Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ad.xtendmedia removal help


  • This topic is locked This topic is locked
28 replies to this topic

#1 clarkey80

clarkey80

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 12 October 2012 - 04:07 AM

I believe I have a virus on my laptop which after searching on google looks like it is called ad.xtendmedia . It's really annoying as it constantly causes pop ups in the bottom left hand corner of my screen and occasionally redirects me from the web page I am after.

I have mcafee security and have also run a malwarebytes scan which picked nothing up.

There seem to be endless suggestions of how to get rid of it when I was searching but I don't know which method is best/ easiest and less risky in terms of me deleting important files/ items from registry.

Please can you help?

Regards
Simon

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,818 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 PM

Posted 12 October 2012 - 04:37 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 clarkey80

clarkey80
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 12 October 2012 - 04:50 AM

Thanks Gringo.
I am at work so unable to do this first step until this evening. I will endeavour to reply with the requested information/ logs by 8pm UK time.
Regards
Simon

#4 clarkey80

clarkey80
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 12 October 2012 - 12:43 PM

Hi Gringo,
Here is the security check report:
Results of screen317's Security Check version 0.99.51
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 29
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Home at 18:36:32 on 2012-10-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2807.1577 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\RunDll32.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.bbc.co.uk/sport/0/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360111b155l0444z1m5t5682j952
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360111b155l0444z1m5t5682j952
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360111b155l0444z1m5t5682j952
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121010205140.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6FA27FCA-4AB9-44EF-8BA8-BC81E82964AB} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6FA27FCA-4AB9-44EF-8BA8-BC81E82964AB}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO-X64: Conduit Engine - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121010205140.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
Hosts: 66.232.114.203 www.google-analytics.com.
Hosts: 66.232.114.203 ad-emea.doubleclick.net.
Hosts: 66.232.114.203 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-5-6 312400]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-6-12 867360]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-12 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-12 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-12 676936]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2012-10-10 103440]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-10 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-10 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-10 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-10-10 199304]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-10-10 210616]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-4 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250808]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-4 135664]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-4-17 305520]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-10-12 06:01:37 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-12 06:01:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-10 19:51:47 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-10-10 19:51:39 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-10-10 19:51:37 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-10-10 19:51:37 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-10-10 19:51:37 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-10-10 19:51:37 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-10-10 19:51:36 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-10-10 19:51:31 -------- dc----w- C:\Program Files\McAfee.com
2012-10-10 19:51:31 -------- dc----w- C:\Program Files\Common Files\McAfee
2012-10-10 19:51:30 -------- dc----w- C:\Program Files\McAfee
2012-10-10 19:30:13 177144 ----a-w- C:\Windows\System32\mfevtps.exe
2012-10-10 18:27:01 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-10 18:27:00 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-09-22 16:36:44 -------- d-----w- C:\Users\Home\AppData\Roaming\PCCUStubInstaller
2012-09-22 16:36:23 -------- d-----w- C:\ProgramData\Norton
2012-09-22 16:36:19 -------- d-----w- C:\ProgramData\NortonInstaller
2012-09-20 20:52:41 -------- d-----w- C:\Users\Home\AppData\Roaming\Synaptics
2012-09-20 20:49:48 -------- d-----w- C:\ProgramData\Synaptics
2012-09-20 20:49:48 -------- d-----w- C:\Program Files (x86)\Synaptics
2012-09-20 20:49:34 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2012-09-20 20:49:32 66856 ----a-w- C:\Windows\SysWow64\SynTPEnhPS.dll
2012-09-20 20:49:32 411432 ----a-w- C:\Windows\System32\SynCOM.dll
2012-09-20 20:49:32 274728 ----a-w- C:\Windows\System32\SynCtrl.dll
2012-09-20 20:49:32 225576 ----a-w- C:\Windows\System32\SynTPAPI.dll
2012-09-20 20:49:32 218408 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2012-09-20 20:49:32 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2012-09-20 20:49:32 148264 ----a-w- C:\Windows\System32\SynTPCo9.dll
2012-09-20 20:49:32 1424944 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2012-09-20 20:49:32 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2012-09-20 20:04:31 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-20 20:03:41 -------- dc----w- C:\Program Files\iPod
2012-09-20 20:03:40 -------- dc----w- C:\Program Files\iTunes
2012-09-20 20:03:40 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-15 21:15:10 -------- dc----w- C:\Program Files\CCleaner
2012-09-12 19:26:00 -------- d-----w- C:\Users\Home\AppData\Roaming\XBMC
2012-09-12 19:25:51 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-09-12 19:25:50 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-09-12 19:24:35 -------- d-----w- C:\Program Files (x86)\XBMC
2012-09-12 19:00:48 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 19:00:48 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
.
==================== Find3M ====================
.
2012-10-10 19:20:11 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 19:20:11 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 18:05:27 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 18:02:20 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-08-24 17:10:47 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 17:08:47 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-08-24 16:45:23 482816 ----a-w- C:\Windows\System32\html.iec
2012-08-24 16:02:45 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 16:01:45 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-08-24 15:27:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 12:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 12:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:53:01 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:54:04 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-05 19:53:47 0 ----a-w- C:\Windows\SysWow64\sho4640.tmp
2012-07-18 17:31:12 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-07-17 13:52:38 335784 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-07-17 13:50:36 752672 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-07-17 13:48:34 169320 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
.
============= FINISH: 18:38:49.42 ===============


Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 04/01/2011 20:41:25
System Uptime: 12/10/2012 18:03:15 (0 hours ago)
.
Motherboard: Acer | | Aspire 5741
Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz | CPU | 1065/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 170.788 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl2f762822
Device ID: ROOT\LEGACY_MPKSL2F762822\0000
Manufacturer:
Name: MpKsl2f762822
PNP Device ID: ROOT\LEGACY_MPKSL2F762822\0000
Service: MpKsl2f762822
.
==== System Restore Points ===================
.
RP492: 16/09/2012 19:22:05 - Windows Backup
RP493: 20/09/2012 21:18:25 - Installed Driver Manager.
RP494: 22/09/2012 17:23:39 - Windows Update
RP495: 23/09/2012 19:00:05 - Windows Backup
RP496: 24/09/2012 17:19:07 - Windows Update
RP497: 30/09/2012 19:28:02 - Windows Backup
RP498: 08/10/2012 15:40:02 - Windows Backup
RP499: 10/10/2012 20:38:00 - Removed AVG 2012
RP500: 10/10/2012 20:40:00 - Removed AVG 2012
RP501: 11/10/2012 16:49:54 - Windows Update
RP502: 11/10/2012 22:32:30 - Installed Microsoft Fix it 50267
RP503: 12/10/2012 07:16:53 - Installed Microsoft Fix it 50267
.
==== Hosts File Hijack ======================
.
Hosts: 66.232.114.203 www.google-analytics.com.
Hosts: 66.232.114.203 ad-emea.doubleclick.net.
Hosts: 66.232.114.203 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye webcam Ver:1.1.167.331
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2 MUI
Apple Application Support
Apple Software Update
µTorrent
Backup Manager Basic
Conduit Engine
CyberLink PowerDVD 9
D3DX10
dBpoweramp Music Converter
Dell Color Printer 725
Dell Driver Download Manager
eBay Worldwide
eSobi v2
FLAC To MP3 V4.0.4
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Homeplug Utility
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Identity Card
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.65.0.1400
McAfee SecurityCenter
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
MyWinLocker
MyWinLocker Suite
Norton Online Backup
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OpenOffice.org 3.2
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Shredder
Skype Click to Call
Skype™ 5.10
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
uTorrentBar Toolbar
Visual Studio 2008 x64 Redistributables
VoiceOver Kit
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.1
XBMC
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
12/10/2012 18:03:33, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126
10/10/2012 19:17:32, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753636.
.
==== End Of File ===========================


Looking forward to hearing from you
Simon

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,818 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 PM

Posted 12 October 2012 - 02:12 PM

Greetings

Thank you for sending me the reports I would like you to run these for me next and send me the reports when they are complete


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 clarkey80

clarkey80
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 12 October 2012 - 03:04 PM

Here is the Adwcleaner log (other will follow in a minute)

# AdwCleaner v2.004 - Logfile created 10/12/2012 at 21:00:36
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Home - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\Home\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\uTorrentBar
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Home\AppData\Local\Conduit
Folder Deleted : C:\Users\Home\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Home\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Home\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Home\AppData\LocalLow\uTorrentBar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DEA1067-83A4-4935-8153-7B06FAE6D210}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EACE5643-D709-4EBB-ABA9-F92730E52329}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EADEB6AF-8E43-46AF-B26C-3D416FD33111}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6380 octets] - [12/10/2012 21:00:36]

########## EOF - C:\AdwCleaner[S1].txt - [6440 octets] ##########

#7 clarkey80

clarkey80
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 12 October 2012 - 03:08 PM

Roguekiller:

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Home [Admin rights]
Mode : Remove -- Date : 10/12/2012 21:07:50

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
66.232.114.203 www.google-analytics.com.
66.232.114.203 ad-emea.doubleclick.net.
66.232.114.203 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] 60f2d19e9ab77d42a44728fbb5fece77
[BSP] 953f15da350bcce31c7686c47a4090e0 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 13319 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27278370 | Size: 101 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27487215 | Size: 291822 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,818 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 PM

Posted 12 October 2012 - 03:13 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 clarkey80

clarkey80
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 12 October 2012 - 03:45 PM

Here is the log from combofix.


ComboFix 12-10-12.01 - Home 12/10/2012 21:31:16.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2807.1855 [GMT 1:00]
Running from: c:\users\Home\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\FullRemove.exe
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-12 to 2012-10-12 )))))))))))))))))))))))))))))))
.
.
2012-10-12 20:38 . 2012-10-12 20:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-12 06:01 . 2012-09-07 16:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-12 06:01 . 2012-10-12 06:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-10 19:51 . 2012-10-10 19:51 -------- d-----w- c:\program files (x86)\McAfee.com
2012-10-10 19:51 . 2012-02-22 12:29 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-10-10 19:51 . 2012-02-22 12:29 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-10-10 19:51 . 2012-02-22 12:29 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-10-10 19:51 . 2012-02-22 12:29 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-10-10 19:51 . 2012-02-22 12:29 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-10-10 19:51 . 2012-02-22 12:29 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-10-10 19:51 . 2012-10-10 19:51 -------- dc----w- c:\program files\Common Files\McAfee
2012-10-10 19:51 . 2012-10-10 19:51 -------- dc----w- c:\program files\McAfee
2012-10-10 19:30 . 2012-07-17 13:52 177144 ----a-w- c:\windows\system32\mfevtps.exe
2012-10-10 18:27 . 2012-08-31 18:02 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 18:27 . 2012-08-30 18:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-22 16:36 . 2012-09-22 16:36 -------- d-----w- c:\users\Home\AppData\Roaming\PCCUStubInstaller
2012-09-22 16:36 . 2012-09-23 12:11 -------- d-----w- c:\programdata\Norton
2012-09-20 20:52 . 2012-09-20 20:52 -------- d-----w- c:\users\Home\AppData\Roaming\Synaptics
2012-09-20 20:49 . 2012-09-20 20:49 -------- d-----w- c:\programdata\Synaptics
2012-09-20 20:49 . 2012-09-20 20:49 -------- d-----w- c:\program files (x86)\Synaptics
2012-09-20 20:49 . 2009-08-07 09:49 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-09-20 20:49 . 2011-03-31 18:32 1424944 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-09-20 20:49 . 2011-03-31 18:29 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll
2012-09-20 20:49 . 2011-03-31 18:29 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-09-20 20:49 . 2011-03-31 18:29 225576 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-09-20 20:49 . 2011-03-31 18:29 148264 ----a-w- c:\windows\system32\SynTPCo9.dll
2012-09-20 20:49 . 2011-03-31 18:29 274728 ----a-w- c:\windows\system32\SynCtrl.dll
2012-09-20 20:49 . 2011-03-31 18:29 218408 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2012-09-20 20:49 . 2011-03-31 18:29 411432 ----a-w- c:\windows\system32\SynCOM.dll
2012-09-20 20:49 . 2011-03-31 18:29 173352 ----a-w- c:\windows\SysWow64\SynCOM.dll
2012-09-20 20:04 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-20 20:03 . 2012-09-20 20:03 -------- dc----w- c:\program files\iPod
2012-09-20 20:03 . 2012-09-20 20:04 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-20 20:03 . 2012-09-20 20:04 -------- dc----w- c:\program files\iTunes
2012-09-15 21:15 . 2012-09-15 21:15 -------- dc----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 15:53 . 2011-01-12 19:54 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-10 19:20 . 2012-04-04 05:45 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 19:20 . 2011-08-02 06:04 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 19:14 . 2012-09-13 19:14 31252 ----a-w- C:\repository.bstrdsmkr-0.0.3.zip
2012-09-13 19:12 . 2012-09-13 19:12 582 ----a-w- C:\repository.MaxMustermann.xbmc-1.0.1.zip
2012-09-12 19:30 . 2012-09-12 19:30 1018032 ----a-w- C:\Navi-X_v37_6.zip
2012-08-21 12:01 . 2011-01-07 20:10 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 12:01 . 2011-01-07 20:10 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 00:53 . 2012-08-25 07:47 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6DFC948C-4AAE-4771-9A2B-E11D59C3C02E}\mpengine.dll
2012-08-18 11:19 . 2012-10-10 18:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-05 19:53 . 2012-08-05 19:53 0 ----a-w- c:\windows\SysWow64\sho4640.tmp
2012-08-02 17:55 . 2012-09-12 19:00 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 17:05 . 2012-09-12 19:00 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-18 17:31 . 2012-08-15 19:02 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-07-17 13:52 . 2012-07-17 13:52 335784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-07-17 13:50 . 2012-07-17 13:50 752672 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-07-17 13:48 . 2012-07-17 13:48 169320 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 MpKsl2f762822;MpKsl2f762822;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC1E30B0-C131-45A5-A944-3B20B707EB8C}\MpKsl2f762822.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-04 135664]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-04 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-04-19 245280]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-07 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-04-23 867360]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-01-13 103440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-03-21 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:20]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-04 20:52]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-04 20:52]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1368652952-4116994588-796094301-1001Core.job
- c:\users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 19:24]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1368652952-4116994588-796094301-1001UA.job
- c:\users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 19:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bbc.co.uk/sport/0/
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360111b155l0444z1m5t5682j952
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360111b155l0444z1m5t5682j952
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1368652952-4116994588-796094301-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1368652952-4116994588-796094301-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-12 21:41:27
ComboFix-quarantined-files.txt 2012-10-12 20:41
.
Pre-Run: 183,228,583,936 bytes free
Post-Run: 182,950,318,080 bytes free
.
- - End Of File - - 9B33328E877A1091EB2CC9FA3F23C635



In terms of how the computer is working, the pages that previously had pop ups do not any more. I was worried that combofix would nt work properly as i struggled to turn off mcafee security. I will send this post , reboot and check the web pages again. should i turn macafee on again?

#10 clarkey80

clarkey80
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 12 October 2012 - 03:52 PM

Just rebooted and all looks much better. Macafee automatically came on.
What should i do with the RK reports etc?
Is it worth keeping malwarebytes?
thanks so much for your help.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,818 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 PM

Posted 12 October 2012 - 03:54 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 clarkey80

clarkey80
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 12 October 2012 - 04:01 PM

TDSSKiller

21:59:24.0937 0560 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:59:26.0660 0560 ============================================================
21:59:26.0660 0560 Current date / time: 2012/10/12 21:59:26.0660
21:59:26.0660 0560 SystemInfo:
21:59:26.0660 0560
21:59:26.0660 0560 OS Version: 6.1.7600 ServicePack: 0.0
21:59:26.0660 0560 Product type: Workstation
21:59:26.0660 0560 ComputerName: HOME-PC
21:59:26.0660 0560 UserName: Home
21:59:26.0660 0560 Windows directory: C:\Windows
21:59:26.0661 0560 System windows directory: C:\Windows
21:59:26.0661 0560 Running under WOW64
21:59:26.0661 0560 Processor architecture: Intel x64
21:59:26.0661 0560 Number of processors: 4
21:59:26.0661 0560 Page size: 0x1000
21:59:26.0661 0560 Boot type: Normal boot
21:59:26.0661 0560 ============================================================
21:59:27.0378 0560 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:59:27.0386 0560 ============================================================
21:59:27.0386 0560 \Device\Harddisk0\DR0:
21:59:27.0387 0560 MBR partitions:
21:59:27.0387 0560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A03C22, BlocksNum 0x32FCD
21:59:27.0387 0560 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A36BEF, BlocksNum 0x239F76C1
21:59:27.0387 0560 ============================================================
21:59:27.0425 0560 C: <-> \Device\Harddisk0\DR0\Partition2
21:59:27.0426 0560 ============================================================
21:59:27.0426 0560 Initialize success
21:59:27.0426 0560 ============================================================
21:59:46.0776 7100 ============================================================
21:59:46.0776 7100 Scan started
21:59:46.0776 7100 Mode: Manual;
21:59:46.0776 7100 ============================================================
21:59:47.0234 7100 ================ Scan system memory ========================
21:59:47.0234 7100 System memory - ok
21:59:47.0235 7100 ================ Scan services =============================
21:59:47.0427 7100 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
21:59:47.0432 7100 1394ohci - ok
21:59:47.0458 7100 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
21:59:47.0465 7100 ACPI - ok
21:59:47.0492 7100 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
21:59:47.0494 7100 AcpiPmi - ok
21:59:47.0666 7100 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:59:47.0669 7100 AdobeFlashPlayerUpdateSvc - ok
21:59:47.0711 7100 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:59:47.0728 7100 adp94xx - ok
21:59:47.0769 7100 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:59:47.0776 7100 adpahci - ok
21:59:47.0798 7100 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:59:47.0803 7100 adpu320 - ok
21:59:47.0829 7100 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:59:47.0830 7100 AeLookupSvc - ok
21:59:47.0880 7100 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
21:59:47.0890 7100 AFD - ok
21:59:47.0914 7100 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
21:59:47.0916 7100 agp440 - ok
21:59:47.0944 7100 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:59:47.0947 7100 ALG - ok
21:59:47.0960 7100 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
21:59:47.0962 7100 aliide - ok
21:59:47.0974 7100 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
21:59:47.0976 7100 amdide - ok
21:59:47.0994 7100 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:59:48.0000 7100 AmdK8 - ok
21:59:48.0020 7100 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:59:48.0023 7100 AmdPPM - ok
21:59:48.0073 7100 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:59:48.0076 7100 amdsata - ok
21:59:48.0098 7100 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:59:48.0103 7100 amdsbs - ok
21:59:48.0120 7100 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:59:48.0122 7100 amdxata - ok
21:59:48.0144 7100 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
21:59:48.0147 7100 AppID - ok
21:59:48.0184 7100 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:59:48.0186 7100 AppIDSvc - ok
21:59:48.0202 7100 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
21:59:48.0203 7100 Appinfo - ok
21:59:48.0322 7100 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:59:48.0324 7100 Apple Mobile Device - ok
21:59:48.0367 7100 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:59:48.0370 7100 arc - ok
21:59:48.0396 7100 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:59:48.0399 7100 arcsas - ok
21:59:48.0417 7100 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:59:48.0418 7100 AsyncMac - ok
21:59:48.0444 7100 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
21:59:48.0446 7100 atapi - ok
21:59:48.0522 7100 [ 70260C7C98CC0101316F5B2650C3BB44 ] athr C:\Windows\system32\DRIVERS\athrx.sys
21:59:48.0598 7100 athr - ok
21:59:48.0648 7100 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:59:48.0670 7100 AudioEndpointBuilder - ok
21:59:48.0690 7100 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:59:48.0696 7100 AudioSrv - ok
21:59:48.0750 7100 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:59:48.0753 7100 AxInstSV - ok
21:59:48.0806 7100 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:59:48.0827 7100 b06bdrv - ok
21:59:48.0879 7100 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:59:48.0885 7100 b57nd60a - ok
21:59:48.0923 7100 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:59:48.0925 7100 BDESVC - ok
21:59:48.0942 7100 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:59:48.0943 7100 Beep - ok
21:59:49.0001 7100 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
21:59:49.0024 7100 BFE - ok
21:59:49.0077 7100 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
21:59:49.0087 7100 BITS - ok
21:59:49.0149 7100 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:59:49.0150 7100 blbdrive - ok
21:59:49.0290 7100 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:59:49.0362 7100 Bonjour Service - ok
21:59:49.0416 7100 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:59:49.0419 7100 bowser - ok
21:59:49.0450 7100 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:59:49.0452 7100 BrFiltLo - ok
21:59:49.0468 7100 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:59:49.0470 7100 BrFiltUp - ok
21:59:49.0509 7100 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:59:49.0515 7100 BridgeMP - ok
21:59:49.0569 7100 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
21:59:49.0571 7100 Browser - ok
21:59:49.0593 7100 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:59:49.0599 7100 Brserid - ok
21:59:49.0634 7100 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:59:49.0636 7100 BrSerWdm - ok
21:59:49.0648 7100 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:59:49.0650 7100 BrUsbMdm - ok
21:59:49.0665 7100 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:59:49.0667 7100 BrUsbSer - ok
21:59:49.0682 7100 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:59:49.0685 7100 BTHMODEM - ok
21:59:49.0724 7100 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:59:49.0727 7100 bthserv - ok
21:59:49.0753 7100 catchme - ok
21:59:49.0767 7100 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:59:49.0769 7100 cdfs - ok
21:59:49.0806 7100 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:59:49.0809 7100 cdrom - ok
21:59:49.0850 7100 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
21:59:49.0852 7100 CertPropSvc - ok
21:59:49.0941 7100 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys
21:59:49.0943 7100 cfwids - ok
21:59:49.0979 7100 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:59:49.0981 7100 circlass - ok
21:59:50.0002 7100 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:59:50.0009 7100 CLFS - ok
21:59:50.0072 7100 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:59:50.0090 7100 clr_optimization_v2.0.50727_32 - ok
21:59:50.0166 7100 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:59:50.0176 7100 clr_optimization_v2.0.50727_64 - ok
21:59:50.0281 7100 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:59:50.0387 7100 clr_optimization_v4.0.30319_32 - ok
21:59:50.0431 7100 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:59:50.0504 7100 clr_optimization_v4.0.30319_64 - ok
21:59:50.0545 7100 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:59:50.0549 7100 CmBatt - ok
21:59:50.0579 7100 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
21:59:50.0580 7100 cmdide - ok
21:59:50.0631 7100 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
21:59:50.0637 7100 CNG - ok
21:59:50.0673 7100 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:59:50.0674 7100 Compbatt - ok
21:59:50.0691 7100 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:59:50.0693 7100 CompositeBus - ok
21:59:50.0708 7100 COMSysApp - ok
21:59:50.0720 7100 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:59:50.0722 7100 crcdisk - ok
21:59:50.0773 7100 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:59:50.0776 7100 CryptSvc - ok
21:59:50.0910 7100 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:59:50.0919 7100 cvhsvc - ok
21:59:50.0959 7100 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:59:50.0965 7100 DcomLaunch - ok
21:59:50.0992 7100 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:59:50.0998 7100 defragsvc - ok
21:59:51.0051 7100 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:59:51.0054 7100 DfsC - ok
21:59:51.0092 7100 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
21:59:51.0098 7100 Dhcp - ok
21:59:51.0129 7100 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:59:51.0131 7100 discache - ok
21:59:51.0159 7100 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:59:51.0161 7100 Disk - ok
21:59:51.0198 7100 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:59:51.0200 7100 Dnscache - ok
21:59:51.0223 7100 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
21:59:51.0228 7100 dot3svc - ok
21:59:51.0246 7100 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
21:59:51.0250 7100 DPS - ok
21:59:51.0269 7100 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:59:51.0271 7100 drmkaud - ok
21:59:51.0347 7100 [ E2B2853A0210D6EDAB2261870BD80C1A ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
21:59:51.0351 7100 DsiWMIService - ok
21:59:51.0409 7100 [ 24CE1ECF9D0AE0301775B07F5FEA175B ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:59:51.0444 7100 DXGKrnl - ok
21:59:51.0486 7100 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:59:51.0487 7100 EapHost - ok
21:59:51.0591 7100 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:59:51.0687 7100 ebdrv - ok
21:59:51.0728 7100 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
21:59:51.0730 7100 EFS - ok
21:59:51.0812 7100 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:59:51.0835 7100 ehRecvr - ok
21:59:51.0868 7100 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:59:51.0872 7100 ehSched - ok
21:59:51.0903 7100 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:59:51.0921 7100 elxstor - ok
21:59:52.0044 7100 [ 09DDC2D4724A4FF844F738B60E63D872 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
21:59:52.0112 7100 ePowerSvc - ok
21:59:52.0128 7100 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
21:59:52.0129 7100 ErrDev - ok
21:59:52.0163 7100 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:59:52.0165 7100 EventSystem - ok
21:59:52.0179 7100 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:59:52.0182 7100 exfat - ok
21:59:52.0196 7100 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:59:52.0200 7100 fastfat - ok
21:59:52.0244 7100 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
21:59:52.0261 7100 Fax - ok
21:59:52.0270 7100 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:59:52.0271 7100 fdc - ok
21:59:52.0292 7100 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:59:52.0294 7100 fdPHost - ok
21:59:52.0305 7100 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:59:52.0307 7100 FDResPub - ok
21:59:52.0318 7100 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:59:52.0320 7100 FileInfo - ok
21:59:52.0333 7100 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:59:52.0335 7100 Filetrace - ok
21:59:52.0345 7100 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:59:52.0347 7100 flpydisk - ok
21:59:52.0363 7100 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:59:52.0368 7100 FltMgr - ok
21:59:52.0432 7100 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
21:59:52.0461 7100 FontCache - ok
21:59:52.0513 7100 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:59:52.0523 7100 FontCache3.0.0.0 - ok
21:59:52.0538 7100 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:59:52.0540 7100 FsDepends - ok
21:59:52.0577 7100 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:59:52.0635 7100 Fs_Rec - ok
21:59:52.0690 7100 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:59:52.0696 7100 fvevol - ok
21:59:52.0718 7100 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:59:52.0720 7100 gagp30kx - ok
21:59:52.0800 7100 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:59:52.0802 7100 GEARAspiWDM - ok
21:59:52.0857 7100 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
21:59:52.0864 7100 gpsvc - ok
21:59:52.0923 7100 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
21:59:52.0924 7100 GREGService - ok
21:59:53.0007 7100 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:59:53.0010 7100 gupdate - ok
21:59:53.0062 7100 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:59:53.0064 7100 gupdatem - ok
21:59:53.0154 7100 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:59:53.0232 7100 gusvc - ok
21:59:53.0256 7100 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:59:53.0257 7100 hcw85cir - ok
21:59:53.0293 7100 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:59:53.0299 7100 HdAudAddService - ok
21:59:53.0324 7100 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:59:53.0326 7100 HDAudBus - ok
21:59:53.0354 7100 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:59:53.0356 7100 HECIx64 - ok
21:59:53.0368 7100 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:59:53.0370 7100 HidBatt - ok
21:59:53.0380 7100 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:59:53.0383 7100 HidBth - ok
21:59:53.0416 7100 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:59:53.0418 7100 HidIr - ok
21:59:53.0440 7100 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:59:53.0442 7100 hidserv - ok
21:59:53.0470 7100 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:59:53.0472 7100 HidUsb - ok
21:59:53.0495 7100 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:59:53.0497 7100 hkmsvc - ok
21:59:53.0534 7100 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:59:53.0538 7100 HomeGroupListener - ok
21:59:53.0574 7100 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:59:53.0576 7100 HomeGroupProvider - ok
21:59:53.0605 7100 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
21:59:53.0608 7100 HpSAMD - ok
21:59:53.0654 7100 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:59:53.0711 7100 HTCAND64 - ok
21:59:53.0778 7100 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
21:59:53.0781 7100 htcnprot - ok
21:59:53.0837 7100 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:59:53.0860 7100 HTTP - ok
21:59:53.0887 7100 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:59:53.0888 7100 hwpolicy - ok
21:59:53.0908 7100 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:59:53.0911 7100 i8042prt - ok
21:59:53.0963 7100 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:59:53.0968 7100 iaStor - ok
21:59:54.0047 7100 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
21:59:54.0048 7100 IAStorDataMgrSvc - ok
21:59:54.0114 7100 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:59:54.0123 7100 iaStorV - ok
21:59:54.0193 7100 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:59:54.0252 7100 idsvc - ok
21:59:54.0515 7100 [ 09CE164AFA8483E41808784D7FCA154E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:59:54.0734 7100 igfx - ok
21:59:54.0783 7100 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:59:54.0785 7100 iirsp - ok
21:59:54.0826 7100 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
21:59:54.0836 7100 IKEEXT - ok
21:59:54.0866 7100 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
21:59:54.0869 7100 Impcd - ok
21:59:54.0966 7100 [ 51C98815721B44BF70E8AEB3FF3F57D6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:59:55.0025 7100 IntcAzAudAddService - ok
21:59:55.0054 7100 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:59:55.0059 7100 IntcDAud - ok
21:59:55.0072 7100 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
21:59:55.0073 7100 intelide - ok
21:59:55.0106 7100 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:59:55.0107 7100 intelppm - ok
21:59:55.0144 7100 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:59:55.0147 7100 IPBusEnum - ok
21:59:55.0164 7100 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:59:55.0166 7100 IpFilterDriver - ok
21:59:55.0203 7100 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:59:55.0209 7100 iphlpsvc - ok
21:59:55.0228 7100 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:59:55.0231 7100 IPMIDRV - ok
21:59:55.0237 7100 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:59:55.0240 7100 IPNAT - ok
21:59:55.0345 7100 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:59:55.0352 7100 iPod Service - ok
21:59:55.0370 7100 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:59:55.0371 7100 IRENUM - ok
21:59:55.0389 7100 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
21:59:55.0390 7100 isapnp - ok
21:59:55.0411 7100 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:59:55.0415 7100 iScsiPrt - ok
21:59:55.0440 7100 [ C9B4ECC187581E5BF3F76648884B7829 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
21:59:55.0445 7100 k57nd60a - ok
21:59:55.0467 7100 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:59:55.0469 7100 kbdclass - ok
21:59:55.0500 7100 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:59:55.0502 7100 kbdhid - ok
21:59:55.0519 7100 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
21:59:55.0520 7100 KeyIso - ok
21:59:55.0563 7100 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:59:55.0566 7100 KSecDD - ok
21:59:55.0601 7100 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:59:55.0604 7100 KSecPkg - ok
21:59:55.0618 7100 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:59:55.0620 7100 ksthunk - ok
21:59:55.0655 7100 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:59:55.0671 7100 KtmRm - ok
21:59:55.0710 7100 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:59:55.0713 7100 LanmanServer - ok
21:59:55.0734 7100 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:59:55.0737 7100 LanmanWorkstation - ok
21:59:55.0780 7100 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:59:55.0782 7100 lltdio - ok
21:59:55.0804 7100 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:59:55.0815 7100 lltdsvc - ok
21:59:55.0859 7100 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:59:55.0861 7100 lmhosts - ok
21:59:55.0931 7100 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:59:55.0934 7100 LMS - ok
21:59:55.0963 7100 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:59:55.0966 7100 LSI_FC - ok
21:59:55.0994 7100 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:59:55.0997 7100 LSI_SAS - ok
21:59:56.0009 7100 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:59:56.0011 7100 LSI_SAS2 - ok
21:59:56.0019 7100 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:59:56.0022 7100 LSI_SCSI - ok
21:59:56.0039 7100 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:59:56.0041 7100 luafv - ok
21:59:56.0124 7100 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:59:56.0126 7100 MBAMProtector - ok
21:59:56.0232 7100 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:59:56.0238 7100 MBAMScheduler - ok
21:59:56.0279 7100 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:59:56.0286 7100 MBAMService - ok
21:59:56.0382 7100 [ BE8C524313DB75FA26FB2B0C0AAFF88E ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
21:59:56.0463 7100 McAfee SiteAdvisor Service - ok
21:59:56.0618 7100 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:59:56.0621 7100 McMPFSvc - ok
21:59:56.0656 7100 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:59:56.0659 7100 mcmscsvc - ok
21:59:56.0718 7100 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:59:56.0722 7100 McNaiAnn - ok
21:59:56.0786 7100 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:59:56.0790 7100 McNASvc - ok
21:59:56.0912 7100 [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
21:59:56.0918 7100 McODS - ok
21:59:56.0939 7100 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:59:56.0942 7100 McProxy - ok
21:59:57.0020 7100 [ 597C77235621E7DDD32A68574FDE6464 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
21:59:57.0023 7100 McShield - ok
21:59:57.0053 7100 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:59:57.0060 7100 Mcx2Svc - ok
21:59:57.0099 7100 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:59:57.0101 7100 megasas - ok
21:59:57.0119 7100 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:59:57.0125 7100 MegaSR - ok
21:59:57.0153 7100 mfeapfk - ok
21:59:57.0221 7100 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
21:59:57.0226 7100 mfeavfk - ok
21:59:57.0239 7100 mfeavfk01 - ok
21:59:57.0280 7100 [ 134BB16F93A07C2C89B0B9C399382BDB ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
21:59:57.0339 7100 mfefire - ok
21:59:57.0381 7100 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
21:59:57.0440 7100 mfefirek - ok
21:59:57.0523 7100 [ 85AFDEAD1366BED11A84A5C6FC0A65D2 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
21:59:57.0546 7100 mfehidk - ok
21:59:57.0587 7100 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
21:59:57.0589 7100 mfenlfk - ok
21:59:57.0652 7100 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
21:59:57.0656 7100 mferkdet - ok
21:59:57.0708 7100 [ 984BBBB9BE02EF838DABDF3F3126A91B ] mfevtp C:\Windows\system32\mfevtps.exe
21:59:57.0780 7100 mfevtp - ok
21:59:57.0829 7100 [ 6251BE428073704FF1002231520C8F16 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
21:59:57.0834 7100 mfewfpk - ok
21:59:57.0869 7100 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:59:57.0871 7100 MMCSS - ok
21:59:57.0879 7100 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:59:57.0881 7100 Modem - ok
21:59:57.0918 7100 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:59:57.0919 7100 monitor - ok
21:59:57.0954 7100 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:59:57.0956 7100 mouclass - ok
21:59:57.0987 7100 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:59:57.0989 7100 mouhid - ok
21:59:58.0014 7100 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:59:58.0016 7100 mountmgr - ok
21:59:58.0029 7100 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
21:59:58.0032 7100 mpio - ok
21:59:58.0155 7100 MpKsl2f762822 - ok
21:59:58.0171 7100 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:59:58.0174 7100 mpsdrv - ok
21:59:58.0211 7100 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:59:58.0233 7100 MpsSvc - ok
21:59:58.0252 7100 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:59:58.0255 7100 MRxDAV - ok
21:59:58.0307 7100 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:59:58.0311 7100 mrxsmb - ok
21:59:58.0351 7100 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:59:58.0356 7100 mrxsmb10 - ok
21:59:58.0368 7100 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:59:58.0373 7100 mrxsmb20 - ok
21:59:58.0422 7100 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
21:59:58.0425 7100 msahci - ok
21:59:58.0441 7100 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
21:59:58.0445 7100 msdsm - ok
21:59:58.0463 7100 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:59:58.0473 7100 MSDTC - ok
21:59:58.0505 7100 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:59:58.0506 7100 Msfs - ok
21:59:58.0515 7100 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:59:58.0517 7100 mshidkmdf - ok
21:59:58.0533 7100 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
21:59:58.0534 7100 msisadrv - ok
21:59:58.0572 7100 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:59:58.0582 7100 MSiSCSI - ok
21:59:58.0588 7100 msiserver - ok
21:59:58.0615 7100 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:59:58.0617 7100 MSKSSRV - ok
21:59:58.0643 7100 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:59:58.0645 7100 MSPCLOCK - ok
21:59:58.0649 7100 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:59:58.0653 7100 MSPQM - ok
21:59:58.0686 7100 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:59:58.0692 7100 MsRPC - ok
21:59:58.0700 7100 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:59:58.0702 7100 mssmbios - ok
21:59:58.0708 7100 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:59:58.0709 7100 MSTEE - ok
21:59:58.0719 7100 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:59:58.0720 7100 MTConfig - ok
21:59:58.0735 7100 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:59:58.0736 7100 Mup - ok
21:59:58.0777 7100 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:59:58.0779 7100 mwlPSDFilter - ok
21:59:58.0797 7100 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:59:58.0859 7100 mwlPSDNServ - ok
21:59:58.0882 7100 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:59:58.0884 7100 mwlPSDVDisk - ok
21:59:58.0958 7100 [ 0036634E5C92BE109056F7E2380103A9 ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
21:59:59.0035 7100 MWLService - ok
21:59:59.0073 7100 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
21:59:59.0082 7100 napagent - ok
21:59:59.0129 7100 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:59:59.0135 7100 NativeWifiP - ok
21:59:59.0164 7100 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:59:59.0185 7100 NDIS - ok
21:59:59.0217 7100 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:59:59.0219 7100 NdisCap - ok
21:59:59.0241 7100 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:59:59.0242 7100 NdisTapi - ok
21:59:59.0255 7100 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:59:59.0257 7100 Ndisuio - ok
21:59:59.0278 7100 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:59:59.0282 7100 NdisWan - ok
21:59:59.0295 7100 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:59:59.0300 7100 NDProxy - ok
21:59:59.0312 7100 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:59:59.0314 7100 NetBIOS - ok
21:59:59.0329 7100 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:59:59.0334 7100 NetBT - ok
21:59:59.0367 7100 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
21:59:59.0368 7100 Netlogon - ok
21:59:59.0407 7100 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:59:59.0413 7100 Netman - ok
21:59:59.0436 7100 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:59:59.0441 7100 netprofm - ok
21:59:59.0465 7100 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:59:59.0472 7100 NetTcpPortSharing - ok
21:59:59.0491 7100 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:59:59.0493 7100 nfrd960 - ok
21:59:59.0531 7100 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:59:59.0535 7100 NlaSvc - ok
21:59:59.0576 7100 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\drivers\npf.sys
21:59:59.0578 7100 NPF - ok
21:59:59.0593 7100 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:59:59.0595 7100 Npfs - ok
21:59:59.0609 7100 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:59:59.0612 7100 nsi - ok
21:59:59.0624 7100 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:59:59.0626 7100 nsiproxy - ok
21:59:59.0706 7100 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:59:59.0751 7100 Ntfs - ok
21:59:59.0827 7100 [ 5B3CE960C62DBE864BE9A0BD043A3E30 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
21:59:59.0831 7100 NTI IScheduleSvc - ok
21:59:59.0874 7100 [ 15221DD637D9D0FFC60848EBBF1DF538 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
21:59:59.0957 7100 NTIBackupSvc - ok
21:59:59.0979 7100 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
21:59:59.0981 7100 NTIDrvr - ok
22:00:00.0023 7100 [ B5071E15D4C3F5EF5018AFF7E85A85E5 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
22:00:00.0046 7100 NTISchedulerSvc - ok
22:00:00.0072 7100 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:00:00.0073 7100 Null - ok
22:00:00.0099 7100 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:00:00.0102 7100 nvraid - ok
22:00:00.0142 7100 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:00:00.0147 7100 nvstor - ok
22:00:00.0180 7100 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:00:00.0183 7100 nv_agp - ok
22:00:00.0202 7100 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:00:00.0204 7100 ohci1394 - ok
22:00:00.0270 7100 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:00:00.0352 7100 ose - ok
22:00:00.0552 7100 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:00:00.0801 7100 osppsvc - ok
22:00:00.0839 7100 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:00:00.0845 7100 p2pimsvc - ok
22:00:00.0882 7100 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:00:00.0888 7100 p2psvc - ok
22:00:00.0911 7100 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:00:00.0914 7100 Parport - ok
22:00:00.0952 7100 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:00:00.0954 7100 partmgr - ok
22:00:01.0039 7100 [ AFADA8B97BE3C9398DC6C770409C3544 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
22:00:01.0040 7100 PassThru Service - ok
22:00:01.0059 7100 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:00:01.0063 7100 PcaSvc - ok
22:00:01.0083 7100 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
22:00:01.0086 7100 pci - ok
22:00:01.0098 7100 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:00:01.0099 7100 pciide - ok
22:00:01.0112 7100 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:00:01.0116 7100 pcmcia - ok
22:00:01.0127 7100 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:00:01.0128 7100 pcw - ok
22:00:01.0154 7100 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:00:01.0172 7100 PEAUTH - ok
22:00:01.0282 7100 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:00:01.0286 7100 PerfHost - ok
22:00:01.0346 7100 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
22:00:01.0395 7100 pla - ok
22:00:01.0451 7100 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:00:01.0470 7100 PlugPlay - ok
22:00:01.0485 7100 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:00:01.0488 7100 PNRPAutoReg - ok
22:00:01.0507 7100 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:00:01.0512 7100 PNRPsvc - ok
22:00:01.0553 7100 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:00:01.0583 7100 PolicyAgent - ok
22:00:01.0627 7100 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:00:01.0631 7100 Power - ok
22:00:01.0671 7100 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:00:01.0674 7100 PptpMiniport - ok
22:00:01.0685 7100 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:00:01.0687 7100 Processor - ok
22:00:01.0728 7100 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
22:00:01.0731 7100 ProfSvc - ok
22:00:01.0746 7100 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:00:01.0747 7100 ProtectedStorage - ok
22:00:01.0777 7100 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:00:01.0780 7100 Psched - ok
22:00:01.0828 7100 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:00:01.0863 7100 ql2300 - ok
22:00:01.0881 7100 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:00:01.0884 7100 ql40xx - ok
22:00:01.0911 7100 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:00:01.0916 7100 QWAVE - ok
22:00:01.0936 7100 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:00:01.0937 7100 QWAVEdrv - ok
22:00:01.0945 7100 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:00:01.0946 7100 RasAcd - ok
22:00:01.0986 7100 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:00:01.0988 7100 RasAgileVpn - ok
22:00:02.0000 7100 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:00:02.0003 7100 RasAuto - ok
22:00:02.0026 7100 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:00:02.0029 7100 Rasl2tp - ok
22:00:02.0055 7100 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
22:00:02.0059 7100 RasMan - ok
22:00:02.0072 7100 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:00:02.0075 7100 RasPppoe - ok
22:00:02.0081 7100 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:00:02.0084 7100 RasSstp - ok
22:00:02.0104 7100 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:00:02.0109 7100 rdbss - ok
22:00:02.0123 7100 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:00:02.0124 7100 rdpbus - ok
22:00:02.0152 7100 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:00:02.0153 7100 RDPCDD - ok
22:00:02.0166 7100 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:00:02.0168 7100 RDPENCDD - ok
22:00:02.0186 7100 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:00:02.0187 7100 RDPREFMP - ok
22:00:02.0236 7100 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:00:02.0239 7100 RDPWD - ok
22:00:02.0258 7100 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:00:02.0262 7100 rdyboost - ok
22:00:02.0294 7100 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:00:02.0297 7100 RemoteAccess - ok
22:00:02.0338 7100 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:00:02.0342 7100 RemoteRegistry - ok
22:00:02.0392 7100 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
22:00:02.0482 7100 rpcapd - ok
22:00:02.0500 7100 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:00:02.0502 7100 RpcEptMapper - ok
22:00:02.0526 7100 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:00:02.0528 7100 RpcLocator - ok
22:00:02.0555 7100 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
22:00:02.0559 7100 RpcSs - ok
22:00:02.0603 7100 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:00:02.0605 7100 rspndr - ok
22:00:02.0657 7100 [ CE2EF8030932B98832EB2F9580C5B1DD ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
22:00:02.0663 7100 RSUSBSTOR - ok
22:00:02.0707 7100 [ 4E821C740A675F6D040BE41D59A62B1D ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
22:00:02.0712 7100 RTHDMIAzAudService - ok
22:00:02.0724 7100 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
22:00:02.0726 7100 SamSs - ok
22:00:02.0747 7100 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:00:02.0750 7100 sbp2port - ok
22:00:02.0784 7100 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:00:02.0788 7100 SCardSvr - ok
22:00:02.0805 7100 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:00:02.0807 7100 scfilter - ok
22:00:02.0856 7100 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
22:00:02.0863 7100 Schedule - ok
22:00:02.0903 7100 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:00:02.0904 7100 SCPolicySvc - ok
22:00:03.0021 7100 [ B60E9769655DDEE8368E3ABB6668E076 ] ScrybeUpdater C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
22:00:03.0036 7100 ScrybeUpdater - ok
22:00:03.0056 7100 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:00:03.0059 7100 SDRSVC - ok
22:00:03.0076 7100 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:00:03.0077 7100 secdrv - ok
22:00:03.0099 7100 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
22:00:03.0101 7100 seclogon - ok
22:00:03.0119 7100 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:00:03.0121 7100 SENS - ok
22:00:03.0138 7100 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:00:03.0140 7100 SensrSvc - ok
22:00:03.0158 7100 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:00:03.0160 7100 Serenum - ok
22:00:03.0186 7100 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:00:03.0189 7100 Serial - ok
22:00:03.0208 7100 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:00:03.0212 7100 sermouse - ok
22:00:03.0232 7100 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
22:00:03.0235 7100 SessionEnv - ok
22:00:03.0253 7100 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:00:03.0255 7100 sffdisk - ok
22:00:03.0259 7100 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:00:03.0260 7100 sffp_mmc - ok
22:00:03.0272 7100 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:00:03.0274 7100 sffp_sd - ok
22:00:03.0281 7100 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:00:03.0282 7100 sfloppy - ok
22:00:03.0356 7100 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
22:00:03.0379 7100 Sftfs - ok
22:00:03.0467 7100 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:00:03.0474 7100 sftlist - ok
22:00:03.0493 7100 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:00:03.0499 7100 Sftplay - ok
22:00:03.0510 7100 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:00:03.0512 7100 Sftredir - ok
22:00:03.0525 7100 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
22:00:03.0527 7100 Sftvol - ok
22:00:03.0552 7100 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:00:03.0554 7100 sftvsa - ok
22:00:03.0594 7100 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:00:03.0601 7100 SharedAccess - ok
22:00:03.0638 7100 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:00:03.0644 7100 ShellHWDetection - ok
22:00:03.0692 7100 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:00:03.0695 7100 SiSRaid2 - ok
22:00:03.0711 7100 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:00:03.0715 7100 SiSRaid4 - ok
22:00:03.0875 7100 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:00:03.0965 7100 Skype C2C Service - ok
22:00:04.0031 7100 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:00:22.0115 7100 SkypeUpdate - ok
22:00:22.0152 7100 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:00:22.0156 7100 Smb - ok
22:00:22.0196 7100 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:00:22.0199 7100 SNMPTRAP - ok
22:00:22.0215 7100 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:00:22.0217 7100 spldr - ok
22:00:22.0262 7100 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
22:00:22.0270 7100 Spooler - ok
22:00:22.0369 7100 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
22:00:22.0395 7100 sppsvc - ok
22:00:22.0409 7100 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:00:22.0412 7100 sppuinotify - ok
22:00:22.0460 7100 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:00:22.0481 7100 srv - ok
22:00:22.0503 7100 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:00:22.0520 7100 srv2 - ok
22:00:22.0556 7100 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:00:22.0559 7100 srvnet - ok
22:00:22.0578 7100 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:00:22.0583 7100 SSDPSRV - ok
22:00:22.0599 7100 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:00:22.0602 7100 SstpSvc - ok
22:00:22.0624 7100 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:00:22.0626 7100 stexstor - ok
22:00:22.0658 7100 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
22:00:22.0677 7100 stisvc - ok
22:00:22.0719 7100 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:00:22.0721 7100 swenum - ok
22:00:22.0746 7100 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:00:22.0766 7100 swprv - ok
22:00:22.0852 7100 [ 8DF6C536ECE3B538978B53C223AB905D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:00:22.0897 7100 SynTP - ok
22:00:22.0949 7100 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
22:00:22.0999 7100 SysMain - ok
22:00:23.0028 7100 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:00:23.0031 7100 TabletInputService - ok
22:00:23.0043 7100 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:00:23.0050 7100 TapiSrv - ok
22:00:23.0073 7100 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:00:23.0076 7100 TBS - ok
22:00:23.0162 7100 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:00:23.0221 7100 Tcpip - ok
22:00:23.0283 7100 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:00:23.0295 7100 TCPIP6 - ok
22:00:23.0330 7100 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:00:23.0332 7100 tcpipreg - ok
22:00:23.0341 7100 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:00:23.0343 7100 TDPIPE - ok
22:00:23.0379 7100 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:00:23.0380 7100 TDTCP - ok
22:00:23.0394 7100 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:00:23.0396 7100 tdx - ok
22:00:23.0409 7100 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:00:23.0411 7100 TermDD - ok
22:00:23.0451 7100 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
22:00:23.0477 7100 TermService - ok
22:00:23.0499 7100 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:00:23.0502 7100 Themes - ok
22:00:23.0530 7100 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:00:23.0533 7100 THREADORDER - ok
22:00:23.0555 7100 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:00:23.0559 7100 TrkWks - ok
22:00:23.0605 7100 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:00:23.0607 7100 TrustedInstaller - ok
22:00:23.0641 7100 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:00:23.0643 7100 tssecsrv - ok
22:00:23.0667 7100 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:00:23.0670 7100 tunnel - ok
22:00:23.0689 7100 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:00:23.0692 7100 uagp35 - ok
22:00:23.0717 7100 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
22:00:23.0719 7100 UBHelper - ok
22:00:23.0743 7100 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:00:23.0749 7100 udfs - ok
22:00:23.0783 7100 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:00:23.0786 7100 UI0Detect - ok
22:00:23.0808 7100 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:00:23.0810 7100 uliagpkx - ok
22:00:23.0820 7100 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:00:23.0822 7100 umbus - ok
22:00:23.0857 7100 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:00:23.0859 7100 UmPass - ok
22:00:23.0975 7100 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:00:23.0990 7100 UNS - ok
22:00:24.0040 7100 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
22:00:24.0043 7100 Updater Service - ok
22:00:24.0079 7100 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:00:24.0088 7100 upnphost - ok
22:00:24.0147 7100 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:00:24.0208 7100 USBAAPL64 - ok
22:00:24.0250 7100 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:00:24.0254 7100 usbccgp - ok
22:00:24.0289 7100 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:00:24.0293 7100 usbcir - ok
22:00:24.0324 7100 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:00:24.0326 7100 usbehci - ok
22:00:24.0355 7100 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:00:24.0361 7100 usbhub - ok
22:00:24.0402 7100 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:00:24.0403 7100 usbohci - ok
22:00:24.0425 7100 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:00:24.0427 7100 usbprint - ok
22:00:24.0468 7100 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:00:24.0471 7100 USBSTOR - ok
22:00:24.0490 7100 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:00:24.0492 7100 usbuhci - ok
22:00:24.0519 7100 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:00:24.0523 7100 usbvideo - ok
22:00:24.0556 7100 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:00:24.0559 7100 UxSms - ok
22:00:24.0572 7100 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
22:00:24.0573 7100 VaultSvc - ok
22:00:24.0616 7100 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:00:24.0618 7100 vdrvroot - ok
22:00:24.0648 7100 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
22:00:24.0667 7100 vds - ok
22:00:24.0690 7100 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:00:24.0692 7100 vga - ok
22:00:24.0705 7100 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:00:24.0707 7100 VgaSave - ok
22:00:24.0729 7100 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:00:24.0734 7100 vhdmp - ok
22:00:24.0748 7100 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:00:24.0750 7100 viaide - ok
22:00:24.0764 7100 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:00:24.0766 7100 volmgr - ok
22:00:24.0791 7100 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:00:24.0798 7100 volmgrx - ok
22:00:24.0834 7100 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
22:00:24.0840 7100 volsnap - ok
22:00:24.0867 7100 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:00:24.0870 7100 vsmraid - ok
22:00:24.0930 7100 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
22:00:24.0982 7100 VSS - ok
22:00:24.0996 7100 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:00:24.0998 7100 vwifibus - ok
22:00:25.0030 7100 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:00:25.0032 7100 vwififlt - ok
22:00:25.0053 7100 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:00:25.0060 7100 W32Time - ok
22:00:25.0074 7100 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:00:25.0076 7100 WacomPen - ok
22:00:25.0097 7100 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:00:25.0101 7100 WANARP - ok
22:00:25.0108 7100 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:00:25.0109 7100 Wanarpv6 - ok
22:00:25.0276 7100 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:00:25.0413 7100 WatAdminSvc - ok
22:00:25.0483 7100 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
22:00:25.0544 7100 wbengine - ok
22:00:25.0567 7100 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:00:25.0572 7100 WbioSrvc - ok
22:00:25.0600 7100 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:00:25.0608 7100 wcncsvc - ok
22:00:25.0640 7100 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:00:25.0643 7100 WcsPlugInService - ok
22:00:25.0699 7100 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:00:25.0701 7100 Wd - ok
22:00:25.0727 7100 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:00:25.0745 7100 Wdf01000 - ok
22:00:25.0810 7100 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:00:25.0815 7100 WdiServiceHost - ok
22:00:25.0824 7100 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:00:25.0829 7100 WdiSystemHost - ok
22:00:25.0868 7100 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
22:00:25.0874 7100 WebClient - ok
22:00:25.0899 7100 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:00:25.0904 7100 Wecsvc - ok
22:00:25.0926 7100 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:00:25.0928 7100 wercplsupport - ok
22:00:25.0945 7100 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:00:25.0948 7100 WerSvc - ok
22:00:25.0975 7100 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:00:25.0976 7100 WfpLwf - ok
22:00:25.0996 7100 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:00:25.0998 7100 WIMMount - ok
22:00:26.0027 7100 WinDefend - ok
22:00:26.0035 7100 WinHttpAutoProxySvc - ok
22:00:26.0092 7100 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:00:26.0094 7100 Winmgmt - ok
22:00:26.0167 7100 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
22:00:26.0221 7100 WinRM - ok
22:00:26.0279 7100 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:00:26.0282 7100 WinUsb - ok
22:00:26.0314 7100 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:00:26.0338 7100 Wlansvc - ok
22:00:26.0499 7100 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:00:26.0518 7100 wlidsvc - ok
22:00:26.0539 7100 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:00:26.0539 7100 WmiAcpi - ok
22:00:26.0575 7100 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:00:26.0583 7100 wmiApSrv - ok
22:00:26.0650 7100 WMPNetworkSvc - ok
22:00:26.0689 7100 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:00:26.0693 7100 WPCSvc - ok
22:00:26.0714 7100 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:00:26.0719 7100 WPDBusEnum - ok
22:00:26.0755 7100 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:00:26.0756 7100 ws2ifsl - ok
22:00:26.0801 7100 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
22:00:26.0805 7100 wscsvc - ok
22:00:26.0810 7100 WSearch - ok
22:00:26.0914 7100 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:00:26.0993 7100 wuauserv - ok
22:00:27.0021 7100 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:00:27.0024 7100 WudfPf - ok
22:00:27.0052 7100 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:00:27.0056 7100 WUDFRd - ok
22:00:27.0081 7100 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:00:27.0085 7100 wudfsvc - ok
22:00:27.0116 7100 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:00:27.0133 7100 WwanSvc - ok
22:00:27.0179 7100 ================ Scan global ===============================
22:00:27.0204 7100 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:00:27.0245 7100 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
22:00:27.0267 7100 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
22:00:27.0313 7100 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:00:27.0350 7100 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:00:27.0356 7100 [Global] - ok
22:00:27.0356 7100 ================ Scan MBR ==================================
22:00:27.0373 7100 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:00:27.0729 7100 \Device\Harddisk0\DR0 - ok
22:00:27.0730 7100 ================ Scan VBR ==================================
22:00:27.0733 7100 [ 2455EE4B2EF8EBBBB43DB311BC0A34EC ] \Device\Harddisk0\DR0\Partition1
22:00:27.0735 7100 \Device\Harddisk0\DR0\Partition1 - ok
22:00:27.0776 7100 [ 357CDB548BD43692237308CE3A7B03DA ] \Device\Harddisk0\DR0\Partition2
22:00:27.0778 7100 \Device\Harddisk0\DR0\Partition2 - ok
22:00:27.0779 7100 ============================================================
22:00:27.0779 7100 Scan finished
22:00:27.0779 7100 ============================================================
22:00:27.0790 7004 Detected object count: 0
22:00:27.0790 7004 Actual detected object count: 0

#13 clarkey80

clarkey80
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 12 October 2012 - 04:29 PM

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-12 22:02:17
-----------------------------
22:02:17.620 OS Version: Windows x64 6.1.7600
22:02:17.621 Number of processors: 4 586 0x2502
22:02:17.622 ComputerName: HOME-PC UserName: Home
22:02:18.954 Initialize success
22:06:06.370 AVAST engine defs: 12101201
22:06:21.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:06:21.255 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
22:06:21.274 Disk 0 MBR read successfully
22:06:21.278 Disk 0 MBR scan
22:06:21.286 Disk 0 Windows 7 default MBR code
22:06:21.290 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13319 MB offset 63
22:06:21.315 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 27278370
22:06:21.331 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 291822 MB offset 27487215
22:06:21.364 Disk 0 scanning C:\Windows\system32\drivers
22:06:31.148 Service scanning
22:06:54.834 Modules scanning
22:06:54.849 Disk 0 trace - called modules:
22:06:54.895 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:06:54.905 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065b8060]
22:06:54.913 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80045b3050]
22:06:56.584 AVAST engine scan C:\Windows
22:07:51.767 AVAST engine scan C:\Windows\system32
22:12:21.044 AVAST engine scan C:\Windows\system32\drivers
22:12:33.116 AVAST engine scan C:\Users\Home
22:24:49.356 AVAST engine scan C:\ProgramData
22:27:54.970 Scan finished successfully
22:28:21.132 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
22:28:21.171 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,818 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 PM

Posted 12 October 2012 - 04:40 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 clarkey80

clarkey80
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 12 October 2012 - 04:42 PM

Before I do this, does mcafee need to be off?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users