Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Codec C Plugin Malware removal! Help!

Started by Pandabeer , Apr 12 2012 06:09 PM

This topic is locked

12 replies to this topic

#1 Pandabeer

New Member

Members
6 posts

Posted 12 April 2012 - 06:09 PM

Unfortunately I have fallen victim to this scam when streaming videos.
I downloaded the codec c plug in which of course was a Huge mistake!
Since then, the main problem was the underlined words and the ad pop ups but now all my programs have seemed to have disappeared from my start menu. As of yet, i haven't noticed anything else. I have 'removed' the codec c plug in extension from Google Chrome, and that has since got rid of the underlined words. I have also run malwarebytes - anti-malware once which removed 16 issues. I hope this doesnt make it more difficult for you, as I did all this before i found this forum. I have since uninstalled Malwarebytes and am only running AVG.
Thanks for your time!

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by PandaBeer at 22:05:32 on 2012-04-12
Microsoft Windows 7 Starter 6.1.7600.0.1252.64.1033.18.1013.100 [GMT 12:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\EgisTec IPS\PmmUpdate.exe
C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Android Manager\iSync.exe
C:\Program Files\Acer\Updater\iUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Optimizer Pro\OptProReminder.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Users\PandaBeer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PandaBeer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PandaBeer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PandaBeer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PandaBeer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Users\PandaBeer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.nz/
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Codec-C Class: {2e668d8d-b082-48cb-b85c-1f4919441a4c} - c:\programdata\codec-c\bhoclass.dll
BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.0.2282.0\npwinext.dll
TB: @c:\program files\msn toolbar\platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.0.2282.0\npwinext.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
uRun: [Google Update] "c:\users\pandabeer\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Optimizer Pro] c:\program files\optimizer pro\OptProLauncher.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [SuiteTray] "c:\program files\egistec mywinlockersuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "c:\program files\egistec ips\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "c:\program files\egistec ips\PmmUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec mywinlocker\x86\mwlDaemon.exe
mRun: [Norton Online Backup] c:\program files\symantec\norton online backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [iSyncData] c:\program files\acer\android manager\iSync.exe
mRun: [AndroidManager] c:\program files\acer\android manager\AML.exe
mRun: [iPatchData] c:\program files\acer\updater\iUpdate.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E8567F63-9610-47EC-8D24-A02D56236D38} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E8567F63-9610-47EC-8D24-A02D56236D38}\2456C6B696E6E283234454E2765756374737 : DhcpNameServer = 192.168.169.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidsehx.sys [2011-12-23 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-2-22 299472]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-30 218688]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-3 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-3 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-3 60976]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-2-14 5104992]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2011-1-11 321104]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2011-2-15 735776]
R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-9 23584]
R2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\NOBuAgent.exe [2010-6-2 2057560]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2011-1-11 260640]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-7-7 14088]
R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2011-1-11 243232]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-4-12 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2011-1-11 68208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2011-1-11 82768]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 MWLService;MyWinLocker Service;c:\program files\egistec mywinlocker\x86\MWLService.exe [2010-5-27 305520]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
.
=============== Created Last 30 ================
.
2012-04-12 03:01:11 -------- d-----w- c:\users\pandabeer\appdata\roaming\Malwarebytes
2012-04-12 03:00:33 -------- d-----w- c:\programdata\Malwarebytes
2012-04-12 02:48:23 -------- d-----w- c:\users\pandabeer\appdata\roaming\AVG2012
2012-04-12 02:45:54 -------- d-----w- c:\programdata\AVG Secure Search
2012-04-12 02:45:48 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-04-12 02:45:47 -------- d-----w- c:\program files\AVG Secure Search
2012-04-12 02:43:46 -------- d--h--w- C:\$AVG
2012-04-12 02:43:46 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-12 02:43:46 -------- d-----w- c:\programdata\AVG2012
2012-04-12 02:41:57 -------- d-----w- c:\program files\AVG
2012-04-12 02:35:40 -------- d--h--w- c:\programdata\Common Files
2012-04-12 02:35:18 -------- d-----w- c:\programdata\MFAData
2012-03-28 23:56:16 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fb9daed8-8800-4eea-8095-2b9f8917bb48}\offreg.dll
2012-03-28 23:52:43 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fb9daed8-8800-4eea-8095-2b9f8917bb48}\mpengine.dll
2012-03-23 22:51:19 -------- d-----w- c:\users\pandabeer\appdata\roaming\Optimizer Pro
2012-03-23 22:44:10 -------- d-----w- c:\programdata\Premium
2012-03-23 22:44:04 -------- d-----w- c:\program files\Optimizer Pro
2012-03-23 22:43:25 -------- d-----w- c:\programdata\Codec-C
2012-03-23 22:42:42 -------- d-----w- c:\programdata\InstallMate
.
==================== Find3M ====================
.
2012-02-22 20:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 17:25:52 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-21 17:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-01-30 16:46:50 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-01-17 07:27:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 22:08:25.66 ===============

Attached Files

Attach.txt 4.93K 1 downloads
ark.txt 416bytes 1 downloads

BC Ads
BleepingComputer.com

#2 gringo_pr

Bleepin Gringo

Malware Response Team
120,887 posts

Gender:Male
Location:Puerto rico

Posted 13 April 2012 - 04:03 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

Download Security Check by screen317 from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

#3 Pandabeer

New Member

Members
6 posts

Posted 14 April 2012 - 10:48 PM

Hi Gringo,
I ran Security check as required. It said in that part of your post to include it in my next post. It wasn't included in the list at the bottom of the post, sorry if you don't need it but i included it anyway. After this, is the Combofix log. With running these two programs, I had no issues.
The computer hasnt shown anymore symptoms since the loss of programs on the start menu, but I looked at the progams in the control panel and codec c has gone??.. does this mean its fully gone? =]
Thank you again for your help.

Results of screen317's Security Check version 0.99.32
Windows 7 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Symantec Norton Online Backup NOBuAgent.exe
``````````End of Log````````````

COMBOFIX LOG:

ComboFix 12-04-14.03 - PandaBeer 15/04/2012 15:11:36.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.64.1033.18.1013.332 [GMT 12:00]
Running from: c:\users\PandaBeer\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Codec-C
c:\programdata\Codec-C\background.html
c:\programdata\Codec-C\bhoclass.dll
c:\programdata\Codec-C\content.js
c:\programdata\Codec-C\fgnippahjheicjenccifemomfgjofdhp.crx
c:\programdata\Codec-C\settings.ini
c:\programdata\Codec-C\uninstall.exe
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 03:24 . 2012-04-15 03:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-12 03:01 . 2012-04-12 03:01 -------- d-----w- c:\users\PandaBeer\AppData\Roaming\Malwarebytes
2012-04-12 03:00 . 2012-04-12 03:00 -------- d-----w- c:\programdata\Malwarebytes
2012-04-12 02:48 . 2012-04-12 02:48 -------- d-----w- c:\users\PandaBeer\AppData\Roaming\AVG2012
2012-04-12 02:45 . 2012-04-12 02:46 -------- d-----w- c:\programdata\AVG Secure Search
2012-04-12 02:45 . 2012-04-12 02:45 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-04-12 02:45 . 2012-04-12 02:46 -------- d-----w- c:\program files\AVG Secure Search
2012-04-12 02:43 . 2012-04-14 21:47 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-12 02:43 . 2012-04-12 02:50 -------- d-----w- c:\programdata\AVG2012
2012-04-12 02:43 . 2012-04-12 02:43 -------- d-----w- C:\$AVG
2012-04-12 02:41 . 2012-04-12 02:41 -------- d-----w- c:\program files\AVG
2012-04-12 02:35 . 2012-04-12 02:35 -------- d--h--w- c:\programdata\Common Files
2012-04-12 02:35 . 2012-04-14 21:48 -------- d-----w- c:\programdata\MFAData
2012-03-28 23:56 . 2012-03-28 23:56 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB9DAED8-8800-4EEA-8095-2B9F8917BB48}\offreg.dll
2012-03-28 23:52 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB9DAED8-8800-4EEA-8095-2B9F8917BB48}\mpengine.dll
2012-03-23 22:51 . 2012-03-23 22:51 -------- d-----w- c:\users\PandaBeer\AppData\Roaming\Optimizer Pro
2012-03-23 22:44 . 2012-03-23 22:44 -------- d-----w- c:\programdata\Premium
2012-03-23 22:44 . 2012-03-23 22:44 -------- d-----w- c:\program files\Optimizer Pro
2012-03-23 22:42 . 2012-03-23 22:44 -------- d-----w- c:\programdata\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 00:03 . 2012-02-26 00:03 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-22 20:18 . 2011-11-11 00:45 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 17:25 . 2012-02-21 17:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-21 17:25 . 2012-02-21 17:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-01-30 16:46 . 2012-01-30 16:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-01-17 07:27 . 2012-01-17 07:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-12 02:45 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-04-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Optimizer Pro"="c:\program files\Optimizer Pro\OptProLauncher.exe" [2012-01-02 81912]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 966488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-19 9874024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-08-10 975952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-11-30 489848]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 715296]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-07-06 79112]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-02-15 2575712]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-12 982880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-02-13 5104992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-06-17 82768]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-24 30969208]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidsehx.sys [2011-12-23 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-30 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-21 235216]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-02-21 299472]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-30 218688]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 18992]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 735776]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-07-06 14088]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-04-12 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-08-24 68208]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KWDYIUOG
*Deregistered* - kwdyiuog
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-160890448-1581403880-3986745747-1000Core.job
- c:\users\PandaBeer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 08:30]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-160890448-1581403880-3986745747-1000UA.job
- c:\users\PandaBeer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 08:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
mStart Page = hxxp://acer.msn.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.3.112 192.168.3.114
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2E668D8D-B082-48CB-B85C-1F4919441A4C} - c:\programdata\Codec-C\bhoclass.dll
Toolbar-Locked - (no file)
AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codec-C\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-15 15:30:53
ComboFix-quarantined-files.txt 2012-04-15 03:30
.
Pre-Run: 196,782,948,352 bytes free
Post-Run: 197,545,246,720 bytes free
.
- - End Of File - - DC6A584F5C5DF71C1EE30B472BA160F9

#4 gringo_pr

Bleepin Gringo

Malware Response Team
120,887 posts

Gender:Male
Location:Puerto rico

Posted 14 April 2012 - 10:53 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

#5 Pandabeer

New Member

Members
6 posts

Posted 15 April 2012 - 07:39 PM

Hi there, everything ran smoothly, here are the logs:

11:35:22.0560 5268 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
11:35:24.0020 5268 ============================================================
11:35:24.0020 5268 Current date / time: 2012/04/16 11:35:24.0020
11:35:24.0020 5268 SystemInfo:
11:35:24.0020 5268
11:35:24.0020 5268 OS Version: 6.1.7600 ServicePack: 0.0
11:35:24.0020 5268 Product type: Workstation
11:35:24.0020 5268 ComputerName: PANDABEER-PC
11:35:24.0020 5268 UserName: PandaBeer
11:35:24.0030 5268 Windows directory: C:\Windows
11:35:24.0030 5268 System windows directory: C:\Windows
11:35:24.0030 5268 Processor architecture: Intel x86
11:35:24.0030 5268 Number of processors: 2
11:35:24.0030 5268 Page size: 0x1000
11:35:24.0030 5268 Boot type: Normal boot
11:35:24.0030 5268 ============================================================
11:35:28.0656 5268 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:35:28.0676 5268 \Device\Harddisk0\DR0:
11:35:28.0676 5268 MBR used
11:35:28.0676 5268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x1A00800, BlocksNum 0x800000
11:35:28.0676 5268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2200800, BlocksNum 0x32000
11:35:28.0716 5268 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2233000, BlocksNum 0x1AF92000
11:35:28.0766 5268 Initialize success
11:35:28.0766 5268 ============================================================
11:35:42.0370 4224 ============================================================
11:35:42.0370 4224 Scan started
11:35:42.0370 4224 Mode: Manual;
11:35:42.0370 4224 ============================================================
11:35:50.0492 4224 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
11:35:50.0522 4224 1394ohci - ok
11:35:50.0692 4224 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
11:35:50.0732 4224 ACPI - ok
11:35:50.0892 4224 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
11:35:50.0912 4224 AcpiPmi - ok
11:35:50.0982 4224 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:35:51.0052 4224 adp94xx - ok
11:35:51.0312 4224 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:35:51.0322 4224 adpahci - ok
11:35:51.0552 4224 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:35:51.0582 4224 adpu320 - ok
11:35:51.0842 4224 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
11:35:51.0852 4224 AeLookupSvc - ok
11:35:53.0052 4224 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
11:35:53.0062 4224 AFD - ok
11:35:53.0222 4224 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
11:35:53.0222 4224 agp440 - ok
11:35:53.0312 4224 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:35:53.0322 4224 aic78xx - ok
11:35:53.0412 4224 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
11:35:53.0422 4224 ALG - ok
11:35:53.0522 4224 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
11:35:53.0532 4224 aliide - ok
11:35:53.0562 4224 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
11:35:53.0572 4224 amdagp - ok
11:35:53.0612 4224 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
11:35:53.0622 4224 amdide - ok
11:35:53.0662 4224 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:35:53.0662 4224 AmdK8 - ok
11:35:53.0732 4224 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:35:53.0742 4224 AmdPPM - ok
11:35:53.0832 4224 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
11:35:53.0842 4224 amdsata - ok
11:35:53.0892 4224 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:35:53.0902 4224 amdsbs - ok
11:35:53.0942 4224 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
11:35:53.0952 4224 amdxata - ok
11:35:54.0012 4224 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
11:35:54.0022 4224 AppID - ok
11:35:54.0082 4224 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
11:35:54.0082 4224 AppIDSvc - ok
11:35:54.0122 4224 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
11:35:54.0122 4224 Appinfo - ok
11:35:54.0232 4224 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:35:54.0232 4224 arc - ok
11:35:54.0262 4224 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:35:54.0272 4224 arcsas - ok
11:35:54.0312 4224 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:35:54.0322 4224 AsyncMac - ok
11:35:54.0442 4224 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
11:35:54.0442 4224 atapi - ok
11:35:54.0592 4224 athr (c35af075c15827d74b5c9702cbcb175b) C:\Windows\system32\DRIVERS\athr.sys
11:35:54.0662 4224 athr - ok
11:35:54.0812 4224 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
11:35:54.0832 4224 AudioEndpointBuilder - ok
11:35:54.0862 4224 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
11:35:54.0872 4224 Audiosrv - ok
11:35:55.0552 4224 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files\AVG\AVG2012\avgidsagent.exe
11:35:55.0722 4224 AVGIDSAgent - ok
11:35:55.0832 4224 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
11:35:55.0842 4224 AVGIDSDriver - ok
11:35:55.0892 4224 AVGIDSEH (f4050c31e6a83cf1e4cdc80d165f7f08) C:\Windows\system32\DRIVERS\avgidsehx.sys
11:35:55.0892 4224 AVGIDSEH - ok
11:35:55.0932 4224 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
11:35:55.0932 4224 AVGIDSFilter - ok
11:35:55.0972 4224 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
11:35:55.0972 4224 AVGIDSShim - ok
11:35:56.0032 4224 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
11:35:56.0042 4224 Avgldx86 - ok
11:35:56.0092 4224 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
11:35:56.0102 4224 Avgmfx86 - ok
11:35:56.0232 4224 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
11:35:56.0242 4224 Avgrkx86 - ok
11:35:56.0292 4224 Avgtdix (b2fc9d4de6a2e57a4dfb5a11440c5b85) C:\Windows\system32\DRIVERS\avgtdix.sys
11:35:56.0302 4224 Avgtdix - ok
11:35:56.0392 4224 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
11:35:56.0402 4224 avgwd - ok
11:35:56.0512 4224 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
11:35:56.0522 4224 AxInstSV - ok
11:35:56.0592 4224 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:35:56.0612 4224 b06bdrv - ok
11:35:56.0732 4224 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:35:56.0742 4224 b57nd60x - ok
11:35:56.0862 4224 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
11:35:56.0872 4224 BDESVC - ok
11:35:56.0972 4224 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:35:56.0982 4224 Beep - ok
11:35:57.0032 4224 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
11:35:57.0042 4224 BFE - ok
11:35:57.0172 4224 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
11:35:57.0242 4224 BITS - ok
11:35:57.0342 4224 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:35:57.0342 4224 blbdrive - ok
11:35:57.0922 4224 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
11:35:57.0962 4224 bowser - ok
11:35:58.0142 4224 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:35:58.0152 4224 BrFiltLo - ok
11:35:58.0202 4224 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:35:58.0202 4224 BrFiltUp - ok
11:35:58.0282 4224 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
11:35:58.0282 4224 BridgeMP - ok
11:35:58.0412 4224 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
11:35:58.0422 4224 Browser - ok
11:35:58.0502 4224 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:35:58.0512 4224 Brserid - ok
11:35:58.0562 4224 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:35:58.0572 4224 BrSerWdm - ok
11:35:58.0622 4224 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:35:58.0622 4224 BrUsbMdm - ok
11:35:58.0672 4224 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:35:58.0672 4224 BrUsbSer - ok
11:35:58.0712 4224 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:35:58.0722 4224 BTHMODEM - ok
11:35:58.0872 4224 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
11:35:58.0872 4224 bthserv - ok
11:35:59.0052 4224 catchme - ok
11:35:59.0182 4224 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:35:59.0182 4224 cdfs - ok
11:35:59.0322 4224 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
11:35:59.0322 4224 cdrom - ok
11:35:59.0502 4224 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
11:35:59.0502 4224 CertPropSvc - ok
11:35:59.0582 4224 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:35:59.0592 4224 circlass - ok
11:35:59.0672 4224 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:35:59.0672 4224 CLFS - ok
11:35:59.0752 4224 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:35:59.0782 4224 clr_optimization_v2.0.50727_32 - ok
11:35:59.0962 4224 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:36:00.0032 4224 clr_optimization_v4.0.30319_32 - ok
11:36:00.0132 4224 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:36:00.0322 4224 CmBatt - ok
11:36:00.0862 4224 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
11:36:00.0882 4224 cmdide - ok
11:36:00.0962 4224 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
11:36:00.0972 4224 CNG - ok
11:36:01.0092 4224 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:36:01.0102 4224 Compbatt - ok
11:36:01.0232 4224 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:36:01.0242 4224 CompositeBus - ok
11:36:01.0342 4224 COMSysApp - ok
11:36:01.0412 4224 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:36:01.0412 4224 crcdisk - ok
11:36:01.0562 4224 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
11:36:01.0562 4224 CryptSvc - ok
11:36:01.0632 4224 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
11:36:01.0652 4224 DcomLaunch - ok
11:36:01.0832 4224 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
11:36:01.0842 4224 defragsvc - ok
11:36:02.0012 4224 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
11:36:02.0032 4224 DfsC - ok
11:36:02.0192 4224 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
11:36:02.0192 4224 Dhcp - ok
11:36:02.0322 4224 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:36:02.0322 4224 discache - ok
11:36:02.0462 4224 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:36:02.0472 4224 Disk - ok
11:36:02.0622 4224 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
11:36:02.0622 4224 Dnscache - ok
11:36:02.0772 4224 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
11:36:02.0782 4224 dot3svc - ok
11:36:02.0832 4224 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
11:36:02.0842 4224 DPS - ok
11:36:03.0362 4224 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:36:03.0362 4224 drmkaud - ok
11:36:03.0512 4224 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files\Launch Manager\dsiwmis.exe
11:36:03.0542 4224 DsiWMIService - ok
11:36:03.0672 4224 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:36:03.0692 4224 dtsoftbus01 - ok
11:36:03.0822 4224 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
11:36:03.0862 4224 DXGKrnl - ok
11:36:03.0962 4224 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
11:36:03.0972 4224 EapHost - ok
11:36:04.0182 4224 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:36:04.0272 4224 ebdrv - ok
11:36:04.0392 4224 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
11:36:04.0392 4224 EFS - ok
11:36:04.0542 4224 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:36:04.0552 4224 elxstor - ok
11:36:04.0692 4224 ePowerSvc (2609a5b13de9b2eeb38f3a83a406d079) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
11:36:04.0742 4224 ePowerSvc - ok
11:36:04.0852 4224 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
11:36:04.0852 4224 ErrDev - ok
11:36:05.0012 4224 EUCR (4fab8dfaf156e048ad514eabd268ab3a) C:\Windows\system32\DRIVERS\EUCR6SK.SYS
11:36:05.0022 4224 EUCR - ok
11:36:05.0162 4224 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
11:36:05.0172 4224 EventSystem - ok
11:36:05.0232 4224 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:36:05.0242 4224 exfat - ok
11:36:05.0302 4224 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:36:05.0312 4224 fastfat - ok
11:36:05.0902 4224 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
11:36:05.0922 4224 Fax - ok
11:36:06.0002 4224 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:36:06.0012 4224 fdc - ok
11:36:06.0122 4224 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
11:36:06.0122 4224 fdPHost - ok
11:36:06.0172 4224 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
11:36:06.0182 4224 FDResPub - ok
11:36:06.0242 4224 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:36:06.0252 4224 FileInfo - ok
11:36:06.0302 4224 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:36:06.0302 4224 Filetrace - ok
11:36:06.0362 4224 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:36:06.0372 4224 flpydisk - ok
11:36:06.0502 4224 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:36:06.0512 4224 FltMgr - ok
11:36:06.0672 4224 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
11:36:06.0712 4224 FontCache - ok
11:36:06.0832 4224 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:36:06.0842 4224 FontCache3.0.0.0 - ok
11:36:06.0912 4224 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:36:06.0912 4224 FsDepends - ok
11:36:06.0972 4224 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
11:36:06.0982 4224 Fs_Rec - ok
11:36:07.0112 4224 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
11:36:07.0122 4224 fvevol - ok
11:36:07.0272 4224 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:36:07.0272 4224 gagp30kx - ok
11:36:07.0422 4224 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
11:36:07.0452 4224 gpsvc - ok
11:36:07.0552 4224 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files\Acer\Registration\GREGsvc.exe
11:36:07.0572 4224 GREGService - ok
11:36:07.0722 4224 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:36:07.0722 4224 hcw85cir - ok
11:36:07.0932 4224 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
11:36:08.0092 4224 HdAudAddService - ok
11:36:08.0442 4224 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:36:08.0452 4224 HDAudBus - ok
11:36:08.0602 4224 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:36:08.0612 4224 HidBatt - ok
11:36:08.0762 4224 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:36:08.0762 4224 HidBth - ok
11:36:08.0912 4224 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:36:08.0922 4224 HidIr - ok
11:36:09.0042 4224 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
11:36:09.0052 4224 hidserv - ok
11:36:09.0252 4224 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
11:36:09.0252 4224 HidUsb - ok
11:36:09.0382 4224 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
11:36:09.0392 4224 hkmsvc - ok
11:36:09.0472 4224 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
11:36:09.0482 4224 HomeGroupListener - ok
11:36:09.0582 4224 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
11:36:09.0602 4224 HomeGroupProvider - ok
11:36:09.0762 4224 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:36:09.0772 4224 HpSAMD - ok
11:36:09.0932 4224 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
11:36:09.0952 4224 HTTP - ok
11:36:10.0092 4224 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
11:36:10.0102 4224 hwpolicy - ok
11:36:10.0232 4224 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
11:36:10.0242 4224 i8042prt - ok
11:36:10.0362 4224 iaStor (d80aa0907748d7cc8efab3773f32629b) C:\Windows\system32\DRIVERS\iaStor.sys
11:36:10.0372 4224 iaStor - ok
11:36:10.0902 4224 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
11:36:10.0912 4224 iaStorV - ok
11:36:10.0992 4224 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:36:11.0032 4224 idsvc - ok
11:36:11.0302 4224 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:36:11.0432 4224 igfx - ok
11:36:11.0592 4224 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:36:11.0592 4224 iirsp - ok
11:36:11.0762 4224 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
11:36:11.0792 4224 IKEEXT - ok
11:36:12.0032 4224 IntcAzAudAddService (cfa2d161b146425a3356da92ae59a6f6) C:\Windows\system32\drivers\RTKVHDA.sys
11:36:12.0142 4224 IntcAzAudAddService - ok
11:36:12.0272 4224 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
11:36:12.0272 4224 intelide - ok
11:36:12.0392 4224 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:36:12.0392 4224 intelppm - ok
11:36:12.0482 4224 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
11:36:12.0492 4224 IPBusEnum - ok
11:36:12.0592 4224 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:36:12.0602 4224 IpFilterDriver - ok
11:36:12.0752 4224 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
11:36:12.0772 4224 iphlpsvc - ok
11:36:12.0902 4224 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:36:12.0912 4224 IPMIDRV - ok
11:36:13.0042 4224 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:36:13.0052 4224 IPNAT - ok
11:36:13.0722 4224 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:36:13.0732 4224 IRENUM - ok
11:36:13.0812 4224 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
11:36:13.0812 4224 isapnp - ok
11:36:13.0962 4224 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
11:36:13.0972 4224 iScsiPrt - ok
11:36:14.0112 4224 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:36:14.0122 4224 kbdclass - ok
11:36:14.0232 4224 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
11:36:14.0242 4224 kbdhid - ok
11:36:14.0332 4224 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
11:36:14.0342 4224 KeyIso - ok
11:36:14.0442 4224 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
11:36:14.0442 4224 KSecDD - ok
11:36:14.0532 4224 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
11:36:14.0532 4224 KSecPkg - ok
11:36:14.0602 4224 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
11:36:14.0632 4224 KtmRm - ok
11:36:14.0762 4224 L1C (1a91eaad2d73758140b3b7b6ad736573) C:\Windows\system32\DRIVERS\L1C62x86.sys
11:36:14.0772 4224 L1C - ok
11:36:14.0922 4224 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
11:36:14.0942 4224 LanmanServer - ok
11:36:15.0132 4224 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
11:36:15.0162 4224 LanmanWorkstation - ok
11:36:15.0412 4224 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:36:15.0412 4224 lltdio - ok
11:36:15.0542 4224 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
11:36:15.0592 4224 lltdsvc - ok
11:36:15.0702 4224 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
11:36:15.0712 4224 lmhosts - ok
11:36:16.0112 4224 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:36:16.0242 4224 LSI_FC - ok
11:36:16.0412 4224 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:36:16.0422 4224 LSI_SAS - ok
11:36:16.0522 4224 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:36:16.0532 4224 LSI_SAS2 - ok
11:36:16.0612 4224 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:36:16.0612 4224 LSI_SCSI - ok
11:36:16.0692 4224 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:36:16.0692 4224 luafv - ok
11:36:16.0842 4224 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:36:16.0852 4224 megasas - ok
11:36:17.0022 4224 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:36:17.0032 4224 MegaSR - ok
11:36:17.0132 4224 Microsoft SharePoint Workspace Audit Service - ok
11:36:17.0272 4224 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:36:17.0282 4224 MMCSS - ok
11:36:17.0372 4224 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:36:17.0382 4224 Modem - ok
11:36:17.0492 4224 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:36:17.0492 4224 monitor - ok
11:36:17.0552 4224 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
11:36:17.0562 4224 mouclass - ok
11:36:17.0662 4224 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:36:17.0672 4224 mouhid - ok
11:36:17.0792 4224 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
11:36:17.0792 4224 mountmgr - ok
11:36:17.0862 4224 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
11:36:17.0872 4224 mpio - ok
11:36:17.0972 4224 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:36:17.0972 4224 mpsdrv - ok
11:36:18.0082 4224 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
11:36:18.0112 4224 MpsSvc - ok
11:36:18.0632 4224 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
11:36:18.0672 4224 MRxDAV - ok
11:36:18.0842 4224 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:36:18.0852 4224 mrxsmb - ok
11:36:18.0932 4224 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:36:18.0942 4224 mrxsmb10 - ok
11:36:19.0042 4224 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:36:19.0052 4224 mrxsmb20 - ok
11:36:19.0132 4224 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
11:36:19.0142 4224 msahci - ok
11:36:19.0242 4224 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
11:36:19.0242 4224 msdsm - ok
11:36:19.0312 4224 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
11:36:19.0322 4224 MSDTC - ok
11:36:19.0392 4224 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:36:19.0402 4224 Msfs - ok
11:36:19.0432 4224 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:36:19.0442 4224 mshidkmdf - ok
11:36:19.0472 4224 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
11:36:19.0502 4224 msisadrv - ok
11:36:19.0562 4224 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
11:36:19.0582 4224 MSiSCSI - ok
11:36:19.0632 4224 msiserver - ok
11:36:19.0722 4224 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:36:19.0722 4224 MSKSSRV - ok
11:36:19.0792 4224 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:36:19.0802 4224 MSPCLOCK - ok
11:36:19.0922 4224 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:36:19.0932 4224 MSPQM - ok
11:36:20.0062 4224 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:36:20.0072 4224 MsRPC - ok
11:36:20.0212 4224 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
11:36:20.0212 4224 mssmbios - ok
11:36:20.0352 4224 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:36:20.0352 4224 MSTEE - ok
11:36:20.0522 4224 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:36:20.0552 4224 MTConfig - ok
11:36:20.0722 4224 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:36:20.0772 4224 Mup - ok
11:36:21.0252 4224 mwlPSDFilter (cb47c414e083ca6e50e634b148f28f64) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
11:36:21.0372 4224 mwlPSDFilter - ok
11:36:21.0492 4224 mwlPSDNServ (647b953019559bff07536f5c6121f333) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
11:36:21.0502 4224 mwlPSDNServ - ok
11:36:21.0602 4224 mwlPSDVDisk (5a236a36db8687d1e64dc81c03eaabe1) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
11:36:21.0612 4224 mwlPSDVDisk - ok
11:36:21.0722 4224 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
11:36:21.0732 4224 MWLService - ok
11:36:21.0872 4224 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
11:36:21.0892 4224 napagent - ok
11:36:22.0062 4224 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:36:22.0072 4224 NativeWifiP - ok
11:36:22.0212 4224 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
11:36:22.0252 4224 NDIS - ok
11:36:22.0392 4224 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:36:22.0402 4224 NdisCap - ok
11:36:22.0522 4224 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:36:22.0522 4224 NdisTapi - ok
11:36:22.0682 4224 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
11:36:22.0692 4224 Ndisuio - ok
11:36:22.0782 4224 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
11:36:22.0782 4224 NdisWan - ok
11:36:22.0852 4224 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
11:36:22.0862 4224 NDProxy - ok
11:36:22.0982 4224 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:36:22.0982 4224 NetBIOS - ok
11:36:23.0102 4224 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
11:36:23.0112 4224 NetBT - ok
11:36:23.0242 4224 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
11:36:23.0252 4224 Netlogon - ok
11:36:23.0382 4224 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
11:36:23.0402 4224 Netman - ok
11:36:24.0122 4224 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
11:36:24.0142 4224 netprofm - ok
11:36:24.0272 4224 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:36:24.0282 4224 NetTcpPortSharing - ok
11:36:24.0432 4224 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:36:24.0442 4224 nfrd960 - ok
11:36:24.0582 4224 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
11:36:24.0592 4224 NlaSvc - ok
11:36:24.0752 4224 NOBU (a634584c506f2c82680039371aa1772c) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
11:36:24.0822 4224 NOBU - ok
11:36:24.0942 4224 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:36:24.0942 4224 Npfs - ok
11:36:25.0092 4224 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
11:36:25.0102 4224 nsi - ok
11:36:25.0232 4224 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:36:25.0232 4224 nsiproxy - ok
11:36:25.0412 4224 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
11:36:25.0452 4224 Ntfs - ok
11:36:25.0582 4224 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:36:25.0592 4224 Null - ok
11:36:25.0762 4224 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
11:36:25.0772 4224 nvraid - ok
11:36:25.0942 4224 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
11:36:25.0952 4224 nvstor - ok
11:36:26.0072 4224 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
11:36:26.0082 4224 nv_agp - ok
11:36:26.0782 4224 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
11:36:26.0782 4224 ohci1394 - ok
11:36:26.0892 4224 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:36:26.0902 4224 ose - ok
11:36:27.0092 4224 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:36:27.0252 4224 osppsvc - ok
11:36:27.0412 4224 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:36:27.0432 4224 p2pimsvc - ok
11:36:27.0562 4224 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
11:36:27.0582 4224 p2psvc - ok
11:36:27.0732 4224 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:36:27.0732 4224 Parport - ok
11:36:27.0812 4224 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
11:36:27.0812 4224 partmgr - ok
11:36:27.0912 4224 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:36:27.0912 4224 Parvdm - ok
11:36:28.0002 4224 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
11:36:28.0022 4224 PcaSvc - ok
11:36:28.0122 4224 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
11:36:28.0132 4224 pci - ok
11:36:28.0202 4224 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
11:36:28.0202 4224 pciide - ok
11:36:28.0302 4224 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:36:28.0312 4224 pcmcia - ok
11:36:28.0392 4224 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:36:28.0402 4224 pcw - ok
11:36:28.0562 4224 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:36:28.0592 4224 PEAUTH - ok
11:36:29.0212 4224 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
11:36:29.0262 4224 pla - ok
11:36:29.0402 4224 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
11:36:29.0432 4224 PlugPlay - ok
11:36:29.0562 4224 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
11:36:29.0582 4224 PNRPAutoReg - ok
11:36:29.0662 4224 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:36:29.0672 4224 PNRPsvc - ok
11:36:29.0782 4224 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
11:36:29.0802 4224 PolicyAgent - ok
11:36:29.0952 4224 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
11:36:29.0962 4224 Power - ok
11:36:30.0132 4224 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:36:30.0142 4224 PptpMiniport - ok
11:36:30.0222 4224 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:36:30.0222 4224 Processor - ok
11:36:30.0342 4224 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
11:36:30.0352 4224 ProfSvc - ok
11:36:30.0442 4224 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
11:36:30.0452 4224 ProtectedStorage - ok
11:36:30.0602 4224 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:36:30.0622 4224 Psched - ok
11:36:30.0722 4224 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:36:30.0772 4224 ql2300 - ok
11:36:30.0912 4224 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:36:30.0922 4224 ql40xx - ok
11:36:31.0062 4224 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
11:36:31.0082 4224 QWAVE - ok
11:36:31.0592 4224 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:36:31.0632 4224 QWAVEdrv - ok
11:36:31.0882 4224 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:36:31.0882 4224 RasAcd - ok
11:36:32.0042 4224 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:36:32.0042 4224 RasAgileVpn - ok
11:36:32.0152 4224 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
11:36:32.0162 4224 RasAuto - ok
11:36:32.0312 4224 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:36:32.0312 4224 Rasl2tp - ok
11:36:32.0462 4224 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
11:36:32.0492 4224 RasMan - ok
11:36:32.0622 4224 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:36:32.0622 4224 RasPppoe - ok
11:36:32.0722 4224 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:36:32.0732 4224 RasSstp - ok
11:36:32.0812 4224 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
11:36:32.0832 4224 rdbss - ok
11:36:32.0902 4224 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:36:32.0912 4224 rdpbus - ok
11:36:33.0002 4224 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:36:33.0002 4224 RDPCDD - ok
11:36:33.0172 4224 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:36:33.0172 4224 RDPENCDD - ok
11:36:33.0282 4224 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:36:33.0292 4224 RDPREFMP - ok
11:36:33.0402 4224 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
11:36:33.0402 4224 RDPWD - ok
11:36:33.0532 4224 rdyboost (65db288f7372b1f632891fc32bf908b7) C:\Windows\system32\drivers\rdyboost.sys
11:36:33.0542 4224 rdyboost - ok
11:36:33.0662 4224 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
11:36:33.0672 4224 RemoteAccess - ok
11:36:33.0822 4224 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
11:36:33.0842 4224 RemoteRegistry - ok
11:36:34.0372 4224 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
11:36:34.0382 4224 RpcEptMapper - ok
11:36:34.0462 4224 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
11:36:34.0472 4224 RpcLocator - ok
11:36:34.0602 4224 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
11:36:34.0612 4224 RpcSs - ok
11:36:34.0752 4224 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:36:34.0762 4224 rspndr - ok
11:36:34.0842 4224 RS_Service (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files\Acer\Acer VCM\RS_Service.exe
11:36:34.0852 4224 RS_Service - ok
11:36:34.0972 4224 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
11:36:34.0982 4224 SamSs - ok
11:36:35.0102 4224 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
11:36:35.0112 4224 sbp2port - ok
11:36:35.0192 4224 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
11:36:35.0212 4224 SCardSvr - ok
11:36:35.0292 4224 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
11:36:35.0302 4224 scfilter - ok
11:36:35.0382 4224 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
11:36:35.0412 4224 Schedule - ok
11:36:35.0462 4224 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
11:36:35.0472 4224 SCPolicySvc - ok
11:36:35.0532 4224 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
11:36:35.0542 4224 SDRSVC - ok
11:36:35.0682 4224 SeagateDashboardService (7d8f2e031561daa91826c7370c2478b8) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
11:36:35.0692 4224 SeagateDashboardService - ok
11:36:35.0802 4224 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
11:36:35.0812 4224 SeaPort - ok
11:36:35.0942 4224 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:36:35.0942 4224 secdrv - ok
11:36:36.0012 4224 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
11:36:36.0032 4224 seclogon - ok
11:36:36.0112 4224 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
11:36:36.0132 4224 SENS - ok
11:36:36.0192 4224 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:36:36.0192 4224 Serenum - ok
11:36:36.0232 4224 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:36:36.0242 4224 Serial - ok
11:36:36.0272 4224 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:36:36.0292 4224 sermouse - ok
11:36:36.0362 4224 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
11:36:36.0382 4224 SessionEnv - ok
11:36:36.0842 4224 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
11:36:36.0892 4224 sffdisk - ok
11:36:37.0052 4224 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:36:37.0052 4224 sffp_mmc - ok
11:36:37.0112 4224 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:36:37.0122 4224 sffp_sd - ok
11:36:37.0152 4224 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:36:37.0162 4224 sfloppy - ok
11:36:37.0262 4224 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
11:36:37.0282 4224 SharedAccess - ok
11:36:37.0352 4224 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
11:36:37.0382 4224 ShellHWDetection - ok
11:36:37.0492 4224 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
11:36:37.0502 4224 sisagp - ok
11:36:37.0642 4224 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:36:37.0642 4224 SiSRaid2 - ok
11:36:37.0742 4224 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:36:37.0752 4224 SiSRaid4 - ok
11:36:37.0902 4224 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:36:37.0902 4224 Smb - ok
11:36:38.0072 4224 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
11:36:38.0092 4224 SNMPTRAP - ok
11:36:38.0212 4224 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:36:38.0222 4224 spldr - ok
11:36:38.0372 4224 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
11:36:38.0412 4224 Spooler - ok
11:36:38.0622 4224 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
11:36:38.0732 4224 sppsvc - ok
11:36:38.0892 4224 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
11:36:38.0912 4224 sppuinotify - ok
11:36:39.0432 4224 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
11:36:39.0442 4224 srv - ok
11:36:39.0572 4224 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
11:36:39.0582 4224 srv2 - ok
11:36:39.0662 4224 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
11:36:39.0662 4224 srvnet - ok
11:36:39.0732 4224 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
11:36:39.0742 4224 SSDPSRV - ok
11:36:39.0812 4224 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
11:36:39.0832 4224 SstpSvc - ok
11:36:39.0962 4224 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:36:39.0972 4224 stexstor - ok
11:36:40.0112 4224 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
11:36:40.0142 4224 StiSvc - ok
11:36:40.0262 4224 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
11:36:40.0272 4224 swenum - ok
11:36:40.0412 4224 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
11:36:40.0432 4224 swprv - ok
11:36:40.0562 4224 SynTP (5cdd124913e91c7f79b4d5cae1c7c4de) C:\Windows\system32\DRIVERS\SynTP.sys
11:36:40.0572 4224 SynTP - ok
11:36:40.0652 4224 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
11:36:40.0692 4224 SysMain - ok
11:36:40.0802 4224 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
11:36:40.0822 4224 TabletInputService - ok
11:36:40.0952 4224 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
11:36:40.0972 4224 TapiSrv - ok
11:36:41.0092 4224 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
11:36:41.0102 4224 TBS - ok
11:36:41.0262 4224 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
11:36:41.0312 4224 Tcpip - ok
11:36:41.0552 4224 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
11:36:41.0572 4224 TCPIP6 - ok
11:36:42.0202 4224 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
11:36:42.0212 4224 tcpipreg - ok
11:36:42.0272 4224 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
11:36:42.0282 4224 TDPIPE - ok
11:36:42.0392 4224 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
11:36:42.0392 4224 TDTCP - ok
11:36:42.0442 4224 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
11:36:42.0442 4224 tdx - ok
11:36:42.0482 4224 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
11:36:42.0492 4224 TermDD - ok
11:36:42.0562 4224 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
11:36:42.0592 4224 TermService - ok
11:36:42.0662 4224 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
11:36:42.0682 4224 Themes - ok
11:36:42.0792 4224 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:36:42.0802 4224 THREADORDER - ok
11:36:42.0932 4224 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
11:36:42.0942 4224 TrkWks - ok
11:36:43.0042 4224 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
11:36:43.0052 4224 TrustedInstaller - ok
11:36:43.0142 4224 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:36:43.0142 4224 tssecsrv - ok
11:36:43.0312 4224 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
11:36:43.0312 4224 tunnel - ok
11:36:43.0462 4224 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:36:43.0472 4224 uagp35 - ok
11:36:43.0572 4224 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
11:36:43.0582 4224 udfs - ok
11:36:43.0672 4224 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
11:36:43.0692 4224 UI0Detect - ok
11:36:43.0822 4224 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:36:43.0832 4224 uliagpkx - ok
11:36:43.0892 4224 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
11:36:43.0892 4224 umbus - ok
11:36:43.0932 4224 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:36:43.0942 4224 UmPass - ok
11:36:44.0012 4224 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
11:36:44.0022 4224 Updater Service - ok
11:36:44.0162 4224 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
11:36:44.0202 4224 upnphost - ok
11:36:44.0882 4224 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys
11:36:44.0892 4224 usbccgp - ok
11:36:45.0012 4224 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
11:36:45.0022 4224 usbcir - ok
11:36:45.0132 4224 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys
11:36:45.0142 4224 usbehci - ok
11:36:45.0262 4224 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys
11:36:45.0272 4224 usbhub - ok
11:36:45.0322 4224 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys
11:36:45.0322 4224 usbohci - ok
11:36:45.0382 4224 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:36:45.0392 4224 usbprint - ok
11:36:45.0472 4224 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:36:45.0472 4224 USBSTOR - ok
11:36:45.0542 4224 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys
11:36:45.0552 4224 usbuhci - ok
11:36:45.0702 4224 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
11:36:45.0702 4224 usbvideo - ok
11:36:45.0842 4224 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
11:36:45.0852 4224 UxSms - ok
11:36:45.0912 4224 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
11:36:45.0922 4224 VaultSvc - ok
11:36:46.0042 4224 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:36:46.0042 4224 vdrvroot - ok
11:36:46.0172 4224 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
11:36:46.0202 4224 vds - ok
11:36:46.0342 4224 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:36:46.0342 4224 vga - ok
11:36:46.0462 4224 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:36:46.0472 4224 VgaSave - ok
11:36:46.0602 4224 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
11:36:46.0612 4224 vhdmp - ok
11:36:46.0752 4224 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
11:36:46.0762 4224 viaagp - ok
11:36:46.0862 4224 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:36:46.0922 4224 ViaC7 - ok
11:36:46.0942 4224 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
11:36:46.0962 4224 viaide - ok
11:36:47.0622 4224 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
11:36:47.0632 4224 volmgr - ok
11:36:47.0662 4224 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:36:47.0682 4224 volmgrx - ok
11:36:47.0862 4224 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
11:36:47.0872 4224 volsnap - ok
11:36:48.0012 4224 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:36:48.0022 4224 vsmraid - ok
11:36:48.0192 4224 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
11:36:48.0232 4224 VSS - ok
11:36:48.0392 4224 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
11:36:48.0432 4224 vToolbarUpdater10.2.0 - ok
11:36:48.0532 4224 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
11:36:48.0532 4224 vwifibus - ok
11:36:48.0602 4224 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
11:36:48.0612 4224 vwififlt - ok
11:36:48.0692 4224 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
11:36:48.0712 4224 W32Time - ok
11:36:48.0772 4224 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:36:48.0772 4224 WacomPen - ok
11:36:48.0832 4224 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
11:36:48.0832 4224 WANARP - ok
11:36:48.0852 4224 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
11:36:48.0852 4224 Wanarpv6 - ok
11:36:48.0942 4224 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
11:36:49.0002 4224 wbengine - ok
11:36:49.0042 4224 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
11:36:49.0062 4224 WbioSrvc - ok
11:36:49.0132 4224 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
11:36:49.0182 4224 wcncsvc - ok
11:36:49.0302 4224 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
11:36:49.0322 4224 WcsPlugInService - ok
11:36:49.0392 4224 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:36:49.0402 4224 Wd - ok
11:36:49.0462 4224 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:36:49.0472 4224 Wdf01000 - ok
11:36:49.0542 4224 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:36:49.0552 4224 WdiServiceHost - ok
11:36:49.0562 4224 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:36:49.0582 4224 WdiSystemHost - ok
11:36:49.0642 4224 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
11:36:49.0722 4224 WebClient - ok
11:36:50.0392 4224 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
11:36:50.0412 4224 Wecsvc - ok
11:36:50.0462 4224 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
11:36:50.0472 4224 wercplsupport - ok
11:36:50.0532 4224 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
11:36:50.0542 4224 WerSvc - ok
11:36:50.0682 4224 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:36:50.0682 4224 WfpLwf - ok
11:36:50.0762 4224 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:36:50.0772 4224 WIMMount - ok
11:36:51.0002 4224 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
11:36:51.0062 4224 WinDefend - ok
11:36:51.0082 4224 WinHttpAutoProxySvc - ok
11:36:51.0312 4224 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
11:36:51.0362 4224 Winmgmt - ok
11:36:51.0542 4224 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
11:36:51.0602 4224 WinRM - ok
11:36:51.0742 4224 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
11:36:51.0792 4224 Wlansvc - ok
11:36:51.0902 4224 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:36:51.0912 4224 WmiAcpi - ok
11:36:52.0002 4224 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
11:36:52.0012 4224 wmiApSrv - ok
11:36:52.0122 4224 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:36:52.0172 4224 WMPNetworkSvc - ok
11:36:52.0292 4224 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
11:36:52.0312 4224 WPCSvc - ok
11:36:52.0372 4224 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
11:36:52.0392 4224 WPDBusEnum - ok
11:36:52.0472 4224 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:36:52.0852 4224 ws2ifsl - ok
11:36:52.0992 4224 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
11:36:53.0012 4224 wscsvc - ok
11:36:53.0102 4224 WSearch - ok
11:36:53.0222 4224 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
11:36:53.0302 4224 wuauserv - ok
11:36:53.0442 4224 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
11:36:53.0442 4224 WudfPf - ok
11:36:53.0582 4224 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:36:53.0592 4224 WUDFRd - ok
11:36:53.0712 4224 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
11:36:53.0722 4224 wudfsvc - ok
11:36:53.0832 4224 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
11:36:53.0852 4224 WwanSvc - ok
11:36:53.0942 4224 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:36:54.0002 4224 \Device\Harddisk0\DR0 - ok
11:36:54.0032 4224 Boot (0x1200) (e43621dcd81c8d376f59483b6690b713) \Device\Harddisk0\DR0\Partition0
11:36:54.0032 4224 \Device\Harddisk0\DR0\Partition0 - ok
11:36:54.0052 4224 Boot (0x1200) (9788912985d2ef67d1cf7eba35186e6c) \Device\Harddisk0\DR0\Partition1
11:36:54.0052 4224 \Device\Harddisk0\DR0\Partition1 - ok
11:36:54.0092 4224 Boot (0x1200) (c7fee71a09a804476263363dc261ef2f) \Device\Harddisk0\DR0\Partition2
11:36:54.0102 4224 \Device\Harddisk0\DR0\Partition2 - ok
11:36:54.0102 4224 ============================================================
11:36:54.0102 4224 Scan finished
11:36:54.0102 4224 ============================================================
11:36:54.0452 4020 Detected object count: 0
11:36:54.0452 4020 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-16 11:40:52
-----------------------------
11:40:52.104 OS Version: Windows 6.1.7600
11:40:52.104 Number of processors: 2 586 0x1C0A
11:40:52.114 ComputerName: PANDABEER-PC UserName: PandaBeer
11:41:07.334 Initialize success
11:43:58.343 AVAST engine defs: 12041502
11:44:34.270 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:44:34.286 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
11:44:34.317 Disk 0 MBR read successfully
11:44:34.333 Disk 0 MBR scan
11:44:34.426 Disk 0 Windows 7 default MBR code
11:44:34.458 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
11:44:34.536 Disk 0 Partition 2 00 0C FAT32 LBA MSDOS5.0 4096 MB offset 27265024
11:44:34.567 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 35653632
11:44:34.598 Disk 0 Partition - 00 0F Extended LBA 220965 MB offset 35858432
11:44:34.660 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 220964 MB offset 35860480
11:44:34.754 Disk 0 scanning sectors +488394752
11:44:34.988 Disk 0 scanning C:\Windows\system32\drivers
11:46:08.682 Service scanning
11:47:22.938 Modules scanning
11:49:49.324 Disk 0 trace - called modules:
11:49:49.418 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
11:49:49.449 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f0a030]
11:49:49.465 3 CLASSPNP.SYS[86bb659e] -> nt!IofCallDriver -> [0x84452928]
11:49:49.480 5 ACPI.sys[8641e3b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84431028]
11:49:52.163 AVAST engine scan C:\Windows
11:51:48.758 AVAST engine scan C:\Windows\system32
12:14:58.128 AVAST engine scan C:\Windows\system32\drivers
12:16:07.969 AVAST engine scan C:\Users\PandaBeer
12:28:12.609 AVAST engine scan C:\ProgramData
12:30:14.586 Scan finished successfully
12:38:05.825 Disk 0 MBR has been saved successfully to "C:\Users\PandaBeer\Desktop\MBR.dat"
12:38:05.856 The log file has been saved successfully to "C:\Users\PandaBeer\Desktop\aswMBR.txt"

#6 gringo_pr

Bleepin Gringo

Malware Response Team
120,887 posts

Gender:Male
Location:Puerto rico

Posted 15 April 2012 - 09:13 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\users\PandaBeer\AppData\Roaming\Optimizer Pro
c:\programdata\Premium
c:\program files\Optimizer Pro
c:\programdata\InstallMate

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

#7 Pandabeer

New Member

Members
6 posts

Posted 17 April 2012 - 08:17 PM

Hi Gringo,
I have run the script, and the computer seems to be running better. Is it all gone now? =]
Here's the log:

ComboFix 12-04-14.03 - PandaBeer 18/04/2012 12:46:27.2.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.64.1033.18.1013.361 [GMT 12:00]
Running from: c:\users\PandaBeer\Desktop\ComboFix.exe
Command switches used :: c:\users\PandaBeer\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Optimizer Pro
c:\program files\Optimizer Pro\English.ini
c:\program files\Optimizer Pro\file_id.diz
c:\program files\Optimizer Pro\HomePage.url
c:\program files\Optimizer Pro\OptimizerPro.chm
c:\program files\Optimizer Pro\OptimizerPro.exe
c:\program files\Optimizer Pro\OptProGuard.exe
c:\program files\Optimizer Pro\OptProLauncher.exe
c:\program files\Optimizer Pro\OptProReminder.exe
c:\program files\Optimizer Pro\OptProSchedule.exe
c:\program files\Optimizer Pro\OptProSmartScan.exe
c:\program files\Optimizer Pro\OptProStart.exe
c:\program files\Optimizer Pro\OptProUninstaller.exe
c:\program files\Optimizer Pro\scan.gif
c:\program files\Optimizer Pro\sqlite3.dll
c:\program files\Optimizer Pro\unins000.dat
c:\program files\Optimizer Pro\unins000.exe
c:\programdata\InstallMate
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\_Setup.dll
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\_Setupx.dll
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\0.ini
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\20120324114242.log
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.dat
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.exe
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.ico
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\TsuDll.dll
c:\programdata\Premium
c:\users\PandaBeer\AppData\Roaming\Optimizer Pro
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 01:00 . 2012-04-18 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 01:00 . 2012-04-18 01:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-04-12 03:01 . 2012-04-12 03:01 -------- d-----w- c:\users\PandaBeer\AppData\Roaming\Malwarebytes
2012-04-12 03:00 . 2012-04-12 03:00 -------- d-----w- c:\programdata\Malwarebytes
2012-04-12 02:48 . 2012-04-12 02:48 -------- d-----w- c:\users\PandaBeer\AppData\Roaming\AVG2012
2012-04-12 02:45 . 2012-04-12 02:46 -------- d-----w- c:\programdata\AVG Secure Search
2012-04-12 02:45 . 2012-04-12 02:45 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-04-12 02:45 . 2012-04-12 02:46 -------- d-----w- c:\program files\AVG Secure Search
2012-04-12 02:43 . 2012-04-18 00:17 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-12 02:43 . 2012-04-12 02:50 -------- d-----w- c:\programdata\AVG2012
2012-04-12 02:43 . 2012-04-12 02:43 -------- d-----w- C:\$AVG
2012-04-12 02:41 . 2012-04-12 02:41 -------- d-----w- c:\program files\AVG
2012-04-12 02:35 . 2012-04-12 02:35 -------- d--h--w- c:\programdata\Common Files
2012-04-12 02:35 . 2012-04-18 00:18 -------- d-----w- c:\programdata\MFAData
2012-03-28 23:56 . 2012-03-28 23:56 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB9DAED8-8800-4EEA-8095-2B9F8917BB48}\offreg.dll
2012-03-28 23:52 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB9DAED8-8800-4EEA-8095-2B9F8917BB48}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 00:03 . 2012-02-26 00:03 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-22 20:18 . 2011-11-11 00:45 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 17:25 . 2012-02-21 17:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-21 17:25 . 2012-02-21 17:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-01-30 16:46 . 2012-01-30 16:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-12 02:45 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-04-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 966488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-19 9874024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-08-10 975952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-11-30 489848]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 715296]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-07-06 79112]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-02-15 2575712]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-12 982880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-02-13 5104992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-06-17 82768]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-24 30969208]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidsehx.sys [2011-12-23 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-30 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-21 235216]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-02-21 299472]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-30 218688]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 18992]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 735776]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-07-06 14088]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-04-12 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-08-24 68208]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-160890448-1581403880-3986745747-1000Core.job
- c:\users\PandaBeer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 08:30]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-160890448-1581403880-3986745747-1000UA.job
- c:\users\PandaBeer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 08:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
mStart Page = hxxp://acer.msn.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Optimizer Pro - c:\program files\Optimizer Pro\OptProLauncher.exe
AddRemove-Optimizer Pro_is1 - c:\program files\Optimizer Pro\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1004)
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-04-18 13:10:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-18 01:10
ComboFix2.txt 2012-04-15 03:30
.
Pre-Run: 197,322,399,744 bytes free
Post-Run: 197,188,091,904 bytes free
.
- - End Of File - - B7F9D4B548510DE7F73AA7E6C7618868

#8 gringo_pr

Bleepin Gringo

Malware Response Team
120,887 posts

Gender:Male
Location:Puerto rico

Posted 17 April 2012 - 08:46 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.1 MUI
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Codec-C
DAEMON Tools Toolbar
[/list]

Please download and install Revo Uninstaller Free
Double click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

click on the Free Java Download Button
click on Agree and start Free download
click on Run
click on run again
click on install
when install is complete click on close

Clean Out Temp Files

This small application you may want to keep and use once a week to keep the computer clean.

Download CCleaner from here http://www.ccleaner.com/
Run the installer to install the application.
When it gives you the option to install Yahoo toolbar uncheck the box next to it.
Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
Click Run Cleaner.
Close CCleaner.

: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

Go Here to download HijackThis Installer
Save HijackThis Installer to your desktop.
Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

In your next post I need the following

Log From MBAM
report from Hijackthis
let me know of any problems you may have had
How is the computer doing now?

Gringo

Edited by gringo_pr, 17 April 2012 - 08:46 PM.

#9 Pandabeer

New Member

Members
6 posts

Posted 18 April 2012 - 10:26 PM

Hi,
Here are the logs. I couldnt install Adobe PDF Reader due to "General Installation Error". So i installed the other option instead. The computer is running good, however im having issues playing music and video, the sound a slight buzzing sound every few seconds like it freezes. Ive never had this issue before, but im not sure if it has anything to do with this problem im having too.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.19.01

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
PandaBeer :: PANDABEER-PC [administrator]

19/04/2012 2:55:17 p.m.
mbam-log-2012-04-19 (14-55-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189564
Time elapsed: 10 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:21:39 p.m., on 19/04/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\EgisTec IPS\PmmUpdate.exe
C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Android Manager\iSync.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Program Files\Acer\Updater\iUpdate.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Users\PandaBeer\AppData\Local\Temp\AdbeRdr1013_en_US.exe
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\setup.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\PandaBeer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PandaBeer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PandaBeer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PandaBeer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PandaBeer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PandaBeer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iSyncData] C:\Program Files\Acer\Android Manager\iSync.exe
O4 - HKLM\..\Run: [AndroidManager] C:\Program Files\Acer\Android Manager\AML.exe
O4 - HKLM\..\Run: [iPatchData] C:\Program Files\Acer\Updater\iUpdate.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files\Acer\Registration\GREGsvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

--
End of file - 9420 bytes

#10 gringo_pr

Bleepin Gringo

Malware Response Team
120,887 posts

Gender:Male
Location:Puerto rico

Posted 18 April 2012 - 10:44 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
- O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
  O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
  O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
  O4 - HKLM\..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
  O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
  O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
  O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
  O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
  O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
  O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
  O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Dominic\AppData\Local\Akamai\netsession_win.exe"
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

NOTE**You can research each of those lines >here< and see if you want to keep them or not
just copy the name between the brackets and paste into the search space
O4 - HKLM\..\Run: [IntelliPoint]

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
- Click Start
When asked, allow the ActiveX control to install
- Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo

#11 Pandabeer

New Member

Members
6 posts

Posted 19 April 2012 - 10:26 PM

Hi Gringo,
Thank you again for all your help! I did the internet scan and that came up with no threats found. I couldnt find the cope-to-clipboard button anywhere... The scan took over 2 hours so I'm not really keen to do another one just to look for that button again haha.

where to now? =]

#12 gringo_pr

Bleepin Gringo

Malware Response Team
120,887 posts

Gender:Male
Location:Puerto rico

Posted 19 April 2012 - 10:35 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
The application window will appear
Click the Re-enable button to re-enable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK.

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

turn off all active protection software
push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
please copy and past the following into the box ComboFix /Uninstall and click OK.
Note the space between the X and the /Uninstall, it needs to be there.

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

Gringo

#13 gringo_pr

Bleepin Gringo

Malware Response Team
120,887 posts

Gender:Male
Location:Puerto rico

Posted 22 April 2012 - 12:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.