MPEG TO AVI Converter 3.00
FastStone Image Viewer 4.2 (Version: 4.2)
Final Media Player 2010
Fingerprint Solution (Version: 6.1.48.0)
Free Mp3 Wma Converter V 1.9 (Version: 1.9.0.0)
Free Video to MP3 Converter version 4.0
Free YouTube to MP3 Converter version 3.10.15.1228
Garmin Lifetime Updater (Version: 2.0.4)
GIMP 2.6.11 (Version: 2.6.11)
Google Update Helper (Version: 1.3.21.111)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
HandBrake 0.9.5 (Version: 0.9.5)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.55)
HijackThis 2.0.2 (Version: 2.0.2)
HP Color LaserJet 3600 (02/27/2007 61.063.461.41) (Version: 02/27/2007 61.063.461.41)
iCloud (Version: 1.1.0.40)
Identity Card (Version: 1.00.3001)
ImgBurn (Version: 2.5.1.0)
InterVideo WinDVD 8 (Version: 8.5.10.39)
iTunes (Version: 10.6.0.40)
IZArc 4.1.2 (Version: 4.1.2)
Java Auto Updater (Version: 2.1.6.0)
Java(TM) 6 Update 31 (Version: 6.0.310)
Java(TM) 7 Update 4 (Version: 7.0.40)
JavaFX 2.1.0 (Version: 2.1.0)
Jing (Version: 2.6.12032.1)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 6.3.0 (Basic) (Version: 6.3.0)
Kaspersky Anti-Virus 2010 (Version: 9.0.0.736)
Kyocera Product Library (Version: 2.0.0713)
LameXP
Learn.com Player (Uninstall Only)
LockHunter version 1.0 beta 3, 32 bit edition
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft PowerPoint 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ Run Time Lib Setup (Version: 1.0.0)
mkv2vob (Version: 2.4.9)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NTI Backup Now 5 (Version: 5.1.2.627)
NTI Backup Now Standard (Version: 5.1.2.627)
NTI Media Maker 8 (Version: 8.0.12.6619)
NTI Shadow (Version: 3.7.6.56)
O2Micro Flash Memory Card Reader Driver (Version: 3.31.02)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OJOsoft DVD AVI Converter Suite (Version: 2.7.5.0412)
OJOsoft MKV Converter (Version: 2.7.5.0412)
OJOsoft Total Video Converter (Version: 2.5.1.1121)
OJOsoft Total Video Converter (Version: 2.7.5.0412)
PageOne Curator (Version: 1.2.4)
Photozig Albums 1.0
QuickTime (Version: 7.70.80.34)
Real Alternative 2.0.2 (Version: 2.0.2)
Realtek High Definition Audio Driver (Version: 6.0.1.5911)
RER Video Converter (Version: 3.7.5.0412)
Safari (Version: 5.34.54.16)
save2pc Light 4.14
SEO SpyGlass
SliQ Submitter Plus (Version: 2.20.0)
SPBA 5.8 (Version: 5.8.2.5652)
SUPERAntiSpyware (Version: 5.0.1150)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 13.2.2.0)
TextPad 5 (Version: 5.3.1)
The Ultimate Troubleshooter
ToolkitCMA
TOP YouTube Downloader V1.0.0
TweakNow PowerPack 2011 (Version: 3.0.1)
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Video mp3 Extractor
VLC media player 1.1.4 (Version: 1.1.4)
Voxware Audio decoder 1.6 (Version: 1.6.0)
WebEx
Welcome Center (Version: 1.00.3005)
WIDCOMM Bluetooth Software (Version: 6.2.0.9700)
Win7codecs (Version: 2.5.4)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8064.206)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver
WinZip 14.5 (Version: 14.5.9095)
Wisdom-soft Set up ScreenHunter 5.1 Free
Yahoo! Software Update
========================= Memory info: ===================================
Percentage of memory in use: 36%
Total physical RAM: 2814.36 MB
Available physical RAM: 1773.12 MB
Total Pagefile: 5627 MB
Available Pagefile: 4217.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.11 MB
========================= Partitions: =====================================
1 Drive c: (ACER) (Fixed) (Total:221.07 GB) (Free:71.73 GB) NTFS
========================= Users: ========================================
User accounts for \\PETER-PC
Administrator Guest Peter
========================= Minidump Files ==================================
No minidump file found
**** End of log ****
-
One update...
Realized the version of KP I have is 2010 and updated to 2012. Upon doing so, while I still received the malicious URL mssgs, WE no longer shut down. I let the computer run for another hour and again, warning messages appeared by were no longer followed by WE stopping and re-starting.
I wondered if this would continue after rebooting the computer, but unfortunately it did not and it reverted back to the old cycle of URL mssg followed by WE shut down/restart.
Not sure if this is significant or provided any further clues as to where the problem lies, but thought I would pass it along.
Thanks,
Peter
-
Should I take any action with these 4 files detected by Kaspersky tdsskiller? Or are they safe?
13:47:07.0850 4004 Detected object count: 4
13:47:07.0850 4004 Actual detected object count: 4
13:47:37.0470 4004 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
13:47:37.0470 4004 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:47:37.0471 4004 IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:47:37.0471 4004 IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:47:37.0474 4004 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:47:37.0474 4004 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:47:37.0478 4004 RS_Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:47:37.0478 4004 RS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
-
Should I take any action with these 4 files detected by Kaspersky tdsskiller? Or are they safe?
That is normal.
Try to start Firefox in Safe Mode and see if it still happens.
How to start Firefox in Safe Mode (https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode?redirectlocale=en-US&redirectslug=Safe+Mode#w_how-to-start-firefox-in-safe-mode)
You can start Firefox in Safe Mode by holding down the shift key while starting Firefox.
-
Doesn't occur in Safe Mode.
By the way, occurs now whether I use IE or Firefox.
Hope that helps.
Peter
-
Anything else that can be done?
-
Run a scan with MGtools and attach the log please. Using MGtools (http://forums.majorgeeks.com/showthread.php?t=137630)
-
ComboFix 12-06-03.01 - Peter 06/04/2012 12:58:52.14.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1938 [GMT -4:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 17:10 . 2012-06-04 17:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-04 17:10 . 2012-06-04 17:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-03 18:57 . 2012-06-04 17:10 -------- d-----w- c:\users\Peter\AppData\Local\temp
2012-06-03 16:38 . 2012-06-04 16:55 -------- d-----w- c:\users\Peter\AppData\Local\CrashDumps
2012-06-03 16:26 . 2012-06-03 16:58 -------- d-----w- c:\programdata\Norton
2012-06-02 18:45 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A103669C-602D-4F68-AD2D-808DB3C024AF}\mpengine.dll
2012-06-02 15:44 . 2012-06-04 14:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-02 14:03 . 2012-06-02 14:03 -------- d-----w- c:\programdata\Sophos
2012-06-02 14:03 . 2012-06-02 18:11 -------- d-----w- c:\program files\Sophos
2012-06-02 13:27 . 2012-06-02 13:27 -------- d-----w- C:\VundoFix Backups
2012-06-01 01:23 . 2012-06-04 15:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-29 14:24 . 2012-05-29 14:24 -------- d-----w- c:\users\Peter\AppData\Roaming\SUPERAntiSpyware.com
2012-05-29 14:23 . 2012-06-04 15:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-26 23:36 . 2012-05-26 23:36 -------- d-----w- c:\program files\Trend Micro
2012-05-26 22:31 . 2012-05-26 22:31 -------- d-----w- c:\program files\Common Files\Java
2012-05-26 22:29 . 2012-05-26 22:29 -------- d-----w- c:\program files\Oracle
2012-05-26 22:28 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-17 11:42 . 2012-06-04 15:59 -------- d-----w- c:\program files\RemoteAutomator
2012-05-17 11:42 . 2012-05-26 18:58 -------- d-----w- c:\programdata\RemoteAutomator
2012-05-09 21:01 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 21:01 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 21:01 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 21:01 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 21:01 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 21:01 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 21:01 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 21:01 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 21:01 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:00 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-03 18:33 . 2010-06-24 15:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-05 10:39 . 2012-03-29 22:59 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:39 . 2011-05-13 13:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:47 . 2010-08-16 11:32 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-26 14:00 . 2012-04-13 11:20 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2011-02-27 00:14 . 2011-02-27 00:14 7808600 ----a-w- c:\program files\PowerPack3.exe
2011-02-27 00:13 . 2011-02-27 00:13 5404768 ----a-w- c:\program files\RegCleaner603.exe
2010-08-19 16:59 . 2010-08-19 16:59 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
2012-04-21 01:19 . 2012-06-02 19:30 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-08-19 16:59 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-06 7703072]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-08-06 3575808]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-28 1130504]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 421888]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2009-06-26 17:05 568072 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=
backup=c:\windows\pss\CaptureWiz.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-07-28 13:10 1406824 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 16:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-21 20:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Free]
2010-08-08 01:40 5324800 ----a-w- c:\program files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
R4 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-08-06 3453440]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-05-07 52128]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-05-07 42144]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:39]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-06-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 60fc887a-e1bc-430b-8168-7cc7eb16481f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-06-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c06bd2ec-6f4c-4c57-9272-dde63d1a23fb.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mls.gsmls.com/member/index.jsp/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8231A03-DFF0-4AB2-A7B4-7FC36769BFC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\m4fqy7os.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-87069146.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5408)
c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-06-04 13:14:05
ComboFix-quarantined-files.txt 2012-06-04 17:14
ComboFix2.txt 2012-06-04 12:41
ComboFix3.txt 2012-06-03 18:56
ComboFix4.txt 2012-05-31 23:15
ComboFix5.txt 2012-06-04 16:57
.
Pre-Run: 62,599,823,360 bytes free
Post-Run: 62,152,830,976 bytes free
.
- - End Of File - - 6CB547863C8EACD9D9892367DCFE0AFD
-
Misc FireFox Information
==============================================================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{0329E7D6-6F54-462D-93F6-F5C3118BADF2}"=" "
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\\Program Files\\DivX\\DivX Plus Web Player\\firefox\\DivXHTML5"
*Blocked Russian URL*"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus *Blocked Russian URL*"
*Blocked Russian URL*"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus *Blocked Russian URL*"
Locating all files created in "C:\Users\Peter\Local Settings\Application Data\"
No matches found.
Locating files created in C:\Program Files\Mozilla Firefox\extensions in the last 90 days.
"C:\Program Files\Mozilla Firefox\extensions\"
*Blocked Russian URL* Jun 2 2012 *Blocked Russian URL*"
{972CE~1 Jun 2 2012 "{972ce4c6-7e08-4474-a285-3208198ce6fd}"
"C:\Program Files\Mozilla *Blocked Russian URL*\"
COMPON~1 Jun 2 2012 "components"
CONTENT Jun 2 2012 "content"
LOCALE Jun 2 2012 "locale"
SKIN Jun 2 2012 "skin"
"C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\"
icon.png Apr 20 2012 2185 "icon.png"
install.rdf Apr 20 2012 1106 "install.rdf"
preview.png Apr 20 2012 9303 "preview.png"
"C:\Program Files\Mozilla *Blocked Russian URL*\locale\"
EN Jun 2 2012 "en"
10 items found: 3 files, 7 directories.
Total of file sizes: 12,594 bytes 12.30 K
******************************************************************************
Locating files created in C:\Program Files\Mozilla Firefox\plugins in the last 90 days.
No matches found.
******************************************************************************
Locating files created in C:\Program Files\Mozilla Firefox\searchlugins in the last 90 days.
"C:\Program Files\Mozilla Firefox\searchplugins\"
amazon~1.xml Apr 20 2012 1394 "amazondotcom.xml"
bing.xml Apr 20 2012 2252 "bing.xml"
ebay.xml Apr 20 2012 1131 "eBay.xml"
google.xml Apr 20 2012 3413 "google.xml"
twitter.xml Apr 20 2012 2040 "twitter.xml"
wikipe~1.xml Apr 20 2012 1178 "wikipedia.xml"
yahoo.xml Apr 20 2012 1096 "yahoo.xml"
7 items found: 7 files, 0 directories.
Total of file sizes: 12,504 bytes 12.21 K
******************************************************************************
Dumping FireFox's google.xml searchplugin contents. Use XML Notepad or Notepad++ to view clearly.
<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">
<ShortName>Google</ShortName>
<Description>Google Search</Description>
<InputEncoding>UTF-8</InputEncoding>
<Image width="16" height="16">data:image/png;base64,AAABAAEAEBAAAAEAGABoAwAAFgAAACgAAAAQAAAAIAAAAAEA
GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD s9Pt8xetPtu9FsfFNtu%2BTzvb2%2B%2Fne4dFJeBw0egA%2FfAJAfAA8
ewBBegAAAAD%2B%2FPtft98Mp%2BwWsfAVsvEbs%2FQeqvF8xO7%2F%2F%2F63yqkxdgM7gwE%2FggM%2BfQA%2Be
gBDeQDe7PIbotgQufcMufEPtfIPsvAbs%2FQvq%2Bfz%2Bf%2F%2B%2B%2FZKhR05hgBBhQI8hgBAgAI9ewD0%2B%2Fg
3pswAtO8Cxf4Kw%2FsJvvYAqupKsNv%2B%2Fv7%2F%2FP5VkSU0iQA7jQA9hgBDgQU%2BfQH%2F%2Ff%2FQ6fM4sM4K
sN8AteMCruIqqdbZ7PH8%2Fv%2Fg6Nc%2Fhg05kAA8jAM9iQI%2BhQA%2BgQDQu6b97uv%2F%2F%2F7V8Pqw3eiWz97
q8%2Ff%2F%2F%2F%2F7%2FPptpkkqjQE4kwA7kAA5iwI8iAA8hQCOSSKdXjiyflbAkG7u2s%2F%2B%2F%2F39%2F%2F7r8utrqEYtjQE8lgA7kwA7kwA9jwA9igA9hACiWSekVRyeSgiYSBHx6N%2F%2B%2Fv7k7OFRmiYtlAA5lwI7lwI4lAA7kgI9jw
E9iwI4iQCoVhWcTxCmb0K%2BooT8%2Fv%2F7%2F%2F%2FJ2r8fdwI1mwA3mQA3mgA8lAE8lAE4jwA9iwE%2BhwGfXifWv
qz%2B%2Ff%2F58u%2Fev6Dt4tr%2B%2F%2F2ZuIUsggA7mgM6mAM3lgA5lgA6kQE%2FkwBChwHt4dv%2F%2F%2F728
ei1bCi7VAC5XQ7kz7n%2F%2F%2F6bsZkgcB03lQA9lgM7kwA2iQktZToPK4r9%2F%2F%2F9%2F%2F%2FSqYK5UwDKZAS9
WALIkFn%2B%2F%2F3%2F%2BP8oKccGGcIRJrERILYFEMwAAuEAAdX%2F%2Ff7%2F%2FP%2B%2BfDvGXQLIZgLEWgLOjlf
7%2F%2F%2F%2F%2F%2F9QU90EAPQAAf8DAP0AAfMAAOUDAtr%2F%2F%2F%2F7%2B%2Fu2bCTIYwDPZgDBWQDSr
4P%2F%2Fv%2F%2F%2FP5GRuABAPkAA%2FwBAfkDAPAAAesAAN%2F%2F%2B%2Fz%2F%2F%2F64g1C5VwDM
YwK8Yg7y5tz8%2Fv%2FV1PYKDOcAAP0DAf4AAf0AAfYEAOwAAuAAAAD%2F%2FPvi28ymXyChTATRrIb8%2F%2F3v8fk6P8MAAdUCAvoAAP0CAP0AAfYAAO4AAACAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAQAA</Image>
<Url type="application/x-suggestions+json" method="GET" template="http://suggestqueries.google.com/complete/search?output=firefox&client=firefox&hl={moz:locale}&q={searchTerms}"/>
<Url type="text/html" method="GET" template="http://www.google.com/search">
<Param name="q" value="{searchTerms}"/><Param name="ie" value="utf-8"/><Param name="oe"
value="utf-8"/><Param name="aq" value="t"/><Param name="rls" value="{moz:distributionID}:{moz:locale}:{moz:official}"/>
<MozParam name="client" condition="defaultEngine" trueValue="firefox-a" falseValue="firefox"/>
</Url>
<!-- Keyword search URL is the same as the default, but with an additional parameter -->
<Url type="application/x-moz-keywordsearch" method="GET" template="http://www.google.com/search">
<Param name="q" value="{searchTerms}"/><Param name="ie" value="utf-8"/><Param name="oe"
value="utf-8"/><Param name="aq" value="t"/><Param name="rls" value="{moz:distributionID}:{moz:locale}:{moz:official}"/>
<MozParam name="client" condition="defaultEngine" trueValue="firefox-a" falseValue="firefox"/>
<Param name="channel" value="fflb"/>
</Url>
<!-- Context/Right-click search URL is the same as the default, but with an additional parameter -->
<Url type="application/x-moz-contextsearch" method="GET" template="http://www.google.com/search">
<Param name="q" value="{searchTerms}"/><Param name="ie" value="utf-8"/><Param name="oe"
value="utf-8"/><Param name="aq" value="t"/><Param name="rls" value="{moz:distributionID}:{moz:locale}:{moz:official}"/>
<MozParam name="client" condition="defaultEngine" trueValue="firefox-a" falseValue="firefox"/>
<Param name="channel" value="rcs"/>
</Url>
<SearchForm>http://www.google.com/</SearchForm>
</SearchPlugin>
Zipping ffdata.txt
-
******************************************************************************
MGtools installation folder and files at Start of Scans
******************************************************************************
Volume in drive C is ACER
Volume Serial Number is 7C0F-03FC
Directory of C:\MGtools
06/04/2012 06:51 PM <DIR> .
06/04/2012 06:51 PM <DIR> ..
04/23/2010 02:18 AM 388,608 analyse.exe
10/07/2010 01:11 AM 6,806 BamFix.bat
12/04/2010 06:49 PM 372 bamRCfix.txt
06/07/2007 01:24 AM 6,146 chodefix.bat
12/13/2009 04:25 PM 1,954 config.reg
10/13/2011 09:54 PM 3,114 DebugMGT.bat
08/01/2007 11:13 PM 120 DisableUAC.reg
08/07/2008 03:27 PM 61,440 download.exe
08/01/2007 11:13 PM 120 EnableUAC.reg
06/04/2012 06:37 PM 7,060 ffdata.txt
06/04/2012 06:56 PM 228 filelog.txt
04/18/2009 02:48 AM 320 FindOVL.bat
08/14/2010 03:40 PM 2,027 FindRN.bat
11/05/2011 12:19 PM 6,355 FixACLS.bat
05/27/2011 02:08 PM 1,588 FixAttr.bat
07/10/2008 01:50 AM 1,897 FixBagle.bat
01/27/2009 12:27 AM 3,765 fixBagle.reg
12/04/2010 06:42 PM 1,623 FixbamRC.bat
01/14/2009 12:28 AM 1,034 FixCF.bat
01/02/2009 09:44 PM 581 fixCF.reg
06/07/2007 01:14 AM 738 fixChode.reg
12/29/2008 01:29 AM 438 FixFA.bat
05/27/2011 01:35 PM 23,678 fixFA.reg
12/30/2011 02:53 AM 3,191 FixNet.bat
08/30/2011 11:41 PM 7,584 FixPerm.bat
08/14/2010 03:12 PM 439 FixSBM.bat
12/04/2006 02:20 PM 12,924 fixSBM.reg
12/12/2011 04:04 PM 107,019 FixW7BFE.reg
12/12/2011 04:05 PM 3,768 FixW7FW.reg
12/12/2011 04:05 PM 1,812 FixW7FWdrv.reg
12/12/2011 04:07 PM 469 FixWFW.bat
12/12/2011 12:38 AM 9,270 fixXPnetbt.reg
10/30/2006 12:17 PM 245,760 GetDetails.exe
01/27/2012 12:23 AM 11,238 GetLogs.Bat
12/23/2010 09:38 PM 3,054 GetMBR.bat
03/03/2012 01:31 AM 14,849 GetMsrv.bat
01/19/2012 02:31 AM 26,334 GetNetInf.bat
12/01/2011 02:37 AM 123,493 GetRunKey.bat
06/04/2012 06:51 PM 34 GetUnKey.txt
01/23/2009 05:00 PM 2,949 GetUnKeys.bat
04/14/2003 01:00 AM 80,412 grep.exe
12/01/2011 03:14 AM 125,169 GRK64.bat
06/22/2009 10:48 PM 393 hide.reg
06/04/2012 06:38 PM 8,149 hijackthis.log
04/07/2012 02:44 PM 55,636 history.txt
03/06/2009 03:30 AM 6,606 HTAfind.bat
04/02/2004 07:44 PM 1,756 IEFIX.reg
01/13/2005 10:41 PM 11,254 locate.com
10/28/1986 12:51 PM 13,184 ltime.exe
03/05/2010 12:39 AM 220 mbrfix.bat
04/07/2012 02:35 PM 6,092 MGclean.bat
01/26/2012 10:37 PM 6,878 MIalt.bat
01/25/2012 01:02 AM 15,116 MiscInfo.bat
06/04/2012 06:37 PM 74,245 miscinfo.txt
06/04/2012 06:37 PM 68,446 miscinfo2.txt
06/04/2012 06:37 PM 30,081 msrvlog.txt
06/04/2012 06:37 PM 7,313 msrvstate.txt
06/04/2012 06:37 PM 194,672 netinflong.txt
06/04/2012 06:37 PM 7,671 netinfo.txt
06/04/2012 06:37 PM 171,322 newfiles.txt
12/30/2011 05:18 PM 33,978 NwkTst.bat
06/04/2012 06:37 PM 11,152 nwktst.txt
12/22/2011 11:59 PM 3,029 perm.cmd
12/31/2011 08:09 PM 249,344 pevFind.exe
06/04/2012 06:40 PM 56,281 procdll.txt
06/05/2003 09:13 PM 53,248 Process.exe
08/01/2006 09:14 AM 6,656 ProcessDll.exe
04/18/2007 01:55 PM 145 Regfix.bat
07/30/2009 11:09 PM 497 RemMWS.bat
12/22/2011 05:09 PM 1,544 resetperm-x64.cmd
12/22/2011 04:59 PM 1,539 resetperm.cmd
06/15/2009 10:01 PM 195 RunMB.bat
06/04/2012 06:56 PM 52 scantime.txt
08/31/2000 09:00 AM 98,816 sed.exe
03/26/2012 11:00 PM 123,969 ShowNew.bat
03/26/2012 11:00 PM 135,249 SN64.bat
12/22/2011 01:31 AM 4,905 SRVen.bat
06/04/2012 06:40 PM 3,846 srven.txt
12/16/2007 06:36 PM 156,160 swreg.exe
12/16/2007 06:47 PM 66,048 swwhoami.exe
09/11/2009 12:37 AM 5,841 SysBU.bat
06/04/2012 06:40 PM 15,265,086 sysinfo.txt
09/10/2009 10:31 PM <DIR> temp
08/03/2007 05:11 PM 213 unhide.reg
05/30/2010 07:15 PM 1,755 UnKeys.bat
01/25/2012 01:22 AM 4,022 UserInfo.bat
06/04/2012 06:37 PM 9,310 UserInfo.txt
12/28/2007 03:42 PM 49,152 vfind.exe
12/28/2007 04:16 PM 861 VunFind.bat
06/04/2012 06:37 PM 551,389 winfiles.txt
06/04/2012 06:37 PM 137,418 winsock.txt
03/26/2012 09:58 PM 2,201 za.bat
06/04/2012 06:51 PM 294 zia04240
01/13/2005 10:41 PM 126,976 zip.exe
93 File(s) 19,139,985 bytes
3 Dir(s) 61,910,503,424 bytes free
******************************************************************************
******************************************************************************
* File Versions Used: *
* GetLogs.Bat - 01/27/2012 Version 2.39 *
* 32 bit Windows OS found *
* GetUnKeys.Bat - 01/23/2009 Version 0.19 *
* 32 bit Windows OS found *
* GetRunKey.bat - 12/01/2011 Version 2.64 *
* ShowNew.bat - 03/26/2012 Version 2.93 *
* UserInfo.Bat - 01/25/2012 Version 1.05 *
* NwkTst.bat - 12/30/2011 Version 0.34 *
* GetNetInf.bat - 01/19/2011 Version 0.13 *
* MiscInfo.Bat - 01/25/2012 Version 0.07 *
* MIalt.bat - 01/25/2012 Version 0.02 *
* SRVen.bat - 12/22/2011 Version 0.01 *
******************************************************************************
******************************************************************************
MGtools installation folder and files at End of Scans
******************************************************************************
Volume in drive C is ACER
Volume Serial Number is 7C0F-03FC
Directory of C:\MGtools
06/04/2012 07:07 PM <DIR> .
06/04/2012 07:07 PM <DIR> ..
04/23/2010 02:18 AM 388,608 analyse.exe
10/07/2010 01:11 AM 6,806 BamFix.bat
12/04/2010 06:49 PM 372 bamRCfix.txt
06/07/2007 01:24 AM 6,146 chodefix.bat
12/13/2009 04:25 PM 1,954 config.reg
10/13/2011 09:54 PM 3,114 DebugMGT.bat
08/01/2007 11:13 PM 120 DisableUAC.reg
08/07/2008 03:27 PM 61,440 download.exe
08/01/2007 11:13 PM 120 EnableUAC.reg
06/04/2012 07:03 PM 7,060 ffdata.txt
06/04/2012 07:07 PM 6,899 filelog.txt
04/18/2009 02:48 AM 320 FindOVL.bat
08/14/2010 03:40 PM 2,027 FindRN.bat
11/05/2011 12:19 PM 6,355 FixACLS.bat
05/27/2011 02:08 PM 1,588 FixAttr.bat
07/10/2008 01:50 AM 1,897 FixBagle.bat
01/27/2009 12:27 AM 3,765 fixBagle.reg
12/04/2010 06:42 PM 1,623 FixbamRC.bat
01/14/2009 12:28 AM 1,034 FixCF.bat
01/02/2009 09:44 PM 581 fixCF.reg
06/07/2007 01:14 AM 738 fixChode.reg
12/29/2008 01:29 AM 438 FixFA.bat
05/27/2011 01:35 PM 23,678 fixFA.reg
12/30/2011 02:53 AM 3,191 FixNet.bat
08/30/2011 11:41 PM 7,584 FixPerm.bat
08/14/2010 03:12 PM 439 FixSBM.bat
12/04/2006 02:20 PM 12,924 fixSBM.reg
12/12/2011 04:04 PM 107,019 FixW7BFE.reg
12/12/2011 04:05 PM 3,768 FixW7FW.reg
12/12/2011 04:05 PM 1,812 FixW7FWdrv.reg
12/12/2011 04:07 PM 469 FixWFW.bat
12/12/2011 12:38 AM 9,270 fixXPnetbt.reg
10/30/2006 12:17 PM 245,760 GetDetails.exe
01/27/2012 12:23 AM 11,238 GetLogs.Bat
12/23/2010 09:38 PM 3,054 GetMBR.bat
03/03/2012 01:31 AM 14,849 GetMsrv.bat
01/19/2012 02:31 AM 26,334 GetNetInf.bat
12/01/2011 02:37 AM 123,493 GetRunKey.bat
06/04/2012 06:56 PM 436,523 GetUnKey.txt
01/23/2009 05:00 PM 2,949 GetUnKeys.bat
04/14/2003 01:00 AM 80,412 grep.exe
12/01/2011 03:14 AM 125,169 GRK64.bat
06/22/2009 10:48 PM 393 hide.reg
06/04/2012 07:03 PM 8,587 hijackthis.log
04/07/2012 02:44 PM 55,636 history.txt
03/06/2009 03:30 AM 6,606 HTAfind.bat
04/02/2004 07:44 PM 1,756 IEFIX.reg
01/13/2005 10:41 PM 11,254 locate.com
10/28/1986 12:51 PM 13,184 ltime.exe
03/05/2010 12:39 AM 220 mbrfix.bat
04/07/2012 02:35 PM 6,092 MGclean.bat
01/26/2012 10:37 PM 6,878 MIalt.bat
01/25/2012 01:02 AM 15,116 MiscInfo.bat
06/04/2012 07:03 PM 85,570 miscinfo.txt
06/04/2012 07:03 PM 72,521 miscinfo2.txt
06/04/2012 07:03 PM 30,105 msrvlog.txt
06/04/2012 07:03 PM 7,289 msrvstate.txt
06/04/2012 07:03 PM 194,672 netinflong.txt
06/04/2012 07:03 PM 7,671 netinfo.txt
06/04/2012 07:03 PM 172,325 newfiles.txt
12/30/2011 05:18 PM 33,978 NwkTst.bat
06/04/2012 07:03 PM 9,105 nwktst.txt
12/22/2011 11:59 PM 3,029 perm.cmd
12/31/2011 08:09 PM 249,344 pevFind.exe
06/04/2012 07:07 PM 154,376 procdll.txt
06/05/2003 09:13 PM 53,248 Process.exe
08/01/2006 09:14 AM 6,656 ProcessDll.exe
04/18/2007 01:55 PM 145 Regfix.bat
07/30/2009 11:09 PM 497 RemMWS.bat
12/22/2011 05:09 PM 1,544 resetperm-x64.cmd
12/22/2011 04:59 PM 1,539 resetperm.cmd
06/04/2012 06:58 PM 65,370 runkeys.txt
06/15/2009 10:01 PM 195 RunMB.bat
06/04/2012 06:56 PM 52 scantime.txt
08/31/2000 09:00 AM 98,816 sed.exe
03/26/2012 11:00 PM 123,969 ShowNew.bat
03/26/2012 11:00 PM 135,249 SN64.bat
12/22/2011 01:31 AM 4,905 SRVen.bat
06/04/2012 07:07 PM 3,963 srven.txt
12/16/2007 06:36 PM 156,160 swreg.exe
12/16/2007 06:47 PM 66,048 swwhoami.exe
09/11/2009 12:37 AM 5,841 SysBU.bat
06/04/2012 07:06 PM 15,375,392 sysinfo.txt
06/04/2012 07:07 PM <DIR> temp
08/03/2007 05:11 PM 213 unhide.reg
05/30/2010 07:15 PM 1,755 UnKeys.bat
01/25/2012 01:22 AM 4,022 UserInfo.bat
06/04/2012 07:03 PM 9,264 UserInfo.txt
12/28/2007 03:42 PM 49,152 vfind.exe
12/28/2007 04:16 PM 861 VunFind.bat
06/04/2012 07:03 PM 551,389 winfiles.txt
06/04/2012 07:03 PM 137,418 winsock.txt
03/26/2012 09:58 PM 2,201 za.bat
06/04/2012 06:51 PM 294 zia04240
01/13/2005 10:41 PM 126,976 zip.exe
94 File(s) 19,871,781 bytes
3 Dir(s) 61,767,061,504 bytes free
******************************************************************************
Begin scan time
Mon 06/04/2012 at 18:56:09.16
End scan time
Mon 06/04/2012 at 19:07:02.22
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:03:57 PM, on 6/4/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Peter\Desktop\MGtools.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\ntvdm.exe
C:\Windows\Explorer.EXE
C:\MGTools\analyse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mls.gsmls.com/member/index.jsp/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [VitaKeyPdtWzd] "c:\Program Files\Acer Bio Protection\PdtWzd.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O9 - Extra button: (no name) - {316FDCC0-C0CC-4896-AACE-D073621B68C3} - C:\Users\Peter\Documents\Hostblock.exe (HKCU)
O9 - Extra 'Tools' menuitem: Hostblock - {316FDCC0-C0CC-4896-AACE-D073621B68C3} - C:\Users\Peter\Documents\Hostblock.exe (HKCU)
O9 - Extra button: Hostblock - {5213F412-918A-496c-B0E1-BC0CB8EE039D} - C:\Users\Peter\Documents\Hostblock.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.realtytools.com
O15 - Trusted Zone: http://*.toolkitcma.com
O15 - Trusted Zone: http://*.toolkitcma2.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 8586 bytes
-
MGtools produced a zip file -- many of the individual files are too large to post.
Is there a way for me to upload the zip file directly?
-
Upload the file to File Dropper (http://www.filedropper.com/)
Click Upload
Locate the file and double click it.
Copy the link under Share This Link: and post it back here.
-
http://www.filedropper.com/mglogs
-
I have sent a message to someone asking a second opinion. I will be back to you ASAP so don't think I am abandoning this topic please.
-
Please go to VirusTotal.com (http://www.virustotal.com/en/indexf.html)
(If more than one file needs scanned they must be done separately and logs posted for each one)
1. Copy the file path in the below Code box:
C:\Program Files\Common Files\Data\hd438A_module.dat
2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Next click Send File
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
This will perform a scan across multiple different virus scanning engines.
Important: Wait for all of the scanning engines to complete.
5. Copy and then Paste the link to the results in the next reply.
Important! If you get a page that says 'File has already been analysed' in the results then please use the Reanalyze option.
-
https://www.virustotal.com/file/db78a362f48ee8b0f1e71dcfed78fa3027d329e0c4c3d981ecd8dc447bfa43da/analysis/1338921212/
-
Many thanks to thisisu (http://forums.majorgeeks.com/member.php?u=57596) from MajorGeeks for his input.
@Peter Jordan - The file may not be malicious but is believed to be the problem so we need to remove it.
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
File::
C:\Program Files\Common Files\Data\hd438A_module.dat
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://img401.imageshack.us/img401/6433/cfscript.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
Let me know how the computer is doing now.
-
Wish I could report it helped, but no difference.
ComboFix 12-06-05.03 - Peter 06/05/2012 15:27:09.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.2065 [GMT -4:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
Command switches used :: c:\users\Peter\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Common Files\Data\hd438A_module.dat"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\1322197141.dll
c:\windows\system32\13382918041.dll
c:\windows\system32\17204299641.dll
c:\windows\system32\17385840641.dll
c:\windows\system32\22341217841.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2012-06-05 19:39 . 2012-06-05 19:39 -------- d-----w- c:\users\Peter\AppData\Local\temp
2012-06-05 19:39 . 2012-06-05 19:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-06-05 19:39 . 2012-06-05 19:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-05 19:39 . 2012-06-05 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-05 13:01 . 2012-06-05 13:02 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2012-06-05 12:47 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E81F26A-F463-425C-8AF2-E839A425D563}\mpengine.dll
2012-06-04 22:23 . 2012-06-04 23:51 -------- d-----w- C:\MGtools
2012-06-04 18:31 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-03 16:38 . 2012-06-05 19:23 -------- d-----w- c:\users\Peter\AppData\Local\CrashDumps
2012-06-03 16:26 . 2012-06-03 16:58 -------- d-----w- c:\programdata\Norton
2012-06-02 14:03 . 2012-06-02 14:03 -------- d-----w- c:\programdata\Sophos
2012-06-02 14:03 . 2012-06-02 18:11 -------- d-----w- c:\program files\Sophos
2012-06-02 13:27 . 2012-06-02 13:27 -------- d-----w- C:\VundoFix Backups
2012-06-01 01:23 . 2012-06-04 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-29 14:24 . 2012-05-29 14:24 -------- d-----w- c:\users\Peter\AppData\Roaming\SUPERAntiSpyware.com
2012-05-29 14:23 . 2012-06-04 15:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-26 23:36 . 2012-05-26 23:36 -------- d-----w- c:\program files\Trend Micro
2012-05-26 22:31 . 2012-05-26 22:31 -------- d-----w- c:\program files\Common Files\Java
2012-05-26 22:29 . 2012-05-26 22:29 -------- d-----w- c:\program files\Oracle
2012-05-26 22:28 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-17 11:42 . 2012-06-04 15:59 -------- d-----w- c:\program files\RemoteAutomator
2012-05-17 11:42 . 2012-05-26 18:58 -------- d-----w- c:\programdata\RemoteAutomator
2012-05-09 21:01 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 21:01 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 21:01 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 21:01 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 21:01 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 21:01 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 21:01 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 21:01 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 21:01 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:00 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 23:07 . 2012-06-04 22:33 1021195 ----a-w- C:\MGlogs.zip
2012-06-03 18:33 . 2010-06-24 15:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-05 10:39 . 2012-03-29 22:59 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:39 . 2011-05-13 13:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:47 . 2010-08-16 11:32 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-26 14:00 . 2012-04-13 11:20 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2011-02-27 00:14 . 2011-02-27 00:14 7808600 ----a-w- c:\program files\PowerPack3.exe
2011-02-27 00:13 . 2011-02-27 00:13 5404768 ----a-w- c:\program files\RegCleaner603.exe
2010-08-19 16:59 . 2010-08-19 16:59 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
2012-04-21 01:19 . 2012-06-02 19:30 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-08-19 16:59 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-06 7703072]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-08-06 3575808]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-28 1130504]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 421888]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2009-06-26 17:05 568072 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=
backup=c:\windows\pss\CaptureWiz.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-07-28 13:10 1406824 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 16:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-21 20:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Free]
2010-08-08 01:40 5324800 ----a-w- c:\program files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 Normandy;Normandy SR2;
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
R4 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-08-06 3453440]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-05-07 52128]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-05-07 42144]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:39]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-06-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 60fc887a-e1bc-430b-8168-7cc7eb16481f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-06-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c06bd2ec-6f4c-4c57-9272-dde63d1a23fb.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mls.gsmls.com/member/index.jsp/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8231A03-DFF0-4AB2-A7B4-7FC36769BFC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\m4fqy7os.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5696)
c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
Completion time: 2012-06-05 15:42:53
ComboFix-quarantined-files.txt 2012-06-05 19:42
ComboFix2.txt 2012-06-04 17:14
ComboFix3.txt 2012-06-04 12:41
ComboFix4.txt 2012-06-03 18:56
ComboFix5.txt 2012-06-05 19:25
.
Pre-Run: 61,042,704,384 bytes free
Post-Run: 60,731,781,120 bytes free
.
- - End Of File - - 5F95F421A2171DAEB7D9F9232C73D7E1
-
Are the errors still present?
-
Yes, everything's the same
-
Try this and see if the error still happens using the new user account.
How to create a new user account in Windows 7 and Windows Vista (http://www.bleepingcomputer.com/tutorials/create-new-user-account-in-windows-vista-7/)
-
Some interesting results...
At first, the url message would flash periodically under the new user account, but there was no disruptions to WE.
The same would occur in my primary account: I received Kaspersky's url warning, but Windows Explorer was unaffected.
However, switching back and forth between the accounts later on I noticed a warning would appear ONLY in the primary account and NOT in the new user account. No disruptions occur in either account to WE.
-
It sounds like the account has become corrupted.
Try this please. How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7 (http://support.microsoft.com/kb/929833)
-
completed system file checker and found no problems
-
WE closes now after each url warning.
Seems hopeless. Should I reinstall Windows 7? Not sure how to do so. It's an Acer TravelMate 5530 lap. Came with a recovery disc to downgrade to WinXP Professional, but no Windows 7.
Any suggestions?
-
I'm not sure what to do next. You might start a topic in the Windows 7 forum asking on re-install advice.
Or a last ditch effort would be trying the Kaspersky Forums (http://forum.kaspersky.com/). They might know of a fix since it's their software doing this.