Author Topic: Hijacked by File Recovery (Read 26299 times)

hercdryvr · « **on:** August 11, 2012, 08:19:34 PM »

Hello, it appears I have been hit with the File Recovery (notso)S.M.A.R.T. malware. I think I have done the steps outlined in "read this before..." and kindly request some help in liberating my computer. I have an Acer running W7.

I got an Avira notice that it detected something and told it to remove/deny but then got a new popup dialog box that I couldn't get rid of, can't recall exactly what it said but it essentially blocked me from doing anything, and I cancelled out of starting to run whatever it wanted but then was right back to the dialog box that I couldn't get rid of (clicking cancel just made it pop back up again) so I restarted the computer. Then I got the fan of popups that it couldn't find resources or somthing and the handy scan from file recovery. I did a system restore back to earlier in that day after a windows update but then my desktop didn't have shortcuts or documents I saved there. I searched for info on the problem and found your site. I read through some of the similar posts, undid the system restore and started on the steps and here I am

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/11/2012 at 10:50 AM

Application Version : 5.5.1012

Core Rules Database Version : 9044
Trace Rules Database Version: 6856

Scan type : Complete Scan
Total Scan Time : 01:03:03

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned : 623
Memory threats detected : 0
Registry items scanned : 67723
Registry threats detected : 0
File items scanned : 126829
File threats detected : 0

MBAM Log:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.11.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Ryan :: RYAN-PC [administrator]

8/11/2012 8:39:23 PM
mbam-log-2012-08-11 (20-42-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211216
Time elapsed: 2 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Ryan at 20:55:03 on 2012-08-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.2216 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\dlbkcoms.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\sppsvc.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_ActiveX.exe
C:\windows\system32\DllHost.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.earthlink.net/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/chuzzledeluxe/popcaploader_v10.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{379810E1-DDC2-4B05-9656-FD959C2A355C} : DhcpNameServer = 10.71.0.1
TCP: Interfaces\{A639EDC6-94DD-40CA-B887-E3A5B49DFF6F} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{A639EDC6-94DD-40CA-B887-E3A5B49DFF6F}\14C6A556E6D27657563747 : DhcpNameServer = 208.180.83.133 208.180.42.68
TCP: Interfaces\{A639EDC6-94DD-40CA-B887-E3A5B49DFF6F}\34963736F65353831303 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A639EDC6-94DD-40CA-B887-E3A5B49DFF6F}\35570756278336573747F6D6562737 : DhcpNameServer = 208.180.42.100 208.180.42.68
TCP: Interfaces\{A639EDC6-94DD-40CA-B887-E3A5B49DFF6F}\3586F67727F6F6D60275962756C6563737D27657563747 : DhcpNameServer = 192.168.33.1
TCP: Interfaces\{A639EDC6-94DD-40CA-B887-E3A5B49DFF6F}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll
Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [(Default)]
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\acjacx9c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10400&locale=en_US&apn_uid=56bc60a1-7b1f-4593-9103-ace8f5a021c8&apn_ptnrs=%5EABY&apn_sauid=1FA856C5-3A2D-40A1-A144-E269CA7366BC&apn_dtid=%5EYYYYYY%5EYY%5EUS&&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\windows\system32\DRIVERS\avkmgr.sys --> C:\windows\system32\DRIVERS\avkmgr.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-5-21 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-5-21 110032]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-5-21 465360]
R2 avgntflt;avgntflt;C:\windows\system32\DRIVERS\avgntflt.sys --> C:\windows\system32\DRIVERS\avgntflt.sys [?]
R2 dlbk_device;dlbk_device;C:\windows\system32\dlbkcoms.exe -service --> C:\windows\system32\dlbkcoms.exe -service [?]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-4-13 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-4-13 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-4-16 144640]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-18 1153368]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-13 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-11-19 243232]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-17 250056]
S3 AmUStor;AM USB Stroage Driver;C:\windows\system32\drivers\AmUStor.SYS --> C:\windows\system32\drivers\AmUStor.SYS [?]
S3 ivusb;Initio Driver for USB Default Controller;C:\windows\system32\DRIVERS\ivusb.sys --> C:\windows\system32\DRIVERS\ivusb.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-4-16 50432]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\windows\system32\DRIVERS\S3XXx64.sys --> C:\windows\system32\DRIVERS\S3XXx64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown bryravct;bryravct;

.
=============== Created Last 30 ================
.
2012-08-12 01:48:13   955888   ----a-w-   C:\windows\System32\npDeployJava1.dll
2012-08-11 14:45:32   --------   d-----w-   C:\Users\Ryan\AppData\Roaming\SUPERAntiSpyware.com
2012-08-11 14:45:11   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2012-08-11 14:45:11   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2012-08-11 13:22:39   --------   d-----w-   C:\Program Files (x86)\ESET
2012-08-11 12:57:56   9133488   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94D6A76F-4F7F-4B5A-B926-F8B70F6ACB9F}\mpengine.dll
2012-08-07 14:10:52   116224   ----a-w-   C:\windows\System32\Spool\prtprocs\x64\dlbkpp6c.dll
2012-08-06 18:11:00   --------   d-----w-   C:\Program Files (x86)\Cisco Systems
2012-08-06 18:04:46   --------   d--h--w-   C:\ProgramData\Cisco Systems
2012-07-22 05:53:29   --------   d--h--w-   C:\Users\Ryan\AppData\Local\Macromedia
2012-07-16 16:54:09   3147264   ----a-w-   C:\windows\System32\win32k.sys
2012-07-16 16:30:04   9216   ----a-w-   C:\windows\System32\rdrmemptylst.exe
2012-07-16 16:30:04   76288   ----a-w-   C:\windows\System32\rdpwsx.dll
2012-07-16 16:30:04   208896   ----a-w-   C:\windows\System32\profsvc.dll
2012-07-16 16:30:04   149504   ----a-w-   C:\windows\System32\rdpcorekmts.dll
2012-07-16 16:26:46   2622464   ----a-w-   C:\windows\System32\wucltux.dll
2012-07-16 16:26:37   99840   ----a-w-   C:\windows\System32\wudriver.dll
2012-07-16 16:26:26   36864   ----a-w-   C:\windows\System32\wuapp.exe
2012-07-16 16:26:26   186752   ----a-w-   C:\windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-08-08 03:23:18   70344   ----a-w-   C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-08 03:23:18   426184   ----a-w-   C:\windows\SysWow64\FlashPlayerApp.exe
2012-07-03 18:46:44   24904   ----a-w-   C:\windows\System32\drivers\mbam.sys
2012-06-06 05:50:50   2003968   ----a-w-   C:\windows\System32\msxml6.dll
2012-06-06 05:50:50   1880064   ----a-w-   C:\windows\System32\msxml3.dll
2012-06-06 05:09:46   1389568   ----a-w-   C:\windows\SysWow64\msxml6.dll
2012-06-06 05:09:46   1236992   ----a-w-   C:\windows\SysWow64\msxml3.dll
2012-06-02 05:38:26   95088   ----a-w-   C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24   152432   ----a-w-   C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45   459216   ----a-w-   C:\windows\System32\drivers\cng.sys
2012-06-02 05:27:02   340992   ----a-w-   C:\windows\System32\schannel.dll
2012-06-02 05:27:00   307200   ----a-w-   C:\windows\System32\ncrypt.dll
2012-06-02 04:48:39   22016   ----a-w-   C:\windows\SysWow64\secur32.dll
2012-06-02 04:48:35   225280   ----a-w-   C:\windows\SysWow64\schannel.dll
2012-06-02 04:47:31   219136   ----a-w-   C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51   96768   ----a-w-   C:\windows\SysWow64\sspicli.dll
2012-05-31 17:25:12   279656   ------w-   C:\windows\System32\MpSigStub.exe
2012-05-15 03:56:59   1197568   ----a-w-   C:\windows\System32\wininet.dll
2012-05-15 03:08:48   981504   ----a-w-   C:\windows\SysWow64\wininet.dll
.
============= FINISH: 20:55:57.78 ===============

DDS Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/16/2011 10:09:18 PM
System Uptime: 8/11/2012 8:48:57 PM (0 hours ago)
.
Motherboard: Acer | | JE70_CP
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz | CPU 1 | 2133/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 234.746 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP84: 7/21/2012 9:39:40 AM - Windows Update
RP85: 7/24/2012 10:07:55 AM - Windows Update
RP86: 7/31/2012 9:19:16 AM - Windows Update
RP87: 8/7/2012 8:27:15 AM - Windows Update
RP88: 8/10/2012 2:36:14 PM - Windows Update
RP89: 8/10/2012 8:00:21 PM - Restore Operation
RP90: 8/10/2012 8:11:12 PM - Windows Update
RP91: 8/11/2012 7:04:50 AM - 11 aug 12
RP92: 8/11/2012 7:46:40 AM - Restore Operation
RP94: 8/11/2012 8:27:00 AM - Windows Defender Checkpoint
RP95: 8/11/2012 8:46:52 PM - Installed Java(TM) 7 Update 5 (64-bit)
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye webcam Ver:1.1.194.1021
Acer ePower Management
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe Acrobat 8 Standard
Adobe Acrobat 8.3.1 - CPSID_83708
Adobe Acrobat 8.3.1 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1 MUI
Alcor Micro USB Card Reader
Apple Application Support
Apple Software Update
Ask Toolbar
Avira Free Antivirus
Avira SearchFree Toolbar plus Web Protection Updater
Backup Manager Basic
Canon MP Navigator EX 1.0
Canon MX310 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Cisco Connect
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink PowerDVD 9
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ESET Online Scanner v3
HandBrake 0.9.5
IBM Lotus Forms Viewer 3.5.1
Identity Card
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Web Access S/MIME
Microsoft Outlook Web Access S/MIME (2007)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MyWinLocker
MyWinLocker Suite
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
PIXMA Extended Survey Program
PopCap Browser Plugin
Presto! PageManager 7.15.16
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver
Savings Bond Wizard
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Shredder
Spybot - Search & Destroy
System Requirements Lab
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VLC media player 1.1.11
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
8/8/2012 7:40:31 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
8/7/2012 9:10:52 AM, Error: Service Control Manager [7030] - The dlbk_device service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/10/2012 7:53:44 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
.
==== End Of File ===========================

Thanks for any assistance you can offer. Once I did the steps, I didn't get any of the file recovery junk popping upon the next restart but still black background and can't see my user profile or any documents from my old desktop.

SuperDave · « **Reply #1 on:** August 12, 2012, 06:08:13 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************

Please download Unhide by Grinler from here and save it to your desktop.
Double click unhide.exe to run the tool.
It will take some time to go through all your files, so please be patient.
If this tool doesn´t fix the problem, please let me know.

*******************************************************
Please run MBAM again and, this time, clean the infections.

I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
*****************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

hercdryvr · « **Reply #2 on:** August 14, 2012, 09:47:10 AM »

Thanks, those steps appeared to fix things, here is the combofix log as requested.

ComboFix 12-08-13.01 - Ryan 08/13/2012 13:47:40.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.2330 [GMT -5:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 18:50 . 2012-08-13 18:50   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-08-12 01:48 . 2012-08-12 01:47   955888   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-08-12 01:48 . 2012-08-12 01:47   268784   ----a-w-   c:\windows\system32\javaws.exe
2012-08-12 01:48 . 2012-08-12 01:47   189424   ----a-w-   c:\windows\system32\javaw.exe
2012-08-12 01:48 . 2012-08-12 01:47   188912   ----a-w-   c:\windows\system32\java.exe
2012-08-11 14:45 . 2012-08-11 14:45   --------   d-----w-   c:\users\Ryan\AppData\Roaming\SUPERAntiSpyware.com
2012-08-11 14:45 . 2012-08-11 14:45   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-08-11 14:45 . 2012-08-11 14:45   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-08-11 13:22 . 2012-08-11 13:22   --------   d-----w-   c:\program files (x86)\ESET
2012-08-11 12:57 . 2012-06-29 10:04   9133488   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{94D6A76F-4F7F-4B5A-B926-F8B70F6ACB9F}\mpengine.dll
2012-08-07 14:10 . 2007-02-28 08:53   116224   ----a-w-   c:\windows\system32\Spool\prtprocs\x64\dlbkpp6c.dll
2012-08-06 18:11 . 2012-08-06 18:11   --------   d-----w-   c:\program files (x86)\Cisco Systems
2012-08-06 18:04 . 2012-08-06 18:04   --------   d-----w-   c:\programdata\Cisco Systems
2012-07-29 23:58 . 2012-08-11 12:53   --------   d-----w-   c:\users\Ciji
2012-07-22 05:53 . 2012-07-22 05:53   --------   d-----w-   c:\users\Ryan\AppData\Local\Macromedia
2012-07-16 16:54 . 2012-06-12 03:02   3147264   ----a-w-   c:\windows\system32\win32k.sys
2012-07-16 16:38 . 2012-04-17 05:38   851968   ----a-w-   c:\windows\system32\jscript.dll
2012-07-16 16:31 . 2012-06-09 05:30   14165504   ----a-w-   c:\windows\system32\shell32.dll
2012-07-16 16:30 . 2012-05-02 05:32   208896   ----a-w-   c:\windows\system32\profsvc.dll
2012-07-16 16:30 . 2012-04-26 05:34   76288   ----a-w-   c:\windows\system32\rdpwsx.dll
2012-07-16 16:30 . 2012-04-26 05:34   149504   ----a-w-   c:\windows\system32\rdpcorekmts.dll
2012-07-16 16:30 . 2012-04-26 05:28   9216   ----a-w-   c:\windows\system32\rdrmemptylst.exe
2012-07-16 16:26 . 2012-06-02 22:19   2428952   ----a-w-   c:\windows\system32\wuaueng.dll
2012-07-16 16:26 . 2012-06-02 22:19   57880   ----a-w-   c:\windows\system32\wuauclt.exe
2012-07-16 16:26 . 2012-06-02 22:19   44056   ----a-w-   c:\windows\system32\wups2.dll
2012-07-16 16:26 . 2012-06-02 22:15   2622464   ----a-w-   c:\windows\system32\wucltux.dll
2012-07-16 16:26 . 2012-06-02 22:19   38424   ----a-w-   c:\windows\system32\wups.dll
2012-07-16 16:26 . 2012-06-02 22:19   701976   ----a-w-   c:\windows\system32\wuapi.dll
2012-07-16 16:26 . 2012-06-02 22:15   99840   ----a-w-   c:\windows\system32\wudriver.dll
2012-07-16 16:26 . 2012-06-02 20:19   186752   ----a-w-   c:\windows\system32\wuwebv.dll
2012-07-16 16:26 . 2012-06-02 20:15   36864   ----a-w-   c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 03:23 . 2012-04-17 12:14   426184   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-08 03:23 . 2011-10-01 17:11   70344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2012-04-19 17:38   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-07-03 08:19 . 2011-08-21 17:54   59701280   ----a-w-   c:\windows\system32\MRT.exe
2012-05-31 17:25 . 2012-05-21 20:34   279656   ------w-   c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-04-18 16:56   1519272   ----a-w-   c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-18 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:40   120176   ----a-w-   c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-04-18 1557160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 250056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-10 40448]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2011-09-07 70016]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-19 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-02 465360]
S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe [2007-03-28 567280]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-11 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 03:23]
.
2012-08-11 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 04236e69-69df-4c0b-8fa6-c5abcc5de881.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-12 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 372ba0de-5881-4f5d-947f-1c59f627d361.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:42   137584   ----a-w-   c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2011-05-02 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2011-05-02 489512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.earthlink.net/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 204.117.214.10 204.97.212.10 199.2.252.10
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\acjacx9c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10400&locale=en_US&apn_uid=56bc60a1-7b1f-4593-9103-ace8f5a021c8&apn_ptnrs=%5EABY&apn_sauid=1FA856C5-3A2D-40A1-A144-E269CA7366BC&apn_dtid=%5EYYYYYY%5EYY%5EUS&&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-(Default) - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-13 13:52:25
ComboFix-quarantined-files.txt 2012-08-13 18:52
.
Pre-Run: 251,306,102,784 bytes free
Post-Run: 251,195,428,864 bytes free
.
- - End Of File - - 0C7CEF86D9C668CC2385E987F9A90A60

SuperDave · « **Reply #3 on:** August 14, 2012, 06:00:47 PM »

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply
***********************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**********************************************************
Please download Rooter and Save it to your desktop.

Double click it to start the tool.Vista and Windows7 run as administrator.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

hercdryvr · « **Reply #4 on:** August 18, 2012, 08:31:41 AM »

Thanks for the continued help. as requested here are the logs:

aswMBR log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-18 08:59:31
-----------------------------
08:59:31.201 OS Version: Windows x64 6.1.7600
08:59:31.201 Number of processors: 2 586 0x2505
08:59:31.201 ComputerName: RYAN-PC UserName: Ryan
08:59:33.057 Initialize success
09:14:23.145 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:14:23.145 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
09:14:23.161 Disk 0 MBR read successfully
09:14:23.161 Disk 0 MBR scan
09:14:23.176 Disk 0 unknown MBR code
09:14:23.176 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15000 MB offset 2048
09:14:23.192 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 30722048
09:14:23.207 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290142 MB offset 30928896
09:14:23.239 Disk 0 scanning C:\windows\system32\drivers
09:14:32.365 Service scanning
09:14:45.516 Modules scanning
09:14:45.516 Disk 0 trace - called modules:
09:14:45.562 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:14:45.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004abd060]
09:14:45.578 3 CLASSPNP.SYS[fffff88001ab143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80048c5050]
09:14:45.594 Scan finished successfully
09:15:26.653 Disk 0 MBR has been saved successfully to "C:\Users\Ryan\Desktop\MBR.dat"
09:15:26.653 The log file has been saved successfully to "C:\Users\Ryan\Desktop\aswMBR log 20120818.txt"

Security Check Log:

Results of screen317's Security Check version 0.99.46
Windows 7 x64 (UAC is enabled)
Out of date service pack!![/b]
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 11.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````[/u]
Spybot Teatimer.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

Rooter Log:

Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 Home Edition (6.1.7600)
[32_bits] - Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.7600.16385
Mozilla Firefox 11.0 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:283 Go - Free:234 Go )
D:\ [CD_Rom]
.
Scan : 09:24.21
Path : C:\Users\Ryan\Desktop\Rooter.exe
User : Ryan ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (304)
Locked csrss.exe (452)
Locked wininit.exe (516)
Locked csrss.exe (528)
Locked services.exe (564)
Locked lsass.exe (588)
Locked lsm.exe (596)
Locked svchost.exe (704)
Locked svchost.exe (776)
Locked svchost.exe (844)
Locked svchost.exe (896)
Locked svchost.exe (924)
Locked winlogon.exe (1016)
Locked svchost.exe (472)
Locked svchost.exe (772)
Locked spoolsv.exe (1264)
Locked ac.sharedstore.exe (1292)
Locked svchost.exe (1332)
Locked acevents.exe (1368)
Locked sched.exe (1380)
Locked svchost.exe (1428)
Locked SASCore64.exe (1536)
Locked avguard.exe (1560)
Locked AppleMobileDeviceService.exe (1580)
Locked mDNSResponder.exe (1612)
Locked dlbkcoms.exe (1676)
Locked dsiwmis.exe (1764)
Locked ePowerSvc.exe (1788)
Locked GREGsvc.exe (1820)
Locked ijplmsvc.exe (1844)
Locked LMS.exe (1948)
Locked IScheduleSvc.exe (1984)
Locked SchedulerSvc.exe (2024)
Locked svchost.exe (1448)
Locked UpdaterService.exe (1152)
Locked svchost.exe (1108)
Locked WLIDSVC.EXE (1900)
Locked WLIDSVCM.EXE (1636)
Locked SDWinSec.exe (2136)
Locked avshadow.exe (2688)
Locked conhost.exe (2696)
Locked avwebgrd.exe (2720)
Locked svchost.exe (2840)
Locked UNS.exe (972)
Locked wmpnetwk.exe (2476)
Locked SearchIndexer.exe (3008)
Locked WmiPrvSE.exe (2764)
______

(3292)
______

(3368)
______

(3420)
______ C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (3536)
______

(3548)
______

(3556)
______

(3568)
______

(3576)
______

(3584)
______

(3592)
______

(3604)
______

(3624)
______ C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (3632)
______

(3640)
______

(3648)
______ C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (3876)
______ C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (3968)
______ C:\Program Files (x86)\Launch Manager\LManager.exe (3984)
______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3992)
______ C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (4008)
______ C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe (4032)
______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (4056)
______ C:\Program Files (x86)\Ask.com\Updater\Updater.exe (4068)
______ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (4076)
______

(1600)
Locked SynTPHelper.exe (3616)
______

(4040)
Locked LMworker.exe (1216)
Locked iPodService.exe (1568)
______

(3760)
Locked FNPLicensingService.exe (4180)
______ C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (4320)
______ C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe (4468)
______

(4864)
Locked ePowerEvent.exe (4904)
______

(1920)
Locked audiodg.exe (3340)
Locked svchost.exe (3116)
______

(4856)
______

(1632)
______

(3068)
Locked taskeng.exe (804)
______

(1928)
Locked SearchProtocolHost.exe (4860)
Locked SearchFilterHost.exe (3832)
______ C:\Users\Ryan\Desktop\Rooter.exe (4988)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:15728640000)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:15729688576 | Length:105906176)
\Device\Harddisk0\Partition3 (Start_Offset:15835594752 | Length:304235937792)
.
----------------------\\ Scheduled Tasks
.
C:\windows\Tasks\Adobe Flash Player Updater.job
C:\windows\Tasks\SA.DAT
C:\windows\Tasks\SCHEDLGU.TXT
C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 04236e69-69df-4c0b-8fa6-c5abcc5de881.job
C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 372ba0de-5881-4f5d-947f-1c59f627d361.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 09:24.24
.
C:\Rooter$\Rooter_1.txt - (18/08/2012 | 09:24.24)

SuperDave · « **Reply #5 on:** August 18, 2012, 04:47:30 PM »

We need to fix the infection found with aswMBR now

Double click aswMBR.exe to run it like before
Once the scan finishes click Fix to remove the infection as illustrated below

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review

************************************************************
Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

hercdryvr · « **Reply #6 on:** August 19, 2012, 08:13:38 AM »

Thanks. I ran aswmbr as instructed but did not have a "fix" option available when it finished. the log is attached
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-19 09:06:14
-----------------------------
09:06:14.877 OS Version: Windows x64 6.1.7600
09:06:14.877 Number of processors: 2 586 0x2505
09:06:14.877 ComputerName: RYAN-PC UserName: Ryan
09:06:16.406 Initialize success
09:06:33.860 AVAST engine download error: 0
09:06:37.854 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:06:37.854 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
09:06:37.854 Disk 0 MBR read successfully
09:06:37.870 Disk 0 MBR scan
09:06:37.870 Disk 0 unknown MBR code
09:06:37.870 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15000 MB offset 2048
09:06:37.916 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 30722048
09:06:37.916 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290142 MB offset 30928896
09:06:37.916 Disk 0 scanning C:\windows\system32\drivers
09:06:43.033 Service scanning
09:06:55.435 Modules scanning
09:06:55.435 Disk 0 trace - called modules:
09:06:55.466 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:06:55.482 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ab6060]
09:06:55.482 3 CLASSPNP.SYS[fffff88001b5243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80048c3050]
09:06:55.498 Scan finished successfully
09:07:09.990 Disk 0 MBR has been saved successfully to "C:\Users\Ryan\Desktop\MBR.dat"
09:07:09.990 The log file has been saved successfully to "C:\Users\Ryan\Desktop\aswMBR 20120819.txt"

SuperDave · « **Reply #7 on:** August 19, 2012, 11:09:32 AM »

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

Please run the aswMBR.exe again after running the above program.

hercdryvr · « **Reply #8 on:** August 19, 2012, 06:04:03 PM »

here is the TDSkiller log. nothing found
18:45:35.0894 5000 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
18:45:37.0906 5000 ============================================================
18:45:37.0906 5000 Current date / time: 2012/08/19 18:45:37.0906
18:45:37.0906 5000 SystemInfo:
18:45:37.0906 5000
18:45:37.0906 5000 OS Version: 6.1.7600 ServicePack: 0.0
18:45:37.0906 5000 Product type: Workstation
18:45:37.0906 5000 ComputerName: RYAN-PC
18:45:37.0906 5000 UserName: Ryan
18:45:37.0906 5000 Windows directory: C:\windows
18:45:37.0906 5000 System windows directory: C:\windows
18:45:37.0906 5000 Running under WOW64
18:45:37.0906 5000 Processor architecture: Intel x64
18:45:37.0906 5000 Number of processors: 2
18:45:37.0906 5000 Page size: 0x1000
18:45:37.0906 5000 Boot type: Normal boot
18:45:37.0906 5000 ============================================================
18:45:38.0561 5000 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:45:38.0561 5000 ============================================================
18:45:38.0561 5000 \Device\Harddisk0\DR0:
18:45:38.0561 5000 MBR partitions:
18:45:38.0561 5000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4C800, BlocksNum 0x32800
18:45:38.0561 5000 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7F000, BlocksNum 0x236AF000
18:45:38.0561 5000 ============================================================
18:45:38.0593 5000 C: <-> \Device\Harddisk0\DR0\Partition2
18:45:38.0593 5000 ============================================================
18:45:38.0593 5000 Initialize success
18:45:38.0593 5000 ============================================================
18:45:49.0903 1320 ============================================================
18:45:49.0903 1320 Scan started
18:45:49.0903 1320 Mode: Manual;
18:45:49.0903 1320 ============================================================
18:45:50.0105 1320 ================ Scan services =============================
18:45:50.0230 1320 [ 7d9d615201a483d6fa99491c2e655a5a ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:45:50.0246 1320 !SASCORE - ok
18:45:50.0495 1320 [ 1b00662092f9f9568b995902f0cc40d5 ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
18:45:50.0527 1320 1394ohci - ok
18:45:50.0636 1320 [ 5e8efeb338deb1f485420b090fe6c85e ] ac.sharedstore C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
18:45:50.0636 1320 ac.sharedstore - ok
18:45:50.0698 1320 [ 6f11e88748cdefd2f76aa215f97ddfe5 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
18:45:50.0698 1320 ACPI - ok
18:45:50.0729 1320 [ 63b05a0420ce4bf0e4af6dcc7cada254 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
18:45:50.0745 1320 AcpiPmi - ok
18:45:50.0932 1320 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:45:50.0932 1320 AdobeFlashPlayerUpdateSvc - ok
18:45:50.0979 1320 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
18:45:51.0010 1320 adp94xx - ok
18:45:51.0057 1320 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
18:45:51.0073 1320 adpahci - ok
18:45:51.0119 1320 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
18:45:51.0135 1320 adpu320 - ok
18:45:51.0213 1320 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
18:45:51.0213 1320 AeLookupSvc - ok
18:45:51.0275 1320 [ db9d6c6b2cd95a9ca414d045b627422e ] AFD C:\windows\system32\drivers\afd.sys
18:45:51.0291 1320 AFD - ok
18:45:51.0322 1320 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\windows\system32\DRIVERS\agp440.sys
18:45:51.0322 1320 agp440 - ok
18:45:51.0369 1320 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\windows\System32\alg.exe
18:45:51.0385 1320 ALG - ok
18:45:51.0416 1320 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\windows\system32\DRIVERS\aliide.sys
18:45:51.0416 1320 aliide - ok
18:45:51.0447 1320 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\windows\system32\DRIVERS\amdide.sys
18:45:51.0447 1320 amdide - ok
18:45:51.0478 1320 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
18:45:51.0494 1320 AmdK8 - ok
18:45:51.0494 1320 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
18:45:51.0509 1320 AmdPPM - ok
18:45:51.0557 1320 [ ec7ebab00a4d8448bab68d1e49b4beb9 ] amdsata C:\windows\system32\drivers\amdsata.sys
18:45:51.0573 1320 amdsata - ok
18:45:51.0604 1320 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
18:45:51.0620 1320 amdsbs - ok
18:45:51.0651 1320 [ db27766102c7bf7e95140a2aa81d042e ] amdxata C:\windows\system32\drivers\amdxata.sys
18:45:51.0666 1320 amdxata - ok
18:45:51.0698 1320 [ 391887990cdaa83de5c56c3fde966da1 ] AmUStor C:\windows\system32\drivers\AmUStor.SYS
18:45:51.0713 1320 AmUStor - ok
18:45:51.0869 1320 [ 0a1cc583e8147004e4ad4625d7fbf88c ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:45:51.0932 1320 AntiVirSchedulerService - ok
18:45:52.0010 1320 [ c9a36ef935aced86aedf93e97e606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:45:52.0010 1320 AntiVirService - ok
18:45:52.0056 1320 [ e38ba9fab3981a2115c53260b930fd3c ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:45:52.0056 1320 AntiVirWebService - ok
18:45:52.0088 1320 [ 42fd751b27fa0e9c69bb39f39e409594 ] AppID C:\windows\system32\drivers\appid.sys
18:45:52.0088 1320 AppID - ok
18:45:52.0119 1320 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\windows\System32\appidsvc.dll
18:45:52.0119 1320 AppIDSvc - ok
18:45:52.0166 1320 [ d065be66822847b7f127d1f90158376e ] Appinfo C:\windows\System32\appinfo.dll
18:45:52.0166 1320 Appinfo - ok
18:45:52.0275 1320 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:45:52.0290 1320 Apple Mobile Device - ok
18:45:52.0322 1320 [ c484f8ceb1717c540242531db7845c4e ] arc C:\windows\system32\DRIVERS\arc.sys
18:45:52.0337 1320 arc - ok
18:45:52.0368 1320 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
18:45:52.0384 1320 arcsas - ok
18:45:52.0415 1320 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
18:45:52.0431 1320 AsyncMac - ok
18:45:52.0462 1320 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\windows\system32\DRIVERS\atapi.sys
18:45:52.0478 1320 atapi - ok
18:45:52.0556 1320 [ e642491f64e58cd5bc8fb8b347dcf65f ] athr C:\windows\system32\DRIVERS\athrx.sys
18:45:52.0587 1320 athr - ok
18:45:52.0712 1320 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
18:45:52.0727 1320 AudioEndpointBuilder - ok
18:45:52.0790 1320 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioSrv C:\windows\System32\Audiosrv.dll
18:45:52.0790 1320 AudioSrv - ok
18:45:52.0914 1320 [ 26e38b5a58c6c55fafbc563eeddb0867 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
18:45:52.0930 1320 avgntflt - ok
18:45:52.0977 1320 [ 9d1f00beff84cbbf46d7f052bc7e0565 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
18:45:52.0977 1320 avipbb - ok
18:45:53.0024 1320 [ 248db59fc86de44d2779f4c7fb1a567d ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
18:45:53.0039 1320 avkmgr - ok
18:45:53.0070 1320 [ b20b5fa5ca050e9926e4d1db81501b32 ] AxInstSV C:\windows\System32\AxInstSV.dll
18:45:53.0086 1320 AxInstSV - ok
18:45:53.0133 1320 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
18:45:53.0164 1320 b06bdrv - ok
18:45:53.0211 1320 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
18:45:53.0242 1320 b57nd60a - ok
18:45:53.0320 1320 [ 9e84a931dbee0292e38ed672f6293a99 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
18:45:53.0367 1320 BCM43XX - ok
18:45:53.0367 1320 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\windows\System32\bdesvc.dll
18:45:53.0382 1320 BDESVC - ok
18:45:53.0398 1320 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\windows\system32\drivers\Beep.sys
18:45:53.0398 1320 Beep - ok
18:45:53.0476 1320 [ 4992c609a6315671463e30f6512bc022 ] BFE C:\windows\System32\bfe.dll
18:45:53.0476 1320 BFE - ok
18:45:53.0570 1320 [ 7f0c323fe3da28aa4aa1bda3f575707f ] BITS C:\windows\system32\qmgr.dll
18:45:53.0601 1320 BITS - ok
18:45:53.0648 1320 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
18:45:53.0663 1320 blbdrive - ok
18:45:53.0710 1320 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:45:53.0726 1320 Bonjour Service - ok
18:45:53.0757 1320 [ 19d20159708e152267e53b66677a4995 ] bowser C:\windows\system32\DRIVERS\bowser.sys
18:45:53.0757 1320 bowser - ok
18:45:53.0819 1320 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
18:45:53.0819 1320 BrFiltLo - ok
18:45:53.0835 1320 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
18:45:53.0835 1320 BrFiltUp - ok
18:45:53.0897 1320 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
18:45:53.0913 1320 BridgeMP - ok
18:45:53.0944 1320 [ 6b054c67aaa87843504e8e3c09102009 ] Browser C:\windows\System32\browser.dll
18:45:53.0944 1320 Browser - ok
18:45:53.0975 1320 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\windows\System32\Drivers\Brserid.sys
18:45:53.0991 1320 Brserid - ok
18:45:54.0006 1320 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
18:45:54.0022 1320 BrSerWdm - ok
18:45:54.0038 1320 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
18:45:54.0038 1320 BrUsbMdm - ok
18:45:54.0038 1320 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
18:45:54.0053 1320 BrUsbSer - ok
18:45:54.0069 1320 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
18:45:54.0069 1320 BTHMODEM - ok
18:45:54.0116 1320 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\windows\system32\bthserv.dll
18:45:54.0116 1320 bthserv - ok
18:45:54.0131 1320 catchme - ok
18:45:54.0147 1320 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
18:45:54.0162 1320 cdfs - ok
18:45:54.0178 1320 [ 83d2d75e1efb81b3450c18131443f7db ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
18:45:54.0194 1320 cdrom - ok
18:45:54.0209 1320 [ 312e2f82af11e79906898ac3e3d58a1f ] CertPropSvc C:\windows\System32\certprop.dll
18:45:54.0209 1320 CertPropSvc - ok
18:45:54.0225 1320 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\windows\system32\DRIVERS\circlass.sys
18:45:54.0225 1320 circlass - ok
18:45:54.0256 1320 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\windows\system32\CLFS.sys
18:45:54.0272 1320 CLFS - ok
18:45:54.0350 1320 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:45:54.0365 1320 clr_optimization_v2.0.50727_32 - ok
18:45:54.0443 1320 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:45:54.0443 1320 clr_optimization_v2.0.50727_64 - ok
18:45:54.0537 1320 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:45:54.0537 1320 clr_optimization_v4.0.30319_32 - ok
18:45:54.0568 1320 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:45:54.0568 1320 clr_optimization_v4.0.30319_64 - ok
18:45:54.0584 1320 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
18:45:54.0584 1320 CmBatt - ok
18:45:54.0599 1320 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
18:45:54.0599 1320 cmdide - ok
18:45:54.0662 1320 [ ca7720b73446fddec5c69519c1174c98 ] CNG C:\windows\system32\Drivers\cng.sys
18:45:54.0693 1320 CNG - ok
18:45:54.0740 1320 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
18:45:54.0740 1320 Compbatt - ok
18:45:54.0771 1320 [ f26b3a86f6fa87ca360b879581ab4123 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
18:45:54.0786 1320 CompositeBus - ok
18:45:54.0786 1320 COMSysApp - ok
18:45:54.0802 1320 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
18:45:54.0818 1320 crcdisk - ok
18:45:54.0864 1320 [ f02786b66375292e58c8777082d4396d ] CryptSvc C:\windows\system32\cryptsvc.dll
18:45:54.0880 1320 CryptSvc - ok
18:45:54.0927 1320 [ 7266972e86890e2b30c0c322e906b027 ] DcomLaunch C:\windows\system32\rpcss.dll
18:45:54.0927 1320 DcomLaunch - ok
18:45:54.0974 1320 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\windows\System32\defragsvc.dll
18:45:55.0020 1320 defragsvc - ok
18:45:55.0067 1320 [ 9c253ce7311ca60fc11c774692a13208 ] DfsC C:\windows\system32\Drivers\dfsc.sys
18:45:55.0067 1320 DfsC - ok
18:45:55.0098 1320 [ ce3b9562d997f69b330d181a8875960f ] Dhcp C:\windows\system32\dhcpcore.dll
18:45:55.0098 1320 Dhcp - ok
18:45:55.0130 1320 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\windows\system32\drivers\discache.sys
18:45:55.0130 1320 discache - ok
18:45:55.0161 1320 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\windows\system32\DRIVERS\disk.sys
18:45:55.0161 1320 Disk - ok
18:45:55.0192 1320 dlbk_device - ok
18:45:55.0239 1320 [ 85cf424c74a1d5ec33533e1dbff9920a ] Dnscache C:\windows\System32\dnsrslvr.dll
18:45:55.0239 1320 Dnscache - ok
18:45:55.0286 1320 [ 14452acdb09b70964c8c21bf80a13acb ] dot3svc C:\windows\System32\dot3svc.dll
18:45:55.0301 1320 dot3svc - ok
18:45:55.0348 1320 [ 8c2ba6bea949ee6e68385f5692bafb94 ] DPS C:\windows\system32\dps.dll
18:45:55.0348 1320 DPS - ok
18:45:55.0379 1320 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
18:45:55.0379 1320 drmkaud - ok
18:45:55.0473 1320 [ 9cf46fdf163e06b83d03ff929ef2296c ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
18:45:55.0473 1320 DsiWMIService - ok
18:45:55.0504 1320 [ ebce0b0924835f635f620d19f0529dce ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
18:45:55.0535 1320 DXGKrnl - ok
18:45:55.0613 1320 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\windows\System32\eapsvc.dll
18:45:55.0613 1320 EapHost - ok
18:45:55.0707 1320 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
18:45:55.0847 1320 ebdrv - ok
18:45:55.0925 1320 [ 156f6159457d0aa7e59b62681b56eb90 ] EFS C:\windows\System32\lsass.exe
18:45:55.0941 1320 EFS - ok
18:45:56.0019 1320 [ 47c071994c3f649f23d9cd075ac9304a ] ehRecvr C:\windows\ehome\ehRecvr.exe
18:45:56.0034 1320 ehRecvr - ok
18:45:56.0081 1320 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\windows\ehome\ehsched.exe
18:45:56.0097 1320 ehSched - ok
18:45:56.0144 1320 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
18:45:56.0175 1320 elxstor - ok
18:45:56.0268 1320 [ 3ea2c4f68a782839d97b3c83595575b6 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
18:45:56.0284 1320 ePowerSvc - ok
18:45:56.0315 1320 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
18:45:56.0331 1320 ErrDev - ok
18:45:56.0393 1320 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\windows\system32\es.dll
18:45:56.0409 1320 EventSystem - ok
18:45:56.0424 1320 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\windows\system32\drivers\exfat.sys
18:45:56.0440 1320 exfat - ok
18:45:56.0440 1320 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\windows\system32\drivers\fastfat.sys
18:45:56.0456 1320 fastfat - ok
18:45:56.0502 1320 [ d607b2f1bee3992aa6c2c92c0a2f0855 ] Fax C:\windows\system32\fxssvc.exe
18:45:56.0518 1320 Fax - ok
18:45:56.0549 1320 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\windows\system32\DRIVERS\fdc.sys
18:45:56.0565 1320 fdc - ok
18:45:56.0580 1320 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\windows\system32\fdPHost.dll
18:45:56.0580 1320 fdPHost - ok
18:45:56.0596 1320 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\windows\system32\fdrespub.dll
18:45:56.0612 1320 FDResPub - ok
18:45:56.0627 1320 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
18:45:56.0627 1320 FileInfo - ok
18:45:56.0643 1320 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
18:45:56.0658 1320 Filetrace - ok
18:45:56.0705 1320 [ 227846995afeefa70d328bf5334a86a5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:45:56.0721 1320 FLEXnet Licensing Service - ok
18:45:56.0721 1320 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
18:45:56.0736 1320 flpydisk - ok
18:45:56.0752 1320 [ f7866af72abbaf84b1fa5aa195378c59 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
18:45:56.0783 1320 FltMgr - ok
18:45:56.0830 1320 [ 8ac4cb4ea61e41009fae9ae7b2b5da3a ] FontCache C:\windows\system32\FntCache.dll
18:45:56.0877 1320 FontCache - ok
18:45:56.0924 1320 [ 8d89e3131c27fdd6932189cb785e1b7a ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:45:56.0939 1320 FontCache3.0.0.0 - ok
18:45:56.0955 1320 [ d43703496149971890703b4b1b723eac ] FsDepends C:\windows\system32\drivers\FsDepends.sys
18:45:56.0970 1320 FsDepends - ok
18:45:57.0002 1320 [ d3e3f93d67821a2db2b3d9fac2dc2064 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
18:45:57.0002 1320 Fs_Rec - ok
18:45:57.0048 1320 [ ae87ba80d0ec3b57126ed2cdc15b24ed ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
18:45:57.0080 1320 fvevol - ok
18:45:57.0080 1320 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
18:45:57.0095 1320 gagp30kx - ok
18:45:57.0142 1320 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
18:45:57.0142 1320 GEARAspiWDM - ok
18:45:57.0173 1320 [ fe5ab4525bc2ec68b9119a6e5d40128b ] gpsvc C:\windows\System32\gpsvc.dll
18:45:57.0204 1320 gpsvc - ok
18:45:57.0267 1320 [ 0191dee9b9eb7902af2cf4f67301095d ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
18:45:57.0267 1320 GREGService - ok
18:45:57.0282 1320 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
18:45:57.0282 1320 hcw85cir - ok
18:45:57.0329 1320 [ 6410f6f415b2a5a9037224c41da8bf12 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
18:45:57.0360 1320 HdAudAddService - ok
18:45:57.0376 1320 [ 0a49913402747a0b67de940fb42cbdbb ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
18:45:57.0376 1320 HDAudBus - ok
18:45:57.0407 1320 [ b6ac71aaa2b10848f57fc49d55a651af ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
18:45:57.0423 1320 HECIx64 - ok
18:45:57.0438 1320 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
18:45:57.0438 1320 HidBatt - ok
18:45:57.0454 1320 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
18:45:57.0470 1320 HidBth - ok
18:45:57.0485 1320 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
18:45:57.0501 1320 HidIr - ok
18:45:57.0516 1320 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\windows\System32\hidserv.dll
18:45:57.0516 1320 hidserv - ok
18:45:57.0563 1320 [ b3bf6b5b50006def50b66306d99fcf6f ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
18:45:57.0563 1320 HidUsb - ok
18:45:57.0594 1320 [ efa58ede58dd74388ffd04cb32681518 ] hkmsvc C:\windows\system32\kmsvc.dll
18:45:57.0594 1320 hkmsvc - ok
18:45:57.0626 1320 [ 046b2673767ca626e2cfb7fdf735e9e8 ] HomeGroupListener C:\windows\system32\ListSvc.dll
18:45:57.0657 1320 HomeGroupListener - ok
18:45:57.0688 1320 [ 06a7422224d9865a5613710a089987df ] HomeGroupProvider C:\windows\system32\provsvc.dll
18:45:57.0704 1320 HomeGroupProvider - ok
18:45:57.0719 1320 [ 0886d440058f203eba0e1825e4355914 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
18:45:57.0735 1320 HpSAMD - ok
18:45:57.0766 1320 [ cee049cac4efa7f4e1e4ad014414a5d4 ] HTTP C:\windows\system32\drivers\HTTP.sys
18:45:57.0782 1320 HTTP - ok
18:45:57.0797 1320 [ f17766a19145f111856378df337a5d79 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
18:45:57.0813 1320 hwpolicy - ok
18:45:57.0828 1320 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
18:45:57.0844 1320 i8042prt - ok
18:45:57.0906 1320 [ abbf174cb394f5c437410a788b7e404a ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
18:45:57.0922 1320 iaStor - ok
18:45:57.0969 1320 [ b75e45c564e944a2657167d197ab29da ] iaStorV C:\windows\system32\drivers\iaStorV.sys
18:45:58.0000 1320 iaStorV - ok
18:45:58.0078 1320 [ 2f2be70d3e02b6fa877921ab9516d43c ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:45:58.0140 1320 idsvc - ok
18:45:58.0390 1320 [ 2a22ab054f4630d2ef4bab2853f6d5f6 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
18:45:58.0655 1320 igfx - ok
18:45:58.0671 1320 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
18:45:58.0686 1320 iirsp - ok
18:45:58.0749 1320 [ 2f95bef56aeeeb45de55ec44668e2695 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
18:45:58.0749 1320 IJPLMSVC - ok
18:45:58.0811 1320 [ c5b4683680df085b57bc53e5ef34861f ] IKEEXT C:\windows\System32\ikeext.dll
18:45:58.0827 1320 IKEEXT - ok
18:45:58.0842 1320 [ dd587a55390ed2295bce6d36ad567da9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
18:45:58.0858 1320 Impcd - ok
18:45:58.0967 1320 [ e8017f1662d9142f45ceab694d013c00 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
18:45:59.0014 1320 IntcAzAudAddService - ok
18:45:59.0045 1320 [ 58cf58dee26c909bd6f977b61d246295 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
18:45:59.0061 1320 IntcDAud - ok
18:45:59.0076 1320 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\windows\system32\DRIVERS\intelide.sys
18:45:59.0092 1320 intelide - ok
18:45:59.0139 1320 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
18:45:59.0139 1320 intelppm - ok
18:45:59.0170 1320 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\windows\system32\ipbusenum.dll
18:45:59.0186 1320 IPBusEnum - ok
18:45:59.0217 1320 [ 722dd294df62483cecaae6e094b4d695 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
18:45:59.0217 1320 IpFilterDriver - ok
18:45:59.0264 1320 [ f8e058d17363ec580e4b7232778b6cb5 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
18:45:59.0279 1320 iphlpsvc - ok
18:45:59.0295 1320 [ e2b4a4494db7cb9b89b55ca268c337c5 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
18:45:59.0310 1320 IPMIDRV - ok
18:45:59.0326 1320 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
18:45:59.0326 1320 IPNAT - ok
18:45:59.0388 1320 [ 50d6ccc6ff5561f9f56946b3e6164fb8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:45:59.0404 1320 iPod Service - ok
18:45:59.0435 1320 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\windows\system32\drivers\irenum.sys
18:45:59.0435 1320 IRENUM - ok
18:45:59.0466 1320 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
18:45:59.0466 1320 isapnp - ok
18:45:59.0498 1320 [ fa4d2557de56d45b0a346f93564be6e1 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
18:45:59.0513 1320 iScsiPrt - ok
18:45:59.0576 1320 [ bd5bf20ec242e003a2f570b8754a56d1 ] ivusb C:\windows\system32\DRIVERS\ivusb.sys
18:45:59.0576 1320 ivusb - ok
18:45:59.0622 1320 [ 12e27942dbb7c91880163634b0d8a776 ] k57nd60a C:\windows\system32\DRIVERS\k57nd60a.sys
18:45:59.0638 1320 k57nd60a - ok
18:45:59.0654 1320 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
18:45:59.0654 1320 kbdclass - ok
18:45:59.0685 1320 [ 6def98f8541e1b5dceb2c822a11f7323 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
18:45:59.0700 1320 kbdhid - ok
18:45:59.0700 1320 [ 156f6159457d0aa7e59b62681b56eb90 ] KeyIso C:\windows\system32\lsass.exe
18:45:59.0716 1320 KeyIso - ok
18:45:59.0732 1320 [ 4f4b5fde429416877de7143044582eb5 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
18:45:59.0747 1320 KSecDD - ok
18:45:59.0763 1320 [ 6f40465a44ecdc1731befafec5bdd03c ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
18:45:59.0778 1320 KSecPkg - ok
18:45:59.0841 1320 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
18:45:59.0841 1320 ksthunk - ok
18:45:59.0888 1320 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\windows\system32\msdtckrm.dll
18:45:59.0919 1320 KtmRm - ok
18:45:59.0934 1320 [ 2ac603c3188c704cfce353659aa7ad71 ] L1E C:\windows\system32\DRIVERS\L1E62x64.sys
18:45:59.0950 1320 L1E - ok
18:45:59.0981 1320 [ 81f1d04d4d0e433099365127375fd501 ] LanmanServer C:\windows\System32\srvsvc.dll
18:45:59.0997 1320 LanmanServer - ok
18:46:00.0028 1320 [ 27026eac8818e8a6c00a1cad2f11d29a ] LanmanWorkstation C:\windows\System32\wkssvc.dll
18:46:00.0028 1320 LanmanWorkstation - ok
18:46:00.0059 1320 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
18:46:00.0075 1320 lltdio - ok
18:46:00.0106 1320 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\windows\System32\lltdsvc.dll
18:46:00.0137 1320 lltdsvc - ok
18:46:00.0168 1320 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\windows\System32\lmhsvc.dll
18:46:00.0168 1320 lmhosts - ok
18:46:00.0262 1320 [ 23de5b62b0445a6f874be633c95b483e ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:46:00.0262 1320 LMS - ok
18:46:00.0293 1320 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
18:46:00.0293 1320 LSI_FC - ok
18:46:00.0309 1320 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
18:46:00.0324 1320 LSI_SAS - ok
18:46:00.0340 1320 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
18:46:00.0340 1320 LSI_SAS2 - ok
18:46:00.0356 1320 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
18:46:00.0371 1320 LSI_SCSI - ok
18:46:00.0387 1320 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\windows\system32\drivers\luafv.sys
18:46:00.0402 1320 luafv - ok
18:46:00.0434 1320 [ f84c8f1000bc11e3b7b23cbd3baff111 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
18:46:00.0449 1320 Mcx2Svc - ok
18:46:00.0465 1320 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
18:46:00.0480 1320 megasas - ok
18:46:00.0496 1320 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
18:46:00.0527 1320 MegaSR - ok
18:46:00.0621 1320 Microsoft SharePoint Workspace Audit Service - ok
18:46:00.0636 1320 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\windows\system32\mmcss.dll
18:46:00.0636 1320 MMCSS - ok
18:46:00.0652 1320 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\windows\system32\drivers\modem.sys
18:46:00.0668 1320 Modem - ok
18:46:00.0683 1320 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\windows\system32\DRIVERS\monitor.sys
18:46:00.0683 1320 monitor - ok
18:46:00.0714 1320 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
18:46:00.0714 1320 mouclass - ok
18:46:00.0746 1320 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
18:46:00.0746 1320 mouhid - ok
18:46:00.0761 1320 [ 791af66c4d0e7c90a3646066386fb571 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
18:46:00.0777 1320 mountmgr - ok
18:46:00.0808 1320 [ 609d1d87649ecc19796f4d76d4c15cea ] mpio C:\windows\system32\DRIVERS\mpio.sys
18:46:00.0824 1320 mpio - ok
18:46:00.0824 1320 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
18:46:00.0839 1320 mpsdrv - ok
18:46:00.0870 1320 [ aecab449567d1846dad63ece49e893e3 ] MpsSvc C:\windows\system32\mpssvc.dll
18:46:00.0886 1320 MpsSvc - ok
18:46:00.0902 1320 [ 30524261bb51d96d6fcbac20c810183c ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
18:46:00.0917 1320 MRxDAV - ok
18:46:00.0964 1320 [ 040d62a9d8ad28922632137acdd984f2 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
18:46:00.0964 1320 mrxsmb - ok
18:46:00.0995 1320 [ f0067552f8f9b33d7c59403ab808a3cb ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
18:46:01.0011 1320 mrxsmb10 - ok
18:46:01.0026 1320 [ 3c142d31de9f2f193218a53fe2632051 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
18:46:01.0042 1320 mrxsmb20 - ok
18:46:01.0073 1320 [ 5c37497276e3b3a5488b23a326a754b7 ] msahci C:\windows\system32\DRIVERS\msahci.sys
18:46:01.0073 1320 msahci - ok
18:46:01.0104 1320 [ 8d27b597229aed79430fb9db3bcbfbd0 ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
18:46:01.0104 1320 msdsm - ok
18:46:01.0151 1320 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\windows\System32\msdtc.exe
18:46:01.0167 1320 MSDTC - ok
18:46:01.0198 1320 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\windows\system32\drivers\Msfs.sys
18:46:01.0198 1320 Msfs - ok
18:46:01.0214 1320 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
18:46:01.0229 1320 mshidkmdf - ok
18:46:01.0245 1320 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
18:46:01.0260 1320 msisadrv - ok
18:46:01.0292 1320 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
18:46:01.0307 1320 MSiSCSI - ok
18:46:01.0307 1320 msiserver - ok
18:46:01.0338 1320 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
18:46:01.0354 1320 MSKSSRV - ok
18:46:01.0370 1320 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
18:46:01.0370 1320 MSPCLOCK - ok
18:46:01.0385 1320 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
18:46:01.0385 1320 MSPQM - ok
18:46:01.0416 1320 [ 89cb141aa8616d8c6a4610fa26c60964 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
18:46:01.0432 1320 MsRPC - ok
18:46:01.0463 1320 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
18:46:01.0463 1320 mssmbios - ok
18:46:01.0494 1320 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
18:46:01.0494 1320 MSTEE - ok
18:46:01.0510 1320 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
18:46:01.0510 1320 MTConfig - ok
18:46:01.0526 1320 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\windows\system32\Drivers\mup.sys
18:46:01.0541 1320 Mup - ok
18:46:01.0572 1320 [ 6ffecc25b39dc7652a0cec0ada9db589 ] mwlPSDFilter C:\windows\system32\DRIVERS\mwlPSDFilter.sys
18:46:01.0572 1320 mwlPSDFilter - ok
18:46:01.0588 1320 [ 0befe32ca56d6ee89d58175725596a85 ] mwlPSDNServ C:\windows\system32\DRIVERS\mwlPSDNServ.sys
18:46:01.0588 1320 mwlPSDNServ - ok
18:46:01.0604 1320 [ d43bc633b8660463e446e28e14a51262 ] mwlPSDVDisk C:\windows\system32\DRIVERS\mwlPSDVDisk.sys
18:46:01.0619 1320 mwlPSDVDisk - ok
18:46:01.0713 1320 [ 3e5e20817259f7328c8f3be5421f35b9 ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
18:46:01.0728 1320 MWLService - ok
18:46:01.0775 1320 [ 4987e079a4530fa737a128be54b63b12 ] napagent C:\windows\system32\qagentRT.dll
18:46:01.0791 1320 napagent - ok
18:46:01.0822 1320 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
18:46:01.0838 1320 NativeWifiP - ok
18:46:01.0916 1320 [ cad515dbd07d082bb317d9928ce8962c ] NDIS C:\windows\system32\drivers\ndis.sys
18:46:01.0931 1320 NDIS - ok
18:46:01.0962 1320 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
18:46:01.0962 1320 NdisCap - ok
18:46:01.0994 1320 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
18:46:01.0994 1320 NdisTapi - ok
18:46:02.0025 1320 [ f105ba1e22bf1f2ee8f005d4305e4bec ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
18:46:02.0025 1320 Ndisuio - ok
18:46:02.0040 1320 [ 557dfab9ca1fcb036ac77564c010dad3 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
18:46:02.0056 1320 NdisWan - ok
18:46:02.0087 1320 [ 659b74fb74b86228d6338d643cd3e3cf ] NDProxy C:\windows\system32\drivers\NDProxy.sys
18:46:02.0087 1320 NDProxy - ok
18:46:02.0103 1320 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
18:46:02.0118 1320 NetBIOS - ok
18:46:02.0134 1320 [ 9162b273a44ab9dce5b44362731d062a ] NetBT C:\windows\system32\DRIVERS\netbt.sys
18:46:02.0150 1320 NetBT - ok
18:46:02.0165 1320 [ 156f6159457d0aa7e59b62681b56eb90 ] Netlogon C:\windows\system32\lsass.exe
18:46:02.0165 1320 Netlogon - ok
18:46:02.0228 1320 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\windows\System32\netman.dll
18:46:02.0243 1320 Netman - ok
18:46:02.0259 1320 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\windows\System32\netprofm.dll
18:46:02.0274 1320 netprofm - ok
18:46:02.0306 1320 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:46:02.0321 1320 NetTcpPortSharing - ok
18:46:02.0352 1320 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
18:46:02.0368 1320 nfrd960 - ok
18:46:02.0384 1320 [ d9a0ce66046d6efa0c61baa885cba0a8 ] NlaSvc C:\windows\System32\nlasvc.dll
18:46:02.0399 1320 NlaSvc - ok
18:46:02.0415 1320 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\windows\system32\drivers\Npfs.sys
18:46:02.0415 1320 Npfs - ok
18:46:02.0446 1320 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\windows\system32\nsisvc.dll
18:46:02.0462 1320 nsi - ok
18:46:02.0462 1320 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
18:46:02.0462 1320 nsiproxy - ok
18:46:02.0540 1320 [ 378e0e0dfea67d98ae6ea53adbbd76bc ] Ntfs C:\windows\system32\drivers\Ntfs.sys
18:46:02.0618 1320 Ntfs - ok
18:46:02.0711 1320 [ 9a308fcdcca98a15b6f62d36a272160e ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
18:46:02.0711 1320 NTI IScheduleSvc - ok
18:46:02.0742 1320 [ 28c59f594044cbf8598b18c927097091 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
18:46:02.0758 1320 NTIBackupSvc - ok
18:46:02.0789 1320 [ 710263b44c1d1aee07525a53401fbe48 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
18:46:02.0805 1320 NTIDrvr - ok
18:46:02.0836 1320 [ b8d903b2894ff9afbd99ca51c35590d7 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
18:46:02.0867 1320 NTISchedulerSvc - ok
18:46:02.0883 1320 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\windows\system32\drivers\Null.sys
18:46:02.0883 1320 Null - ok
18:46:02.0914 1320 [ a4d9c9a608a97f59307c2f2600edc6a4 ] nvraid C:\windows\system32\drivers\nvraid.sys
18:46:02.0930 1320 nvraid - ok
18:46:02.0961 1320 [ 6c1d5f70e7a6a3fd1c90d840edc048b9 ] nvstor C:\windows\system32\drivers\nvstor.sys
18:46:02.0976 1320 nvstor - ok
18:46:03.0008 1320 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
18:46:03.0023 1320 nv_agp - ok
18:46:03.0039 1320 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
18:46:03.0054 1320 ohci1394 - ok
18:46:03.0132 1320 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:46:03.0132 1320 ose - ok
18:46:03.0351 1320 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:46:03.0460 1320 osppsvc - ok
18:46:03.0507 1320 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\windows\system32\pnrpsvc.dll
18:46:03.0522 1320 p2pimsvc - ok
18:46:03.0554 1320 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\windows\system32\p2psvc.dll
18:46:03.0569 1320 p2psvc - ok
18:46:03.0569 1320 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
18:46:03.0585 1320 Parport - ok
18:46:03.0600 1320 [ 90061b1acfe8ccaa5345750ffe08d8b8 ] partmgr C:\windows\system32\drivers\partmgr.sys
18:46:03.0616 1320 partmgr - ok
18:46:03.0632 1320 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
18:46:03.0647 1320 PcaSvc - ok
18:46:03.0663 1320 [ f36f6504009f2fb0dfd1b17a116ad74b ] pci C:\windows\system32\DRIVERS\pci.sys
18:46:03.0694 1320 pci - ok
18:46:03.0710 1320 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\windows\system32\DRIVERS\pciide.sys
18:46:03.0725 1320 pciide - ok
18:46:03.0741 1320 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
18:46:03.0756 1320 pcmcia - ok
18:46:03.0756 1320 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\windows\system32\drivers\pcw.sys
18:46:03.0772 1320 pcw - ok
18:46:03.0803 1320 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\windows\system32\drivers\peauth.sys
18:46:03.0866 1320 PEAUTH - ok
18:46:03.0959 1320 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\windows\SysWow64\perfhost.exe
18:46:03.0975 1320 PerfHost - ok
18:46:04.0037 1320 [ 557e9a86f65f0de18c9b6751dfe9d3f1 ] pla C:\windows\system32\pla.dll
18:46:04.0131 1320 pla - ok
18:46:04.0193 1320 [ 98b1721b8718164293b9701b98c52d77 ] PlugPlay C:\windows\system32\umpnpmgr.dll
18:46:04.0209 1320 PlugPlay - ok
18:46:04.0224 1320 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
18:46:04.0240 1320 PNRPAutoReg - ok
18:46:04.0271 1320 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\windows\system32\pnrpsvc.dll
18:46:04.0271 1320 PNRPsvc - ok
18:46:04.0318 1320 [ 166eb40d1f5b47e615de3d0fffe5f243 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
18:46:04.0334 1320 PolicyAgent - ok
18:46:04.0349 1320 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\windows\system32\umpo.dll
18:46:04.0349 1320 Power - ok
18:46:04.0380 1320 [ 27cc19e81ba5e3403c48302127bda717 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
18:46:04.0396 1320 PptpMiniport - ok
18:46:04.0412 1320 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\windows\system32\DRIVERS\processr.sys
18:46:04.0427 1320 Processor - ok
18:46:04.0474 1320 [ 97293447431311c06703368ad0f6c4be ] ProfSvc C:\windows\system32\profsvc.dll
18:46:04.0474 1320 ProfSvc - ok
18:46:04.0490 1320 [ 156f6159457d0aa7e59b62681b56eb90 ] ProtectedStorage C:\windows\system32\lsass.exe
18:46:04.0505 1320 ProtectedStorage - ok
18:46:04.0536 1320 [ ee992183bd8eaefd9973f352e587a299 ] Psched C:\windows\system32\DRIVERS\pacer.sys
18:46:04.0536 1320 Psched - ok
18:46:04.0614 1320 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
18:46:04.0708 1320 ql2300 - ok
18:46:04.0739 1320 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
18:46:04.0755 1320 ql40xx - ok
18:46:04.0786 1320 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\windows\system32\qwave.dll
18:46:04.0802 1320 QWAVE - ok
18:46:04.0817 1320 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
18:46:04.0817 1320 QWAVEdrv - ok
18:46:04.0848 1320 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
18:46:04.0848 1320 RasAcd - ok
18:46:04.0880 1320 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
18:46:04.0895 1320 RasAgileVpn - ok
18:46:04.0911 1320 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\windows\System32\rasauto.dll
18:46:04.0926 1320 RasAuto - ok
18:46:04.0942 1320 [ 87a6e852a22991580d6d39adc4790463 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
18:46:04.0958 1320 Rasl2tp - ok
18:46:04.0989 1320 [ 47394ed3d16d053f5906efe5ab51cc83 ] RasMan C:\windows\System32\rasmans.dll
18:46:04.0989 1320 RasMan - ok
18:46:05.0020 1320 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
18:46:05.0020 1320 RasPppoe - ok
18:46:05.0051 1320 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
18:46:05.0051 1320 RasSstp - ok
18:46:05.0082 1320 [ 3bac8142102c15d59a87757c1d41dce5 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
18:46:05.0114 1320 rdbss - ok
18:46:05.0145 1320 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
18:46:05.0160 1320 rdpbus - ok
18:46:05.0160 1320 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
18:46:05.0160 1320 RDPCDD - ok
18:46:05.0192 1320 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
18:46:05.0192 1320 RDPENCDD - ok
18:46:05.0207 1320 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
18:46:05.0207 1320 RDPREFMP - ok
18:46:05.0254 1320 [ 447de7e3dea39d422c1504f245b668b1 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
18:46:05.0270 1320 RDPWD - ok
18:46:05.0301 1320 [ e5dc9ba9e439d6dbdd79f8caacb5bf01 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
18:46:05.0316 1320 rdyboost - ok
18:46:05.0363 1320 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\windows\System32\mprdim.dll
18:46:05.0379 1320 RemoteAccess - ok
18:46:05.0394 1320 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
18:46:05.0426 1320 RemoteRegistry - ok
18:46:05.0441 1320 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
18:46:05.0441 1320 RpcEptMapper - ok
18:46:05.0457 1320 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\windows\system32\locator.exe
18:46:05.0472 1320 RpcLocator - ok
18:46:05.0504 1320 [ 7266972e86890e2b30c0c322e906b027 ] RpcSs C:\windows\system32\rpcss.dll
18:46:05.0504 1320 RpcSs - ok
18:46:05.0535 1320 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
18:46:05.0550 1320 rspndr - ok
18:46:05.0597 1320 [ 4f55bc63dca859a6dedc1106e0062135 ] S3XXx64 C:\windows\system32\DRIVERS\S3XXx64.sys
18:46:05.0613 1320 S3XXx64 - ok
18:46:05.0613 1320 [ 156f6159457d0aa7e59b62681b56eb90 ] SamSs C:\windows\system32\lsass.exe
18:46:05.0628 1320 SamSs - ok
18:46:05.0675 1320 [ 3289766038db2cb14d07dc84392138d5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:46:05.0675 1320 SASDIFSV - ok
18:46:05.0706 1320 [ 58a38e75f3316a83c23df6173d41f2b5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:46:05.0706 1320 SASKUTIL - ok
18:46:05.0738 1320 [ e3bbb89983daf5622c1d50cf49f28227 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
18:46:05.0738 1320 sbp2port - ok
18:46:05.0847 1320 [ 794d4b48dfb6e999537c7c3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:46:05.0862 1320 SBSDWSCService - ok
18:46:05.0909 1320 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\windows\System32\SCardSvr.dll
18:46:05.0909 1320 SCardSvr - ok
18:46:05.0925 1320 [ c94da20c7e3ba1dca269bc8460d98387 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
18:46:05.0925 1320 scfilter - ok
18:46:05.0987 1320 [ 624d0f5ff99428bb90a5b8a4123e918e ] Schedule C:\windows\system32\schedsvc.dll
18:46:06.0018 1320 Schedule - ok
18:46:06.0050 1320 [ 312e2f82af11e79906898ac3e3d58a1f ] SCPolicySvc C:\windows\System32\certprop.dll
18:46:06.0050 1320 SCPolicySvc - ok
18:46:06.0081 1320 [ 765a27c3279ce11d14cb9e4f5869fca5 ] SDRSVC C:\windows\System32\SDRSVC.dll
18:46:06.0128 1320 SDRSVC - ok
18:46:06.0159 1320 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
18:46:06.0159 1320 secdrv - ok
18:46:06.0174 1320 [ 463b386ebc70f98da5dff85f7e654346 ] seclogon C:\windows\system32\seclogon.dll
18:46:06.0174 1320 seclogon - ok
18:46:06.0190 1320 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\windows\system32\sens.dll
18:46:06.0190 1320 SENS - ok
18:46:06.0221 1320 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\windows\system32\sensrsvc.dll
18:46:06.0237 1320 SensrSvc - ok
18:46:06.0268 1320 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\windows\system32\DRIVERS\serenum.sys
18:46:06.0268 1320 Serenum - ok
18:46:06.0299 1320 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\windows\system32\DRIVERS\serial.sys
18:46:06.0299 1320 Serial - ok
18:46:06.0330 1320 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
18:46:06.0346 1320 sermouse - ok
18:46:06.0408 1320 [ c3bc61ce47ff6f4e88ab8a3b429a36af ] SessionEnv C:\windows\system32\sessenv.dll
18:46:06.0408 1320 SessionEnv - ok
18:46:06.0424 1320 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
18:46:06.0424 1320 sffdisk - ok
18:46:06.0440 1320 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
18:46:06.0440 1320 sffp_mmc - ok
18:46:06.0455 1320 [ 178298f767fe638c9fedcbdef58bb5e4 ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
18:46:06.0455 1320 sffp_sd - ok
18:46:06.0486 1320 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
18:46:06.0486 1320 sfloppy - ok
18:46:06.0518 1320 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\windows\System32\ipnathlp.dll
18:46:06.0549 1320 SharedAccess - ok
18:46:06.0596 1320 [ 0298ac45d0efffb2db4baa7dd186e7bf ] ShellHWDetection C:\windows\System32\shsvcs.dll
18:46:06.0596 1320 ShellHWDetection - ok
18:46:06.0627 1320 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
18:46:06.0627 1320 SiSRaid2 - ok
18:46:06.0658 1320 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
18:46:06.0674 1320 SiSRaid4 - ok
18:46:06.0705 1320 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\windows\system32\DRIVERS\smb.sys
18:46:06.0705 1320 Smb - ok
18:46:06.0767 1320 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\windows\System32\snmptrap.exe
18:46:06.0767 1320 SNMPTRAP - ok
18:46:06.0783 1320 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\windows\system32\drivers\spldr.sys
18:46:06.0783 1320 spldr - ok
18:46:06.0845 1320 [ 567977dc43cc13c4c35ed7084c0b84d5 ] Spooler C:\windows\System32\spoolsv.exe
18:46:06.0861 1320 Spooler - ok
18:46:06.0970 1320 [ 913d843498553a1bc8f8dbad6358e49f ] sppsvc C:\windows\system32\sppsvc.exe
18:46:07.0079 1320 sppsvc - ok
18:46:07.0095 1320 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\windows\system32\sppuinotify.dll
18:46:07.0110 1320 sppuinotify - ok
18:46:07.0142 1320 [ 2408c0366d96bcdf63e8f1c78e4a29c5 ] srv C:\windows\system32\DRIVERS\srv.sys
18:46:07.0157 1320 srv - ok
18:46:07.0188 1320 [ 76548f7b818881b47d8d1ae1be9c11f8 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
18:46:07.0220 1320 srv2 - ok
18:46:07.0251 1320 [ 0af6e19d39c70844c5caa8fb0183c36e ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
18:46:07.0266 1320 srvnet - ok
18:46:07.0298 1320 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
18:46:07.0313 1320 SSDPSRV - ok
18:46:07.0329 1320 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\windows\system32\sstpsvc.dll
18:46:07.0329 1320 SstpSvc - ok
18:46:07.0360 1320 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
18:46:07.0360 1320 stexstor - ok
18:46:07.0407 1320 [ 52d0e33b681bd0f33fdc08812fee4f7d ] stisvc C:\windows\System32\wiaservc.dll
18:46:07.0422 1320 stisvc - ok
18:46:07.0454 1320 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
18:46:07.0454 1320 swenum - ok
18:46:07.0469 1320 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\windows\System32\swprv.dll
18:46:07.0485 1320 swprv - ok
18:46:07.0532 1320 [ ed6d1424e5b0c21a57b28dd8508d6843 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
18:46:07.0547 1320 SynTP - ok
18:46:07.0594 1320 [ 3c1284516a62078fb68f768de4f1a7be ] SysMain C:\windows\system32\sysmain.dll
18:46:07.0641 1320 SysMain - ok
18:46:07.0656 1320 [ 238935c3cf2854886dc7cbb2a0e2cc66 ] TabletInputService C:\windows\System32\TabSvc.dll
18:46:07.0672 1320 TabletInputService - ok
18:46:07.0703 1320 [ 884264ac597b690c5707c89723bb8e7b ] TapiSrv C:\windows\System32\tapisrv.dll
18:46:07.0719 1320 TapiSrv - ok
18:46:07.0734 1320 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\windows\System32\tbssvc.dll
18:46:07.0750 1320 TBS - ok
18:46:07.0828 1320 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
18:46:07.0937 1320 Tcpip - ok
18:46:07.0984 1320 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
18:46:08.0000 1320 TCPIP6 - ok
18:46:08.0015 1320 [ 76d078af6f587b162d50210f761eb9ed ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
18:46:08.0031 1320 tcpipreg - ok

Computer Hope Forum

News:

Author Topic: Hijacked by File Recovery (Read 26299 times)

hercdryvr

Hijacked by File Recovery

SuperDave

Re: Hijacked by File Recovery

hercdryvr

Re: Hijacked by File Recovery

SuperDave

Re: Hijacked by File Recovery

hercdryvr

Re: Hijacked by File Recovery

SuperDave

Re: Hijacked by File Recovery

hercdryvr

Re: Hijacked by File Recovery

SuperDave

Re: Hijacked by File Recovery

hercdryvr

Re: Hijacked by File Recovery

SuperDave

Re: Hijacked by File Recovery

hercdryvr

Re: Hijacked by File Recovery

SuperDave

Re: Hijacked by File Recovery

hercdryvr

Re: Hijacked by File Recovery

SuperDave

Re: Hijacked by File Recovery

hercdryvr

Re: Hijacked by File Recovery

SuperDave

Re: Hijacked by File Recovery

hercdryvr

Re: Hijacked by File Recovery

SuperDave

Re: Hijacked by File Recovery