Author Topic: Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down (Read 188347 times)

Peter Jordan · « **on:** May 26, 2012, 07:37:02 PM »

Just recently I have started receiving messages from Kaspersky indicating they have blocked a malicious URL from loading.

The message reads:

C:\\Windows\Explorer.Exe (PID:5084): Loading Object http:/...?worker.php?action=get%5Fscript%5Fhash...containing malicious URL
hXXp://76.191.112.2/scripts/worker.php?action=get %5F scrips %5hash&ver=1.1

Shortly afterwards, Windows Explorer shuts down and they restarts. This cycle repeats itself continuously.

I have conducted full scans using Kaspersky, Malewyrebytes, and Super-Antispyware, none of which detected anything.

A scan using Combofix did find and delete a dll called devil and the problem was remedied until the computer was rebooted at which point the issues recommenced.

Your help would be greatly appreciated.

<Mod Edit> - Malicious IP munged. Please do not intentionally post live links that are infected.

evilfantasy · « **Reply #1 on:** May 26, 2012, 09:21:37 PM »

76.191.112.2 is a dangerous IP addresses such as:

- Attackers who try to spy or remotely control others' computers by means such Microsoft remote terminal, SSH, Telnet or shared desktops.
- Threats for email servers or users: spiders/bots, account hijacking, etc.
- Sites spreading virus, trojans, spyware, etc. or just being used by them to let their authors know that a new computer has been infected.
- Threats for servers: exploits, fake identities/agents, DDoS attackers, etc.
- Port scans, which are the first step towards more dangerous actions.
- Malicious P2P sharers or bad peers who spread malware, inject bad traffic or share fake archives.

http://www.mywot.com/en/scorecard/76.191.112.2

Can you post the ComboFix log please. It can be found in C:\combofix.txt

Peter Jordan · « **Reply #2 on:** May 27, 2012, 05:04:17 AM »

ComboFix 12-05-26.02 - Peter 05/26/2012 7:42.9.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1857 [GMT -4:00]
Running from: c:\users\Peter\Downloads\ComboFix2.exe
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\11335636341.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-26 11:54 . 2012-05-26 11:54   --------   d-----w-   c:\users\Peter\AppData\Local\temp
2012-05-26 11:54 . 2012-05-26 11:54   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-26 11:54 . 2012-05-26 11:54   --------   d-----w-   c:\users\Public\AppData\Local\temp
2012-05-26 11:54 . 2012-05-26 11:54   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-05-25 12:00 . 2012-05-25 12:20   --------   d-----w-   C:\ComboFix2
2012-05-25 11:16 . 2012-05-08 16:40   6737808   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{A98B41E2-3CD0-436E-857D-6C3F85B85985}\mpengine.dll
2012-05-17 11:42 . 2012-05-17 11:42   --------   d-----w-   c:\programdata\RemoteAutomator
2012-05-17 11:42 . 2012-05-17 11:42   --------   d-----w-   c:\program files\RemoteAutomator
2012-05-09 21:01 . 2012-03-30 10:23   1291632   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-05-09 21:01 . 2012-03-31 04:29   936960   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 21:01 . 2012-03-31 04:30   1221632   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 21:01 . 2012-03-31 04:29   989184   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 21:01 . 2012-03-31 04:29   969216   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 21:01 . 2012-03-31 04:39   3968368   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-05-09 21:01 . 2012-03-31 04:39   3913072   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-05-09 21:01 . 2012-03-31 02:36   2343424   ----a-w-   c:\windows\system32\win32k.sys
2012-05-09 21:01 . 2012-03-17 07:27   56176   ----a-w-   c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:00 . 2012-03-03 05:31   1077248   ----a-w-   c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 10:39 . 2012-03-29 22:59   419488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:39 . 2011-05-13 13:08   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-09 00:21 . 2010-08-16 11:32   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2010-12-03 22:19   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-26 14:00 . 2012-04-13 11:20   112056   ----a-w-   c:\windows\system32\acaptuser32.dll
2012-03-01 05:46 . 2012-04-13 01:17   19824   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-13 01:17   172544   ----a-w-   c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-13 01:17   159232   ----a-w-   c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 01:17   5120   ----a-w-   c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-13 01:29   1799168   ----a-w-   c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-13 01:29   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 01:29   1127424   ----a-w-   c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-13 01:29   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-02-27 00:14 . 2011-02-27 00:14   7808600   ----a-w-   c:\program files\PowerPack3.exe
2011-02-27 00:13 . 2011-02-27 00:13   5404768   ----a-w-   c:\program files\RegCleaner603.exe
2010-08-19 16:59 . 2010-08-19 16:59   197632   ----a-w-   c:\program files\Common Files\OnlineFilesManager.dll
2012-04-25 16:31 . 2011-03-24 10:59   97208   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{64d23501-5195-4224-9446-e2b0fb64e859}"= "c:\program files\HiGames\tbHiGa.dll" [2009-10-27 2325528]
.
[HKEY_CLASSES_ROOT\clsid\{64d23501-5195-4224-9446-e2b0fb64e859}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64d23501-5195-4224-9446-e2b0fb64e859}]
2009-10-27 15:45   2325528   ----a-w-   c:\program files\HiGames\tbHiGa.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{64d23501-5195-4224-9446-e2b0fb64e859}"= "c:\program files\HiGames\tbHiGa.dll" [2009-10-27 2325528]
"{583F8E79-0A89-4EBA-9DE2-479E57F64506}"= "c:\users\Peter\Documents\AP_Rewards_AutoEARN\aanpb.dll" [2010-04-26 333192]
.
[HKEY_CLASSES_ROOT\clsid\{64d23501-5195-4224-9446-e2b0fb64e859}]
.
[HKEY_CLASSES_ROOT\clsid\{583f8e79-0a89-4eba-9de2-479e57f64506}]
[HKEY_CLASSES_ROOT\Loader.MToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{E6BDE3C5-7B88-43b4-AB35-8EEEAB2CED76}]
[HKEY_CLASSES_ROOT\Loader.MToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-08-19 16:59   197632   ----a-w-   c:\program files\Common Files\OnlineFilesManager.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
"aanpm"="c:\users\Peter\Documents\AP_Rewards_AutoEARN\aanpt.exe" [2010-04-26 574856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-23 740216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-06 7703072]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-08-06 3575808]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-28 1130504]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 421888]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2011-03-21 340520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files\NoMoreTime\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SYNND RemoteAutomator.lnk - c:\program files\RemoteAutomator\AppStart.exe [2012-5-17 28480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2009-06-26 17:05   568072   ----a-w-   c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=
backup=c:\windows\pss\CaptureWiz.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aanpm]
2010-04-26 23:10   574856   ----a-w-   c:\users\Peter\Documents\AP_Rewards_AutoEARN\aanpt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28   59240   ----a-w-   c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08   1259376   ----a-w-   c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-07-28 13:10   1406824   ----a-w-   c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05   421736   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56   462408   ----a-w-   c:\program files\NoMoreTime\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 19:56   981680   ----a-w-   c:\program files\NoMoreTime\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 16:30   59240   ----a-w-   c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-01-13 15:41   2424560   ----a-w-   c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2010-11-24 20:26   1233856   ----a-w-   c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-02-23 11:11   740216   ----a-w-   c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Free]
2010-08-08 01:40   5324800   ----a-w-   c:\program files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SABKUTIL;SABKUTIL;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-19 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
R4 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-08-06 3453440]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MBAMService;MBAMService;c:\program files\NoMoreTime\mbamservice.exe [2012-04-04 654408]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-05-07 52128]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-05-07 42144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ     SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HsfXAudioService   REG_MULTI_SZ     HsfXAudioService
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:39]
.
2012-05-26 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-06-29 17:37]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mls.gsmls.com/member/index.jsp
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8231A03-DFF0-4AB2-A7B4-7FC36769BFC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} - hxxp://www2.stlu.com/plugins/Plugin0501.0125/streetnoagent7.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://msx.mlxchange.com/5.5.07.24643/Control/IRCSharc.cab
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\m4fqy7os.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-26 07:58:06
ComboFix-quarantined-files.txt 2012-05-26 11:58
ComboFix2.txt 2012-05-26 11:04
ComboFix3.txt 2012-05-25 12:20
ComboFix4.txt 2011-08-05 13:31
ComboFix5.txt 2012-05-26 11:40
.
Pre-Run: 58,943,561,728 bytes free
Post-Run: 58,867,740,672 bytes free
.
- - End Of File - - 535A778FB9CA6625142A2E97D153F3BC

evilfantasy · « **Reply #3 on:** May 27, 2012, 02:48:05 PM »

Are you able to get online with the computer?

If so:

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

Peter Jordan · « **Reply #4 on:** May 31, 2012, 06:42:55 AM »

Sorry for the delay but I was only recently able to run a full scan online.

Thanks for your patience.

C:\Users\Peter\AppData\Local\temp\hdF7B7.tmp probably unknown NewHeur_PE virus

evilfantasy · « **Reply #5 on:** May 31, 2012, 12:41:55 PM »

ComboFix- be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure to save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.

When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

----------

Download DDS from |HERE| or |HERE| and save it to your desktop.

Vista and Windows 7 users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

----------

Please add all 3 logs in the next reply.

Peter Jordan · « **Reply #6 on:** May 31, 2012, 05:25:07 PM »

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Peter at 19:27:42 on 2012-05-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1737 [GMT -4:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Acer Bio Protection\CompPtcVUI.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\Dwm.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Windows\system32\taskhost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mls.gsmls.com/member/index.jsp/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
uRun: [Jing] c:\program files\techsmith\jing\Jing.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [VitaKeyPdtWzd] "c:\program files\acer bio protection\PdtWzd.exe"
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\peter\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{CA7B98B4-C4D7-4F55-B82D-B7BDC61C4E3F} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{CA7B98B4-C4D7-4F55-B82D-B7BDC61C4E3F}\05E4A405 : DhcpNameServer = 192.168.126.1
TCP: Interfaces\{CA7B98B4-C4D7-4F55-B82D-B7BDC61C4E3F}\07E6A607 : DhcpNameServer = 192.168.126.1
TCP: Interfaces\{CA7B98B4-C4D7-4F55-B82D-B7BDC61C4E3F}\876696E696479777966696 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8231A03-DFF0-4AB2-A7B4-7FC36769BFC9} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\peter\appdata\roaming\mozilla\firefox\profiles\m4fqy7os.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstm32.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-23 176128]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-5-31 260648]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-5-7 52128]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-5-7 42144]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-10-23 27320]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 257696]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-10-23 29472]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-20 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-19 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-10-6 24576]
S4 Greg_Service;GRegService;c:\program files\acer\registration\GregHSRW.exe [2009-8-28 1150496]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-17 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-17 135664]
S4 IGBASVC;EgisTec Service;c:\program files\acer bio protection\BASVC.exe [2009-8-5 3453440]
S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2009-6-17 50432]
S4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2009-6-17 144640]
S4 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-10-23 253952]
S4 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2009-9-24 240160]
.
=============== Created Last 30 ================
.
2012-05-31 23:15:27   --------   d-----w-   c:\users\peter\appdata\local\temp
2012-05-31 23:15:26   --------   d-sh--w-   C:\$RECYCLE.BIN
2012-05-31 22:57:08   --------   d-----w-   C:\ComboFix
2012-05-31 16:43:16   208896   ----a-w-   c:\windows\MBR.exe
2012-05-31 16:43:15   98816   ----a-w-   c:\windows\sed.exe
2012-05-31 16:43:15   518144   ----a-w-   c:\windows\SWREG.exe
2012-05-31 16:43:15   256000   ----a-w-   c:\windows\PEV.exe
2012-05-29 14:24:12   --------   d-----w-   c:\users\peter\appdata\roaming\SUPERAntiSpyware.com
2012-05-29 14:23:51   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-05-29 11:22:53   6737808   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{2bae9a0a-5c89-43b5-be19-958e7a4bc1dc}\mpengine.dll
2012-05-28 17:11:10   --------   d-----w-   C:\sh4ldr
2012-05-28 17:09:44   --------   d-----w-   c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-05-26 23:36:01   --------   d-----w-   c:\program files\Trend Micro
2012-05-26 22:29:48   --------   d-----w-   c:\program files\Oracle
2012-05-26 22:28:28   772504   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-05-26 14:21:59   --------   d-----w-   C:\ComboFix29460C
2012-05-26 11:40:37   --------   d-----w-   C:\ComboFix29482C
2012-05-26 11:34:12   --------   d-----w-   C:\ComboFix231802C
2012-05-26 10:47:26   --------   d-----w-   C:\ComboFix21380C
2012-05-25 12:00:58   --------   d-----w-   C:\ComboFix2
2012-05-17 11:42:16   --------   d-----w-   c:\programdata\RemoteAutomator
2012-05-17 11:42:16   --------   d-----w-   c:\program files\RemoteAutomator
2012-05-09 21:01:25   1291632   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-05-09 21:01:19   936960   ----a-w-   c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-09 21:01:18   1221632   ----a-w-   c:\program files\windows journal\NBDoc.DLL
2012-05-09 21:01:17   989184   ----a-w-   c:\program files\windows journal\JNTFiltr.dll
2012-05-09 21:01:17   969216   ----a-w-   c:\program files\windows journal\JNWDRV.dll
2012-05-09 21:01:09   3968368   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-05-09 21:01:08   3913072   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-05-09 21:01:08   2343424   ----a-w-   c:\windows\system32\win32k.sys
2012-05-09 21:01:00   56176   ----a-w-   c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:00:59   1077248   ----a-w-   c:\windows\system32\DWrite.dll
.
==================== Find3M ====================
.
2012-05-05 10:39:09   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 10:39:09   419488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-04-04 22:47:02   687504   ----a-w-   c:\windows\system32\deployJava1.dll
2012-03-26 14:00:41   112056   ----a-w-   c:\windows\system32\acaptuser32.dll
2011-02-27 00:14:39   7808600   ----a-w-   c:\program files\PowerPack3.exe
2011-02-27 00:13:20   5404768   ----a-w-   c:\program files\RegCleaner603.exe
2010-08-19 16:59:19   197632   ----a-w-   c:\program files\common files\OnlineFilesManager.dll
.
============= FINISH: 19:29:06.27 ===============

Peter Jordan · « **Reply #7 on:** May 31, 2012, 05:26:22 PM »

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/17/2010 9:06:52 PM
System Uptime: 5/31/2012 7:19:52 PM (0 hours ago)
.
Motherboard: Acer | | Olan
Processor: AMD Athlon(tm) X2 Dual-Core QL-65 | Socket S1G2 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 70.599 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SABKUTIL
Device ID: ROOT\LEGACY_SABKUTIL\0000
Manufacturer:
Name: SABKUTIL
PNP Device ID: ROOT\LEGACY_SABKUTIL\0000
Service: SABKUTIL
.
==== System Restore Points ===================
.
RP535: 5/31/2012 8:17:35 AM - New
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
32 Bit HP CIO Components Installer
7-Zip 9.20
Able2Extract Professional v5.0
AC3Filter ACM AC3/DTS codec (remove only)
Acer Assist
Acer Bio Protection
Acer Crystal Eye Webcam
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer GridVista
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Allok Video Joiner 4.0.1019
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Bonjour
Broadcom Gigabit Integrated Controller
Business Contact Manager for Outlook 2007 SP2
CamStudio
Camtasia Studio 7
CaptureWizPro 4.30
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDex - Open Source Digital Audio CD Extractor
CuratorUtilities
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectVobSub (remove only)
DivX Setup
Dropbox
DVD Flick 1.3.0.7
Easy Video Joiner 5.21
Elite Proxy Switcher 1.10
Email Verifier
Encoder
eSobi v2
EZ MPEG TO AVI Converter 3.00
FastStone Image Viewer 4.2
Final Media Player 2010
Fingerprint Solution
Free Mp3 Wma Converter V 1.9
Free Video to MP3 Converter version 4.0
Free YouTube to MP3 Converter version 3.10.15.1228
Garmin Lifetime Updater
GIMP 2.6.11
Google Update Helper
GoToMeeting 5.1.0.880
HandBrake 0.9.5
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
HP Color LaserJet 3600 (02/27/2007 61.063.461.41)
iCloud
Identity Card
ImgBurn
InterVideo WinDVD 8
iTunes
IZArc 4.1.2
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 7 Update 4
JavaFX 2.1.0
Jing
Junk Mail filter update
K-Lite Codec Pack 6.3.0 (Basic)
Kaspersky Anti-Virus 2010
Kyocera Product Library
LameXP
Learn.com Player (Uninstall Only)
LockHunter version 1.0 beta 3, 32 bit edition
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Edition 2003
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft PowerPoint 2010
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ Run Time Lib Setup
mkv2vob
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Shadow
O2Micro Flash Memory Card Reader Driver
OGA Notifier 2.0.0048.0
OJOsoft DVD AVI Converter Suite
OJOsoft MKV Converter
OJOsoft Total Video Converter
PageOne Curator
Photozig Albums 1.0
QuickTime
Real Alternative 2.0.2
Realtek High Definition Audio Driver
RER Video Converter
Safari
save2pc Light 4.14
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
SEO SpyGlass
SliQ Submitter Plus
SPBA 5.8
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
TextPad 5
The Ultimate Troubleshooter
ToolkitCMA
TOP YouTube Downloader V1.0.0
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Video mp3 Extractor
VLC media player 1.1.4
Voxware Audio decoder 1.6
Welcome Center
WIDCOMM Bluetooth Software
Win7codecs
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
WinZip 14.5
Wisdom-soft Set up ScreenHunter 5.1 Free
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
5/31/2012 7:22:56 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
5/31/2012 7:21:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/31/2012 7:20:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL
5/31/2012 7:11:47 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/30/2012 2:14:54 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
5/29/2012 9:05:49 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
5/29/2012 4:28:03 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.104, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
5/28/2012 9:21:15 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-01D72DB4B8 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CA7B98B4-C4D7-4F55-B82D-B7. The master browser is stopping or an election is being forced.
5/26/2012 7:44:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x000000ff, 0x00000008, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052612-26676-01.
5/26/2012 7:29:17 AM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

Peter Jordan · « **Reply #8 on:** May 31, 2012, 05:27:32 PM »

ComboFix 12-05-31.02 - Peter 05/31/2012 18:58:35.13.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1741 [GMT -4:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))))
.
.
2012-05-31 23:11 . 2012-05-31 23:11   --------   d-----w-   c:\users\Peter\AppData\Local\temp
2012-05-31 23:11 . 2012-05-31 23:11   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-31 23:11 . 2012-05-31 23:11   --------   d-----w-   c:\users\Public\AppData\Local\temp
2012-05-31 23:11 . 2012-05-31 23:11   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-05-29 14:24 . 2012-05-29 14:24   --------   d-----w-   c:\users\Peter\AppData\Roaming\SUPERAntiSpyware.com
2012-05-29 14:23 . 2012-05-29 14:24   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-05-29 11:22 . 2012-05-08 16:40   6737808   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BAE9A0A-5C89-43B5-BE19-958E7A4BC1DC}\mpengine.dll
2012-05-28 17:11 . 2012-05-31 11:28   --------   d-----w-   C:\sh4ldr
2012-05-28 17:09 . 2012-05-31 12:10   --------   d-----w-   c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-05-26 23:36 . 2012-05-26 23:36   --------   d-----w-   c:\program files\Trend Micro
2012-05-26 22:31 . 2012-05-26 22:31   --------   d-----w-   c:\program files\Common Files\Java
2012-05-26 22:29 . 2012-05-26 22:29   --------   d-----w-   c:\program files\Oracle
2012-05-26 22:28 . 2012-04-04 22:47   772504   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-05-17 11:42 . 2012-05-26 18:58   --------   d-----w-   c:\program files\RemoteAutomator
2012-05-17 11:42 . 2012-05-26 18:58   --------   d-----w-   c:\programdata\RemoteAutomator
2012-05-09 21:01 . 2012-03-30 10:23   1291632   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-05-09 21:01 . 2012-03-31 04:29   936960   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 21:01 . 2012-03-31 04:30   1221632   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 21:01 . 2012-03-31 04:29   989184   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 21:01 . 2012-03-31 04:29   969216   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 21:01 . 2012-03-31 04:39   3968368   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-05-09 21:01 . 2012-03-31 04:39   3913072   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-05-09 21:01 . 2012-03-31 02:36   2343424   ----a-w-   c:\windows\system32\win32k.sys
2012-05-09 21:01 . 2012-03-17 07:27   56176   ----a-w-   c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:00 . 2012-03-03 05:31   1077248   ----a-w-   c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 10:39 . 2012-03-29 22:59   419488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:39 . 2011-05-13 13:08   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:47 . 2010-08-16 11:32   687504   ----a-w-   c:\windows\system32\deployJava1.dll
2012-03-26 14:00 . 2012-04-13 11:20   112056   ----a-w-   c:\windows\system32\acaptuser32.dll
2011-02-27 00:14 . 2011-02-27 00:14   7808600   ----a-w-   c:\program files\PowerPack3.exe
2011-02-27 00:13 . 2011-02-27 00:13   5404768   ----a-w-   c:\program files\RegCleaner603.exe
2010-08-19 16:59 . 2010-08-19 16:59   197632   ----a-w-   c:\program files\Common Files\OnlineFilesManager.dll
2012-04-25 16:31 . 2011-03-24 10:59   97208   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-08-19 16:59   197632   ----a-w-   c:\program files\Common Files\OnlineFilesManager.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-06 7703072]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-08-06 3575808]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-28 1130504]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 421888]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2011-03-21 340520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2009-06-26 17:05   568072   ----a-w-   c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=
backup=c:\windows\pss\CaptureWiz.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28   59240   ----a-w-   c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08   1259376   ----a-w-   c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-07-28 13:10   1406824   ----a-w-   c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05   421736   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 16:30   59240   ----a-w-   c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-21 20:38   3905920   ----a-w-   c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Free]
2010-08-08 01:40   5324800   ----a-w-   c:\program files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SABKUTIL;SABKUTIL;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-19 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
R4 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-08-06 3453440]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-05-07 52128]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-05-07 42144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ     SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HsfXAudioService   REG_MULTI_SZ     HsfXAudioService
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:39]
.
2012-05-31 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-06-29 17:37]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-05-30 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 60fc887a-e1bc-430b-8168-7cc7eb16481f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-05-31 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c06bd2ec-6f4c-4c57-9272-dde63d1a23fb.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mls.gsmls.com/member/index.jsp/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8231A03-DFF0-4AB2-A7B4-7FC36769BFC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\m4fqy7os.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-TweakNow PowerPack 2011_is1 - c:\program files\TweakNow PowerPack 2011\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-31 19:15:23
ComboFix-quarantined-files.txt 2012-05-31 23:15
ComboFix2.txt 2012-05-31 17:02
.
Pre-Run: 75,732,156,416 bytes free
Post-Run: 75,668,303,872 bytes free
.
- - End Of File - - 05E4C3665415651A4C88642E1A9BDCAF

evilfantasy · « **Reply #9 on:** May 31, 2012, 05:47:17 PM »

If you already have Malwarebytes be sure to update it before running the scan!

Download Malwarebytes' Anti-Malware (MBAM)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to the following:

* Update Malwarebytes' Anti-Malware
* Launch Malwarebytes' Anti-Malware

* Then click Finish
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

----------

Download TDSSKiller.exe (v2.4.0.0) from Kaspersky Labs and save it to your desktop. <-Important!!!

* Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator
* If TDSSKiller does not run, try renaming it.
* To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension
* Click the Start Scan button.
* Do not use the computer during the scan.
* If the scan completes with nothing found, click Close to exit.
* If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
* Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
* A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_14.17.05_ log.txt) will be created and saved to the root directory ( usually Local Disk C ).
* Post this log to your next message.

If needed see the TDSS Rootkit Removing Tool website for detailed instructions on running TDSSkiller.

Peter Jordan · « **Reply #10 on:** May 31, 2012, 07:58:03 PM »

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.31.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Peter :: PETER-PC [administrator]

5/31/2012 9:25:20 PM
mbam-log-2012-05-31 (21-25-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208274
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Peter Jordan · « **Reply #11 on:** May 31, 2012, 07:59:45 PM »

21:55:33.0773 5604   System windows directory: C:\Windows
21:55:33.0773 5604   Processor architecture: Intel x86
21:55:33.0773 5604   Number of processors: 2
21:55:33.0773 5604   Page size: 0x1000
21:55:33.0773 5604   Boot type: Normal boot
21:55:33.0773 5604   ============================================================
21:55:35.0234 5604   Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:55:35.0238 5604   ============================================================
21:55:35.0238 5604   \Device\Harddisk0\DR0:
21:55:35.0239 5604   MBR partitions:
21:55:35.0239 5604   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
21:55:35.0239 5604   \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x1BA22970
21:55:35.0239 5604   ============================================================
21:55:35.0282 5604   C: <-> \Device\Harddisk0\DR0\Partition1
21:55:35.0283 5604   ============================================================
21:55:35.0283 5604   Initialize success
21:55:35.0283 5604   ============================================================
21:56:22.0285 1072   ============================================================
21:56:22.0285 1072   Scan started
21:56:22.0285 1072   Mode: Manual; SigCheck; TDLFS;
21:56:22.0285 1072   ============================================================
21:56:23.0539 1072   !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:56:23.0743 1072   !SASCORE - ok
21:56:23.0914 1072   1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:56:24.0264 1072   1394ohci - ok
21:56:24.0325 1072   ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:56:24.0411 1072   ACPI - ok
21:56:24.0427 1072   AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:56:24.0551 1072   AcpiPmi - ok
21:56:24.0691 1072   AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:56:24.0839 1072   AdobeARMservice - ok
21:56:24.0964 1072   AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:56:25.0016 1072   AdobeFlashPlayerUpdateSvc - ok
21:56:25.0073 1072   adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:56:25.0108 1072   adp94xx - ok
21:56:25.0136 1072   adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:56:25.0169 1072   adpahci - ok
21:56:25.0186 1072   adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:56:25.0221 1072   adpu320 - ok
21:56:25.0256 1072   AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:56:25.0330 1072   AeLookupSvc - ok
21:56:25.0393 1072   AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:56:25.0641 1072   AFD - ok
21:56:25.0676 1072   agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:56:25.0761 1072   agp440 - ok
21:56:25.0782 1072   aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:56:25.0810 1072   aic78xx - ok
21:56:25.0843 1072   ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:56:25.0974 1072   ALG - ok
21:56:26.0052 1072   aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:56:26.0151 1072   aliide - ok
21:56:26.0189 1072   AMD External Events Utility (92543da5bb9775978fdbc1650c24a058) C:\Windows\system32\atiesrxx.exe
21:56:26.0361 1072   AMD External Events Utility - ok
21:56:26.0459 1072   amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:56:26.0676 1072   amdagp - ok
21:56:26.0769 1072   amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:56:26.0968 1072   amdide - ok
21:56:27.0066 1072   AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:56:27.0174 1072   AmdK8 - ok
21:56:27.0193 1072   AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:56:27.0223 1072   AmdPPM - ok
21:56:27.0238 1072   amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:56:27.0437 1072   amdsata - ok
21:56:27.0475 1072   amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:56:27.0507 1072   amdsbs - ok
21:56:27.0530 1072   amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:56:27.0745 1072   amdxata - ok
21:56:27.0785 1072   AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:56:27.0984 1072   AppID - ok
21:56:28.0059 1072   AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:56:28.0112 1072   AppIDSvc - ok
21:56:28.0156 1072   Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:56:28.0245 1072   Appinfo - ok
21:56:28.0390 1072   Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:56:28.0518 1072   Apple Mobile Device - ok
21:56:28.0635 1072   AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
21:56:28.0893 1072   AppMgmt - ok
21:56:28.0972 1072   arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:56:29.0002 1072   arc - ok
21:56:29.0021 1072   arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:56:29.0067 1072   arcsas - ok
21:56:29.0201 1072   aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:56:29.0620 1072   aspnet_state - ok
21:56:29.0646 1072   AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:56:29.0964 1072   AsyncMac - ok
21:56:30.0003 1072   atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:56:30.0289 1072   atapi - ok
21:56:30.0415 1072   athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
21:56:30.0618 1072   athr - ok
21:56:30.0773 1072   AtiHdmiService (bb9e7c7f937714f05a4e05c287d6ddff) C:\Windows\system32\drivers\AtiHdmi.sys
21:56:31.0436 1072   AtiHdmiService - ok
21:56:31.0857 1072   atikmdag (632a5be70d168b84f658a82ac8dbbead) C:\Windows\system32\DRIVERS\atikmdag.sys
21:56:32.0054 1072   atikmdag - ok
21:56:32.0286 1072   AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:56:32.0351 1072   AtiPcie - ok
21:56:32.0516 1072   AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:56:32.0678 1072   AudioEndpointBuilder - ok
21:56:32.0687 1072   Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:56:32.0735 1072   Audiosrv - ok
21:56:32.0888 1072   AVP (df9586377384df3808d42090242cc23b) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
21:56:32.0960 1072   AVP - ok
21:56:33.0014 1072   AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:56:33.0151 1072   AxInstSV - ok
21:56:33.0283 1072   b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:56:33.0366 1072   b06bdrv - ok
21:56:33.0401 1072   b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:56:33.0428 1072   b57nd60x - ok
21:56:33.0532 1072   BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:56:33.0580 1072   BcmSqlStartupSvc - ok
21:56:33.0611 1072   BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:56:33.0730 1072   BDESVC - ok
21:56:33.0823 1072   Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:56:33.0868 1072   Beep - ok
21:56:34.0168 1072   BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:56:34.0260 1072   BFE - ok
21:56:34.0316 1072   BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
21:56:34.0398 1072   BITS - ok
21:56:34.0414 1072   blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:56:34.0465 1072   blbdrive - ok
21:56:34.0607 1072   Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:56:34.0653 1072   Bonjour Service - ok
21:56:34.0710 1072   bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:56:34.0995 1072   bowser - ok
21:56:35.0026 1072   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:56:35.0100 1072   BrFiltLo - ok
21:56:35.0128 1072   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:56:35.0155 1072   BrFiltUp - ok
21:56:35.0219 1072   BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
21:56:35.0298 1072   BridgeMP - ok
21:56:35.0355 1072   Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:56:35.0437 1072   Browser - ok
21:56:35.0482 1072   Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:56:35.0537 1072   Brserid - ok
21:56:35.0566 1072   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:56:35.0595 1072   BrSerWdm - ok
21:56:35.0613 1072   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:56:35.0642 1072   BrUsbMdm - ok
21:56:35.0652 1072   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:56:35.0680 1072   BrUsbSer - ok
21:56:35.0727 1072   BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
21:56:35.0790 1072   BthEnum - ok
21:56:35.0818 1072   BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:56:35.0847 1072   BTHMODEM - ok
21:56:35.0874 1072   BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
21:56:35.0996 1072   BthPan - ok
21:56:36.0069 1072   BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
21:56:36.0152 1072   BTHPORT - ok
21:56:36.0184 1072   bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:56:36.0232 1072   bthserv - ok
21:56:36.0281 1072   BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
21:56:36.0424 1072   BTHUSB - ok
21:56:36.0455 1072   btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
21:56:36.0525 1072   btwaudio - ok
21:56:36.0550 1072   btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys
21:56:36.0631 1072   btwavdt - ok
21:56:36.0736 1072   btwdins (528aaea4bea415f7dbc30653ef2cdca5) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:56:36.0803 1072   btwdins - ok
21:56:36.0828 1072   btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:56:36.0903 1072   btwl2cap - ok
21:56:36.0915 1072   btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
21:56:36.0984 1072   btwrchid - ok
21:56:37.0092 1072   catchme - ok
21:56:37.0138 1072   cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:56:37.0207 1072   cdfs - ok
21:56:37.0256 1072   cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:56:37.0389 1072   cdrom - ok
21:56:37.0435 1072   CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:56:37.0524 1072   CertPropSvc - ok
21:56:37.0540 1072   circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:56:37.0571 1072   circlass - ok
21:56:37.0614 1072   CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:56:37.0644 1072   CLFS - ok
21:56:37.0724 1072   clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:56:37.0763 1072   clr_optimization_v2.0.50727_32 - ok
21:56:37.0839 1072   clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:56:37.0895 1072   clr_optimization_v4.0.30319_32 - ok
21:56:37.0928 1072   CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:56:37.0956 1072   CmBatt - ok
21:56:38.0002 1072   cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:56:38.0072 1072   cmdide - ok
21:56:38.0141 1072   CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:56:38.0222 1072   CNG - ok
21:56:38.0235 1072   Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:56:38.0260 1072   Compbatt - ok
21:56:38.0301 1072   CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:56:38.0488 1072   CompositeBus - ok
21:56:38.0493 1072   COMSysApp - ok
21:56:38.0542 1072   crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:56:38.0564 1072   crcdisk - ok
21:56:38.0622 1072   CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
21:56:38.0702 1072   CryptSvc - ok
21:56:38.0771 1072   CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:56:38.0859 1072   CSC - ok
21:56:38.0912 1072   CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
21:56:38.0989 1072   CscService - ok
21:56:39.0029 1072   DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:56:39.0078 1072   DcomLaunch - ok
21:56:39.0120 1072   defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:56:39.0171 1072   defragsvc - ok
21:56:39.0248 1072   DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:56:39.0322 1072   DfsC - ok
21:56:39.0371 1072   Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:56:39.0449 1072   Dhcp - ok
21:56:39.0474 1072   discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:56:39.0528 1072   discache - ok
21:56:39.0562 1072   Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:56:39.0612 1072   Disk - ok
21:56:39.0645 1072   DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
21:56:39.0727 1072   DKbFltr - ok
21:56:39.0791 1072   Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:56:39.0983 1072   Dnscache - ok
21:56:40.0055 1072   dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:56:40.0150 1072   dot3svc - ok
21:56:40.0208 1072   DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:56:40.0306 1072   DPS - ok
21:56:40.0331 1072   drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:56:40.0361 1072   drmkaud - ok
21:56:40.0403 1072   dwshd - ok
21:56:40.0527 1072   DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:56:40.0622 1072   DXGKrnl - ok
21:56:40.0677 1072   EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:56:40.0743 1072   EapHost - ok
21:56:41.0013 1072   ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:56:41.0086 1072   ebdrv - ok
21:56:41.0233 1072   EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:56:41.0362 1072   EFS - ok
21:56:41.0498 1072   ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:56:41.0621 1072   ehRecvr - ok
21:56:41.0654 1072   ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:56:41.0749 1072   ehSched - ok
21:56:41.0849 1072   elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:56:41.0912 1072   elxstor - ok
21:56:41.0953 1072   ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:56:42.0047 1072   ErrDev - ok
21:56:42.0124 1072   esgiguard - ok
21:56:42.0197 1072   ETService (2f6d55dc521c557880116b51925a792a) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
21:56:42.0253 1072   ETService ( UnsignedFile.Multi.Generic ) - warning
21:56:42.0253 1072   ETService - detected UnsignedFile.Multi.Generic (1)
21:56:42.0317 1072   EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:56:42.0385 1072   EventSystem - ok
21:56:42.0427 1072   exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:56:42.0475 1072   exfat - ok
21:56:42.0506 1072   fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:56:42.0551 1072   fastfat - ok
21:56:42.0645 1072   Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:56:42.0753 1072   Fax - ok
21:56:42.0773 1072   fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:56:42.0801 1072   fdc - ok
21:56:42.0826 1072   fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:56:42.0875 1072   fdPHost - ok
21:56:42.0892 1072   FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:56:43.0006 1072   FDResPub - ok
21:56:43.0022 1072   FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:56:43.0049 1072   FileInfo - ok
21:56:43.0068 1072   Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:56:43.0112 1072   Filetrace - ok
21:56:43.0132 1072   flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:56:43.0159 1072   flpydisk - ok
21:56:43.0188 1072   FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:56:43.0215 1072   FltMgr - ok
21:56:43.0322 1072   FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:56:43.0539 1072   FontCache - ok
21:56:43.0618 1072   FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:56:43.0661 1072   FontCache3.0.0.0 - ok
21:56:43.0694 1072   FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:56:43.0720 1072   FsDepends - ok
21:56:43.0770 1072   Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:56:43.0847 1072   Fs_Rec - ok
21:56:43.0910 1072   fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:56:43.0993 1072   fvevol - ok
21:56:44.0010 1072   gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:56:44.0034 1072   gagp30kx - ok
21:56:44.0078 1072   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:56:44.0099 1072   GEARAspiWDM - ok
21:56:44.0362 1072   gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:56:44.0464 1072   gpsvc - ok
21:56:44.0619 1072   Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files\Acer\Registration\GregHSRW.exe
21:56:44.0690 1072   Greg_Service - ok
21:56:44.0774 1072   gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:56:44.0850 1072   gupdate - ok
21:56:44.0898 1072   gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:56:44.0936 1072   gupdatem - ok
21:56:45.0074 1072   hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:56:45.0153 1072   hcw85cir - ok
21:56:45.0222 1072   HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:56:45.0331 1072   HdAudAddService - ok
21:56:45.0432 1072   HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:56:45.0553 1072   HDAudBus - ok
21:56:45.0573 1072   HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:56:45.0600 1072   HidBatt - ok
21:56:45.0627 1072   HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:56:45.0658 1072   HidBth - ok
21:56:45.0668 1072   HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:56:45.0699 1072   HidIr - ok
21:56:45.0728 1072   hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
21:56:45.0776 1072   hidserv - ok
21:56:45.0789 1072   HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:56:45.0863 1072   HidUsb - ok
21:56:45.0915 1072   hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:56:45.0994 1072   hkmsvc - ok
21:56:46.0020 1072   HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:56:46.0142 1072   HomeGroupListener - ok
21:56:46.0237 1072   HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:56:46.0266 1072   HomeGroupProvider - ok
21:56:46.0314 1072   HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:56:46.0421 1072   HpSAMD - ok
21:56:46.0468 1072   HsfXAudioService (210388fd8225b02bd83d77628aae64a9) C:\Windows\system32\XAudio32.dll
21:56:46.0630 1072   HsfXAudioService - ok
21:56:46.0787 1072   HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:56:46.0921 1072   HSF_DPV - ok
21:56:47.0036 1072   HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:56:47.0127 1072   HSXHWAZL - ok
21:56:47.0208 1072   HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:56:47.0285 1072   HTTP - ok
21:56:47.0333 1072   hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:56:47.0408 1072   hwpolicy - ok
21:56:47.0467 1072   i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:56:47.0562 1072   i8042prt - ok
21:56:47.0605 1072   iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:56:47.0681 1072   iaStorV - ok
21:56:47.0842 1072   idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:56:47.0918 1072   idsvc - ok
21:56:48.0287 1072   IGBASVC (884243a20eccf90f747854e2f0954719) c:\Program Files\Acer Bio Protection\BASVC.exe
21:56:48.0381 1072   IGBASVC ( UnsignedFile.Multi.Generic ) - warning
21:56:48.0382 1072   IGBASVC - detected UnsignedFile.Multi.Generic (1)
21:56:48.0939 1072   igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:56:49.0047 1072   igfx - ok
21:56:49.0247 1072   iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:56:49.0289 1072   iirsp - ok
21:56:49.0546 1072   IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:56:49.0656 1072   IKEEXT - ok
21:56:49.0687 1072   int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys
21:56:49.0738 1072   int15 - ok
21:56:49.0943 1072   IntcAzAudAddService (b29e79c67f3779e70ba187e31b639ebc) C:\Windows\system32\drivers\RTKVHDA.sys
21:56:50.0070 1072   IntcAzAudAddService - ok
21:56:50.0220 1072   intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:56:50.0344 1072   intelide - ok
21:56:50.0364 1072   intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:56:50.0395 1072   intelppm - ok
21:56:50.0446 1072   IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:56:50.0531 1072   IPBusEnum - ok
21:56:50.0554 1072   IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:56:50.0602 1072   IpFilterDriver - ok
21:56:50.0775 1072   iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:56:50.0854 1072   iphlpsvc - ok
21:56:50.0903 1072   IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:56:50.0985 1072   IPMIDRV - ok
21:56:51.0025 1072   IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:56:51.0070 1072   IPNAT - ok
21:56:51.0244 1072   iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
21:56:51.0283 1072   iPod Service - ok
21:56:51.0291 1072   IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:56:51.0360 1072   IRENUM - ok
21:56:51.0397 1072   isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:56:51.0469 1072   isapnp - ok
21:56:51.0500 1072   iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:56:51.0573 1072   iScsiPrt - ok
21:56:51.0645 1072   IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:56:51.0680 1072   IviRegMgr - ok
21:56:51.0700 1072   kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:56:51.0774 1072   kbdclass - ok
21:56:51.0825 1072   kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
21:56:51.0900 1072   kbdhid - ok
21:56:51.0944 1072   KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:56:51.0971 1072   KeyIso - ok
21:56:52.0038 1072   kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
21:56:52.0093 1072   kl1 - ok
21:56:52.0129 1072   klbg (53eedab3f0511321ac3ae8bc968b158c) C:\Windows\system32\drivers\klbg.sys
21:56:52.0181 1072   klbg - ok
21:56:52.0234 1072   KLIF (de6c14fb8438ef932d9f58f269a19b85) C:\Windows\system32\DRIVERS\klif.sys
21:56:52.0286 1072   KLIF - ok
21:56:52.0332 1072   KLIM6 (892cc162dc88ab084c86485879526c59) C:\Windows\system32\DRIVERS\klim6.sys
21:56:52.0386 1072   KLIM6 - ok
21:56:52.0429 1072   klmouflt (aa63a815876a76987b5dbce6af7478e9) C:\Windows\system32\DRIVERS\klmouflt.sys
21:56:52.0480 1072   klmouflt - ok
21:56:52.0526 1072   KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:56:52.0581 1072   KSecDD - ok
21:56:52.0606 1072   KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:56:52.0667 1072   KSecPkg - ok
21:56:52.0712 1072   KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:56:52.0765 1072   KtmRm - ok
21:56:52.0791 1072   L1E (8c804b1ffad1efa952b747e8285c3b76) C:\Windows\system32\DRIVERS\L1E62x86.sys
21:56:52.0818 1072   L1E - ok
21:56:52.0894 1072   LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
21:56:52.0963 1072   LanmanServer - ok
21:56:53.0015 1072   LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:56:53.0083 1072   LanmanWorkstation - ok
21:56:53.0106 1072   lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:56:53.0151 1072   lltdio - ok
21:56:53.0186 1072   lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:56:53.0234 1072   lltdsvc - ok
21:56:53.0251 1072   lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:56:53.0296 1072   lmhosts - ok
21:56:53.0332 1072   LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:56:53.0357 1072   LSI_FC - ok
21:56:53.0372 1072   LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:56:53.0401 1072   LSI_SAS - ok
21:56:53.0420 1072   LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:56:53.0446 1072   LSI_SAS2 - ok
21:56:53.0463 1072   LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:56:53.0488 1072   LSI_SCSI - ok
21:56:53.0509 1072   luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:56:53.0554 1072   luafv - ok
21:56:53.0633 1072   Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:56:53.0785 1072   Mcx2Svc - ok
21:56:53.0805 1072   mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:56:53.0986 1072   mdmxsdk - ok
21:56:54.0024 1072   megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:56:54.0068 1072   megasas - ok
21:56:54.0104 1072   MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:56:54.0131 1072   MegaSR - ok
21:56:54.0238 1072   Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:56:54.0261 1072   Microsoft Office Groove Audit Service - ok
21:56:54.0294 1072   MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:56:54.0340 1072   MMCSS - ok
21:56:54.0358 1072   Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:56:54.0401 1072   Modem - ok
21:56:54.0420 1072   monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:56:54.0450 1072   monitor - ok
21:56:54.0486 1072   mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:56:54.0558 1072   mouclass - ok
21:56:54.0679 1072   mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:56:54.0729 1072   mouhid - ok
21:56:54.0914 1072   mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:56:54.0991 1072   mountmgr - ok
21:56:55.0073 1072   MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:56:55.0219 1072   MozillaMaintenance - ok
21:56:55.0328 1072   mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:56:55.0441 1072   mpio - ok
21:56:55.0475 1072   mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:56:55.0519 1072   mpsdrv - ok
21:56:55.0606 1072   MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:56:55.0708 1072   MpsSvc - ok
21:56:55.0758 1072   MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:56:55.0830 1072   MRxDAV - ok
21:56:55.0886 1072   mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:56:56.0103 1072   mrxsmb - ok
21:56:56.0164 1072   mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:56:56.0262 1072   mrxsmb10 - ok
21:56:56.0287 1072   mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:56:56.0426 1072   mrxsmb20 - ok
21:56:56.0516 1072   msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:56:56.0588 1072   msahci - ok
21:56:56.0645 1072   msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:56:56.0742 1072   msdsm - ok
21:56:56.0776 1072   MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:56:56.0850 1072   MSDTC - ok
21:56:56.0876 1072   Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:56:56.0922 1072   Msfs - ok
21:56:56.0937 1072   mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:56:56.0981 1072   mshidkmdf - ok
21:56:56.0995 1072   msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:56:57.0065 1072   msisadrv - ok
21:56:57.0104 1072   MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:56:57.0167 1072   MSiSCSI - ok
21:56:57.0175 1072   msiserver - ok
21:56:57.0191 1072   MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:56:57.0241 1072   MSKSSRV - ok
21:56:57.0249 1072   MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:56:57.0297 1072   MSPCLOCK - ok
21:56:57.0305 1072   MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:56:57.0366 1072   MSPQM - ok
21:56:57.0391 1072   MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:56:57.0420 1072   MsRPC - ok
21:56:57.0471 1072   mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:56:57.0591 1072   mssmbios - ok
21:56:57.0668 1072   MSSQL$MSSMLBIZ - ok
21:56:57.0744 1072   MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:56:57.0953 1072   MSSQLServerADHelper - ok
21:56:58.0008 1072   MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:56:58.0052 1072   MSTEE - ok
21:56:58.0061 1072   MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:56:58.0092 1072   MTConfig - ok
21:56:58.0116 1072   Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:56:58.0142 1072   Mup - ok
21:56:58.0206 1072   napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:56:58.0288 1072   napagent - ok
21:56:58.0325 1072   NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:56:58.0360 1072   NativeWifiP - ok
21:56:58.0420 1072   NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:56:58.0496 1072   NDIS - ok
21:56:58.0515 1072   NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:56:58.0561 1072   NdisCap - ok
21:56:58.0581 1072   NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:56:58.0624 1072   NdisTapi - ok
21:56:58.0664 1072   Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:56:58.0709 1072   Ndisuio - ok
21:56:58.0758 1072   NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:56:58.0803 1072   NdisWan - ok
21:56:58.0853 1072   NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:56:58.0923 1072   NDProxy - ok
21:56:58.0976 1072   Net Driver HPZ12 (90eb97c8dbf11bb0016c51946ac5ecd6) C:\Windows\system32\HPZinw12.dll
21:56:59.0005 1072   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:56:59.0005 1072   Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:56:59.0043 1072   NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:56:59.0088 1072   NetBIOS - ok
21:56:59.0141 1072   NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:56:59.0218 1072   NetBT - ok
21:56:59.0256 1072   Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:56:59.0285 1072   Netlogon - ok
21:56:59.0339 1072   Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:56:59.0391 1072   Netman - ok
21:56:59.0521 1072   NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0568 1072   NetMsmqActivator - ok
21:56:59.0575 1072   NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0599 1072   NetPipeActivator - ok
21:56:59.0629 1072   netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:56:59.0680 1072   netprofm - ok
21:56:59.0687 1072   NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0714 1072   NetTcpActivator - ok
21:56:59.0721 1072   NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0748 1072   NetTcpPortSharing - ok
21:56:59.0780 1072   nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:56:59.0806 1072   nfrd960 - ok
21:56:59.0874 1072   NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:56:59.0968 1072   NlaSvc - ok
21:56:59.0988 1072   Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:57:00.0033 1072   Npfs - ok
21:57:00.0069 1072   nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:57:00.0125 1072   nsi - ok
21:57:00.0154 1072   nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:57:00.0199 1072   nsiproxy - ok
21:57:00.0360 1072   Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:57:00.0528 1072   Ntfs - ok
21:57:00.0687 1072   NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
21:57:00.0758 1072   NTIBackupSvc - ok
21:57:00.0888 1072   NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
21:57:00.0956 1072   NTIDrvr - ok
21:57:00.0995 1072   NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
21:57:01.0057 1072   NTISchedulerSvc - ok
21:57:01.0097 1072   Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:57:01.0152 1072   Null - ok
21:57:01.0211 1072   nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:57:01.0354 1072   nvraid - ok
21:57:01.0390 1072   nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:57:01.0526 1072   nvstor - ok
21:57:01.0609 1072   nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:57:01.0728 1072   nv_agp - ok
21:57:01.0788 1072   O2FLASH (d955d5de998db2476bf0892be3a96c26) C:\Windows\system32\DRIVERS\o2flash.exe
21:57:01.0957 1072   O2FLASH - ok
21:57:02.0000 1072   O2MDRDR (922046f114ac0c1b2484bcdd5ca43c07) C:\Windows\system32\DRIVERS\o2media.sys
21:57:02.0070 1072   O2MDRDR - ok
21:57:02.0087 1072   O2SDRDR (51c368f577513feb59ed70b45e930076) C:\Windows\system32\DRIVERS\o2sd.sys
21:57:02.0163 1072   O2SDRDR - ok
21:57:02.0301 1072   odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:57:02.0332 1072   odserv - ok
21:57:02.0378 1072   ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:57:02.0454 1072   ohci1394 - ok
21:57:02.0504 1072   ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:57:02.0530 1072   ose - ok
21:57:03.0004 1072   osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:57:03.0143 1072   osppsvc - ok
21:57:03.0331 1072   p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:57:03.0477 1072   p2pimsvc - ok
21:57:03.0511 1072   p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:57:03.0553 1072   p2psvc - ok
21:57:03.0606 1072   Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:57:03.0653 1072   Parport - ok
21:57:03.0697 1072   partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:57:03.0735 1072   partmgr - ok
21:57:03.0756 1072   Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:57:03.0785 1072   Parvdm - ok
21:57:03.0816 1072   PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:57:03.0854 1072   PcaSvc - ok
21:57:03.0911 1072   pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:57:03.0997 1072   pci - ok
21:57:04.0025 1072   pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:57:04.0096 1072   pciide - ok
21:57:04.0138 1072   pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:57:04.0191 1072   pcmcia - ok
21:57:04.0218 1072   pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:57:04.0255 1072   pcw - ok
21:57:04.0311 1072   PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:57:04.0373 1072   PEAUTH - ok
21:57:04.0465 1072   PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
21:57:04.0591 1072   PeerDistSvc - ok
21:57:04.0794 1072   pgfilter - ok
21:57:05.0150 1072   pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:57:05.0247 1072   pla - ok
21:57:05.0420 1072   PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:57:05.0684 1072   PlugPlay - ok
21:57:05.0745 1072   Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\Windows\system32\HPZipm12.dll
21:57:05.0852 1072   Pml Driver HPZ12 - ok
21:57:05.0880 1072   PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:57:05.0915 1072   PNRPAutoReg - ok
21:57:05.0952 1072   PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:57:05.0985 1072   PNRPsvc - ok
21:57:06.0062 1072   PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:57:06.0151 1072   PolicyAgent - ok
21:57:06.0211 1072   Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:57:06.0297 1072   Power - ok
21:57:06.0363 1072   PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:57:06.0429 1072   PptpMiniport - ok
21:57:06.0448 1072   Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:57:06.0476 1072   Processor - ok
21:57:06.0504 1072   ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
21:57:06.0576 1072   ProfSvc - ok
21:57:06.0623 1072   ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:57:06.0669 1072   ProtectedStorage - ok
21:57:06.0695 1072   Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:57:06.0742 1072   Psched - ok
21:57:06.0818 1072   PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
21:57:06.0869 1072   PSI_SVC_2 - ok
21:57:06.0984 1072   ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:57:07.0059 1072   ql2300 - ok
21:57:07.0219 1072   ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:57:07.0266 1072   ql40xx - ok
21:57:07.0320 1072   QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:57:07.0367 1072   QWAVE - ok
21:57:07.0392 1072   QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:57:07.0427 1072   QWAVEdrv - ok
21:57:07.0442 1072   RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:57:07.0487 1072   RasAcd - ok
21:57:07.0519 1072   RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:57:07.0579 1072   RasAgileVpn - ok
21:57:07.0601 1072   RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:57:07.0698 1072   RasAuto - ok
21:57:07.0733 1072   Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:57:07.0793 1072   Rasl2tp - ok
21:57:07.0868 1072   RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:57:07.0940 1072   RasMan - ok
21:57:07.0971 1072   RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:57:08.0033 1072   RasPppoe - ok
21:57:08.0054 1072   RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:57:08.0112 1072   RasSstp - ok
21:57:08.0144 1072   rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:57:08.0213 1072   rdbss - ok
21:57:08.0233 1072   rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:57:08.0277 1072   rdpbus - ok
21:57:08.0322 1072   RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:57:08.0396 1072   RDPCDD - ok
21:57:08.0456 1072   RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:57:08.0610 1072   RDPDR - ok
21:57:08.0677 1072   RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:57:08.0747 1072   RDPENCDD - ok
21:57:08.0784 1072   RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:57:08.0826 1072   RDPREFMP - ok
21:57:08.0891 1072   RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
21:57:08.0946 1072   RDPWD - ok
21:57:09.0008 1072   rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:57:09.0061 1072   rdyboost - ok
21:57:09.0092 1072   regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
21:57:09.0161 1072   regi - ok
21:57:09.0210 1072   RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:57:09.0301 1072   RemoteAccess - ok
21:57:09.0342 1072   RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:57:09.0400 1072   RemoteRegistry - ok
21:57:09.0440 1072   RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
21:57:09.0558 1072   RFCOMM - ok
21:57:09.0587 1072   RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:57:09.0641 1072   RpcEptMapper - ok
21:57:09.0658 1072   RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:57:09.0750 1072   RpcLocator - ok
21:57:09.0967 1072   RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:57:10.0017 1072   RpcSs - ok
21:57:10.0064 1072   rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:57:10.0126 1072   rspndr - ok
21:57:10.0224 1072   RS_Service (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files\Acer\Acer VCM\RS_Service.exe
21:57:10.0264 1072   RS_Service ( UnsignedFile.Multi.Generic ) - warning
21:57:10.0264 1072   RS_Service - detected UnsignedFile.Multi.Generic (1)
21:57:10.0306 1072   s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:57:10.0459 1072   s3cap - ok
21:57:10.0519 1072   SABKUTIL - ok
21:57:10.0556 1072   SABProcEnum - ok
21:57:10.0600 1072   SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:57:10.0629 1072   SamSs - ok
21:57:10.0745 1072   SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:57:10.0793 1072   SASDIFSV - ok
21:57:10.0817 1072   SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:57:10.0847 1072   SASKUTIL - ok
21:57:10.0903 1072   sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:57:11.0010 1072   sbp2port - ok
21:57:11.0048 1072   SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:57:11.0101 1072   SCardSvr - ok
21:57:11.0143 1072   scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:57:11.0188 1072   scfilter - ok
21:57:11.0294 1072   Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:57:11.0386 1072   Schedule - ok
21:57:11.0436 1072   SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:57:11.0507 1072   SCPolicySvc - ok
21:57:11.0554 1072   sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
21:57:11.0644 1072   sdbus - ok
21:57:11.0669 1072   SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:57:11.0762 1072   SDRSVC - ok
21:57:11.0924 1072   secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:57:11.0997 1072   secdrv - ok
21:57:12.0034 1072   seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:57:12.0095 1072   seclogon - ok
21:57:12.0126 1072   SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
21:57:12.0176 1072   SENS - ok
21:57:12.0200 1072   SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:57:12.0274 1072   SensrSvc - ok
21:57:12.0294 1072   Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:57:12.0321 1072   Serenum - ok
21:57:12.0345 1072   Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:57:12.0375 1072   Serial - ok
21:57:12.0430 1072   sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:57:12.0527 1072   sermouse - ok
21:57:12.0594 1072   SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:57:12.0682 1072   SessionEnv - ok
21:57:12.0726 1072   sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:57:12.0828 1072   sffdisk - ok
21:57:12.0846 1072   sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:57:12.0920 1072   sffp_mmc - ok
21:57:12.0930 1072   sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:57:13.0019 1072   sffp_sd - ok
21:57:13.0047 1072   sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:57:13.0074 1072   sfloppy - ok
21:57:13.0167 1072   SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:57:13.0224 1072   SharedAccess - ok
21:57:13.0285 1072   ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:57:13.0403 1072   ShellHWDetection - ok
21:57:13.0447 1072   sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:57:13.0573 1072   sisagp - ok
21:57:13.0603 1072   SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:57:13.0632 1072   SiSRaid2 - ok
21:57:13.0662 1072   SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:57:13.0689 1072   SiSRaid4 - ok
21:57:13.0710 1072   Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:57:13.0760 1072   Smb - ok
21:57:13.0828 1072   SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:57:13.0860 1072   SNMPTRAP - ok
21:57:13.0887 1072   spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:57:13.0914 1072   spldr - ok
21:57:13.0984 1072   Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:57:14.0078 1072   Spooler - ok
21:57:14.0361 1072   sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:57:14.0493 1072   sppsvc - ok
21:57:14.0710 1072   sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:57:14.0786 1072   sppuinotify - ok
21:57:14.0903 1072   SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:57:15.0037 1072   SQLBrowser - ok
21:57:15.0055 1072   SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:57:15.0092 1072   SQLWriter - ok
21:57:15.0347 1072   srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:57:15.0532 1072   srv - ok
21:57:15.0599 1072   srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:57:15.0759 1072   srv2 - ok
21:57:15.0815 1072   SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:57:15.0881 1072   SrvHsfHDA - ok
21:57:15.0970 1072   SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:57:16.0052 1072   SrvHsfV92 - ok
21:57:16.0128 1072   SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:57:16.0204 1072   SrvHsfWinac - ok
21:57:16.0254 1072   srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:57:16.0394 1072   srvnet - ok
21:57:16.0512 1072   SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:57:16.0588 1072   SSDPSRV - ok
21:57:16.0622 1072   SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:57:16.0672 1072   SstpSvc - ok
21:57:16.0708 1072   stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:57:16.0733 1072   stexstor - ok
21:57:16.0804 1072   StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:57:16.0916 1072   StiSvc - ok
21:57:16.0967 1072   storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:57:17.0076 1072   storflt - ok
21:57:17.0203 1072   StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
21:57:17.0340 1072   StorSvc - ok
21:57:17.0360 1072   storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
21:57:17.0464 1072   storvsc - ok
21:57:17.0485 1072   swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:57:17.0599 1072   swenum - ok
21:57:17.0648 1072   swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:57:17.0717 1072   swprv - ok
21:57:17.0762 1072   SynTP (47183e3520c88fadd5b0c87d57040da5) C:\Windows\system3

evilfantasy · « **Reply #12 on:** May 31, 2012, 08:42:16 PM »

It looks like the bottom part of the TDSS log is cut off?

Peter Jordan · « **Reply #13 on:** May 31, 2012, 09:00:55 PM »

21:55:33.0254 5604   TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:55:33.0771 5604   ============================================================
21:55:33.0771 5604   Current date / time: 2012/05/31 21:55:33.0771
21:55:33.0771 5604   SystemInfo:
21:55:33.0771 5604
21:55:33.0771 5604   OS Version: 6.1.7601 ServicePack: 1.0
21:55:33.0771 5604   Product type: Workstation
21:55:33.0772 5604   ComputerName: PETER-PC
21:55:33.0772 5604   UserName: Peter
21:55:33.0772 5604   Windows directory: C:\Windows
21:55:33.0773 5604   System windows directory: C:\Windows
21:55:33.0773 5604   Processor architecture: Intel x86
21:55:33.0773 5604   Number of processors: 2
21:55:33.0773 5604   Page size: 0x1000
21:55:33.0773 5604   Boot type: Normal boot
21:55:33.0773 5604   ============================================================
21:55:35.0234 5604   Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:55:35.0238 5604   ============================================================
21:55:35.0238 5604   \Device\Harddisk0\DR0:
21:55:35.0239 5604   MBR partitions:
21:55:35.0239 5604   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
21:55:35.0239 5604   \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x1BA22970
21:55:35.0239 5604   ============================================================
21:55:35.0282 5604   C: <-> \Device\Harddisk0\DR0\Partition1
21:55:35.0283 5604   ============================================================
21:55:35.0283 5604   Initialize success
21:55:35.0283 5604   ============================================================
21:56:22.0285 1072   ============================================================
21:56:22.0285 1072   Scan started
21:56:22.0285 1072   Mode: Manual; SigCheck; TDLFS;
21:56:22.0285 1072   ============================================================
21:56:23.0539 1072   !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:56:23.0743 1072   !SASCORE - ok
21:56:23.0914 1072   1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:56:24.0264 1072   1394ohci - ok
21:56:24.0325 1072   ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:56:24.0411 1072   ACPI - ok
21:56:24.0427 1072   AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:56:24.0551 1072   AcpiPmi - ok
21:56:24.0691 1072   AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:56:24.0839 1072   AdobeARMservice - ok
21:56:24.0964 1072   AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:56:25.0016 1072   AdobeFlashPlayerUpdateSvc - ok
21:56:25.0073 1072   adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:56:25.0108 1072   adp94xx - ok
21:56:25.0136 1072   adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:56:25.0169 1072   adpahci - ok
21:56:25.0186 1072   adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:56:25.0221 1072   adpu320 - ok
21:56:25.0256 1072   AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:56:25.0330 1072   AeLookupSvc - ok
21:56:25.0393 1072   AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:56:25.0641 1072   AFD - ok
21:56:25.0676 1072   agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:56:25.0761 1072   agp440 - ok
21:56:25.0782 1072   aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:56:25.0810 1072   aic78xx - ok
21:56:25.0843 1072   ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:56:25.0974 1072   ALG - ok
21:56:26.0052 1072   aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:56:26.0151 1072   aliide - ok
21:56:26.0189 1072   AMD External Events Utility (92543da5bb9775978fdbc1650c24a058) C:\Windows\system32\atiesrxx.exe
21:56:26.0361 1072   AMD External Events Utility - ok
21:56:26.0459 1072   amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:56:26.0676 1072   amdagp - ok
21:56:26.0769 1072   amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:56:26.0968 1072   amdide - ok
21:56:27.0066 1072   AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:56:27.0174 1072   AmdK8 - ok
21:56:27.0193 1072   AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:56:27.0223 1072   AmdPPM - ok
21:56:27.0238 1072   amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:56:27.0437 1072   amdsata - ok
21:56:27.0475 1072   amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:56:27.0507 1072   amdsbs - ok
21:56:27.0530 1072   amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:56:27.0745 1072   amdxata - ok
21:56:27.0785 1072   AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:56:27.0984 1072   AppID - ok
21:56:28.0059 1072   AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:56:28.0112 1072   AppIDSvc - ok
21:56:28.0156 1072   Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:56:28.0245 1072   Appinfo - ok
21:56:28.0390 1072   Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:56:28.0518 1072   Apple Mobile Device - ok
21:56:28.0635 1072   AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
21:56:28.0893 1072   AppMgmt - ok
21:56:28.0972 1072   arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:56:29.0002 1072   arc - ok
21:56:29.0021 1072   arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:56:29.0067 1072   arcsas - ok
21:56:29.0201 1072   aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:56:29.0620 1072   aspnet_state - ok
21:56:29.0646 1072   AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:56:29.0964 1072   AsyncMac - ok
21:56:30.0003 1072   atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:56:30.0289 1072   atapi - ok
21:56:30.0415 1072   athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
21:56:30.0618 1072   athr - ok
21:56:30.0773 1072   AtiHdmiService (bb9e7c7f937714f05a4e05c287d6ddff) C:\Windows\system32\drivers\AtiHdmi.sys
21:56:31.0436 1072   AtiHdmiService - ok
21:56:31.0857 1072   atikmdag (632a5be70d168b84f658a82ac8dbbead) C:\Windows\system32\DRIVERS\atikmdag.sys
21:56:32.0054 1072   atikmdag - ok
21:56:32.0286 1072   AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:56:32.0351 1072   AtiPcie - ok
21:56:32.0516 1072   AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:56:32.0678 1072   AudioEndpointBuilder - ok
21:56:32.0687 1072   Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:56:32.0735 1072   Audiosrv - ok
21:56:32.0888 1072   AVP (df9586377384df3808d42090242cc23b) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
21:56:32.0960 1072   AVP - ok
21:56:33.0014 1072   AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:56:33.0151 1072   AxInstSV - ok
21:56:33.0283 1072   b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:56:33.0366 1072   b06bdrv - ok
21:56:33.0401 1072   b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:56:33.0428 1072   b57nd60x - ok
21:56:33.0532 1072   BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:56:33.0580 1072   BcmSqlStartupSvc - ok
21:56:33.0611 1072   BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:56:33.0730 1072   BDESVC - ok
21:56:33.0823 1072   Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:56:33.0868 1072   Beep - ok
21:56:34.0168 1072   BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:56:34.0260 1072   BFE - ok
21:56:34.0316 1072   BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
21:56:34.0398 1072   BITS - ok
21:56:34.0414 1072   blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:56:34.0465 1072   blbdrive - ok
21:56:34.0607 1072   Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:56:34.0653 1072   Bonjour Service - ok
21:56:34.0710 1072   bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:56:34.0995 1072   bowser - ok
21:56:35.0026 1072   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:56:35.0100 1072   BrFiltLo - ok
21:56:35.0128 1072   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:56:35.0155 1072   BrFiltUp - ok
21:56:35.0219 1072   BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
21:56:35.0298 1072   BridgeMP - ok
21:56:35.0355 1072   Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:56:35.0437 1072   Browser - ok
21:56:35.0482 1072   Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:56:35.0537 1072   Brserid - ok
21:56:35.0566 1072   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:56:35.0595 1072   BrSerWdm - ok
21:56:35.0613 1072   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:56:35.0642 1072   BrUsbMdm - ok
21:56:35.0652 1072   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:56:35.0680 1072   BrUsbSer - ok
21:56:35.0727 1072   BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
21:56:35.0790 1072   BthEnum - ok
21:56:35.0818 1072   BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:56:35.0847 1072   BTHMODEM - ok
21:56:35.0874 1072   BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
21:56:35.0996 1072   BthPan - ok
21:56:36.0069 1072   BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
21:56:36.0152 1072   BTHPORT - ok
21:56:36.0184 1072   bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:56:36.0232 1072   bthserv - ok
21:56:36.0281 1072   BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
21:56:36.0424 1072   BTHUSB - ok
21:56:36.0455 1072   btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
21:56:36.0525 1072   btwaudio - ok
21:56:36.0550 1072   btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys
21:56:36.0631 1072   btwavdt - ok
21:56:36.0736 1072   btwdins (528aaea4bea415f7dbc30653ef2cdca5) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:56:36.0803 1072   btwdins - ok
21:56:36.0828 1072   btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:56:36.0903 1072   btwl2cap - ok
21:56:36.0915 1072   btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
21:56:36.0984 1072   btwrchid - ok
21:56:37.0092 1072   catchme - ok
21:56:37.0138 1072   cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:56:37.0207 1072   cdfs - ok
21:56:37.0256 1072   cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:56:37.0389 1072   cdrom - ok
21:56:37.0435 1072   CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:56:37.0524 1072   CertPropSvc - ok
21:56:37.0540 1072   circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:56:37.0571 1072   circlass - ok
21:56:37.0614 1072   CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:56:37.0644 1072   CLFS - ok
21:56:37.0724 1072   clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:56:37.0763 1072   clr_optimization_v2.0.50727_32 - ok
21:56:37.0839 1072   clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:56:37.0895 1072   clr_optimization_v4.0.30319_32 - ok
21:56:37.0928 1072   CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:56:37.0956 1072   CmBatt - ok
21:56:38.0002 1072   cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:56:38.0072 1072   cmdide - ok
21:56:38.0141 1072   CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:56:38.0222 1072   CNG - ok
21:56:38.0235 1072   Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:56:38.0260 1072   Compbatt - ok
21:56:38.0301 1072   CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:56:38.0488 1072   CompositeBus - ok
21:56:38.0493 1072   COMSysApp - ok
21:56:38.0542 1072   crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:56:38.0564 1072   crcdisk - ok
21:56:38.0622 1072   CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
21:56:38.0702 1072   CryptSvc - ok
21:56:38.0771 1072   CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:56:38.0859 1072   CSC - ok
21:56:38.0912 1072   CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
21:56:38.0989 1072   CscService - ok
21:56:39.0029 1072   DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:56:39.0078 1072   DcomLaunch - ok
21:56:39.0120 1072   defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:56:39.0171 1072   defragsvc - ok
21:56:39.0248 1072   DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:56:39.0322 1072   DfsC - ok
21:56:39.0371 1072   Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:56:39.0449 1072   Dhcp - ok
21:56:39.0474 1072   discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:56:39.0528 1072   discache - ok
21:56:39.0562 1072   Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:56:39.0612 1072   Disk - ok
21:56:39.0645 1072   DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
21:56:39.0727 1072   DKbFltr - ok
21:56:39.0791 1072   Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:56:39.0983 1072   Dnscache - ok
21:56:40.0055 1072   dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:56:40.0150 1072   dot3svc - ok
21:56:40.0208 1072   DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:56:40.0306 1072   DPS - ok
21:56:40.0331 1072   drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:56:40.0361 1072   drmkaud - ok
21:56:40.0403 1072   dwshd - ok
21:56:40.0527 1072   DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:56:40.0622 1072   DXGKrnl - ok
21:56:40.0677 1072   EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:56:40.0743 1072   EapHost - ok
21:56:41.0013 1072   ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:56:41.0086 1072   ebdrv - ok
21:56:41.0233 1072   EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:56:41.0362 1072   EFS - ok
21:56:41.0498 1072   ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:56:41.0621 1072   ehRecvr - ok
21:56:41.0654 1072   ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:56:41.0749 1072   ehSched - ok
21:56:41.0849 1072   elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:56:41.0912 1072   elxstor - ok
21:56:41.0953 1072   ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:56:42.0047 1072   ErrDev - ok
21:56:42.0124 1072   esgiguard - ok
21:56:42.0197 1072   ETService (2f6d55dc521c557880116b51925a792a) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
21:56:42.0253 1072   ETService ( UnsignedFile.Multi.Generic ) - warning
21:56:42.0253 1072   ETService - detected UnsignedFile.Multi.Generic (1)
21:56:42.0317 1072   EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:56:42.0385 1072   EventSystem - ok
21:56:42.0427 1072   exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:56:42.0475 1072   exfat - ok
21:56:42.0506 1072   fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:56:42.0551 1072   fastfat - ok
21:56:42.0645 1072   Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:56:42.0753 1072   Fax - ok
21:56:42.0773 1072   fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:56:42.0801 1072   fdc - ok
21:56:42.0826 1072   fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:56:42.0875 1072   fdPHost - ok
21:56:42.0892 1072   FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:56:43.0006 1072   FDResPub - ok
21:56:43.0022 1072   FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:56:43.0049 1072   FileInfo - ok
21:56:43.0068 1072   Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:56:43.0112 1072   Filetrace - ok
21:56:43.0132 1072   flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:56:43.0159 1072   flpydisk - ok
21:56:43.0188 1072   FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:56:43.0215 1072   FltMgr - ok
21:56:43.0322 1072   FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:56:43.0539 1072   FontCache - ok
21:56:43.0618 1072   FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:56:43.0661 1072   FontCache3.0.0.0 - ok
21:56:43.0694 1072   FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:56:43.0720 1072   FsDepends - ok
21:56:43.0770 1072   Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:56:43.0847 1072   Fs_Rec - ok
21:56:43.0910 1072   fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:56:43.0993 1072   fvevol - ok
21:56:44.0010 1072   gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:56:44.0034 1072   gagp30kx - ok
21:56:44.0078 1072   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:56:44.0099 1072   GEARAspiWDM - ok
21:56:44.0362 1072   gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:56:44.0464 1072   gpsvc - ok
21:56:44.0619 1072   Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files\Acer\Registration\GregHSRW.exe
21:56:44.0690 1072   Greg_Service - ok
21:56:44.0774 1072   gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:56:44.0850 1072   gupdate - ok
21:56:44.0898 1072   gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:56:44.0936 1072   gupdatem - ok
21:56:45.0074 1072   hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:56:45.0153 1072   hcw85cir - ok
21:56:45.0222 1072   HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:56:45.0331 1072   HdAudAddService - ok
21:56:45.0432 1072   HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:56:45.0553 1072   HDAudBus - ok
21:56:45.0573 1072   HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:56:45.0600 1072   HidBatt - ok
21:56:45.0627 1072   HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:56:45.0658 1072   HidBth - ok
21:56:45.0668 1072   HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:56:45.0699 1072   HidIr - ok
21:56:45.0728 1072   hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
21:56:45.0776 1072   hidserv - ok
21:56:45.0789 1072   HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:56:45.0863 1072   HidUsb - ok
21:56:45.0915 1072   hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:56:45.0994 1072   hkmsvc - ok
21:56:46.0020 1072   HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:56:46.0142 1072   HomeGroupListener - ok
21:56:46.0237 1072   HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:56:46.0266 1072   HomeGroupProvider - ok
21:56:46.0314 1072   HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:56:46.0421 1072   HpSAMD - ok
21:56:46.0468 1072   HsfXAudioService (210388fd8225b02bd83d77628aae64a9) C:\Windows\system32\XAudio32.dll
21:56:46.0630 1072   HsfXAudioService - ok
21:56:46.0787 1072   HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:56:46.0921 1072   HSF_DPV - ok
21:56:47.0036 1072   HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:56:47.0127 1072   HSXHWAZL - ok
21:56:47.0208 1072   HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:56:47.0285 1072   HTTP - ok
21:56:47.0333 1072   hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:56:47.0408 1072   hwpolicy - ok
21:56:47.0467 1072   i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:56:47.0562 1072   i8042prt - ok
21:56:47.0605 1072   iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:56:47.0681 1072   iaStorV - ok
21:56:47.0842 1072   idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:56:47.0918 1072   idsvc - ok
21:56:48.0287 1072   IGBASVC (884243a20eccf90f747854e2f0954719) c:\Program Files\Acer Bio Protection\BASVC.exe
21:56:48.0381 1072   IGBASVC ( UnsignedFile.Multi.Generic ) - warning
21:56:48.0382 1072   IGBASVC - detected UnsignedFile.Multi.Generic (1)
21:56:48.0939 1072   igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:56:49.0047 1072   igfx - ok
21:56:49.0247 1072   iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:56:49.0289 1072   iirsp - ok
21:56:49.0546 1072   IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:56:49.0656 1072   IKEEXT - ok
21:56:49.0687 1072   int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys
21:56:49.0738 1072   int15 - ok
21:56:49.0943 1072   IntcAzAudAddService (b29e79c67f3779e70ba187e31b639ebc) C:\Windows\system32\drivers\RTKVHDA.sys
21:56:50.0070 1072   IntcAzAudAddService - ok
21:56:50.0220 1072   intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:56:50.0344 1072   intelide - ok
21:56:50.0364 1072   intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:56:50.0395 1072   intelppm - ok
21:56:50.0446 1072   IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:56:50.0531 1072   IPBusEnum - ok
21:56:50.0554 1072   IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:56:50.0602 1072   IpFilterDriver - ok
21:56:50.0775 1072   iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:56:50.0854 1072   iphlpsvc - ok
21:56:50.0903 1072   IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:56:50.0985 1072   IPMIDRV - ok
21:56:51.0025 1072   IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:56:51.0070 1072   IPNAT - ok
21:56:51.0244 1072   iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
21:56:51.0283 1072   iPod Service - ok
21:56:51.0291 1072   IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:56:51.0360 1072   IRENUM - ok
21:56:51.0397 1072   isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:56:51.0469 1072   isapnp - ok
21:56:51.0500 1072   iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:56:51.0573 1072   iScsiPrt - ok
21:56:51.0645 1072   IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:56:51.0680 1072   IviRegMgr - ok
21:56:51.0700 1072   kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:56:51.0774 1072   kbdclass - ok
21:56:51.0825 1072   kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
21:56:51.0900 1072   kbdhid - ok
21:56:51.0944 1072   KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:56:51.0971 1072   KeyIso - ok
21:56:52.0038 1072   kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
21:56:52.0093 1072   kl1 - ok
21:56:52.0129 1072   klbg (53eedab3f0511321ac3ae8bc968b158c) C:\Windows\system32\drivers\klbg.sys
21:56:52.0181 1072   klbg - ok
21:56:52.0234 1072   KLIF (de6c14fb8438ef932d9f58f269a19b85) C:\Windows\system32\DRIVERS\klif.sys
21:56:52.0286 1072   KLIF - ok
21:56:52.0332 1072   KLIM6 (892cc162dc88ab084c86485879526c59) C:\Windows\system32\DRIVERS\klim6.sys
21:56:52.0386 1072   KLIM6 - ok
21:56:52.0429 1072   klmouflt (aa63a815876a76987b5dbce6af7478e9) C:\Windows\system32\DRIVERS\klmouflt.sys
21:56:52.0480 1072   klmouflt - ok
21:56:52.0526 1072   KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:56:52.0581 1072   KSecDD - ok
21:56:52.0606 1072   KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:56:52.0667 1072   KSecPkg - ok
21:56:52.0712 1072   KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:56:52.0765 1072   KtmRm - ok
21:56:52.0791 1072   L1E (8c804b1ffad1efa952b747e8285c3b76) C:\Windows\system32\DRIVERS\L1E62x86.sys
21:56:52.0818 1072   L1E - ok
21:56:52.0894 1072   LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
21:56:52.0963 1072   LanmanServer - ok
21:56:53.0015 1072   LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:56:53.0083 1072   LanmanWorkstation - ok
21:56:53.0106 1072   lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:56:53.0151 1072   lltdio - ok
21:56:53.0186 1072   lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:56:53.0234 1072   lltdsvc - ok
21:56:53.0251 1072   lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:56:53.0296 1072   lmhosts - ok
21:56:53.0332 1072   LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:56:53.0357 1072   LSI_FC - ok
21:56:53.0372 1072   LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:56:53.0401 1072   LSI_SAS - ok
21:56:53.0420 1072   LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:56:53.0446 1072   LSI_SAS2 - ok
21:56:53.0463 1072   LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:56:53.0488 1072   LSI_SCSI - ok
21:56:53.0509 1072   luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:56:53.0554 1072   luafv - ok
21:56:53.0633 1072   Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:56:53.0785 1072   Mcx2Svc - ok
21:56:53.0805 1072   mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:56:53.0986 1072   mdmxsdk - ok
21:56:54.0024 1072   megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:56:54.0068 1072   megasas - ok
21:56:54.0104 1072   MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:56:54.0131 1072   MegaSR - ok
21:56:54.0238 1072   Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:56:54.0261 1072   Microsoft Office Groove Audit Service - ok
21:56:54.0294 1072   MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:56:54.0340 1072   MMCSS - ok
21:56:54.0358 1072   Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:56:54.0401 1072   Modem - ok
21:56:54.0420 1072   monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:56:54.0450 1072   monitor - ok
21:56:54.0486 1072   mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:56:54.0558 1072   mouclass - ok
21:56:54.0679 1072   mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:56:54.0729 1072   mouhid - ok
21:56:54.0914 1072   mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:56:54.0991 1072   mountmgr - ok
21:56:55.0073 1072   MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:56:55.0219 1072   MozillaMaintenance - ok
21:56:55.0328 1072   mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:56:55.0441 1072   mpio - ok
21:56:55.0475 1072   mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:56:55.0519 1072   mpsdrv - ok
21:56:55.0606 1072   MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:56:55.0708 1072   MpsSvc - ok
21:56:55.0758 1072   MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:56:55.0830 1072   MRxDAV - ok
21:56:55.0886 1072   mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:56:56.0103 1072   mrxsmb - ok
21:56:56.0164 1072   mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:56:56.0262 1072   mrxsmb10 - ok
21:56:56.0287 1072   mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:56:56.0426 1072   mrxsmb20 - ok
21:56:56.0516 1072   msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:56:56.0588 1072   msahci - ok
21:56:56.0645 1072   msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:56:56.0742 1072   msdsm - ok
21:56:56.0776 1072   MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:56:56.0850 1072   MSDTC - ok
21:56:56.0876 1072   Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:56:56.0922 1072   Msfs - ok
21:56:56.0937 1072   mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:56:56.0981 1072   mshidkmdf - ok
21:56:56.0995 1072   msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:56:57.0065 1072   msisadrv - ok
21:56:57.0104 1072   MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:56:57.0167 1072   MSiSCSI - ok
21:56:57.0175 1072   msiserver - ok
21:56:57.0191 1072   MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:56:57.0241 1072   MSKSSRV - ok
21:56:57.0249 1072   MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:56:57.0297 1072   MSPCLOCK - ok
21:56:57.0305 1072   MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:56:57.0366 1072   MSPQM - ok
21:56:57.0391 1072   MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:56:57.0420 1072   MsRPC - ok
21:56:57.0471 1072   mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:56:57.0591 1072   mssmbios - ok
21:56:57.0668 1072   MSSQL$MSSMLBIZ - ok
21:56:57.0744 1072   MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:56:57.0953 1072   MSSQLServerADHelper - ok
21:56:58.0008 1072   MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:56:58.0052 1072   MSTEE - ok
21:56:58.0061 1072   MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:56:58.0092 1072   MTConfig - ok
21:56:58.0116 1072   Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:56:58.0142 1072   Mup - ok
21:56:58.0206 1072   napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:56:58.0288 1072   napagent - ok
21:56:58.0325 1072   NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:56:58.0360 1072   NativeWifiP - ok
21:56:58.0420 1072   NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:56:58.0496 1072   NDIS - ok
21:56:58.0515 1072   NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:56:58.0561 1072   NdisCap - ok
21:56:58.0581 1072   NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:56:58.0624 1072   NdisTapi - ok
21:56:58.0664 1072   Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:56:58.0709 1072   Ndisuio - ok
21:56:58.0758 1072   NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:56:58.0803 1072   NdisWan - ok
21:56:58.0853 1072   NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:56:58.0923 1072   NDProxy - ok
21:56:58.0976 1072   Net Driver HPZ12 (90eb97c8dbf11bb0016c51946ac5ecd6) C:\Windows\system32\HPZinw12.dll
21:56:59.0005 1072   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:56:59.0005 1072   Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:56:59.0043 1072   NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:56:59.0088 1072   NetBIOS - ok
21:56:59.0141 1072   NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:56:59.0218 1072   NetBT - ok
21:56:59.0256 1072   Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:56:59.0285 1072   Netlogon - ok
21:56:59.0339 1072   Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:56:59.0391 1072   Netman - ok
21:56:59.0521 1072   NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0568 1072   NetMsmqActivator - ok
21:56:59.0575 1072   NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0599 1072   NetPipeActivator - ok
21:56:59.0629 1072   netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:56:59.0680 1072   netprofm - ok
21:56:59.0687 1072   NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0714 1072   NetTcpActivator - ok
21:56:59.0721 1072   NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:59.0748 1072   NetTcpPortSharing - ok
21:56:59.0780 1072   nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:56:59.0806 1072   nfrd960 - ok
21:56:59.0874 1072   NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:56:59.0968 1072   NlaSvc - ok
21:56:59.0988 1072   Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:57:00.0033 1072   Npfs - ok
21:57:00.0069 1072   nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:57:00.0125 1072   nsi - ok
21:57:00.0154 1072   nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:57:00.0199 1072   nsiproxy - ok
21:57:00.0360 1072   Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:57:00.0528 1072   Ntfs - ok
21:57:00.0687 1072   NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
21:57:00.0758 1072   NTIBackupSvc - ok
21:57:00.0888 1072   NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
21:57:00.0956 1072   NTIDrvr - ok
21:57:00.0995 1072   NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
21:57:01.0057 1072   NTISchedulerSvc - ok
21:57:01.0097 1072   Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:57:01.0152 1072   Null - ok
21:57:01.0211 1072   nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:57:01.0354 1072   nvraid - ok
21:57:01.0390 1072   nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:57:01.0526 1072   nvstor - ok
21:57:01.0609 1072   nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:57:01.0728 1072   nv_agp - ok
21:57:01.0788 1072   O2FLASH (d955d5de998db2476bf0892be3a96c26) C:\Windows\system32\DRIVERS\o2flash.exe
21:57:01.0957 1072   O2FLASH - ok
21:57:02.0000 1072   O2MDRDR (922046f114ac0c1b2484bcdd5ca43c07) C:\Windows\system32\DRIVERS\o2media.sys
21:57:02.0070 1072   O2MDRDR - ok
21:57:02.0087 1072   O2SDRDR (51c368f577513feb59ed70b45e930076) C:\Windows\system32\DRIVERS\o2sd.sys
21:57:02.0163 1072   O2SDRDR - ok
21:57:02.0301 1072   odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:57:02.0332 1072   odserv - ok
21:57:02.0378 1072   ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:57:02.0454 1072   ohci1394 - ok
21:57:02.0504 1072   ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:57:02.0530 1072   ose - ok
21:57:03.0004 1072   osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:57:03.0143 1072   osppsvc - ok
21:57:03.0331 1072   p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:57:03.0477 1072   p2pimsvc - ok
21:57:03.0511 1072   p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:57:03.0553 1072   p2psvc - ok
21:57:03.0606 1072   Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:57:03.0653 1072   Parport - ok
21:57:03.0697 1072   partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:57:03.0735 1072   partmgr - ok
21:57:03.0756 1072   Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:57:03.0785 1072   Parvdm - ok
21:57:03.0816 1072   PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:57:03.0854 1072   PcaSvc - ok
21:57:03.0911 1072   pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:57:03.0997 1072   pci - ok
21:57:04.0025 1072   pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:57:04.0096 1072   pciide - ok
21:57:04.0138 1072   pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:57:04.0191 1072   pcmcia - ok
21:57:04.0218 1072   pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:57:04.0255 1072   pcw - ok
21:57:04.0311 1072   PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:57:04.0373 1072   PEAUTH - ok
21:57:04.0465 1072   PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
21:57:04.0591 1072   PeerDistSvc - ok
21:57:04.0794 1072   pgfilter - ok
21:57:05.0150 1072   pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:57:05.0247 1072   pla - ok
21:57:05.0420 1072   PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:57:05.0684 1072   PlugPlay - ok
21:57:05.0745 1072   Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\Windows\system32\HPZipm12.dll
21:57:05.0852 1072   Pml Driver HPZ12 - ok
21:57:05.0880 1072   PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:57:05.0915 1072   PNRPAutoReg - ok
21:57:05.0952 1072   PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:57:05.0985 1072   PNRPsvc - ok
21:57:06.0062 1072   PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:57:06.0151 1072   PolicyAgent - ok
21:57:06.0211 1072   Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:57:06.0297 1072   Power - ok
21:57:06.0363 1072   PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:57:06.0429 1072   PptpMiniport - ok
21:57:06.0448 1072   Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:57:06.0476 1072   Processor - ok
21:57:06.0504 1072   ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
21:57:06.0576 1072   ProfSvc - ok
21:57:06.0623 1072   ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:57:06.0669 1072   ProtectedStorage - ok
21:57:06.0695 1072   Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:57:06.0742 1072   Psched - ok
21:57:06.0818 1072   PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
21:57:06.0869 1072   PSI_SVC_2 - ok
21:57:06.0984 1072   ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:57:07.0059 1072   ql2300 - ok
21:57:07.0219 1072   ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:57:07.0266 1072   ql40xx - ok
21:57:07.0320 1072   QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:57:07.0367 1072   QWAVE - ok
21:57:07.0392 1072   QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:57:07.0427 1072   QWAVEdrv - ok
21:57:07.0442 1072   RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:57:07.0487 1072   RasAcd - ok
21:57:07.0519 1072   RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:57:07.0579 1072   RasAgileVpn - ok
21:57:07.0601 1072   RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:57:07.0698 1072   RasAuto - ok
21:57:07.0733 1072   Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:57:07.0793 1072   Rasl2tp - ok
21:57:07.0868 1072   RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:57:07.0940 1072   RasMan - ok
21:57:07.0971 1072   RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:57:08.0033 1072   RasPppoe - ok
21:57:08.0054 1072   RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:57:08.0112 1072   RasSstp - ok
21:57:08.0144 1072   rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:57:08.0213 1072   rdbss - ok
21:57:08.0233 1072   rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:57:08.0277 1072   rdpbus - ok
21:57:08.0322 1072   RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:57:08.0396 1072   RDPCDD - ok
21:57:08.0456 1072   RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:57:08.0610 1072   RDPDR - ok
21:57:08.0677 1072   RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:57:08.0747 1072   RDPENCDD - ok
21:57:08.0784 1072   RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:57:08.0826 1072   RDPREFMP - ok
21:57:08.0891 1072   RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
21:57:08.0946 1072   RDPWD - ok
21:57:09.0008 1072   rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:57:09.0061 1072   rdyboost - ok
21:57:09.0092 1072   regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
21:57:09.0161 1072   regi - ok
21:57:09.0210 1072   RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:57:09.0301 1072   RemoteAccess - ok
21:57:09.0342 1072   RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:57:09.0400 1072   RemoteRegistry - ok
21:57:09.0440 1072   RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
21:57:09.0558 1072   RFCOMM - ok
21:57:09.0587 1072   RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:57:09.0641 1072   RpcEptMapper - ok
21:57:09.0658 1072   RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:57:09.0750 1072   RpcLocator - ok
21:57:09.0967 1072   RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:57:10.0017 1072   RpcSs - ok
21:57:10.0064 1072   rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:57:10.0126 1072   rspndr - ok
21:57:10.0224 1072   RS_Service (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files\Acer\Acer VCM\RS_Service.exe
21:57:10.0264 1072   RS_Service ( UnsignedFile.Multi.Generic ) - warning
21:57:10.0264 1072   RS_Service - detected UnsignedFile.Multi.Generic (1)
21:57:10.0306 1072   s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:57:10.0459 1072   s3cap - ok
21:57:10.0519 1072   SABKUTIL - ok
21:57:10.0556 1072   SABProcEnum - ok
21:57:10.0600 1072   SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:57:10.0629 1072   SamSs - ok
21:57:10.0745 1072   SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:57:10.0793 1072   SASDIFSV - ok
21:57:10.0817 1072   SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:57:10.0847 1072   SASKUTIL - ok
21:57:10.0903 1072   sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:57:11.0010 1072   sbp2port - ok
21:57:11.0048 1072   SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:57:11.0101 1072   SCardSvr - ok
21:57:11.0143 1072   scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:57:11.0188 1072   scfilter - ok
21:57:11.0294 1072   Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:57:11.0386 1072   Schedule - ok
21:57:11.0436 1072   SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:57:11.0507 1072   SCPolicySvc - ok
21:57:11.0554 1072   sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
21:57:11.0644 1072   sdbus - ok
21:57:11.0669 1072   SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:57:11.0762 1072   SDRSVC - ok
21:57:11.0924 1072   secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:57:11.0997 1072   secdrv - ok
21:57:12.0034 1072   seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:57:12.0095 1072   seclogon - ok
21:57:12.0126 1072   SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
21:57:12.0176 1072   SENS - ok
21:57:12.0200 1072   SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:57:12.0274 1072   SensrSvc - ok
21:57:12.0294 1072   Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:57:12.0321 1072   Serenum - ok
21:57:12.0345 1072   Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:57:12.0375 1072   Serial - ok
21:57:12.0430 1072   sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:57:12.0527 1072   sermouse - ok
21:57:12.0594 1072   SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:57:12.0682 1072   SessionEnv - ok
21:57:12.0726 1072   sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:57:12.0828 1072   sffdisk - ok
21:57:12.0846 1072   sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:57:12.0920 1072   sffp_mmc - ok
21:57:12.0930 1072   sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:57:13.0019 1072   sffp_sd - ok
21:57:13.0047 1072   sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:57:13.0074 1072   sfloppy - ok
21:57:13.0167 1072   SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:57:13.0224 1072   SharedAccess - ok
21:57:13.0285 1072   ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:57:13.0403 1072   ShellHWDetection - ok
21:57:13.0447 1072   sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:57:13.0573 1072   sisagp - ok
21:57:13.0603 1072   SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:57:13.0632 1072   SiSRaid2 - ok
21:57:13.0662 1072   SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:57:13.0689 1072   SiSRaid4 - ok
21:57:13.0710 1072   Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:57:13.0760 1072   Smb - ok
21:57:13.0828 1072   SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:57:13.0860 1072   SNMPTRAP - ok
21:57:13.0887 1072   spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:57:13.0914 1072   spldr - ok
21:57:13.0984 1072   Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:57:14.0078 1072   Spooler - ok
21:57:14.0361 1072   sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:57:14.0493 1072   sppsvc - ok
21:57:14.0710 1072   sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:57:14.0786 1072   sppuinotify - ok
21:57:14.0903 1072   SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:57:15.0037 1072   SQLBrowser - ok
21:57:15.0055 1072   SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:57:15.0092 1072   SQLWriter - ok
21:57:15.0347 1072   srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:57:15.0532 1072   srv - ok
21:57:15.0599 1072   srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:57:15.0759 1072   srv2 - ok
21:57:15.0815 1072   SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:57:15.0881 1072   SrvHsfHDA - ok
21:57:15.0970 1072   SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:57:16.0052 1072   SrvHsfV92 - ok
21:57:16.0128 1072   SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:57:16.0204 1072   SrvHsfWinac - ok
21:57:16.0254 1072   srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:57:16.0394 1072   srvnet - ok
21:57:16.0512 1072   SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:57:16.0588 1072   SSDPSRV - ok
21:57:16.0622 1072   SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:57:16.0672 1072   SstpSvc - ok
21:57:16.0708 1072   stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:57:16.0733 1072   stexstor - ok
21:57:16.0804 1072   StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:57:16.0916 1072   StiSvc - ok
21:57:16.0967 1072   storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:57:17.0076 1072   storflt - ok
21:57:17.0203 1072   StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
21:57:17.0340 1072   StorSvc - ok
21:57:17.0360 1072   storvsc (dcaffd62259e0bdb433

Peter Jordan · « **Reply #14 on:** May 31, 2012, 09:04:19 PM »

22:13:15.0323 4984   storvsc - ok
22:13:15.0383 4984   swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:13:15.0495 4984   swenum - ok
22:13:15.0566 4984   swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:13:15.0650 4984   swprv - ok
22:13:15.0706 4984   SynTP (47183e3520c88fadd5b0c87d57040da5) C:\Windows\system32\DRIVERS\SynTP.sys
22:13:15.0808 4984   SynTP - ok
22:13:16.0004 4984   SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
22:13:16.0141 4984   SysMain - ok
22:13:16.0188 4984   TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
22:13:16.0304 4984   TabletInputService - ok
22:13:16.0395 4984   TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
22:13:16.0556 4984   TapiSrv - ok
22:13:16.0599 4984   TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:13:16.0664 4984   TBS - ok
22:13:16.0842 4984   Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
22:13:16.0925 4984   Tcpip - ok
22:13:17.0180 4984   TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
22:13:17.0230 4984   TCPIP6 - ok
22:13:17.0431 4984   tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:13:17.0529 4984   tcpipreg - ok
22:13:17.0593 4984   TcUsb (51d4e3f5d221539c0a4a186a27c09ad7) C:\Windows\system32\Drivers\tcusb.sys
22:13:17.0694 4984   TcUsb - ok
22:13:17.0734 4984   TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:13:17.0844 4984   TDPIPE - ok
22:13:17.0907 4984   TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
22:13:18.0004 4984   TDTCP - ok
22:13:18.0053 4984   tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:13:18.0149 4984   tdx - ok
22:13:18.0221 4984   TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:13:18.0369 4984   TermDD - ok
22:13:18.0473 4984   TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
22:13:18.0601 4984   TermService - ok
22:13:18.0661 4984   Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:13:18.0707 4984   Themes - ok
22:13:18.0791 4984   THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:13:18.0850 4984   THREADORDER - ok
22:13:18.0909 4984   TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:13:18.0962 4984   TrkWks - ok
22:13:19.0057 4984   TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
22:13:19.0184 4984   TrustedInstaller - ok
22:13:19.0223 4984   tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:13:19.0355 4984   tssecsrv - ok
22:13:19.0445 4984   TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:13:19.0607 4984   TsUsbFlt - ok
22:13:19.0685 4984   tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:13:19.0840 4984   tunnel - ok
22:13:19.0902 4984   uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:13:20.0014 4984   uagp35 - ok
22:13:20.0046 4984   UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
22:13:20.0117 4984   UBHelper - ok
22:13:20.0184 4984   udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:13:20.0314 4984   udfs - ok
22:13:20.0370 4984   UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:13:20.0503 4984   UI0Detect - ok
22:13:20.0548 4984   uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:13:20.0753 4984   uliagpkx - ok
22:13:20.0818 4984   umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
22:13:21.0006 4984   umbus - ok
22:13:21.0035 4984   UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:13:21.0192 4984   UmPass - ok
22:13:21.0258 4984   UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
22:13:21.0385 4984   UmRdpService - ok
22:13:21.0503 4984   Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
22:13:21.0570 4984   Updater Service - ok
22:13:21.0623 4984   upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:13:21.0684 4984   upnphost - ok
22:13:21.0741 4984   USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
22:13:21.0916 4984   USBAAPL - ok
22:13:21.0993 4984   usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
22:13:22.0123 4984   usbaudio - ok
22:13:22.0154 4984   usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:13:22.0409 4984   usbccgp - ok
22:13:22.0432 4984   usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:13:22.0576 4984   usbcir - ok
22:13:22.0606 4984   usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:13:22.0741 4984   usbehci - ok
22:13:22.0779 4984   usbfilter (0150b06d3e73f6c27afcb963fd931820) C:\Windows\system32\DRIVERS\usbfilter.sys
22:13:22.0877 4984   usbfilter - ok
22:13:22.0922 4984   usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:13:23.0049 4984   usbhub - ok
22:13:23.0111 4984   usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
22:13:23.0167 4984   usbohci - ok
22:13:23.0210 4984   usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:13:23.0306 4984   usbprint - ok
22:13:23.0325 4984   USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:13:23.0509 4984   USBSTOR - ok
22:13:23.0568 4984   usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
22:13:23.0719 4984   usbuhci - ok
22:13:23.0904 4984   usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
22:13:24.0065 4984   usbvideo - ok
22:13:24.0126 4984   UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:13:24.0175 4984   UxSms - ok
22:13:24.0221 4984   VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:13:24.0252 4984   VaultSvc - ok
22:13:24.0318 4984   vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:13:24.0436 4984   vdrvroot - ok
22:13:24.0547 4984   vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
22:13:24.0724 4984   vds - ok
22:13:24.0760 4984   vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:13:24.0912 4984   vga - ok
22:13:24.0938 4984   VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:13:25.0108 4984   VgaSave - ok
22:13:25.0161 4984   vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:13:25.0388 4984   vhdmp - ok
22:13:25.0445 4984   viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:13:25.0637 4984   viaagp - ok
22:13:25.0678 4984   ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:13:25.0853 4984   ViaC7 - ok
22:13:25.0883 4984   viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:13:26.0002 4984   viaide - ok
22:13:26.0094 4984   vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
22:13:26.0234 4984   vmbus - ok
22:13:26.0251 4984   VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
22:13:26.0398 4984   VMBusHID - ok
22:13:26.0460 4984   volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:13:26.0575 4984   volmgr - ok
22:13:26.0625 4984   volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:13:26.0724 4984   volmgrx - ok
22:13:26.0809 4984   volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:13:26.0955 4984   volsnap - ok
22:13:26.0999 4984   vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:13:27.0100 4984   vsmraid - ok
22:13:27.0259 4984   VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
22:13:27.0416 4984   VSS - ok
22:13:27.0499 4984   vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
22:13:27.0610 4984   vwifibus - ok
22:13:27.0633 4984   vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
22:13:27.0734 4984   vwififlt - ok
22:13:27.0789 4984   vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
22:13:27.0883 4984   vwifimp - ok
22:13:27.0951 4984   W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:13:28.0044 4984   W32Time - ok
22:13:28.0095 4984   WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:13:28.0186 4984   WacomPen - ok
22:13:28.0255 4984   WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:13:28.0349 4984   WANARP - ok
22:13:28.0358 4984   Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:13:28.0407 4984   Wanarpv6 - ok
22:13:28.0589 4984   WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
22:13:28.0665 4984   WatAdminSvc - ok
22:13:28.0977 4984   wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
22:13:29.0162 4984   wbengine - ok
22:13:29.0222 4984   WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
22:13:29.0302 4984   WbioSrvc - ok
22:13:29.0378 4984   wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
22:13:29.0556 4984   wcncsvc - ok
22:13:29.0589 4984   WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
22:13:29.0739 4984   WcsPlugInService - ok
22:13:29.0801 4984   Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:13:29.0955 4984   Wd - ok
22:13:30.0019 4984   Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:13:30.0099 4984   Wdf01000 - ok
22:13:30.0133 4984   WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:13:30.0251 4984   WdiServiceHost - ok
22:13:30.0263 4984   WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:13:30.0298 4984   WdiSystemHost - ok
22:13:30.0357 4984   WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
22:13:30.0461 4984   WebClient - ok
22:13:30.0489 4984   Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
22:13:30.0545 4984   Wecsvc - ok
22:13:30.0570 4984   wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
22:13:30.0620 4984   wercplsupport - ok
22:13:30.0662 4984   WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
22:13:30.0715 4984   WerSvc - ok
22:13:30.0754 4984   WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:13:30.0842 4984   WfpLwf - ok
22:13:30.0862 4984   WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:13:30.0936 4984   WIMMount - ok
22:13:31.0002 4984   winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:13:31.0161 4984   winachsf - ok
22:13:31.0305 4984   WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:13:31.0394 4984   WinDefend - ok
22:13:31.0423 4984   WinHttpAutoProxySvc - ok
22:13:31.0650 4984   Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
22:13:31.0711 4984   Winmgmt - ok
22:13:31.0852 4984   WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
22:13:31.0962 4984   WinRM - ok
22:13:32.0083 4984   WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
22:13:32.0171 4984   WinUsb - ok
22:13:32.0291 4984   Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
22:13:32.0351 4984   Wlansvc - ok
22:13:32.0667 4984   wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:13:32.0753 4984   wlidsvc - ok
22:13:32.0927 4984   WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:13:33.0028 4984   WmiAcpi - ok
22:13:33.0109 4984   wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
22:13:33.0229 4984   wmiApSrv - ok
22:13:33.0413 4984   WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:13:33.0629 4984   WMPNetworkSvc - ok
22:13:33.0742 4984   WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
22:13:33.0868 4984   WPCSvc - ok
22:13:33.0935 4984   WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
22:13:34.0045 4984   WPDBusEnum - ok
22:13:34.0254 4984   ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:13:34.0360 4984   ws2ifsl - ok
22:13:34.0390 4984   wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
22:13:34.0429 4984   wscsvc - ok
22:13:34.0495 4984   WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:13:34.0656 4984   WSDPrintDevice - ok
22:13:34.0668 4984   WSearch - ok
22:13:34.0911 4984   wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
22:13:35.0030 4984   wuauserv - ok
22:13:35.0195 4984   WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:13:35.0335 4984   WudfPf - ok
22:13:35.0374 4984   WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:13:35.0460 4984   WUDFRd - ok
22:13:35.0520 4984   wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
22:13:35.0645 4984   wudfsvc - ok
22:13:35.0698 4984   WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
22:13:35.0761 4984   WwanSvc - ok
22:13:35.0796 4984   XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
22:13:35.0869 4984   XAudio - ok
22:13:36.0022 4984   YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:13:36.0099 4984   YahooAUService - ok
22:13:36.0158 4984   MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0
22:13:39.0553 4984   \Device\Harddisk0\DR0 - ok
22:13:39.0587 4984   Boot (0x1200) (f6db4357816cb62e20c12650128fa49f) \Device\Harddisk0\DR0\Partition0
22:13:39.0590 4984   \Device\Harddisk0\DR0\Partition0 - ok
22:13:39.0612 4984   Boot (0x1200) (8724746da5f04487e5f43566f61d6ad3) \Device\Harddisk0\DR0\Partition1
22:13:39.0615 4984   \Device\Harddisk0\DR0\Partition1 - ok
22:13:39.0616 4984   ============================================================
22:13:39.0616 4984   Scan finished
22:13:39.0616 4984   ============================================================
22:13:39.0640 5312   Detected object count: 0
22:13:39.0640 5312   Actual detected object count: 0
22:13:45.0411 5400   Deinitialize success

evilfantasy · « **Reply #15 on:** May 31, 2012, 09:04:19 PM »

Thank you.

How is the computer doing now?

Peter Jordan · « **Reply #16 on:** May 31, 2012, 09:08:32 PM »

Exactly the same -- url warnings followed by WE shut down and restart.

Very frustrating...

What else could it be?

evilfantasy · « **Reply #17 on:** May 31, 2012, 09:15:59 PM »

Download the MBR Rootkit Detector to your desktop.
* Doubleclick mbr.exe and follow prompts.
* A black DOS window will quickly appear then disappear.
* When mbr.exe is finished it will create a log on your desktop.
* Copy and paste contents of that log file to your next reply.

Peter Jordan · « **Reply #18 on:** June 01, 2012, 04:50:54 AM »

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: Hitachi_HTS543225L9A300 rev.FBEOC40C -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

evilfantasy · « **Reply #19 on:** June 01, 2012, 01:22:56 PM »

I'm really not sure what is going on.

Is Kaspersky updated?

Peter Jordan · « **Reply #20 on:** June 01, 2012, 01:41:41 PM »

Yes, in fact I just do another manual update to be sure and then a full scan, which took nearly 6 hrs to complete. Still no change.

evilfantasy · « **Reply #21 on:** June 01, 2012, 03:26:33 PM »

Apparently you have something installed that is trying to connect to 76.191.112.2.

You are not using any cracked software are you?

Peter Jordan · « **Reply #22 on:** June 01, 2012, 03:44:17 PM »

No cracked software installed.

evilfantasy · « **Reply #23 on:** June 01, 2012, 10:57:47 PM »

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

Peter Jordan · « **Reply #24 on:** June 02, 2012, 06:56:36 AM »

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-02 08:04:08
-----------------------------
08:04:08.477 OS Version: Windows 6.1.7601 Service Pack 1
08:04:08.477 Number of processors: 2 586 0x301
08:04:08.477 ComputerName: PETER-PC UserName: Peter
08:04:10.397 Initialize success
08:04:22.661 AVAST engine defs: 12060200
08:04:48.198 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:04:48.214 Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40C Size: 238475MB BusType: 11
08:04:48.260 Disk 0 MBR read successfully
08:04:48.260 Disk 0 MBR scan
08:04:48.276 Disk 0 unknown MBR code
08:04:48.292 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
08:04:48.307 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 24578048
08:04:48.323 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 226373 MB offset 24782848
08:04:48.338 Disk 0 scanning sectors +488395120
08:04:48.416 Disk 0 scanning C:\Windows\system32\drivers
08:05:04.796 Service scanning
08:05:52.408 Modules scanning
08:06:08.351 Disk 0 trace - called modules:
08:06:08.897 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
08:06:08.913 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863dc648]
08:06:08.928 3 CLASSPNP.SYS[8afae59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8639f908]
08:06:09.942 AVAST engine scan C:\Windows
08:06:15.326 AVAST engine scan C:\Windows\system32
08:13:05.941 AVAST engine scan C:\Windows\system32\drivers
08:13:25.207 AVAST engine scan C:\Users\Peter
08:32:25.864 AVAST engine scan C:\ProgramData
08:42:24.304 Scan finished successfully
09:04:08.333 Disk 0 MBR has been saved successfully to "C:\Users\Peter\Documents\MBR.dat"
09:04:08.349 The log file has been saved successfully to "C:\Users\Peter\Documents\aswMBR6212.txt"

Peter Jordan · « **Reply #25 on:** June 02, 2012, 01:09:39 PM »

I'm not sure what significance this has but the malicious URL warning and WE shut-down occurs only when I use Firefox -- but not IE.

Any idea why that would be?

Thanks for your continued help and advice.

Peter

evilfantasy · « **Reply #26 on:** June 02, 2012, 01:17:43 PM »

Can you start Firefox in Safe Mode?

Hold down the shift key while starting Firefox.

Does it give the warning then?

evilfantasy · « **Reply #27 on:** June 02, 2012, 01:29:33 PM »

Edit: Just got some more information from SuperDave.

We need to fix the Master Boot Record using aswMBR now.

Double click aswMBR.exe to run it like before
Once the scan finishes click FixMBR to remove the infection as illustrated below

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review

.

Peter Jordan · « **Reply #28 on:** June 02, 2012, 03:08:34 PM »

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-02 16:00:33
-----------------------------
16:00:33.618 OS Version: Windows 6.1.7601 Service Pack 1
16:00:33.618 Number of processors: 2 586 0x301
16:00:33.621 ComputerName: PETER-PC UserName: Peter
16:00:34.839 Initialize success
16:00:43.947 AVAST engine defs: 12060200
16:00:52.810 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:00:52.814 Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40C Size: 238475MB BusType: 11
16:00:52.837 Disk 0 MBR read successfully
16:00:52.841 Disk 0 MBR scan
16:00:52.875 Disk 0 unknown MBR code
16:00:52.881 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
16:00:52.910 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 24578048
16:00:52.936 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 226373 MB offset 24782848
16:00:52.953 Disk 0 scanning sectors +488395120
16:00:53.022 Disk 0 scanning C:\Windows\system32\drivers
16:01:28.311 Service scanning
16:02:34.396 Modules scanning
16:02:46.690 Disk 0 trace - called modules:
16:02:47.073 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
16:02:47.087 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863a93b8]
16:02:47.103 3 CLASSPNP.SYS[8adbf59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8639f908]
16:02:48.210 AVAST engine scan C:\Windows
16:02:55.353 AVAST engine scan C:\Windows\system32
16:11:36.090 AVAST engine scan C:\Windows\system32\drivers
16:12:14.140 AVAST engine scan C:\Users\Peter
16:41:39.043 AVAST engine scan C:\ProgramData
16:55:51.118 Scan finished successfully
17:10:02.603 Verifying
17:10:12.626 Disk 0 Windows 601 MBR fixed successfully
17:10:29.696 Disk 0 MBR has been saved successfully to "C:\Users\Peter\Documents\MBR.dat"
17:10:29.706 The log file has been saved successfully to "C:\Users\Peter\Documents\aswMBR.txt"

evilfantasy · « **Reply #29 on:** June 02, 2012, 04:35:04 PM »

Hopefully you will see an improvement in how the computer is running now?

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

Peter Jordan · « **Reply #30 on:** June 02, 2012, 06:55:20 PM »

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version:      Windows 7 Professional
Windows Information:      Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer:   Acer
BIOS Manufacturer:      Phoenix Technologies LTD
System Manufacturer:      Acer
System Product Name:      TravelMate 5530
Logical Drives Mask:      0x0000000c

Kernel Drivers (total 214):
0x8303A000 \SystemRoot\system32\ntkrnlpa.exe
0x83003000 \SystemRoot\system32\halmacpi.dll
0x80BAF000 \SystemRoot\system32\kdcom.dll
0x8360D000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x83618000 \SystemRoot\system32\PSHED.dll
0x83629000 \SystemRoot\system32\BOOTVID.dll
0x83631000 \SystemRoot\system32\CLFS.SYS
0x83673000 \SystemRoot\system32\CI.dll
0x8371E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8378F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8379D000 \SystemRoot\system32\drivers\ACPI.sys
0x837E5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x837EE000 \SystemRoot\system32\drivers\msisadrv.sys
0x8AA1E000 \SystemRoot\system32\drivers\pci.sys
0x8AA48000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8AA53000 \SystemRoot\System32\drivers\partmgr.sys
0x8AA64000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8AA6C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AA77000 \SystemRoot\system32\drivers\volmgr.sys
0x8AA87000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AAD2000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AAE8000 \SystemRoot\system32\drivers\vmbus.sys
0x8AB12000 \SystemRoot\system32\drivers\winhv.sys
0x8AB24000 \SystemRoot\system32\drivers\atapi.sys
0x8AB2D000 \SystemRoot\system32\drivers\ataport.SYS
0x8AB50000 \SystemRoot\system32\drivers\msahci.sys
0x8AB5A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8AB68000 \SystemRoot\system32\drivers\amdxata.sys
0x8AB71000 \SystemRoot\system32\drivers\fltmgr.sys
0x8ABA5000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AC06000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AD35000 \SystemRoot\System32\Drivers\msrpc.sys
0x8AD60000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AD73000 \SystemRoot\System32\Drivers\cng.sys
0x8ADD0000 \SystemRoot\System32\drivers\pcw.sys
0x8ADDE000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8AE24000 \SystemRoot\system32\drivers\ndis.sys
0x8AEDB000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AF19000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B02E000 \SystemRoot\System32\drivers\tcpip.sys
0x8B179000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B1AA000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8B1B3000 \SystemRoot\system32\drivers\volsnap.sys
0x8B1F2000 \SystemRoot\System32\Drivers\spldr.sys
0x8B000000 \SystemRoot\System32\drivers\rdyboost.sys
0x8AF3E000 \SystemRoot\System32\Drivers\mup.sys
0x8AF4E000 \SystemRoot\system32\drivers\klbg.sys
0x8AF5B000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8AF63000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8AF95000 \SystemRoot\system32\DRIVERS\disk.sys
0x8AFA6000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8AFCB000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8ABB6000 \SystemRoot\system32\drivers\cdrom.sys
0x94014000 \SystemRoot\system32\DRIVERS\klif.sys
0x94065000 \SystemRoot\System32\Drivers\Null.SYS
0x9406C000 \SystemRoot\System32\Drivers\Beep.SYS
0x94073000 \SystemRoot\System32\drivers\vga.sys
0x9407F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x940A0000 \SystemRoot\System32\drivers\watchdog.sys
0x940AD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x940B5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x940BD000 \SystemRoot\system32\drivers\rdprefmp.sys
0x940C5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x940D0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x940DE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x940F5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x94101000 \SystemRoot\System32\DRIVERS\netbt.sys
0x95A2D000 \SystemRoot\system32\DRIVERS\kl1.sys
0x95F4D000 \SystemRoot\system32\drivers\afd.sys
0x95FA7000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x95FB0000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x95FB7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x95FD6000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x95FE7000 \SystemRoot\system32\DRIVERS\klim6.sys
0x95FEE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x95A00000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x95A13000 \SystemRoot\system32\drivers\termdd.sys
0x94133000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x95A24000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x94155000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x94196000 \SystemRoot\system32\drivers\nsiproxy.sys
0x941A0000 \SystemRoot\system32\drivers\mssmbios.sys
0x941AA000 \SystemRoot\System32\drivers\discache.sys
0x95627000 \SystemRoot\system32\drivers\csc.sys
0x9568B000 \SystemRoot\System32\Drivers\dfsc.sys
0x956A3000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x956B1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x956D2000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x956E3000 \SystemRoot\system32\drivers\wmiacpi.sys
0x96633000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x96B48000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x956EC000 \SystemRoot\System32\drivers\dxgmms1.sys
0x96600000 \SystemRoot\system32\drivers\HDAudBus.sys
0x95725000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x96C3A000 \SystemRoot\system32\DRIVERS\athr.sys
0x96D67000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x96D71000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x96D79000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x96D81000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x96D87000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x96D91000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x96DDC000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x96DE2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x96DF1000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x96C00000 \SystemRoot\system32\drivers\i8042prt.sys
0x96C18000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x96C22000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x95766000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x96C2F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x96C31000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x9661F000 \SystemRoot\system32\drivers\mouclass.sys
0x95799000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x96DF5000 \SystemRoot\system32\DRIVERS\o2sd.sys
0x957C7000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x957ED000 \SystemRoot\system32\DRIVERS\o2media.sys
0x95600000 \SystemRoot\system32\drivers\CompositeBus.sys
0x9560D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x941B6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x941CE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x941D9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8ADE7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8ABD5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AA00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x94000000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x96DFE000 \SystemRoot\system32\drivers\swenum.sys
0x9781E000 \SystemRoot\system32\drivers\ks.sys
0x97852000 \SystemRoot\system32\DRIVERS\umbus.sys
0x97860000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x978A4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x978B5000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x978D1000 \SystemRoot\system32\drivers\portcls.sys
0x97900000 \SystemRoot\system32\drivers\drmk.sys
0x99203000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x994A0000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x994DD000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x97919000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x995DF000 \SystemRoot\system32\drivers\modem.sys
0x9A310000 \SystemRoot\System32\win32k.sys
0x995EC000 \SystemRoot\System32\drivers\Dxapi.sys
0x979CE000 \SystemRoot\System32\Drivers\tcusb.sys
0x979D9000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x979E4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8AFD3000 \SystemRoot\System32\Drivers\usbvideo.sys
0x97800000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A570000 \SystemRoot\System32\TSDDD.dll
0x9A5A0000 \SystemRoot\System32\cdd.dll
0x8AE00000 \SystemRoot\system32\drivers\luafv.sys
0x82237000 \SystemRoot\system32\drivers\WudfPf.sys
0x82251000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x82261000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x822A7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x822B7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x822CA000 \SystemRoot\system32\DRIVERS\udfs.sys
0x8230A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x82317000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x82322000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x8232C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8233D000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x82346000 \SystemRoot\system32\drivers\HTTP.sys
0x823CB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x823E4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x82200000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA460C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA4647000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA467A000 \??\C:\Windows\system32\drivers\int15.sys
0xA4682000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA4686000 \SystemRoot\system32\drivers\peauth.sys
0xA471D000 \SystemRoot\system32\drivers\regi.sys
0xA471F000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA4729000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA474A000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA4757000 \SystemRoot\system32\DRIVERS\XAudio32.sys
0xA475F000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA4003000 \SystemRoot\System32\DRIVERS\srv.sys
0xA4055000 \SystemRoot\System32\drivers\ipnat.sys
0x77390000 \Windows\System32\ntdll.dll
0x47EF0000 \Windows\System32\smss.exe
0x775D0000 \Windows\System32\apisetschema.dll
0x00240000 \Windows\System32\autochk.exe
0x775A0000 \Windows\System32\sechost.dll
0x77230000 \Windows\System32\ole32.dll
0x774D0000 \Windows\System32\msctf.dll
0x771A0000 \Windows\System32\clbcatq.dll
0x770D0000 \Windows\System32\user32.dll
0x77080000 \Windows\System32\gdi32.dll
0x76FF0000 \Windows\System32\oleaut32.dll
0x76F70000 \Windows\System32\comdlg32.dll
0x76F20000 \Windows\System32\Wldap32.dll
0x76F10000 \Windows\System32\lpk.dll
0x76F00000 \Windows\System32\psapi.dll
0x76E50000 \Windows\System32\msvcrt.dll
0x76E10000 \Windows\System32\ws2_32.dll
0x76D30000 \Windows\System32\kernel32.dll
0x76D10000 \Windows\System32\imm32.dll
0x76D00000 \Windows\System32\nsi.dll
0x76BE0000 \Windows\System32\wininet.dll
0x76A20000 \Windows\System32\iertutil.dll
0x76880000 \Windows\System32\setupapi.dll
0x76820000 \Windows\System32\difxapi.dll
0x76780000 \Windows\System32\usp10.dll
0x766D0000 \Windows\System32\rpcrt4.dll
0x766C0000 \Windows\System32\normaliz.dll
0x76690000 \Windows\System32\imagehlp.dll
0x76630000 \Windows\System32\shlwapi.dll
0x76590000 \Windows\System32\advapi32.dll
0x76470000 \Windows\System32\urlmon.dll
0x75820000 \Windows\System32\shell32.dll
0x757F0000 \Windows\System32\wintrust.dll
0x756D0000 \Windows\System32\crypt32.dll
0x756B0000 \Windows\System32\devobj.dll
0x75680000 \Windows\System32\cfgmgr32.dll
0x75630000 \Windows\System32\KernelBase.dll
0x755A0000 \Windows\System32\comctl32.dll
0x75590000 \Windows\System32\msasn1.dll

Processes (total 71):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
460 csrss.exe
536 C:\Windows\System32\wininit.exe
552 csrss.exe
596 C:\Windows\System32\services.exe
612 C:\Windows\System32\lsass.exe
620 C:\Windows\System32\lsm.exe
756 C:\Windows\System32\winlogon.exe
788 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\atiesrxx.exe
992 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\audiodg.exe
1236 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\atieclxx.exe
1412 C:\Windows\System32\svchost.exe
1524 C:\Program Files\Common Files\SPBA\upeksvr.exe
1648 C:\Windows\System32\spoolsv.exe
1748 C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
1768 C:\Windows\System32\svchost.exe
1896 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1920 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1940 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1972 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
2008 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
284 C:\Windows\System32\svchost.exe
480 C:\Windows\System32\svchost.exe
380 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\taskhost.exe
1732 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
804 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2164 C:\Windows\System32\dwm.exe
2252 C:\Windows\System32\svchost.exe
2408 C:\Windows\System32\svchost.exe
2456 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2668 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3172 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3200 C:\Program Files\Acer Bio Protection\PdtWzd.exe
3828 C:\Windows\System32\alg.exe
2160 C:\Windows\System32\SearchIndexer.exe
2356 C:\Windows\System32\svchost.exe
3296 C:\Program Files\Windows Media Player\wmpnetwk.exe
3516 C:\Program Files\Launch Manager\LManager.exe
3988 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
4028 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
2860 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2400 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2380 C:\Windows\System32\wbem\unsecapp.exe
2616 WmiPrvSE.exe
4416 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4724 C:\Windows\System32\svchost.exe
5208 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5844 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
5856 dllhost.exe
3008 C:\Windows\System32\taskeng.exe
4328 C:\Windows\System32\rundll32.exe
6120 C:\Program Files\Mozilla Firefox\firefox.exe
4360 C:\Program Files\Mozilla Firefox\plugin-container.exe
1276 C:\Windows\System32\taskeng.exe
2324 C:\Windows\System32\svchost.exe
4196 C:\Windows\explorer.exe
4496 C:\Windows\System32\SearchProtocolHost.exe
5380 C:\Windows\System32\SearchFilterHost.exe
2592 C:\Users\Peter\Desktop\MBRCheck.exe
2864 C:\Windows\System32\conhost.exe
5428 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`f4500000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543225L9A300, Rev: FBEOC40C

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: F37A9776F0E98E38BD78E91425829D97888CEEF C

Done!

evilfantasy · « **Reply #31 on:** June 02, 2012, 06:57:28 PM »

* Click START then RUN - Vista/Windows 7 users press the Windows Key and the R keys for the Run box.
* Now type (or copy/paste) in the runbox:

Code: [Select]

"%userprofile%\Desktop\combofix" /uninstall* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will remove ComboFix and its associated files and folders.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

Peter Jordan · « **Reply #32 on:** June 02, 2012, 07:08:25 PM »

I ran the scans you asked me to, but thusfar no change has been noted.

I ran another Kaspersky update and a full scan -- but again no change.

A second run of TDSS RK, however, produced the following 4 entries. I took no action on them, as I was uncertain as to whether they posed true threats or were possible false positives, etc. Will await your advice.

Meanwhile, I will run the ESET scan overnight and post the results in the morning as it typically takes around 8 hours.

Thanks for your efforts. Hopefully we'll get to the bottom of it soon.

Peter

21:10:49.0635 4372   TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:10:50.0042 4372   ============================================================
21:10:50.0043 4372   Current date / time: 2012/06/02 21:10:50.0042
21:10:50.0043 4372   SystemInfo:
21:10:50.0043 4372
21:10:50.0043 4372   OS Version: 6.1.7601 ServicePack: 1.0
21:10:50.0043 4372   Product type: Workstation
21:10:50.0043 4372   ComputerName: PETER-PC
21:10:50.0047 4372   UserName: Peter
21:10:50.0047 4372   Windows directory: C:\Windows
21:10:50.0047 4372   System windows directory: C:\Windows
21:10:50.0047 4372   Processor architecture: Intel x86
21:10:50.0047 4372   Number of processors: 2
21:10:50.0047 4372   Page size: 0x1000
21:10:50.0047 4372   Boot type: Normal boot
21:10:50.0047 4372   ============================================================
21:10:52.0297 4372   Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:10:52.0299 4372   ============================================================
21:10:52.0299 4372   \Device\Harddisk0\DR0:
21:10:52.0299 4372   MBR partitions:
21:10:52.0299 4372   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
21:10:52.0299 4372   \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x1BA22970
21:10:52.0299 4372   ============================================================
21:10:52.0335 4372   C: <-> \Device\Harddisk0\DR0\Partition1
21:10:52.0335 4372   ============================================================
21:10:52.0335 4372   Initialize success
21:10:52.0335 4372   ============================================================
21:10:59.0391 1432   ============================================================
21:10:59.0391 1432   Scan started
21:10:59.0391 1432   Mode: Manual; SigCheck; TDLFS;
21:10:59.0391 1432   ============================================================
21:11:00.0468 1432   !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:11:00.0599 1432   !SASCORE - ok
21:11:00.0810 1432   1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:11:00.0988 1432   1394ohci - ok
21:11:01.0078 1432   ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:11:01.0214 1432   ACPI - ok
21:11:01.0234 1432   AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:11:01.0407 1432   AcpiPmi - ok
21:11:01.0598 1432   AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:11:01.0643 1432   AdobeARMservice - ok
21:11:01.0758 1432   AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:11:01.0819 1432   AdobeFlashPlayerUpdateSvc - ok
21:11:01.0880 1432   adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:11:01.0947 1432   adp94xx - ok
21:11:01.0971 1432   adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:11:02.0022 1432   adpahci - ok
21:11:02.0038 1432   adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:11:02.0097 1432   adpu320 - ok
21:11:02.0149 1432   AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:11:02.0204 1432   AeLookupSvc - ok
21:11:02.0262 1432   AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:11:02.0393 1432   AFD - ok
21:11:02.0473 1432   agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:11:02.0580 1432   agp440 - ok
21:11:02.0602 1432   aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:11:02.0648 1432   aic78xx - ok
21:11:02.0684 1432   ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:11:02.0735 1432   ALG - ok
21:11:02.0771 1432   aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:11:02.0885 1432   aliide - ok
21:11:02.0931 1432   AMD External Events Utility (92543da5bb9775978fdbc1650c24a058) C:\Windows\system32\atiesrxx.exe
21:11:03.0015 1432   AMD External Events Utility - ok
21:11:03.0033 1432   amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:11:03.0126 1432   amdagp - ok
21:11:03.0165 1432   amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:11:03.0266 1432   amdide - ok
21:11:03.0295 1432   AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:11:03.0358 1432   AmdK8 - ok
21:11:03.0377 1432   AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:11:03.0419 1432   AmdPPM - ok
21:11:03.0444 1432   amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:11:03.0546 1432   amdsata - ok
21:11:03.0570 1432   amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:11:03.0629 1432   amdsbs - ok
21:11:03.0675 1432   amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:11:03.0791 1432   amdxata - ok
21:11:03.0883 1432   AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:11:04.0044 1432   AppID - ok
21:11:04.0085 1432   AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:11:04.0162 1432   AppIDSvc - ok
21:11:04.0208 1432   Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:11:04.0281 1432   Appinfo - ok
21:11:04.0420 1432   Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:11:04.0464 1432   Apple Mobile Device - ok
21:11:04.0496 1432   AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
21:11:04.0544 1432   AppMgmt - ok
21:11:04.0577 1432   arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:11:04.0618 1432   arc - ok
21:11:04.0635 1432   arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:11:04.0678 1432   arcsas - ok
21:11:04.0808 1432   aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:11:04.0933 1432   aspnet_state - ok
21:11:04.0953 1432   AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:11:05.0014 1432   AsyncMac - ok
21:11:05.0054 1432   atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:11:05.0078 1432   atapi - ok
21:11:05.0197 1432   athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
21:11:05.0368 1432   athr - ok
21:11:05.0746 1432   AtiHdmiService (bb9e7c7f937714f05a4e05c287d6ddff) C:\Windows\system32\drivers\AtiHdmi.sys
21:11:05.0890 1432   AtiHdmiService - ok
21:11:06.0226 1432   atikmdag (632a5be70d168b84f658a82ac8dbbead) C:\Windows\system32\DRIVERS\atikmdag.sys
21:11:06.0493 1432   atikmdag - ok
21:11:06.0630 1432   AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:11:06.0700 1432   AtiPcie - ok
21:11:06.0763 1432   AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:11:06.0875 1432   AudioEndpointBuilder - ok
21:11:06.0884 1432   Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:11:06.0936 1432   Audiosrv - ok
21:11:07.0090 1432   AVP (df9586377384df3808d42090242cc23b) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
21:11:07.0370 1432   AVP - ok
21:11:07.0433 1432   AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:11:07.0590 1432   AxInstSV - ok
21:11:07.0640 1432   b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:11:07.0728 1432   b06bdrv - ok
21:11:07.0787 1432   b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:11:07.0851 1432   b57nd60x - ok
21:11:07.0950 1432   BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:11:08.0039 1432   BcmSqlStartupSvc - ok
21:11:08.0073 1432   BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:11:08.0136 1432   BDESVC - ok
21:11:08.0158 1432   Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:11:08.0222 1432   Beep - ok
21:11:08.0327 1432   BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:11:08.0516 1432   BFE - ok
21:11:08.0592 1432   BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
21:11:08.0677 1432   BITS - ok
21:11:08.0699 1432   blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:11:08.0756 1432   blbdrive - ok
21:11:08.0901 1432   Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:11:08.0982 1432   Bonjour Service - ok
21:11:09.0025 1432   bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:11:09.0149 1432   bowser - ok
21:11:09.0166 1432   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:11:09.0224 1432   BrFiltLo - ok
21:11:09.0257 1432   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:11:09.0302 1432   BrFiltUp - ok
21:11:09.0359 1432   BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
21:11:09.0446 1432   BridgeMP - ok
21:11:09.0516 1432   Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:11:09.0594 1432   Browser - ok
21:11:09.0633 1432   Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:11:09.0695 1432   Brserid - ok
21:11:09.0717 1432   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:11:09.0763 1432   BrSerWdm - ok
21:11:09.0776 1432   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:11:09.0821 1432   BrUsbMdm - ok
21:11:09.0837 1432   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:11:09.0880 1432   BrUsbSer - ok
21:11:09.0933 1432   BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
21:11:10.0018 1432   BthEnum - ok
21:11:10.0047 1432   BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:11:10.0116 1432   BTHMODEM - ok
21:11:10.0147 1432   BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
21:11:10.0263 1432   BthPan - ok
21:11:10.0341 1432   BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
21:11:10.0545 1432   BTHPORT - ok
21:11:10.0580 1432   bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:11:10.0675 1432   bthserv - ok
21:11:10.0732 1432   BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
21:11:10.0922 1432   BTHUSB - ok
21:11:10.0961 1432   btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
21:11:11.0109 1432   btwaudio - ok
21:11:11.0134 1432   btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys
21:11:11.0254 1432   btwavdt - ok
21:11:11.0351 1432   btwdins (528aaea4bea415f7dbc30653ef2cdca5) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:11:11.0433 1432   btwdins - ok
21:11:11.0457 1432   btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:11:11.0572 1432   btwl2cap - ok
21:11:11.0587 1432   btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
21:11:11.0692 1432   btwrchid - ok
21:11:11.0815 1432   catchme - ok
21:11:11.0856 1432   cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:11:11.0942 1432   cdfs - ok
21:11:11.0986 1432   cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:11:12.0126 1432   cdrom - ok
21:11:12.0174 1432   CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:11:12.0266 1432   CertPropSvc - ok
21:11:12.0280 1432   circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:11:12.0325 1432   circlass - ok
21:11:12.0364 1432   CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:11:12.0417 1432   CLFS - ok
21:11:12.0475 1432   clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:11:12.0533 1432   clr_optimization_v2.0.50727_32 - ok
21:11:12.0591 1432   clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:11:12.0650 1432   clr_optimization_v4.0.30319_32 - ok
21:11:12.0691 1432   CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:11:12.0741 1432   CmBatt - ok
21:11:12.0787 1432   cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:11:12.0905 1432   cmdide - ok
21:11:12.0964 1432   CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:11:13.0038 1432   CNG - ok
21:11:13.0053 1432   Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:11:13.0093 1432   Compbatt - ok
21:11:13.0141 1432   CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:11:13.0339 1432   CompositeBus - ok
21:11:13.0344 1432   COMSysApp - ok
21:11:13.0449 1432   crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:11:13.0506 1432   crcdisk - ok
21:11:13.0560 1432   CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
21:11:13.0637 1432   CryptSvc - ok
21:11:13.0710 1432   CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:11:13.0849 1432   CSC - ok
21:11:13.0978 1432   CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
21:11:14.0056 1432   CscService - ok
21:11:14.0101 1432   DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:11:14.0176 1432   DcomLaunch - ok
21:11:14.0214 1432   defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:11:14.0284 1432   defragsvc - ok
21:11:14.0367 1432   DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:11:14.0447 1432   DfsC - ok
21:11:14.0500 1432   Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:11:14.0567 1432   Dhcp - ok
21:11:14.0591 1432   discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:11:14.0651 1432   discache - ok
21:11:14.0680 1432   Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:11:14.0751 1432   Disk - ok
21:11:14.0774 1432   DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
21:11:14.0889 1432   DKbFltr - ok
21:11:14.0940 1432   Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:11:15.0187 1432   Dnscache - ok
21:11:15.0236 1432   dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:11:15.0330 1432   dot3svc - ok
21:11:15.0389 1432   DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:11:15.0496 1432   DPS - ok
21:11:15.0527 1432   drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:11:15.0596 1432   drmkaud - ok
21:11:15.0634 1432   dwshd - ok
21:11:15.0932 1432   DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:11:16.0010 1432   DXGKrnl - ok
21:11:16.0048 1432   EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:11:16.0142 1432   EapHost - ok
21:11:16.0373 1432   ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:11:16.0492 1432   ebdrv - ok
21:11:16.0618 1432   EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:11:16.0682 1432   EFS - ok
21:11:16.0809 1432   ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:11:16.0957 1432   ehRecvr - ok
21:11:16.0982 1432   ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:11:17.0020 1432   ehSched - ok
21:11:17.0108 1432   elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:11:17.0182 1432   elxstor - ok
21:11:17.0226 1432   ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:11:17.0358 1432   ErrDev - ok
21:11:17.0419 1432   esgiguard - ok
21:11:17.0507 1432   ETService (2f6d55dc521c557880116b51925a792a) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
21:11:17.0551 1432   ETService ( UnsignedFile.Multi.Generic ) - warning
21:11:17.0551 1432   ETService - detected UnsignedFile.Multi.Generic (1)
21:11:17.0623 1432   EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:11:17.0705 1432   EventSystem - ok
21:11:17.0745 1432   exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:11:17.0806 1432   exfat - ok
21:11:17.0833 1432   fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:11:17.0904 1432   fastfat - ok
21:11:17.0993 1432   Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:11:18.0115 1432   Fax - ok
21:11:18.0135 1432   fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:11:18.0178 1432   fdc - ok
21:11:18.0211 1432   fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:11:18.0276 1432   fdPHost - ok
21:11:18.0287 1432   FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:11:18.0347 1432   FDResPub - ok
21:11:18.0362 1432   FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:11:18.0401 1432   FileInfo - ok
21:11:18.0420 1432   Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:11:18.0478 1432   Filetrace - ok
21:11:18.0505 1432   flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:11:18.0547 1432   flpydisk - ok
21:11:18.0572 1432   FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:11:18.0615 1432   FltMgr - ok
21:11:18.0708 1432   FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:11:18.0803 1432   FontCache - ok
21:11:18.0870 1432   FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:11:18.0929 1432   FontCache3.0.0.0 - ok
21:11:18.0956 1432   FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:11:19.0000 1432   FsDepends - ok
21:11:19.0044 1432   Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:11:19.0074 1432   Fs_Rec - ok
21:11:19.0139 1432   fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:11:19.0194 1432   fvevol - ok
21:11:19.0216 1432   gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:11:19.0258 1432   gagp30kx - ok
21:11:19.0307 1432   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:11:19.0353 1432   GEARAspiWDM - ok
21:11:19.0446 1432   gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:11:19.0529 1432   gpsvc - ok
21:11:19.0784 1432   Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files\Acer\Registration\GregHSRW.exe
21:11:19.0870 1432   Greg_Service - ok
21:11:19.0981 1432   gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:11:20.0017 1432   gupdate - ok
21:11:20.0073 1432   gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:11:20.0097 1432   gupdatem - ok
21:11:20.0247 1432   hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:11:20.0343 1432   hcw85cir - ok
21:11:20.0454 1432   HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:11:20.0822 1432   HdAudAddService - ok
21:11:20.0848 1432   HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:11:21.0108 1432   HDAudBus - ok
21:11:21.0124 1432   HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:11:21.0252 1432   HidBatt - ok
21:11:21.0309 1432   HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:11:21.0415 1432   HidBth - ok
21:11:21.0447 1432   HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:11:21.0584 1432   HidIr - ok
21:11:21.0612 1432   hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
21:11:21.0737 1432   hidserv - ok
21:11:21.0785 1432   HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:11:21.0968 1432   HidUsb - ok
21:11:22.0055 1432   hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:11:22.0128 1432   hkmsvc - ok
21:11:22.0162 1432   HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:11:22.0374 1432   HomeGroupListener - ok
21:11:22.0444 1432   HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:11:22.0572 1432   HomeGroupProvider - ok
21:11:22.0723 1432   HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:11:22.0885 1432   HpSAMD - ok
21:11:23.0021 1432   HsfXAudioService (210388fd8225b02bd83d77628aae64a9) C:\Windows\system32\XAudio32.dll
21:11:23.0145 1432   HsfXAudioService - ok
21:11:23.0237 1432   HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:11:23.0354 1432   HSF_DPV - ok
21:11:23.0474 1432   HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:11:23.0598 1432   HSXHWAZL - ok
21:11:23.0677 1432   HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:11:23.0784 1432   HTTP - ok
21:11:23.0828 1432   hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:11:23.0880 1432   hwpolicy - ok
21:11:23.0939 1432   i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:11:24.0051 1432   i8042prt - ok
21:11:24.0102 1432   iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:11:24.0234 1432   iaStorV - ok
21:11:24.0396 1432   idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:11:24.0470 1432   idsvc - ok
21:11:24.0837 1432   IGBASVC (884243a20eccf90f747854e2f0954719) c:\Program Files\Acer Bio Protection\BASVC.exe
21:11:24.0958 1432   IGBASVC ( UnsignedFile.Multi.Generic ) - warning
21:11:24.0958 1432   IGBASVC - detected UnsignedFile.Multi.Generic (1)
21:11:25.0442 1432   igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:11:25.0709 1432   igfx - ok
21:11:25.0831 1432   iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:11:25.0947 1432   iirsp - ok
21:11:26.0041 1432   IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:11:26.0113 1432   IKEEXT - ok
21:11:26.0139 1432   int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys
21:11:26.0226 1432   int15 - ok
21:11:26.0450 1432   IntcAzAudAddService (b29e79c67f3779e70ba187e31b639ebc) C:\Windows\system32\drivers\RTKVHDA.sys
21:11:26.0670 1432   IntcAzAudAddService - ok
21:11:26.0827 1432   intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:11:27.0019 1432   intelide - ok
21:11:27.0038 1432   intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:11:27.0160 1432   intelppm - ok
21:11:27.0208 1432   IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:11:27.0323 1432   IPBusEnum - ok
21:11:27.0416 1432   IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:11:27.0554 1432   IpFilterDriver - ok
21:11:27.0636 1432   iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:11:27.0725 1432   iphlpsvc - ok
21:11:27.0778 1432   IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:11:27.0899 1432   IPMIDRV - ok
21:11:27.0942 1432   IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:11:28.0063 1432   IPNAT - ok
21:11:28.0249 1432   iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
21:11:28.0311 1432   iPod Service - ok
21:11:28.0322 1432   IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:11:28.0422 1432   IRENUM - ok
21:11:28.0460 1432   isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:11:28.0579 1432   isapnp - ok
21:11:28.0618 1432   iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:11:28.0727 1432   iScsiPrt - ok
21:11:28.0810 1432   IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:11:28.0884 1432   IviRegMgr - ok
21:11:28.0908 1432   kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:11:29.0001 1432   kbdclass - ok
21:11:29.0044 1432   kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
21:11:29.0140 1432   kbdhid - ok
21:11:29.0185 1432   KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:11:29.0222 1432   KeyIso - ok
21:11:29.0314 1432   kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
21:11:29.0376 1432   kl1 - ok
21:11:29.0404 1432   klbg (53eedab3f0511321ac3ae8bc968b158c) C:\Windows\system32\drivers\klbg.sys
21:11:29.0439 1432   klbg - ok
21:11:29.0497 1432   KLIF (de6c14fb8438ef932d9f58f269a19b85) C:\Windows\system32\DRIVERS\klif.sys
21:11:29.0555 1432   KLIF - ok
21:11:29.0618 1432   KLIM6 (892cc162dc88ab084c86485879526c59) C:\Windows\system32\DRIVERS\klim6.sys
21:11:29.0678 1432   KLIM6 - ok
21:11:29.0704 1432   klmouflt (aa63a815876a76987b5dbce6af7478e9) C:\Windows\system32\DRIVERS\klmouflt.sys
21:11:29.0737 1432   klmouflt - ok
21:11:29.0779 1432   KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:11:29.0816 1432   KSecDD - ok
21:11:29.0835 1432   KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:11:29.0875 1432   KSecPkg - ok
21:11:29.0920 1432   KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:11:30.0033 1432   KtmRm - ok
21:11:30.0064 1432   L1E (8c804b1ffad1efa952b747e8285c3b76) C:\Windows\system32\DRIVERS\L1E62x86.sys
21:11:30.0136 1432   L1E - ok
21:11:30.0214 1432   LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
21:11:30.0304 1432   LanmanServer - ok
21:11:30.0356 1432   LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:11:30.0419 1432   LanmanWorkstation - ok
21:11:30.0436 1432   lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:11:30.0523 1432   lltdio - ok
21:11:30.0560 1432   lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:11:30.0669 1432   lltdsvc - ok
21:11:30.0692 1432   lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:11:30.0804 1432   lmhosts - ok
21:11:30.0850 1432   LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:11:30.0954 1432   LSI_FC - ok
21:11:30.0969 1432   LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:11:31.0092 1432   LSI_SAS - ok
21:11:31.0173 1432   LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:11:31.0309 1432   LSI_SAS2 - ok
21:11:31.0337 1432   LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:11:31.0459 1432   LSI_SCSI - ok
21:11:31.0483 1432   luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:11:31.0628 1432   luafv - ok
21:11:31.0708 1432   Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:11:31.0777 1432   Mcx2Svc - ok
21:11:31.0802 1432   mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:11:31.0894 1432   mdmxsdk - ok
21:11:31.0921 1432   megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:11:31.0996 1432   megasas - ok
21:11:32.0022 1432   MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:11:32.0096 1432   MegaSR - ok
21:11:32.0213 1432   Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:11:32.0259 1432   Microsoft Office Groove Audit Service - ok
21:11:32.0290 1432   MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:11:32.0378 1432   MMCSS - ok
21:11:32.0399 1432   Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:11:32.0486 1432   Modem - ok
21:11:32.0506 1432   monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:11:32.0578 1432   monitor - ok
21:11:32.0627 1432   mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:11:32.0723 1432   mouclass - ok
21:11:32.0760 1432   mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:11:32.0829 1432   mouhid - ok
21:11:32.0876 1432   mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:11:32.0919 1432   mountmgr - ok
21:11:33.0023 1432   MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:11:33.0061 1432   MozillaMaintenance - ok
21:11:33.0110 1432   mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:11:33.0207 1432   mpio - ok
21:11:33.0236 1432   mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:11:33.0322 1432   mpsdrv - ok
21:11:33.0392 1432   MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:11:33.0469 1432   MpsSvc - ok
21:11:33.0520 1432   MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:11:33.0592 1432   MRxDAV - ok
21:11:33.0648 1432   mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:11:33.0819 1432   mrxsmb - ok
21:11:33.0879 1432   mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:11:34.0016 1432   mrxsmb10 - ok
21:11:34.0038 1432   mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:11:34.0137 1432   mrxsmb20 - ok
21:11:34.0178 1432   msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:11:34.0296 1432   msahci - ok
21:11:34.0350 1432   msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:11:34.0445 1432   msdsm - ok
21:11:34.0482 1432   MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:11:34.0603 1432   MSDTC - ok
21:11:34.0649 1432   Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:11:34.0771 1432   Msfs - ok
21:11:34.0788 1432   mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:11:34.0908 1432   mshidkmdf - ok
21:11:34.0924 1432   msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:11:35.0105 1432   msisadrv - ok
21:11:35.0143 1432   MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:11:35.0270 1432   MSiSCSI - ok
21:11:35.0277 1432   msiserver - ok
21:11:35.0298 1432   MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:11:35.0437 1432   MSKSSRV - ok
21:11:35.0447 1432   MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:11:35.0591 1432   MSPCLOCK - ok
21:11:35.0599 1432   MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:11:35.0794 1432   MSPQM - ok
21:11:35.0831 1432   MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:11:35.0969 1432   MsRPC - ok
21:11:36.0023 1432   mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:11:36.0260 1432   mssmbios - ok
21:11:36.0397 1432   MSSQL$MSSMLBIZ - ok
21:11:36.0440 1432   MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:11:36.0619 1432   MSSQLServerADHelper - ok
21:11:36.0637 1432   MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:11:36.0771 1432   MSTEE - ok
21:11:36.0779 1432   MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:11:36.0896 1432   MTConfig - ok
21:11:36.0922 1432   Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:11:37.0034 1432   Mup - ok
21:11:37.0099 1432   napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:11:37.0206 1432   napagent - ok
21:11:37.0241 1432   NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:11:37.0333 1432   NativeWifiP - ok
21:11:37.0401 1432   NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:11:37.0459 1432   NDIS - ok
21:11:37.0488 1432   NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:11:37.0575 1432   NdisCap - ok
21:11:37.0599 1432   NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:11:37.0690 1432   NdisTapi - ok
21:11:37.0737 1432   Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:11:37.0793 1432   Ndisuio - ok
21:11:37.0844 1432   NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:11:37.0910 1432   NdisWan - ok
21:11:37.0960 1432   NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:11:38.0039 1432   NDProxy - ok
21:11:38.0082 1432   Net Driver HPZ12 (90eb97c8dbf11bb0016c51946ac5ecd6) C:\Windows\system32\HPZinw12.dll
21:11:38.0115 1432   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:11:38.0115 1432   Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:11:38.0150 1432   NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:11:38.0276 1432   NetBIOS - ok
21:11:38.0325 1432   NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:11:38.0440 1432   NetBT - ok
21:11:38.0485 1432   Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:11:38.0514 1432   Netlogon - ok
21:11:38.0573 1432   Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:11:38.0664 1432   Netman - ok
21:11:38.0806 1432   NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:11:38.0882 1432   NetMsmqActivator - ok
21:11:38.0891 1432   NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:11:38.0916 1432   NetPipeActivator - ok
21:11:38.0985 1432   netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:11:39.0081 1432   netprofm - ok
21:11:39.0089 1432   NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:11:39.0116 1432   NetTcpActivator - ok
21:11:39.0122 1432   NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:11:39.0144 1432   NetTcpPortSharing - ok
21:11:39.0210 1432   nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:11:39.0308 1432   nfrd960 - ok
21:11:39.0379 1432   NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:11:39.0453 1432   NlaSvc - ok
21:11:39.0473 1432   Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:11:39.0570 1432   Npfs - ok
21:11:39.0598 1432   nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:11:39.0681 1432   nsi - ok
21:11:39.0694 1432   nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:11:39.0783 1432   nsiproxy - ok
21:11:39.0933 1432   Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:11:40.0103 1432   Ntfs - ok
21:11:40.0214 1432   NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
21:11:40.0270 1432   NTIBackupSvc - ok
21:11:40.0395 1432   NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
21:11:40.0470 1432   NTIDrvr - ok
21:11:40.0513 1432   NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
21:11:40.0592 1432   NTISchedulerSvc - ok
21:11:40.0626 1432   Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:11:40.0760 1432   Null - ok
21:11:40.0816 1432   nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:11:40.0987 1432   nvraid - ok
21:11:41.0020 1432   nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:11:41.0182 1432   nvstor - ok
21:11:41.0205 1432   nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:11:41.0378 1432   nv_agp - ok
21:11:41.0500 1432   O2FLASH (d955d5de998db2476bf0892be3a96c26) C:\Windows\system32\DRIVERS\o2flash.exe
21:11:41.0645 1432   O2FLASH - ok
21:11:41.0661 1432   O2MDRDR (922046f114ac0c1b2484bcdd5ca43c07) C:\Windows\system32\DRIVERS\o2media.sys
21:11:41.0740 1432   O2MDRDR - ok
21:11:41.0761 1432   O2SDRDR (51c368f577513feb59ed70b45e930076) C:\Windows\system32\DRIVERS\o2sd.sys
21:11:41.0832 1432   O2SDRDR - ok
21:11:41.0963 1432   odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:11:41.0998 1432   odserv - ok
21:11:42.0052 1432   ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:11:42.0223 1432   ohci1394 - ok
21:11:42.0282 1432   ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:11:42.0356 1432   ose - ok
21:11:42.0761 1432   osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:11:42.0892 1432   osppsvc - ok
21:11:43.0126 1432   p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:11:43.0279 1432   p2pimsvc - ok
21:11:43.0318 1432   p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:11:43.0399 1432   p2psvc - ok
21:11:43.0445 1432   Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:11:43.0528 1432   Parport - ok
21:11:43.0582 1432   partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:11:43.0617 1432   partmgr - ok
21:11:43.0641 1432   Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:11:43.0712 1432   Parvdm - ok
21:11:43.0757 1432   PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:11:43.0829 1432   PcaSvc - ok
21:11:43.0885 1432   pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:11:44.0030 1432   pci - ok
21:11:44.0087 1432   pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:11:44.0210 1432   pciide - ok
21:11:44.0243 1432   pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:11:44.0324 1432   pcmcia - ok
21:11:44.0347 1432   pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:11:44.0415 1432   pcw - ok
21:11:44.0475 1432   PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:11:44.0582 1432   PEAUTH - ok
21:11:44.0685 1432   PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
21:11:44.0816 1432   PeerDistSvc - ok
21:11:44.0979 1432   pgfilter - ok
21:11:45.0172 1432   pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:11:45.0266 1432   pla - ok
21:11:45.0459 1432   PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:11:45.0694 1432   PlugPlay - ok
21:11:45.0740 1432   Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\Windows\system32\HPZipm12.dll
21:11:45.0884 1432   Pml Driver HPZ12 - ok
21:11:45.0907 1432   PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:11:46.0067 1432   PNRPAutoReg - ok
21:11:46.0104 1432   PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:11:46.0150 1432   PNRPsvc - ok
21:11:46.0223 1432   PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:11:46.0326 1432   PolicyAgent - ok
21:11:46.0394 1432   Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:11:46.0491 1432   Power - ok
21:11:46.0565 1432   PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:11:46.0683 1432   PptpMiniport - ok
21:11:46.0711 1432   Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:11:46.0817 1432   Processor - ok
21:11:46.0844 1432   ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
21:11:46.0935 1432   ProfSvc - ok
21:11:46.0974 1432   ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:11:47.0003 1432   ProtectedStorage - ok
21:11:47.0024 1432   Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:11:47.0176 1432   Psched - ok
21:11:47.0247 1432   PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
21:11:47.0337 1432   PSI_SVC_2 - ok
21:11:47.0490 1432   ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:11:47.0591 1432   ql2300 - ok
21:11:47.0748 1432   ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:11:47.0836 1432   ql40xx - ok
21:11:47.0880 1432   QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:11:47.0970 1432   QWAVE - ok
21:11:47.0987 1432   QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:11:48.0062 1432   QWAVEdrv - ok
21:11:48.0083 1432   RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:11:48.0170 1432   RasAcd - ok
21:11:48.0192 1432   RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:11:48.0251 1432   RasAgileVpn - ok
21:11:48.0275 1432   RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:11:48.0341 1432   RasAuto - ok
21:11:48.0361 1432   Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:11:48.0423 1432   Rasl2tp - ok
21:11:48.0496 1432   RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:11:48.0589 1432   RasMan - ok
21:11:48.0612 1432   RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:11:48.0678 1432   RasPppoe - ok
21:11:48.0705 1432   RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:11:48.0767 1432   RasSstp - ok
21:11:48.0807 1432   rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:11:48.0868 1432   rdbss - ok
21:11:48.0884 1432   rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:11:48.0939 1432   rdpbus - ok
21:11:48.0984 1432   RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:11:49.0045 1432   RDPCDD - ok
21:11:49.0109 1432   RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:11:49.0206 1432   RDPDR - ok
21:11:49.0217 1432   RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:11:49.0303 1432   RDPENCDD - ok
21:11:49.0335 1432   RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:11:49.0431 1432   RDPREFMP - ok
21:11:49.0494 1432   RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
21:11:49.0585 1432   RDPWD - ok
21:11:49.0662 1432   rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:11:49.0731 1432   rdyboost - ok
21:11:49.0755 1432   regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
21:11:49.0844 1432   regi - ok
21:11:49.0894 1432   RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:11:49.0972 1432   RemoteAccess - ok
21:11:50.0014 1432   RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:11:50.0087 1432   RemoteRegistry - ok
21:11:50.0124 1432   RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
21:11:50.0220 1432   RFCOMM - ok
21:11:50.0249 1432   RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:11:50.0333 1432   RpcEptMapper - ok
21:11:50.0374 1432   RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:11:50.0457 1432   RpcLocator - ok
21:11:50.0525 1432   RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:11:50.0594 1432   RpcSs - ok
21:11:50.0619 1432   rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:11:50.0717 1432   rspndr - ok
21:11:50.0853 1432   RS_Service (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files\Acer\Acer VCM\RS_Service.exe
21:11:50.0923 1432   RS_Service ( UnsignedFile.Multi.Generic ) - warning
21:11:50.0923 1432   RS_Service - detected UnsignedFile.Multi.Generic (1)
21:11:50.0970 1432   s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:11:51.0190 1432   s3cap - ok
21:11:51.0237 1432   SABKUTIL - ok
21:11:51.0264 1432   SABProcEnum - ok
21:11:51.0307 1432   SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:11:51.0335 1432   SamSs - ok
21:11:51.0452 1432   SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:11:51.0482 1432   SASDIFSV - ok
21:11:51.0502 1432   SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:11:51.0534 1432   SASKUTIL - ok
21:11:51.0626 1432   sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:11:51.0777 1432   sbp2port - ok
21:11:51.0913 1432   SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:11:52.0003 1432   SCardSvr - ok
21:11:52.0050 1432   scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:11:52.0107 1432   scfilter - ok
21:11:52.0216 1432   Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:11:52.0309 1432   Schedule - ok
21:11:52.0365 1432   SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:11:52.0432 1432   SCPolicySvc - ok
21:11:52.0498 1432   sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
21:11:52.0577 1432   sdbus - ok
21:11:52.0610 1432   SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:11:52.0732 1432   SDRSVC - ok
21:11:52.0764 1432   secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:11:52.0852 1432   secdrv - ok
21:11:52.0886 1432   seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:11:52.0968 1432   seclogon - ok
21:11:53.0010 1432   SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
21:11:53.0102 1432   SENS - ok
21:11:53.0140 1432   SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:11:53.0244 1432   SensrSvc - ok
21:11:53.0267 1432   Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:11:53.0362 1432   Serenum - ok
21:11:53.0385 1432   Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:11:53.0457 1432   Serial - ok
21:11:53.0514 1432   sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:11:53.0652 1432   sermouse - ok
21:11:53.0723 1432   SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:11:53.0799 1432   SessionEnv - ok
21:11:53.0844 1432   sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:11:53.0962 1432   sffdisk - ok
21:11:53.0987 1432   sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:11:54.0082 1432   sffp_mmc - ok
21:11:54.0092 1432   sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:11:54.0191 1432   sffp_sd - ok
21:11:54.0221 1432   sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:11:54.0292 1432   sfloppy - ok
21:11:54.0368 1432   SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:11:54.0473 1432   SharedAccess - ok
21:11:54.0535 1432   ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:11:54.0601 1432   ShellHWDetection - ok
21:11:54.0643 1432   sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:11:54.0819 1432   sisagp - ok
21:11:54.0843 1432   SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:11:54.0963 1432   SiSRaid2 - ok
21:11:55.0015 1432   SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:11:55.0076 1432   SiSRaid4 - ok
21:11:55.0105 1432   Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:11:55.0250 1432   Smb - ok
21:11:55.0289 1432   SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:11:55.0417 1432   SNMPTRAP - ok
21:11:55.0450 1432   spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:11:55.0551 1432   spldr - ok
21:11:55.0588 1432   Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:11:55.0663 1432   Spooler - ok
21:11:55.0929 1432   sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:11:56.0048 1432   sppsvc - ok
21:11:56.0217 1432   sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:11:56.0305 1432   sppuinotify - ok
21:11:56.0419 1432   SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:11:56.0525 1432   SQLBrowser - ok
21:11:56.0551 1432   SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:11:56.0600 1432   SQLWriter - ok
21:11:56.0709 1432   srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:11:56.0887 1432   srv - ok
21:11:56.0926 1432   srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:11:57.0047 1432   srv2 - ok
21:11:57.0097 1432   SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:11:57.0168 1432   SrvHsfHDA - ok
21:11:57.0258 1432   SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:11:57.0322 1432   SrvHsfV92 - ok
21:11:57.0399 1432   SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:11:57.0479 1432   SrvHsfWinac - ok
21:11:57.0530 1432   srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:11:57.0644 1432   srvnet - ok
21:11:57.0707 1432   SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:11:57.0811 1432   SSDPSRV - ok
21:11:57.0840 1432   SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:11:57.0922 1432   SstpSvc - ok
21:11:57.0960 1432   stexstor (db32d325c192b801df274bfd12a7e72b) C:\Wi

evilfantasy · « **Reply #33 on:** June 02, 2012, 07:10:45 PM »

The bottom of the log is cut off.

Yes we may need the ESET log.

Peter Jordan · « **Reply #34 on:** June 02, 2012, 07:12:57 PM »

21:11:58.0029 1432   stexstor - ok
21:11:58.0106 1432   StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:11:58.0209 1432   StiSvc - ok
21:11:58.0253 1432   storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:11:58.0360 1432   storflt - ok
21:11:58.0411 1432   StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
21:11:58.0515 1432   StorSvc - ok
21:11:58.0535 1432   storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
21:11:58.0629 1432   storvsc - ok
21:11:58.0648 1432   swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:11:58.0745 1432   swenum - ok
21:11:58.0809 1432   swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:11:58.0916 1432   swprv - ok
21:11:58.0962 1432   SynTP (47183e3520c88fadd5b0c87d57040da5) C:\Windows\system32\DRIVERS\SynTP.sys
21:11:59.0107 1432   SynTP - ok
21:11:59.0232 1432   SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
21:11:59.0297 1432   SysMain - ok
21:11:59.0342 1432   TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
21:11:59.0410 1432   TabletInputService - ok
21:11:59.0470 1432   TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
21:11:59.0563 1432   TapiSrv - ok
21:11:59.0597 1432   TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:11:59.0746 1432   TBS - ok
21:11:59.0913 1432   Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
21:12:00.0011 1432   Tcpip - ok
21:12:00.0271 1432   TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
21:12:00.0316 1432   TCPIP6 - ok
21:12:00.0485 1432   tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:12:00.0560 1432   tcpipreg - ok
21:12:00.0599 1432   TcUsb (51d4e3f5d221539c0a4a186a27c09ad7) C:\Windows\system32\Drivers\tcusb.sys
21:12:00.0760 1432   TcUsb - ok
21:12:00.0822 1432   TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:12:00.0884 1432   TDPIPE - ok
21:12:00.0947 1432   TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
21:12:01.0006 1432   TDTCP - ok
21:12:01.0030 1432   tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:12:01.0086 1432   tdx - ok
21:12:01.0133 1432   TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:12:01.0241 1432   TermDD - ok
21:12:01.0328 1432   TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
21:12:01.0413 1432   TermService - ok
21:12:01.0454 1432   Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:12:01.0523 1432   Themes - ok
21:12:01.0557 1432   THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:12:01.0604 1432   THREADORDER - ok
21:12:01.0630 1432   TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:12:01.0714 1432   TrkWks - ok
21:12:01.0854 1432   TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
21:12:01.0949 1432   TrustedInstaller - ok
21:12:01.0999 1432   tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:12:02.0055 1432   tssecsrv - ok
21:12:02.0133 1432   TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:12:02.0259 1432   TsUsbFlt - ok
21:12:02.0313 1432   tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:12:02.0383 1432   tunnel - ok
21:12:02.0411 1432   uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:12:02.0479 1432   uagp35 - ok
21:12:02.0510 1432   UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
21:12:02.0552 1432   UBHelper - ok
21:12:02.0615 1432   udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:12:02.0675 1432   udfs - ok
21:12:02.0724 1432   UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:12:02.0800 1432   UI0Detect - ok
21:12:02.0858 1432   uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:12:02.0994 1432   uliagpkx - ok
21:12:03.0038 1432   umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
21:12:03.0078 1432   umbus - ok
21:12:03.0111 1432   UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:12:03.0182 1432   UmPass - ok
21:12:03.0244 1432   UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
21:12:03.0294 1432   UmRdpService - ok
21:12:03.0402 1432   Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
21:12:03.0471 1432   Updater Service - ok
21:12:03.0520 1432   upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:12:03.0624 1432   upnphost - ok
21:12:03.0673 1432   USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
21:12:03.0750 1432   USBAAPL - ok
21:12:03.0814 1432   usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
21:12:04.0001 1432   usbaudio - ok
21:12:04.0028 1432   usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:12:04.0259 1432   usbccgp - ok
21:12:04.0287 1432   usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:12:04.0496 1432   usbcir - ok
21:12:04.0516 1432   usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:12:04.0689 1432   usbehci - ok
21:12:04.0722 1432   usbfilter (0150b06d3e73f6c27afcb963fd931820) C:\Windows\system32\DRIVERS\usbfilter.sys
21:12:04.0868 1432   usbfilter - ok
21:12:04.0906 1432   usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:12:05.0097 1432   usbhub - ok
21:12:05.0143 1432   usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
21:12:05.0177 1432   usbohci - ok
21:12:05.0208 1432   usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:12:05.0345 1432   usbprint - ok
21:12:05.0369 1432   USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:12:05.0486 1432   USBSTOR - ok
21:12:05.0511 1432   usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
21:12:05.0608 1432   usbuhci - ok
21:12:05.0691 1432   usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
21:12:05.0822 1432   usbvideo - ok
21:12:05.0847 1432   UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:12:05.0928 1432   UxSms - ok
21:12:05.0975 1432   VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:12:06.0022 1432   VaultSvc - ok
21:12:06.0072 1432   vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:12:06.0191 1432   vdrvroot - ok
21:12:06.0285 1432   vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
21:12:06.0394 1432   vds - ok
21:12:06.0434 1432   vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:12:06.0507 1432   vga - ok
21:12:06.0537 1432   VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:12:06.0624 1432   VgaSave - ok
21:12:06.0681 1432   vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:12:06.0820 1432   vhdmp - ok
21:12:06.0876 1432   viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:12:06.0970 1432   viaagp - ok
21:12:07.0014 1432   ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:12:07.0090 1432   ViaC7 - ok
21:12:07.0131 1432   viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:12:07.0223 1432   viaide - ok
21:12:07.0271 1432   vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
21:12:07.0375 1432   vmbus - ok
21:12:07.0386 1432   VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
21:12:07.0482 1432   VMBusHID - ok
21:12:07.0504 1432   volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:12:07.0601 1432   volmgr - ok
21:12:07.0645 1432   volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:12:07.0728 1432   volmgrx - ok
21:12:07.0801 1432   volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:12:07.0899 1432   volsnap - ok
21:12:07.0952 1432   vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:12:08.0037 1432   vsmraid - ok
21:12:08.0153 1432   VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
21:12:08.0268 1432   VSS - ok
21:12:08.0319 1432   vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
21:12:08.0465 1432   vwifibus - ok
21:12:08.0486 1432   vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:12:08.0618 1432   vwififlt - ok
21:12:08.0665 1432   vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
21:12:08.0791 1432   vwifimp - ok
21:12:08.0848 1432   W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:12:08.0963 1432   W32Time - ok
21:12:08.0993 1432   WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:12:09.0111 1432   WacomPen - ok
21:12:09.0154 1432   WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:12:09.0254 1432   WANARP - ok
21:12:09.0263 1432   Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:12:09.0304 1432   Wanarpv6 - ok
21:12:09.0430 1432   WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
21:12:09.0551 1432   WatAdminSvc - ok
21:12:09.0781 1432   wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
21:12:09.0919 1432   wbengine - ok
21:12:09.0961 1432   WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:12:10.0033 1432   WbioSrvc - ok
21:12:10.0111 1432   wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
21:12:10.0190 1432   wcncsvc - ok
21:12:10.0208 1432   WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:12:10.0291 1432   WcsPlugInService - ok
21:12:10.0344 1432   Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:12:10.0410 1432   Wd - ok
21:12:10.0470 1432   Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:12:10.0558 1432   Wdf01000 - ok
21:12:10.0599 1432   WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:12:10.0744 1432   WdiServiceHost - ok
21:12:10.0754 1432   WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:12:10.0787 1432   WdiSystemHost - ok
21:12:10.0854 1432   WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
21:12:10.0904 1432   WebClient - ok
21:12:10.0941 1432   Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:12:11.0043 1432   Wecsvc - ok
21:12:11.0068 1432   wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:12:11.0157 1432   wercplsupport - ok
21:12:11.0182 1432   WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:12:11.0265 1432   WerSvc - ok
21:12:11.0297 1432   WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:12:11.0385 1432   WfpLwf - ok
21:12:11.0405 1432   WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:12:11.0471 1432   WIMMount - ok
21:12:11.0546 1432   winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:12:11.0670 1432   winachsf - ok
21:12:11.0814 1432   WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:12:11.0901 1432   WinDefend - ok
21:12:11.0925 1432   WinHttpAutoProxySvc - ok
21:12:12.0237 1432   Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:12:12.0348 1432   Winmgmt - ok
21:12:12.0474 1432   WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
21:12:12.0593 1432   WinRM - ok
21:12:12.0703 1432   WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
21:12:12.0770 1432   WinUsb - ok
21:12:12.0873 1432   Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:12:12.0999 1432   Wlansvc - ok
21:12:13.0253 1432   wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:12:13.0384 1432   wlidsvc - ok
21:12:13.0513 1432   WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:12:13.0687 1432   WmiAcpi - ok
21:12:13.0762 1432   wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:12:13.0902 1432   wmiApSrv - ok
21:12:14.0079 1432   WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:12:14.0203 1432   WMPNetworkSvc - ok
21:12:14.0337 1432   WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:12:14.0479 1432   WPCSvc - ok
21:12:14.0541 1432   WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
21:12:14.0695 1432   WPDBusEnum - ok
21:12:14.0762 1432   ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:12:14.0847 1432   ws2ifsl - ok
21:12:14.0877 1432   wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
21:12:14.0947 1432   wscsvc - ok
21:12:15.0003 1432   WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
21:12:15.0125 1432   WSDPrintDevice - ok
21:12:15.0136 1432   WSearch - ok
21:12:15.0338 1432   wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
21:12:15.0455 1432   wuauserv - ok
21:12:15.0602 1432   WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:12:15.0673 1432   WudfPf - ok
21:12:15.0704 1432   WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:12:15.0760 1432   WUDFRd - ok
21:12:15.0805 1432   wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
21:12:15.0871 1432   wudfsvc - ok
21:12:15.0917 1432   WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:12:15.0989 1432   WwanSvc - ok
21:12:16.0016 1432   XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
21:12:16.0095 1432   XAudio - ok
21:12:16.0247 1432   YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:12:16.0319 1432   YahooAUService - ok
21:12:16.0388 1432   MBR (0x1B8) (af00fc1920e1cf861b39b90a4375edf3) \Device\Harddisk0\DR0
21:12:16.0756 1432   \Device\Harddisk0\DR0 - ok
21:12:16.0778 1432   Boot (0x1200) (f6db4357816cb62e20c12650128fa49f) \Device\Harddisk0\DR0\Partition0
21:12:16.0781 1432   \Device\Harddisk0\DR0\Partition0 - ok
21:12:16.0810 1432   Boot (0x1200) (8724746da5f04487e5f43566f61d6ad3) \Device\Harddisk0\DR0\Partition1
21:12:16.0811 1432   \Device\Harddisk0\DR0\Partition1 - ok
21:12:16.0812 1432   ============================================================
21:12:16.0812 1432   Scan finished
21:12:16.0812 1432   ============================================================
21:12:16.0838 5484   Detected object count: 4
21:12:16.0838 5484   Actual detected object count: 4
21:12:20.0638 5484   ETService ( UnsignedFile.Multi.Generic ) - skipped by user
21:12:20.0639 5484   ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:12:20.0644 5484   IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:12:20.0645 5484   IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:12:20.0649 5484   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:12:20.0649 5484   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:12:20.0653 5484   RS_Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:12:20.0653 5484   RS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

evilfantasy · « **Reply #35 on:** June 02, 2012, 07:17:09 PM »

I'm checking on this. Be back with you ASAP.

Peter Jordan · « **Reply #36 on:** June 03, 2012, 12:01:38 AM »

ESET scan was clean ("no threats detected"). I neglected to save a copy of the log, sorry.

evilfantasy · « **Reply #37 on:** June 03, 2012, 12:47:52 AM »

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Did this help?

Peter Jordan · « **Reply #38 on:** June 03, 2012, 05:14:02 AM »

No change noted after using

MiniToolBox by Farbar Version: 14-01-2012
Ran by Peter (administrator) on 03-06-2012 at 07:21:16
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: :0

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR5B91 Wireless Network Adapter = Wireless Network Connection (Connected)
Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Peter-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.nj.comcast.net.

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 0A-60-76-2D-2C-DB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.nj.comcast.net.
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-26-2D-5B-76-65
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.nj.comcast.net.
Description . . . . . . . . . . . : Atheros AR5B91 Wireless Network Adapter
Physical Address. . . . . . . . . : 0C-60-76-2D-2C-DB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a120:9ca4:f379:bc0d%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, June 03, 2012 7:14:27 AM
Lease Expires . . . . . . . . . . : Monday, June 04, 2012 7:14:27 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 168583286
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-73-FC-B8-0C-60-76-2D-2C-DB
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.nj.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.nj.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:185a:25b7:b38a:9686(Preferred)
Link-local IPv6 Address . . . . . : fe80::185a:25b7:b38a:9686%26(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{08D35869-7729-45CE-9D3C-8922241D989E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.226.229
     74.125.226.227
     74.125.226.232
     74.125.226.225
     74.125.226.238
     74.125.226.228
     74.125.226.226
     74.125.226.233
     74.125.226.231
     74.125.226.224
     74.125.226.230

Pinging google.com [74.125.226.192] with 32 bytes of data:
Reply from 74.125.226.192: bytes=32 time=12ms TTL=55
Reply from 74.125.226.192: bytes=32 time=13ms TTL=55

Ping statistics for 74.125.226.192:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 13ms, Average = 12ms
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 209.191.122.70
     72.30.38.140
     98.139.183.24

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=53ms TTL=49
Reply from 209.191.122.70: bytes=32 time=53ms TTL=49

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 53ms, Maximum = 53ms, Average = 53ms
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...0a 60 76 2d 2c db ......Microsoft Virtual WiFi Miniport Adapter
11...00 26 2d 5b 76 65 ......Broadcom NetXtreme Gigabit Ethernet
10...0c 60 76 2d 2c db ......Atheros AR5B91 Wireless Network Adapter
1...........................Software Loopback Interface 1
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
26...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
46...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.102 281
192.168.1.102 255.255.255.255 On-link 192.168.1.102 281
192.168.1.255 255.255.255.255 On-link 192.168.1.102 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.102 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.102 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
26 58 ::/0 On-link
1 306 ::1/128 On-link
26 58 2001::/32 On-link
26 306 2001:0:4137:9e76:185a:25b7:b38a:9686/128
On-link
10 281 fe80::/64 On-link
26 306 fe80::/64 On-link
26 306 fe80::185a:25b7:b38a:9686/128
On-link
10 281 fe80::a120:9ca4:f379:bc0d/128
On-link
1 306 ff00::/8 On-link
26 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/03/2012 07:19:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0xa78
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (06/03/2012 07:16:47 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0x8c8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (06/03/2012 02:22:28 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0x177c
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3

Error: (06/03/2012 02:19:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0x8c8
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3

Error: (06/03/2012 02:17:22 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0xc08
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3

Error: (06/03/2012 02:14:48 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0x14e0
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3

Error: (06/03/2012 02:12:15 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0xca8
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3

Error: (06/03/2012 02:09:53 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0x1564
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3

Error: (06/03/2012 01:15:32 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0x6a0
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3

Error: (06/02/2012 11:33:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: hd438A_module.dat, version: 0.0.0.0, time stamp: 0x4c62a42f
Exception code: 0xc0000005
Fault offset: 0x0000e996
Faulting process id: 0xf50
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3

System errors:
=============
Error: (06/03/2012 07:15:33 AM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/03/2012 07:14:47 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SABKUTIL

Error: (06/03/2012 07:14:24 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:12:38 AM on ?6/?3/?2012 was unexpected.

Error: (06/03/2012 07:12:10 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (06/03/2012 07:12:10 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (06/03/2012 07:12:10 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (06/03/2012 06:52:39 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (06/03/2012 06:18:35 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (06/03/2012 05:44:08 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (06/03/2012 05:08:36 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Microsoft Office Sessions:
=========================
Error: (12/18/2011 06:53:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23270 seconds with 840 seconds of active time. This session ended with a crash.

Error: (11/25/2011 00:05:00 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3552 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/26/2011 11:23:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6164 seconds with 720 seconds of active time. This session ended with a crash.

Error: (06/20/2010 11:50:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 213 seconds with 180 seconds of active time. This session ended with a crash.

Error: (06/20/2010 11:46:09 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1577 seconds with 1440 seconds of active time. This session ended with a crash.

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system (Version: 12.0.6612.1000)
32 Bit HP CIO Components Installer (Version: 7.1.5)
7-Zip 9.20
Able2Extract Professional v5.0
AC3Filter ACM AC3/DTS codec (remove only)
Acer Assist
Acer Bio Protection (Version: 6.2.48)
Acer Crystal Eye Webcam (Version: 5.2.7.1)
Acer Empowering Technology (Version: 3.0.3016)
Acer ePower Management (Version: 3.0.3019)
Acer eRecovery Management (Version: 4.05.3003)
Acer GridVista (Version: 3.01.0730)
Acer Registration (Version: 1.02.3006)
Acer ScreenSaver (Version: 1.1.0812)
Acer Updater (Version: 1.01.3014)
Acer VCM (Version: 4.05.3000)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 3.2.0.2070)
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Allok Video Joiner 4.0.1019
AMD USB Filter Driver (Version: 1.0.11.86)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit Integrated Controller (Version: 12.24.02)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
CamStudio
Camtasia Studio 7 (Version: 7.0.0)
CaptureWizPro 4.30
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Full Existing (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Full New (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Light (Version: 2009.0702.1239.20840)
Catalyst Control Center InstallProxy (Version: 2009.0702.1239.20840)
Catalyst Control Center Localization All (Version: 2009.0702.1239.20840)
ccc-core-static (Version: 2009.0702.1239.20840)
ccc-utility (Version: 2009.0702.1239.20840)
CCC Help Chinese Standard (Version: 2009.0702.1238.20840)
CCC Help Chinese Traditional (Version: 2009.0702.1238.20840)
CCC Help Czech (Version: 2009.0702.1238.20840)
CCC Help Danish (Version: 2009.0702.1238.20840)
CCC Help Dutch (Version: 2009.0702.1238.20840)
CCC Help English (Version: 2009.0702.1238.20840)
CCC Help Finnish (Version: 2009.0702.1238.20840)
CCC Help French (Version: 2009.0702.1238.20840)
CCC Help German (Version: 2009.0702.1238.20840)
CCC Help Greek (Version: 2009.0702.1238.20840)
CCC Help Hungarian (Version: 2009.0702.1238.20840)
CCC Help Italian (Version: 2009.0702.1238.20840)
CCC Help Japanese (Version: 2009.0702.1238.20840)
CCC Help Korean (Version: 2009.0702.1238.20840)
CCC Help Norwegian (Version: 2009.0702.1238.20840)
CCC Help Polish (Version: 2009.0702.1238.20840)
CCC Help Portuguese (Version: 2009.0702.1238.20840)
CCC Help Russian (Version: 2009.0702.1238.20840)
CCC Help Spanish (Version: 2009.0702.1238.20840)
CCC Help Swedish (Version: 2009.0702.1238.20840)
CCC Help Thai (Version: 2009.0702.1238.20840)
CCC Help Turkish (Version: 2009.0702.1238.20840)
CCleaner (Version: 3.19)
CDex - Open Source Digital Audio CD Extractor (Version: 1.70.4.2009)
CuratorUtilities (Version: 0.0.0)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectVobSub (remove only)
DivX Setup (Version: 2.6.1.

Dropbox (Version: 1.1.35)
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
Easy Video Joiner 5.21
Elite Proxy Switcher 1.10
Email Verifier
Email Verifier (Version: 6.2)
Encoder (Version: 1.0.0)
eSobi v2 (Version: 2.0.4.000274)
EZ MPEG TO AVI Converter 3.00
FastStone Image Viewer 4.2 (Version: 4.2)
Final Media Player 2010
Fingerprint Solution (Version: 6.1.48.0)
Free Mp3 Wma Converter V 1.9 (Version: 1.9.0.0)
Free Video to MP3 Converter version 4.0
Free YouTube to MP3 Converter version 3.10.15.1228
Garmin Lifetime Updater (Version: 2.0.4)
GIMP 2.6.11 (Version: 2.6.11)
Google Update Helper (Version: 1.3.21.111)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
HandBrake 0.9.5 (Version: 0.9.5)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.55)
HijackThis 2.0.2 (Version: 2.0.2)
HP Color LaserJet 3600 (02/27/2007 61.063.461.41) (Version: 02/27/2007 61.063.461.41)
iCloud (Version: 1.1.0.40)
Identity Card (Version: 1.00.3001)
ImgBurn (Version: 2.5.1.0)
InterVideo WinDVD 8 (Version: 8.5.10.39)
iTunes (Version: 10.6.0.40)
IZArc 4.1.2 (Version: 4.1.2)
Java Auto Updater (Version: 2.1.6.0)
Java(TM) 6 Update 31 (Version: 6.0.310)
Java(TM) 7 Update 4 (Version: 7.0.40)
JavaFX 2.1.0 (Version: 2.1.0)
Jing (Version: 2.6.12032.1)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 6.3.0 (Basic) (Version: 6.3.0)
Kaspersky Anti-Virus 2010 (Version: 9.0.0.736)
Kyocera Product Library (Version: 2.0.0713)
LameXP
Learn.com Player (Uninstall Only)
LockHunter version 1.0 beta 3, 32 bit edition
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft PowerPoint 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ Run Time Lib Setup (Version: 1.0.0)
mkv2vob (Version: 2.4.9)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NTI Backup Now 5 (Version: 5.1.2.627)
NTI Backup Now Standard (Version: 5.1.2.627)
NTI Media Maker 8 (Version: 8.0.12.6619)
NTI Shadow (Version: 3.7.6.56)
O2Micro Flash Memory Card Reader Driver (Version: 3.31.02)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OJOsoft DVD AVI Converter Suite (Version: 2.7.5.0412)
OJOsoft MKV Converter (Version: 2.7.5.0412)
OJOsoft Total Video Converter (Version: 2.5.1.1121)
OJOsoft Total Video Converter (Version: 2.7.5.0412)
PageOne Curator (Version: 1.2.4)
Photozig Albums 1.0
QuickTime (Version: 7.70.80.34)
Real Alternative 2.0.2 (Version: 2.0.2)
Realtek High Definition Audio Driver (Version: 6.0.1.5911)
RER Video Converter (Version: 3.7.5.0412)
Safari (Version: 5.34.54.16)
save2pc Light 4.14
SEO SpyGlass
SliQ Submitter Plus (Version: 2.20.0)
SPBA 5.8 (Version: 5.8.2.5652)
SUPERAntiSpyware (Version: 5.0.1150)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 13.2.2.0)
TextPad 5 (Version: 5.3.1)
The Ultimate Troubleshooter
ToolkitCMA
TOP YouTube Downloader V1.0.0
TweakNow PowerPack 2011 (Version: 3.0.1)
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Video mp3 Extractor
VLC media player 1.1.4 (Version: 1.1.4)
Voxware Audio decoder 1.6 (Version: 1.6.0)
WebEx
Welcome Center (Version: 1.00.3005)
WIDCOMM Bluetooth Software (Version: 6.2.0.9700)
Win7codecs (Version: 2.5.4)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8064.206)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver
WinZip 14.5 (Version: 14.5.9095)
Wisdom-soft Set up ScreenHunter 5.1 Free
Yahoo! Software Update

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 2814.36 MB
Available physical RAM: 1773.12 MB
Total Pagefile: 5627 MB
Available Pagefile: 4217.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.11 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:221.07 GB) (Free:71.73 GB) NTFS

========================= Users: ========================================

User accounts for \\PETER-PC

Administrator Guest Peter

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

Peter Jordan · « **Reply #39 on:** June 03, 2012, 09:01:19 AM »

One update...

Realized the version of KP I have is 2010 and updated to 2012. Upon doing so, while I still received the malicious URL mssgs, WE no longer shut down. I let the computer run for another hour and again, warning messages appeared by were no longer followed by WE stopping and re-starting.

I wondered if this would continue after rebooting the computer, but unfortunately it did not and it reverted back to the old cycle of URL mssg followed by WE shut down/restart.

Not sure if this is significant or provided any further clues as to where the problem lies, but thought I would pass it along.

Thanks,
Peter

Peter Jordan · « **Reply #40 on:** June 03, 2012, 11:40:53 AM »

Should I take any action with these 4 files detected by Kaspersky tdsskiller? Or are they safe?

13:47:07.0850 4004   Detected object count: 4
13:47:07.0850 4004   Actual detected object count: 4
13:47:37.0470 4004   ETService ( UnsignedFile.Multi.Generic ) - skipped by user
13:47:37.0470 4004   ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:47:37.0471 4004   IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:47:37.0471 4004   IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:47:37.0474 4004   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:47:37.0474 4004   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:47:37.0478 4004   RS_Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:47:37.0478 4004   RS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

evilfantasy · « **Reply #41 on:** June 03, 2012, 01:59:14 PM »

Quote from: Peter Jordan on June 03, 2012, 11:40:53 AM

Should I take any action with these 4 files detected by Kaspersky tdsskiller? Or are they safe?

That is normal.

Try to start Firefox in Safe Mode and see if it still happens.

How to start Firefox in Safe Mode

You can start Firefox in Safe Mode by holding down the shift key while starting Firefox.

Peter Jordan · « **Reply #42 on:** June 03, 2012, 04:41:14 PM »

Doesn't occur in Safe Mode.

By the way, occurs now whether I use IE or Firefox.

Hope that helps.

Peter

Peter Jordan · « **Reply #43 on:** June 04, 2012, 12:02:10 PM »

Anything else that can be done?

evilfantasy · « **Reply #44 on:** June 04, 2012, 04:07:32 PM »

Run a scan with MGtools and attach the log please. Using MGtools

Peter Jordan · « **Reply #45 on:** June 04, 2012, 05:02:15 PM »

ComboFix 12-06-03.01 - Peter 06/04/2012 12:58:52.14.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1938 [GMT -4:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 17:10 . 2012-06-04 17:10   --------   d-----w-   c:\users\Public\AppData\Local\temp
2012-06-04 17:10 . 2012-06-04 17:10   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-06-03 18:57 . 2012-06-04 17:10   --------   d-----w-   c:\users\Peter\AppData\Local\temp
2012-06-03 16:38 . 2012-06-04 16:55   --------   d-----w-   c:\users\Peter\AppData\Local\CrashDumps
2012-06-03 16:26 . 2012-06-03 16:58   --------   d-----w-   c:\programdata\Norton
2012-06-02 18:45 . 2012-05-08 16:40   6737808   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{A103669C-602D-4F68-AD2D-808DB3C024AF}\mpengine.dll
2012-06-02 15:44 . 2012-06-04 14:38   --------   d-----w-   C:\TDSSKiller_Quarantine
2012-06-02 14:03 . 2012-06-02 14:03   --------   d-----w-   c:\programdata\Sophos
2012-06-02 14:03 . 2012-06-02 18:11   --------   d-----w-   c:\program files\Sophos
2012-06-02 13:27 . 2012-06-02 13:27   --------   d-----w-   C:\VundoFix Backups
2012-06-01 01:23 . 2012-06-04 15:59   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-05-29 14:24 . 2012-05-29 14:24   --------   d-----w-   c:\users\Peter\AppData\Roaming\SUPERAntiSpyware.com
2012-05-29 14:23 . 2012-06-04 15:59   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-05-26 23:36 . 2012-05-26 23:36   --------   d-----w-   c:\program files\Trend Micro
2012-05-26 22:31 . 2012-05-26 22:31   --------   d-----w-   c:\program files\Common Files\Java
2012-05-26 22:29 . 2012-05-26 22:29   --------   d-----w-   c:\program files\Oracle
2012-05-26 22:28 . 2012-04-04 22:47   772504   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-05-17 11:42 . 2012-06-04 15:59   --------   d-----w-   c:\program files\RemoteAutomator
2012-05-17 11:42 . 2012-05-26 18:58   --------   d-----w-   c:\programdata\RemoteAutomator
2012-05-09 21:01 . 2012-03-30 10:23   1291632   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-05-09 21:01 . 2012-03-31 04:29   936960   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 21:01 . 2012-03-31 04:30   1221632   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 21:01 . 2012-03-31 04:29   989184   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 21:01 . 2012-03-31 04:29   969216   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 21:01 . 2012-03-31 04:39   3968368   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-05-09 21:01 . 2012-03-31 04:39   3913072   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-05-09 21:01 . 2012-03-31 02:36   2343424   ----a-w-   c:\windows\system32\win32k.sys
2012-05-09 21:01 . 2012-03-17 07:27   56176   ----a-w-   c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:00 . 2012-03-03 05:31   1077248   ----a-w-   c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-03 18:33 . 2010-06-24 15:33   19736   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-05 10:39 . 2012-03-29 22:59   419488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:39 . 2011-05-13 13:08   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:47 . 2010-08-16 11:32   687504   ----a-w-   c:\windows\system32\deployJava1.dll
2012-03-26 14:00 . 2012-04-13 11:20   112056   ----a-w-   c:\windows\system32\acaptuser32.dll
2011-02-27 00:14 . 2011-02-27 00:14   7808600   ----a-w-   c:\program files\PowerPack3.exe
2011-02-27 00:13 . 2011-02-27 00:13   5404768   ----a-w-   c:\program files\RegCleaner603.exe
2010-08-19 16:59 . 2010-08-19 16:59   197632   ----a-w-   c:\program files\Common Files\OnlineFilesManager.dll
2012-04-21 01:19 . 2012-06-02 19:30   97208   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-08-19 16:59   197632   ----a-w-   c:\program files\Common Files\OnlineFilesManager.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-06 7703072]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-08-06 3575808]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-28 1130504]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 421888]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2009-06-26 17:05   568072   ----a-w-   c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=
backup=c:\windows\pss\CaptureWiz.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28   59240   ----a-w-   c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08   1259376   ----a-w-   c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-07-28 13:10   1406824   ----a-w-   c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05   421736   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 16:30   59240   ----a-w-   c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-21 20:38   3905920   ----a-w-   c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Free]
2010-08-08 01:40   5324800   ----a-w-   c:\program files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
R4 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-08-06 3453440]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-05-07 52128]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-05-07 42144]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ     SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HsfXAudioService   REG_MULTI_SZ     HsfXAudioService
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:39]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-06-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 60fc887a-e1bc-430b-8168-7cc7eb16481f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-06-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c06bd2ec-6f4c-4c57-9272-dde63d1a23fb.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mls.gsmls.com/member/index.jsp/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8231A03-DFF0-4AB2-A7B4-7FC36769BFC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\m4fqy7os.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-87069146.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5408)
c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-06-04 13:14:05
ComboFix-quarantined-files.txt 2012-06-04 17:14
ComboFix2.txt 2012-06-04 12:41
ComboFix3.txt 2012-06-03 18:56
ComboFix4.txt 2012-05-31 23:15
ComboFix5.txt 2012-06-04 16:57
.
Pre-Run: 62,599,823,360 bytes free
Post-Run: 62,152,830,976 bytes free
.
- - End Of File - - 6CB547863C8EACD9D9892367DCFE0AFD

Peter Jordan · « **Reply #46 on:** June 04, 2012, 05:02:51 PM »

Misc FireFox Information
==============================================================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{0329E7D6-6F54-462D-93F6-F5C3118BADF2}"=" "
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\\Program Files\\DivX\\DivX Plus Web Player\\firefox\\DivXHTML5"
*Blocked Russian URL*"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus *Blocked Russian URL*"
*Blocked Russian URL*"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus *Blocked Russian URL*"

Locating all files created in "C:\Users\Peter\Local Settings\Application Data\"

No matches found.

Locating files created in C:\Program Files\Mozilla Firefox\extensions in the last 90 days.

"C:\Program Files\Mozilla Firefox\extensions\"
*Blocked Russian URL* Jun 2 2012 *Blocked Russian URL*"
{972CE~1 Jun 2 2012 "{972ce4c6-7e08-4474-a285-3208198ce6fd}"

"C:\Program Files\Mozilla *Blocked Russian URL*\"
COMPON~1 Jun 2 2012 "components"
CONTENT Jun 2 2012 "content"
LOCALE Jun 2 2012 "locale"
SKIN Jun 2 2012 "skin"

"C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\"
icon.png Apr 20 2012 2185 "icon.png"
install.rdf Apr 20 2012 1106 "install.rdf"
preview.png Apr 20 2012 9303 "preview.png"

"C:\Program Files\Mozilla *Blocked Russian URL*\locale\"
EN Jun 2 2012 "en"

10 items found: 3 files, 7 directories.
Total of file sizes: 12,594 bytes 12.30 K

******************************************************************************

Locating files created in C:\Program Files\Mozilla Firefox\plugins in the last 90 days.

No matches found.

******************************************************************************

Locating files created in C:\Program Files\Mozilla Firefox\searchlugins in the last 90 days.

"C:\Program Files\Mozilla Firefox\searchplugins\"
amazon~1.xml Apr 20 2012 1394 "amazondotcom.xml"
bing.xml Apr 20 2012 2252 "bing.xml"
ebay.xml Apr 20 2012 1131 "eBay.xml"
google.xml Apr 20 2012 3413 "google.xml"
twitter.xml Apr 20 2012 2040 "twitter.xml"
wikipe~1.xml Apr 20 2012 1178 "wikipedia.xml"
yahoo.xml Apr 20 2012 1096 "yahoo.xml"

7 items found: 7 files, 0 directories.
Total of file sizes: 12,504 bytes 12.21 K
******************************************************************************

Dumping FireFox's google.xml searchplugin contents. Use XML Notepad or Notepad++ to view clearly.

<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">
<ShortName>Google</ShortName>
<Description>Google Search</Description>
<InputEncoding>UTF-8</InputEncoding>
<Image width="16" height="16">data:image/png;base64,AAABAAEAEBAAAAEAGABoAwAAFgAAACgAAAAQAAAAIAAAAAEA
GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD s9Pt8xetPtu9FsfFNtu%2BTzvb2%2B%2Fne4dFJeBw0egA%2FfAJAfAA8
ewBBegAAAAD%2B%2FPtft98Mp%2BwWsfAVsvEbs%2FQeqvF8xO7%2F%2F%2F63yqkxdgM7gwE%2FggM%2BfQA%2Be
gBDeQDe7PIbotgQufcMufEPtfIPsvAbs%2FQvq%2Bfz%2Bf%2F%2B%2B%2FZKhR05hgBBhQI8hgBAgAI9ewD0%2B%2Fg
3pswAtO8Cxf4Kw%2FsJvvYAqupKsNv%2B%2Fv7%2F%2FP5VkSU0iQA7jQA9hgBDgQU%2BfQH%2F%2Ff%2FQ6fM4sM4K
sN8AteMCruIqqdbZ7PH8%2Fv%2Fg6Nc%2Fhg05kAA8jAM9iQI%2BhQA%2BgQDQu6b97uv%2F%2F%2F7V8Pqw3eiWz97
q8%2Ff%2F%2F%2F%2F7%2FPptpkkqjQE4kwA7kAA5iwI8iAA8hQCOSSKdXjiyflbAkG7u2s%2F%2B%2F%2F39%2F%2F7r8utrqEYtjQE8lgA7kwA7kwA9jwA9igA9hACiWSekVRyeSgiYSBHx6N%2F%2B%2Fv7k7OFRmiYtlAA5lwI7lwI4lAA7kgI9jw
E9iwI4iQCoVhWcTxCmb0K%2BooT8%2Fv%2F7%2F%2F%2FJ2r8fdwI1mwA3mQA3mgA8lAE8lAE4jwA9iwE%2BhwGfXifWv
qz%2B%2Ff%2F58u%2Fev6Dt4tr%2B%2F%2F2ZuIUsggA7mgM6mAM3lgA5lgA6kQE%2FkwBChwHt4dv%2F%2F%2F728
ei1bCi7VAC5XQ7kz7n%2F%2F%2F6bsZkgcB03lQA9lgM7kwA2iQktZToPK4r9%2F%2F%2F9%2F%2F%2FSqYK5UwDKZAS9
WALIkFn%2B%2F%2F3%2F%2BP8oKccGGcIRJrERILYFEMwAAuEAAdX%2F%2Ff7%2F%2FP%2B%2BfDvGXQLIZgLEWgLOjlf
7%2F%2F%2F%2F%2F%2F9QU90EAPQAAf8DAP0AAfMAAOUDAtr%2F%2F%2F%2F7%2B%2Fu2bCTIYwDPZgDBWQDSr
4P%2F%2Fv%2F%2F%2FP5GRuABAPkAA%2FwBAfkDAPAAAesAAN%2F%2F%2B%2Fz%2F%2F%2F64g1C5VwDM
YwK8Yg7y5tz8%2Fv%2FV1PYKDOcAAP0DAf4AAf0AAfYEAOwAAuAAAAD%2F%2FPvi28ymXyChTATRrIb8%2F%2F3v8fk6P8MAAdUCAvoAAP0CAP0AAfYAAO4AAACAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAQAA</Image>
<Url type="application/x-suggestions+json" method="GET" template="http://suggestqueries.google.com/complete/search?output=firefox&client=firefox&hl={moz:locale}&q={searchTerms}"/>
<Url type="text/html" method="GET" template="http://www.google.com/search">
<Param name="q" value="{searchTerms}"/><Param name="ie" value="utf-8"/><Param name="oe"
value="utf-8"/><Param name="aq" value="t"/><Param name="rls" value="{moz:distributionID}:{moz:locale}:{moz:official}"/>
<MozParam name="client" condition="defaultEngine" trueValue="firefox-a" falseValue="firefox"/>
</Url>

<Url type="application/x-moz-keywordsearch" method="GET" template="http://www.google.com/search">
<Param name="q" value="{searchTerms}"/><Param name="ie" value="utf-8"/><Param name="oe"
value="utf-8"/><Param name="aq" value="t"/><Param name="rls" value="{moz:distributionID}:{moz:locale}:{moz:official}"/>
<MozParam name="client" condition="defaultEngine" trueValue="firefox-a" falseValue="firefox"/>
<Param name="channel" value="fflb"/>
</Url>

<Url type="application/x-moz-contextsearch" method="GET" template="http://www.google.com/search">
<Param name="q" value="{searchTerms}"/><Param name="ie" value="utf-8"/><Param name="oe"
value="utf-8"/><Param name="aq" value="t"/><Param name="rls" value="{moz:distributionID}:{moz:locale}:{moz:official}"/>
<MozParam name="client" condition="defaultEngine" trueValue="firefox-a" falseValue="firefox"/>
<Param name="channel" value="rcs"/>
</Url>
<SearchForm>http://www.google.com/</SearchForm>
</SearchPlugin>

Zipping ffdata.txt

Peter Jordan · « **Reply #47 on:** June 04, 2012, 05:03:22 PM »

******************************************************************************
MGtools installation folder and files at Start of Scans
******************************************************************************
Volume in drive C is ACER
Volume Serial Number is 7C0F-03FC

Directory of C:\MGtools

06/04/2012 06:51 PM <DIR> .
06/04/2012 06:51 PM <DIR> ..
04/23/2010 02:18 AM 388,608 analyse.exe
10/07/2010 01:11 AM 6,806 BamFix.bat
12/04/2010 06:49 PM 372 bamRCfix.txt
06/07/2007 01:24 AM 6,146 chodefix.bat
12/13/2009 04:25 PM 1,954 config.reg
10/13/2011 09:54 PM 3,114 DebugMGT.bat
08/01/2007 11:13 PM 120 DisableUAC.reg
08/07/2008 03:27 PM 61,440 download.exe
08/01/2007 11:13 PM 120 EnableUAC.reg
06/04/2012 06:37 PM 7,060 ffdata.txt
06/04/2012 06:56 PM 228 filelog.txt
04/18/2009 02:48 AM 320 FindOVL.bat
08/14/2010 03:40 PM 2,027 FindRN.bat
11/05/2011 12:19 PM 6,355 FixACLS.bat
05/27/2011 02:08 PM 1,588 FixAttr.bat
07/10/2008 01:50 AM 1,897 FixBagle.bat
01/27/2009 12:27 AM 3,765 fixBagle.reg
12/04/2010 06:42 PM 1,623 FixbamRC.bat
01/14/2009 12:28 AM 1,034 FixCF.bat
01/02/2009 09:44 PM 581 fixCF.reg
06/07/2007 01:14 AM 738 fixChode.reg
12/29/2008 01:29 AM 438 FixFA.bat
05/27/2011 01:35 PM 23,678 fixFA.reg
12/30/2011 02:53 AM 3,191 FixNet.bat
08/30/2011 11:41 PM 7,584 FixPerm.bat
08/14/2010 03:12 PM 439 FixSBM.bat
12/04/2006 02:20 PM 12,924 fixSBM.reg
12/12/2011 04:04 PM 107,019 FixW7BFE.reg
12/12/2011 04:05 PM 3,768 FixW7FW.reg
12/12/2011 04:05 PM 1,812 FixW7FWdrv.reg
12/12/2011 04:07 PM 469 FixWFW.bat
12/12/2011 12:38 AM 9,270 fixXPnetbt.reg
10/30/2006 12:17 PM 245,760 GetDetails.exe
01/27/2012 12:23 AM 11,238 GetLogs.Bat
12/23/2010 09:38 PM 3,054 GetMBR.bat
03/03/2012 01:31 AM 14,849 GetMsrv.bat
01/19/2012 02:31 AM 26,334 GetNetInf.bat
12/01/2011 02:37 AM 123,493 GetRunKey.bat
06/04/2012 06:51 PM 34 GetUnKey.txt
01/23/2009 05:00 PM 2,949 GetUnKeys.bat
04/14/2003 01:00 AM 80,412 grep.exe
12/01/2011 03:14 AM 125,169 GRK64.bat
06/22/2009 10:48 PM 393 hide.reg
06/04/2012 06:38 PM 8,149 hijackthis.log
04/07/2012 02:44 PM 55,636 history.txt
03/06/2009 03:30 AM 6,606 HTAfind.bat
04/02/2004 07:44 PM 1,756 IEFIX.reg
01/13/2005 10:41 PM 11,254 locate.com
10/28/1986 12:51 PM 13,184 ltime.exe
03/05/2010 12:39 AM 220 mbrfix.bat
04/07/2012 02:35 PM 6,092 MGclean.bat
01/26/2012 10:37 PM 6,878 MIalt.bat
01/25/2012 01:02 AM 15,116 MiscInfo.bat
06/04/2012 06:37 PM 74,245 miscinfo.txt
06/04/2012 06:37 PM 68,446 miscinfo2.txt
06/04/2012 06:37 PM 30,081 msrvlog.txt
06/04/2012 06:37 PM 7,313 msrvstate.txt
06/04/2012 06:37 PM 194,672 netinflong.txt
06/04/2012 06:37 PM 7,671 netinfo.txt
06/04/2012 06:37 PM 171,322 newfiles.txt
12/30/2011 05:18 PM 33,978 NwkTst.bat
06/04/2012 06:37 PM 11,152 nwktst.txt
12/22/2011 11:59 PM 3,029 perm.cmd
12/31/2011 08:09 PM 249,344 pevFind.exe
06/04/2012 06:40 PM 56,281 procdll.txt
06/05/2003 09:13 PM 53,248 Process.exe
08/01/2006 09:14 AM 6,656 ProcessDll.exe
04/18/2007 01:55 PM 145 Regfix.bat
07/30/2009 11:09 PM 497 RemMWS.bat
12/22/2011 05:09 PM 1,544 resetperm-x64.cmd
12/22/2011 04:59 PM 1,539 resetperm.cmd
06/15/2009 10:01 PM 195 RunMB.bat
06/04/2012 06:56 PM 52 scantime.txt
08/31/2000 09:00 AM 98,816 sed.exe
03/26/2012 11:00 PM 123,969 ShowNew.bat
03/26/2012 11:00 PM 135,249 SN64.bat
12/22/2011 01:31 AM 4,905 SRVen.bat
06/04/2012 06:40 PM 3,846 srven.txt
12/16/2007 06:36 PM 156,160 swreg.exe
12/16/2007 06:47 PM 66,048 swwhoami.exe
09/11/2009 12:37 AM 5,841 SysBU.bat
06/04/2012 06:40 PM 15,265,086 sysinfo.txt
09/10/2009 10:31 PM <DIR> temp
08/03/2007 05:11 PM 213 unhide.reg
05/30/2010 07:15 PM 1,755 UnKeys.bat
01/25/2012 01:22 AM 4,022 UserInfo.bat
06/04/2012 06:37 PM 9,310 UserInfo.txt
12/28/2007 03:42 PM 49,152 vfind.exe
12/28/2007 04:16 PM 861 VunFind.bat
06/04/2012 06:37 PM 551,389 winfiles.txt
06/04/2012 06:37 PM 137,418 winsock.txt
03/26/2012 09:58 PM 2,201 za.bat
06/04/2012 06:51 PM 294 zia04240
01/13/2005 10:41 PM 126,976 zip.exe
93 File(s) 19,139,985 bytes
3 Dir(s) 61,910,503,424 bytes free
******************************************************************************

******************************************************************************
* File Versions Used: *
* GetLogs.Bat - 01/27/2012 Version 2.39 *
* 32 bit Windows OS found *
* GetUnKeys.Bat - 01/23/2009 Version 0.19 *
* 32 bit Windows OS found *
* GetRunKey.bat - 12/01/2011 Version 2.64 *
* ShowNew.bat - 03/26/2012 Version 2.93 *
* UserInfo.Bat - 01/25/2012 Version 1.05 *
* NwkTst.bat - 12/30/2011 Version 0.34 *
* GetNetInf.bat - 01/19/2011 Version 0.13 *
* MiscInfo.Bat - 01/25/2012 Version 0.07 *
* MIalt.bat - 01/25/2012 Version 0.02 *
* SRVen.bat - 12/22/2011 Version 0.01 *
******************************************************************************

******************************************************************************
MGtools installation folder and files at End of Scans
******************************************************************************
Volume in drive C is ACER
Volume Serial Number is 7C0F-03FC

Directory of C:\MGtools

06/04/2012 07:07 PM <DIR> .
06/04/2012 07:07 PM <DIR> ..
04/23/2010 02:18 AM 388,608 analyse.exe
10/07/2010 01:11 AM 6,806 BamFix.bat
12/04/2010 06:49 PM 372 bamRCfix.txt
06/07/2007 01:24 AM 6,146 chodefix.bat
12/13/2009 04:25 PM 1,954 config.reg
10/13/2011 09:54 PM 3,114 DebugMGT.bat
08/01/2007 11:13 PM 120 DisableUAC.reg
08/07/2008 03:27 PM 61,440 download.exe
08/01/2007 11:13 PM 120 EnableUAC.reg
06/04/2012 07:03 PM 7,060 ffdata.txt
06/04/2012 07:07 PM 6,899 filelog.txt
04/18/2009 02:48 AM 320 FindOVL.bat
08/14/2010 03:40 PM 2,027 FindRN.bat
11/05/2011 12:19 PM 6,355 FixACLS.bat
05/27/2011 02:08 PM 1,588 FixAttr.bat
07/10/2008 01:50 AM 1,897 FixBagle.bat
01/27/2009 12:27 AM 3,765 fixBagle.reg
12/04/2010 06:42 PM 1,623 FixbamRC.bat
01/14/2009 12:28 AM 1,034 FixCF.bat
01/02/2009 09:44 PM 581 fixCF.reg
06/07/2007 01:14 AM 738 fixChode.reg
12/29/2008 01:29 AM 438 FixFA.bat
05/27/2011 01:35 PM 23,678 fixFA.reg
12/30/2011 02:53 AM 3,191 FixNet.bat
08/30/2011 11:41 PM 7,584 FixPerm.bat
08/14/2010 03:12 PM 439 FixSBM.bat
12/04/2006 02:20 PM 12,924 fixSBM.reg
12/12/2011 04:04 PM 107,019 FixW7BFE.reg
12/12/2011 04:05 PM 3,768 FixW7FW.reg
12/12/2011 04:05 PM 1,812 FixW7FWdrv.reg
12/12/2011 04:07 PM 469 FixWFW.bat
12/12/2011 12:38 AM 9,270 fixXPnetbt.reg
10/30/2006 12:17 PM 245,760 GetDetails.exe
01/27/2012 12:23 AM 11,238 GetLogs.Bat
12/23/2010 09:38 PM 3,054 GetMBR.bat
03/03/2012 01:31 AM 14,849 GetMsrv.bat
01/19/2012 02:31 AM 26,334 GetNetInf.bat
12/01/2011 02:37 AM 123,493 GetRunKey.bat
06/04/2012 06:56 PM 436,523 GetUnKey.txt
01/23/2009 05:00 PM 2,949 GetUnKeys.bat
04/14/2003 01:00 AM 80,412 grep.exe
12/01/2011 03:14 AM 125,169 GRK64.bat
06/22/2009 10:48 PM 393 hide.reg
06/04/2012 07:03 PM 8,587 hijackthis.log
04/07/2012 02:44 PM 55,636 history.txt
03/06/2009 03:30 AM 6,606 HTAfind.bat
04/02/2004 07:44 PM 1,756 IEFIX.reg
01/13/2005 10:41 PM 11,254 locate.com
10/28/1986 12:51 PM 13,184 ltime.exe
03/05/2010 12:39 AM 220 mbrfix.bat
04/07/2012 02:35 PM 6,092 MGclean.bat
01/26/2012 10:37 PM 6,878 MIalt.bat
01/25/2012 01:02 AM 15,116 MiscInfo.bat
06/04/2012 07:03 PM 85,570 miscinfo.txt
06/04/2012 07:03 PM 72,521 miscinfo2.txt
06/04/2012 07:03 PM 30,105 msrvlog.txt
06/04/2012 07:03 PM 7,289 msrvstate.txt
06/04/2012 07:03 PM 194,672 netinflong.txt
06/04/2012 07:03 PM 7,671 netinfo.txt
06/04/2012 07:03 PM 172,325 newfiles.txt
12/30/2011 05:18 PM 33,978 NwkTst.bat
06/04/2012 07:03 PM 9,105 nwktst.txt
12/22/2011 11:59 PM 3,029 perm.cmd
12/31/2011 08:09 PM 249,344 pevFind.exe
06/04/2012 07:07 PM 154,376 procdll.txt
06/05/2003 09:13 PM 53,248 Process.exe
08/01/2006 09:14 AM 6,656 ProcessDll.exe
04/18/2007 01:55 PM 145 Regfix.bat
07/30/2009 11:09 PM 497 RemMWS.bat
12/22/2011 05:09 PM 1,544 resetperm-x64.cmd
12/22/2011 04:59 PM 1,539 resetperm.cmd
06/04/2012 06:58 PM 65,370 runkeys.txt
06/15/2009 10:01 PM 195 RunMB.bat
06/04/2012 06:56 PM 52 scantime.txt
08/31/2000 09:00 AM 98,816 sed.exe
03/26/2012 11:00 PM 123,969 ShowNew.bat
03/26/2012 11:00 PM 135,249 SN64.bat
12/22/2011 01:31 AM 4,905 SRVen.bat
06/04/2012 07:07 PM 3,963 srven.txt
12/16/2007 06:36 PM 156,160 swreg.exe
12/16/2007 06:47 PM 66,048 swwhoami.exe
09/11/2009 12:37 AM 5,841 SysBU.bat
06/04/2012 07:06 PM 15,375,392 sysinfo.txt
06/04/2012 07:07 PM <DIR> temp
08/03/2007 05:11 PM 213 unhide.reg
05/30/2010 07:15 PM 1,755 UnKeys.bat
01/25/2012 01:22 AM 4,022 UserInfo.bat
06/04/2012 07:03 PM 9,264 UserInfo.txt
12/28/2007 03:42 PM 49,152 vfind.exe
12/28/2007 04:16 PM 861 VunFind.bat
06/04/2012 07:03 PM 551,389 winfiles.txt
06/04/2012 07:03 PM 137,418 winsock.txt
03/26/2012 09:58 PM 2,201 za.bat
06/04/2012 06:51 PM 294 zia04240
01/13/2005 10:41 PM 126,976 zip.exe
94 File(s) 19,871,781 bytes
3 Dir(s) 61,767,061,504 bytes free
******************************************************************************
Begin scan time
Mon 06/04/2012 at 18:56:09.16
End scan time
Mon 06/04/2012 at 19:07:02.22

Peter Jordan · « **Reply #48 on:** June 04, 2012, 05:04:38 PM »

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:03:57 PM, on 6/4/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Peter\Desktop\MGtools.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\ntvdm.exe
C:\Windows\Explorer.EXE
C:\MGTools\analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mls.gsmls.com/member/index.jsp/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [VitaKeyPdtWzd] "c:\Program Files\Acer Bio Protection\PdtWzd.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O9 - Extra button: (no name) - {316FDCC0-C0CC-4896-AACE-D073621B68C3} - C:\Users\Peter\Documents\Hostblock.exe (HKCU)
O9 - Extra 'Tools' menuitem: Hostblock - {316FDCC0-C0CC-4896-AACE-D073621B68C3} - C:\Users\Peter\Documents\Hostblock.exe (HKCU)
O9 - Extra button: Hostblock - {5213F412-918A-496c-B0E1-BC0CB8EE039D} - C:\Users\Peter\Documents\Hostblock.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.realtytools.com
O15 - Trusted Zone: http://*.toolkitcma.com
O15 - Trusted Zone: http://*.toolkitcma2.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 8586 bytes

Peter Jordan · « **Reply #49 on:** June 04, 2012, 05:07:43 PM »

MGtools produced a zip file -- many of the individual files are too large to post.

Is there a way for me to upload the zip file directly?

evilfantasy · « **Reply #50 on:** June 04, 2012, 05:16:00 PM »

Upload the file to File Dropper

Click Upload
Locate the file and double click it.
Copy the link under Share This Link: and post it back here.

Peter Jordan · « **Reply #51 on:** June 04, 2012, 05:20:39 PM »

http://www.filedropper.com/mglogs

evilfantasy · « **Reply #52 on:** June 04, 2012, 07:18:21 PM »

I have sent a message to someone asking a second opinion. I will be back to you ASAP so don't think I am abandoning this topic please.

evilfantasy · « **Reply #53 on:** June 04, 2012, 08:00:30 PM »

Please go to VirusTotal.com
(If more than one file needs scanned they must be done separately and logs posted for each one)

1. Copy the file path in the below Code box:

Code: [Select]

C:\Program Files\Common Files\Data\hd438A_module.dat
2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Next click Send File
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
This will perform a scan across multiple different virus scanning engines.
Important: Wait for all of the scanning engines to complete.
5. Copy and then Paste the link to the results in the next reply.

Important! If you get a page that says 'File has already been analysed' in the results then please use the Reanalyze option.

Peter Jordan · « **Reply #54 on:** June 05, 2012, 12:25:43 PM »

https://www.virustotal.com/file/db78a362f48ee8b0f1e71dcfed78fa3027d329e0c4c3d981ecd8dc447bfa43da/analysis/1338921212/

evilfantasy · « **Reply #55 on:** June 05, 2012, 01:04:52 PM »

Many thanks to thisisu from MajorGeeks for his input.

@Peter Jordan - The file may not be malicious but is believed to be the problem so we need to remove it.

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

File::
C:\Program Files\Common Files\Data\hd438A_module.dat

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

Let me know how the computer is doing now.

Peter Jordan · « **Reply #56 on:** June 05, 2012, 01:45:00 PM »

Wish I could report it helped, but no difference.

ComboFix 12-06-05.03 - Peter 06/05/2012 15:27:09.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.2065 [GMT -4:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
Command switches used :: c:\users\Peter\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Common Files\Data\hd438A_module.dat"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\1322197141.dll
c:\windows\system32\13382918041.dll
c:\windows\system32\17204299641.dll
c:\windows\system32\17385840641.dll
c:\windows\system32\22341217841.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2012-06-05 19:39 . 2012-06-05 19:39   --------   d-----w-   c:\users\Peter\AppData\Local\temp
2012-06-05 19:39 . 2012-06-05 19:39   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-06-05 19:39 . 2012-06-05 19:39   --------   d-----w-   c:\users\Public\AppData\Local\temp
2012-06-05 19:39 . 2012-06-05 19:39   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-06-05 13:01 . 2012-06-05 13:02   34560   ----a-w-   c:\windows\system32\drivers\Normandy.sys
2012-06-05 12:47 . 2012-05-08 16:40   6737808   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E81F26A-F463-425C-8AF2-E839A425D563}\mpengine.dll
2012-06-04 22:23 . 2012-06-04 23:51   --------   d-----w-   C:\MGtools
2012-06-04 18:31 . 2012-04-04 19:56   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-06-03 16:38 . 2012-06-05 19:23   --------   d-----w-   c:\users\Peter\AppData\Local\CrashDumps
2012-06-03 16:26 . 2012-06-03 16:58   --------   d-----w-   c:\programdata\Norton
2012-06-02 14:03 . 2012-06-02 14:03   --------   d-----w-   c:\programdata\Sophos
2012-06-02 14:03 . 2012-06-02 18:11   --------   d-----w-   c:\program files\Sophos
2012-06-02 13:27 . 2012-06-02 13:27   --------   d-----w-   C:\VundoFix Backups
2012-06-01 01:23 . 2012-06-04 18:31   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-05-29 14:24 . 2012-05-29 14:24   --------   d-----w-   c:\users\Peter\AppData\Roaming\SUPERAntiSpyware.com
2012-05-29 14:23 . 2012-06-04 15:59   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-05-26 23:36 . 2012-05-26 23:36   --------   d-----w-   c:\program files\Trend Micro
2012-05-26 22:31 . 2012-05-26 22:31   --------   d-----w-   c:\program files\Common Files\Java
2012-05-26 22:29 . 2012-05-26 22:29   --------   d-----w-   c:\program files\Oracle
2012-05-26 22:28 . 2012-04-04 22:47   772504   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-05-17 11:42 . 2012-06-04 15:59   --------   d-----w-   c:\program files\RemoteAutomator
2012-05-17 11:42 . 2012-05-26 18:58   --------   d-----w-   c:\programdata\RemoteAutomator
2012-05-09 21:01 . 2012-03-30 10:23   1291632   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-05-09 21:01 . 2012-03-31 04:29   936960   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 21:01 . 2012-03-31 04:30   1221632   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 21:01 . 2012-03-31 04:29   989184   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 21:01 . 2012-03-31 04:29   969216   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 21:01 . 2012-03-31 04:39   3968368   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-05-09 21:01 . 2012-03-31 04:39   3913072   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-05-09 21:01 . 2012-03-31 02:36   2343424   ----a-w-   c:\windows\system32\win32k.sys
2012-05-09 21:01 . 2012-03-17 07:27   56176   ----a-w-   c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:00 . 2012-03-03 05:31   1077248   ----a-w-   c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 23:07 . 2012-06-04 22:33   1021195   ----a-w-   C:\MGlogs.zip
2012-06-03 18:33 . 2010-06-24 15:33   19736   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-05 10:39 . 2012-03-29 22:59   419488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:39 . 2011-05-13 13:08   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:47 . 2010-08-16 11:32   687504   ----a-w-   c:\windows\system32\deployJava1.dll
2012-03-26 14:00 . 2012-04-13 11:20   112056   ----a-w-   c:\windows\system32\acaptuser32.dll
2011-02-27 00:14 . 2011-02-27 00:14   7808600   ----a-w-   c:\program files\PowerPack3.exe
2011-02-27 00:13 . 2011-02-27 00:13   5404768   ----a-w-   c:\program files\RegCleaner603.exe
2010-08-19 16:59 . 2010-08-19 16:59   197632   ----a-w-   c:\program files\Common Files\OnlineFilesManager.dll
2012-04-21 01:19 . 2012-06-02 19:30   97208   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-08-19 16:59   197632   ----a-w-   c:\program files\Common Files\OnlineFilesManager.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-06 7703072]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-08-06 3575808]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-28 1130504]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 421888]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2009-06-26 17:05   568072   ----a-w-   c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=
backup=c:\windows\pss\CaptureWiz.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28   59240   ----a-w-   c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08   1259376   ----a-w-   c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-07-28 13:10   1406824   ----a-w-   c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05   421736   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 16:30   59240   ----a-w-   c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-21 20:38   3905920   ----a-w-   c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Free]
2010-08-08 01:40   5324800   ----a-w-   c:\program files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 Normandy;Normandy SR2;

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
R4 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-08-06 3453440]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-05-07 52128]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-05-07 42144]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ     SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HsfXAudioService   REG_MULTI_SZ     HsfXAudioService
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:39]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-06-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 60fc887a-e1bc-430b-8168-7cc7eb16481f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-06-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c06bd2ec-6f4c-4c57-9272-dde63d1a23fb.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mls.gsmls.com/member/index.jsp/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8231A03-DFF0-4AB2-A7B4-7FC36769BFC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\m4fqy7os.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5696)
c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
Completion time: 2012-06-05 15:42:53
ComboFix-quarantined-files.txt 2012-06-05 19:42
ComboFix2.txt 2012-06-04 17:14
ComboFix3.txt 2012-06-04 12:41
ComboFix4.txt 2012-06-03 18:56
ComboFix5.txt 2012-06-05 19:25
.
Pre-Run: 61,042,704,384 bytes free
Post-Run: 60,731,781,120 bytes free
.
- - End Of File - - 5F95F421A2171DAEB7D9F9232C73D7E1

evilfantasy · « **Reply #57 on:** June 05, 2012, 01:47:46 PM »

Are the errors still present?

Peter Jordan · « **Reply #58 on:** June 05, 2012, 05:26:18 PM »

Yes, everything's the same

evilfantasy · « **Reply #59 on:** June 05, 2012, 07:42:16 PM »

Try this and see if the error still happens using the new user account.

How to create a new user account in Windows 7 and Windows Vista

Peter Jordan · « **Reply #60 on:** June 05, 2012, 08:23:59 PM »

Some interesting results...

At first, the url message would flash periodically under the new user account, but there was no disruptions to WE.

The same would occur in my primary account: I received Kaspersky's url warning, but Windows Explorer was unaffected.

However, switching back and forth between the accounts later on I noticed a warning would appear ONLY in the primary account and NOT in the new user account. No disruptions occur in either account to WE.

evilfantasy · « **Reply #61 on:** June 05, 2012, 10:06:45 PM »

It sounds like the account has become corrupted.

Try this please. How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7

Peter Jordan · « **Reply #62 on:** June 06, 2012, 04:41:05 AM »

completed system file checker and found no problems

Peter Jordan · « **Reply #63 on:** June 06, 2012, 07:04:47 AM »

WE closes now after each url warning.

Seems hopeless. Should I reinstall Windows 7? Not sure how to do so. It's an Acer TravelMate 5530 lap. Came with a recovery disc to downgrade to WinXP Professional, but no Windows 7.

Any suggestions?

evilfantasy · « **Reply #64 on:** June 06, 2012, 02:26:24 PM »

I'm not sure what to do next. You might start a topic in the Windows 7 forum asking on re-install advice.

Or a last ditch effort would be trying the Kaspersky Forums. They might know of a fix since it's their software doing this.

Computer Hope Forum

News:

Author Topic: Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down (Read 188347 times)

Peter Jordan

evilfantasy

Peter Jordan

evilfantasy

Peter Jordan

evilfantasy

Peter Jordan

Peter Jordan

Peter Jordan

evilfantasy

Peter Jordan

Peter Jordan

evilfantasy

Peter Jordan

Peter Jordan

evilfantasy

Peter Jordan

evilfantasy

Peter Jordan

evilfantasy

Peter Jordan

evilfantasy

Peter Jordan

evilfantasy

Peter Jordan

Peter Jordan

evilfantasy

evilfantasy

Peter Jordan

evilfantasy

Peter Jordan

evilfantasy

Peter Jordan

evilfantasy

Peter Jordan

evilfantasy

Peter Jordan

evilfantasy

Peter Jordan

Peter Jordan

Peter Jordan

evilfantasy

Peter Jordan

Peter Jordan

evilfantasy

Peter Jordan

Peter Jordan

Peter Jordan

Peter Jordan

Peter Jordan

evilfantasy

Peter Jordan

evilfantasy

evilfantasy

Peter Jordan

evilfantasy

Peter Jordan

evilfantasy

Peter Jordan

evilfantasy

Peter Jordan

evilfantasy

Peter Jordan

Peter Jordan

evilfantasy