Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit IRP Hook 28 Infections: How to remove?


  • This topic is locked This topic is locked
13 replies to this topic

#1 karentaliesin

karentaliesin

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:29 AM

Posted 28 September 2013 - 08:31 PM

Hello,

i would be grateful for any assistance to help remove these malware issues from my computer and to know if that is necessary or not? (i have read another thread on a similar matter,  http://www.bleepingcomputer.com/forums/t/506739/irp-hooks-detected-by-avg-free-false-positives-or-real-problems/  )    and have thus thought better to post and get support, thanks in advance for your time and help.  which i understand is voluntary. i am not very computer literate where the jargon and computer operation is concerned but i shall do my best to be concise and helpful and i have followed your preparation thread. and will happily wait till i hear from someone.

regards Karen.

 

The problem

I have run avg free scans daily  for a while, and they have been showing 6 or7  rootkit infections on removal by avg  come back the next day, on scanning. with slightly different names, but in the same place C:\Windows\System32\Drivers\spjl.sys

i then ran malwarebytes to try to clear them which didnt work.  and gave up and lived with them!! wondering if i should perhaps totally re install my OS. i switched from adobe reader beta to sumatra pdf.  

 

 Yesterday there appeared 47  and after removal  today and rescanning immediately after, it  now shows 28 infections.

and i do not know if they are dangerous or not. but the sudden increase in number is worrying and makes me think they are perhaps more than innocuos, and if so i would like to know how to go about removing them please  as AVG does not seem to resolve it  or.if you are able to advise me in this situation.

 

follows

 the log from AVG  scan

 the DDS logs  requested (in which i see  mention of searchdial , which arrived on my computer bundled in a download from cnet, sometime back- thought i had removed that from everywhere on my computer) since learned to use custom downloading

attached the attach.txt zipped

 

 

avg scan results

 

Whole Computer Scan         Medium priority 28 0 28   Folders selected for scanning: Scan Whole Computer       Started: 28/09/2013, 21:31:41       Finished: 28/09/2013, 22:36:08       Total object scanned: 2000081       User who launched the scan: karen                 Status Priority Name Description Result Infected Medium IRP hook, \FileSystem\Ntfs IRP_MJ_PNP -> spjl.sys +0x3FB68 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \Driver\atapi IRP_MJ_CREATE -> spjl.sys +0x413C4 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \FileSystem\Ntfs IRP_MJ_QUERY_QUOTA -> spjl.sys +0x3FB68 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \FileSystem\Ntfs IRP_MJ_SHUTDOWN -> spjl.sys +0x3FB68 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \FileSystem\Ntfs IRP_MJ_SET_INFORMATION -> spjl.sys +0x3FB68 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \FileSystem\Ntfs IRP_MJ_WRITE -> spjl.sys +0x3FB68 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium Inline hook ataport.SYS DllUnload -> spjl.sys +0x5E360 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \Driver\volmgr IRP_MJ_CREATE -> spjl.sys +0x40B00 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \FileSystem\Ntfs IRP_MJ_SET_VOLUME_INFORMATION -> spjl.sys +0x3FB68 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \Driver\volmgr IRP_MJ_POWER -> spjl.sys +0x40B00 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \FileSystem\Ntfs IRP_MJ_QUERY_SECURITY -> spjl.sys +0x3FB68 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \Driver\volmgr IRP_MJ_FLUSH_BUFFERS -> spjl.sys +0x40B00 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \FileSystem\Ntfs IRP_MJ_CLOSE -> spjl.sys +0x3FB68 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium atapi.sys, hooked import ataport.SYS AtaPortReadPortBufferUshort -> spjl.sys +0x2D35C C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \FileSystem\Ntfs IRP_MJ_SET_QUOTA -> spjl.sys +0x3FB68 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium pci.sys, hooked import ntoskrnl.exe IoAttachDeviceToDeviceStack -> spjl.sys +0x62650 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \FileSystem\Ntfs IRP_MJ_QUERY_EA -> spjl.sys +0x3FB68 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \Driver\volmgr IRP_MJ_DEVICE_CONTROL -> spjl.sys +0x40B00 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \FileSystem\Ntfs IRP_MJ_CLEANUP -> spjl.sys +0x3FB68 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \FileSystem\Ntfs IRP_MJ_DEVICE_CONTROL -> spjl.sys +0x3FB68 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium atapi.sys, hooked import ataport.SYS AtaPortReadPortUchar -> spjl.sys +0x2D224 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \FileSystem\Ntfs IRP_MJ_SET_SECURITY -> spjl.sys +0x3FB68 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \FileSystem\Ntfs IRP_MJ_LOCK_CONTROL -> spjl.sys +0x3FB68 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \Driver\volmgr IRP_MJ_WRITE -> spjl.sys +0x40B00 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \Driver\atapi IRP_MJ_PNP -> spjl.sys +0x413C4 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \FileSystem\Ntfs IRP_MJ_READ -> spjl.sys +0x3FB68 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \FileSystem\Ntfs IRP_MJ_CREATE -> spjl.sys +0x3FB68 C:\Windows\System32\Drivers\spjl.sys Infected Infected Medium IRP hook, \Driver\volmgr IRP_MJ_READ -> spjl.sys +0x40B00 C:\Windows\System32\Drivers\spjl.sys Infected          

 

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.25.2
Run by karen at 2:17:50 on 2013-09-29
Microsoft Windows 7 Édition Familiale Premium   6.1.7601.1.1252.33.1036.18.4025.1250 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\Explorer.EXE
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\karen\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\program\swriter.exe
C:\Program Files (x86)\program\soffice.exe
C:\Program Files (x86)\program\soffice.bin
C:\Windows\splwow64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.



uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\karen\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [googletalk] C:\Users\karen\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [AVG-Secure-Search-Update_0913b] C:\Users\karen\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 4bdb0065de7c47d69dbad16f6bb926e3-964ba5bbfdd3420b4e4d90ba9a8d956f5e3e6fd4 --CMPID 0913b
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
mRun: [NPSStartup] <no file>
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 212.27.40.241 212.27.40.240
TCP: Interfaces\{A84FA5E1-AF88-48EE-9378-749E6D42F092} : NameServer = 82.132.254.3 82.132.254.2
TCP: Interfaces\{BC346B06-E77C-433D-A417-3C531E949CDA} : DHCPNameServer = 212.27.40.241 212.27.40.240
TCP: Interfaces\{BC346B06-E77C-433D-A417-3C531E949CDA}\2456C6B696E6E273442443 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{BC346B06-E77C-433D-A417-3C531E949CDA}\461646E6564713 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{BC346B06-E77C-433D-A417-3C531E949CDA}\E657D65627F693 : DHCPNameServer = 212.27.40.241 212.27.40.240
TCP: Interfaces\{D6FD5ECB-B8B0-463A-A545-BD5EA1D828A6} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{EA6E5087-A66D-464D-9659-87FE5884A642} : NameServer = 82.132.254.3 82.132.254.2
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\karen\AppData\Roaming\Mozilla\Firefox\Profiles\7g18t2fd.default\
FF - prefs.js: browser.search.selectedEngine - Google.fr

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Users\karen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\karen\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\karen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\karen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\karen\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2010-11-07 23:07; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.mysearchdial.hmpg - true

FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false


FF - user.js: extensions.mysearchdial.id - 0CEEE6CAB6F93FB1
FF - user.js: extensions.mysearchdial.instlDay - 15915
FF - user.js: extensions.mysearchdial.vrsn -
FF - user.js: extensions.mysearchdial.vrsni -
FF - user.js: extensions.mysearchdial_i.vrsnTs - 16:31:41
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dnldmsd
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 1147949709
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutD0C0E0E0EyC0C0A0ByC0FzytA0F0BtCtN0D0Tzu0CyDyByCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q
FF - user.js: extensions.irmysearch.aflt - dnldmsd
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 1147949709
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutD0C0E0E0EyC0C0A0ByC0FzytA0F0BtCtN0D0Tzu0CyDyByCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-11-5 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-7 311592]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-21 62720]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-18 144640]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
R2 Start BT in service;Start BT in service;C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
R2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe [2011-6-14 201080]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-22 240160]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-8-29 87040]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-11-5 138752]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-20 317480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-8-29 117248]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\System32\drivers\ewusbwwan.sys [2012-8-29 421888]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-18 50432]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2010-11-7 13280]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-28 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-22 216064]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2012-9-26 16448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-28 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-5 1255736]
.
=============== Created Last 30 ================
.
2013-09-20 18:54:38    8006480    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-09-20 18:54:21    9694160    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF9E819A-5905-43FD-96B5-0C956BD38472}\mpengine.dll
2013-09-11 22:01:44    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
2013-09-07 02:29:24    --------    d-----w-    C:\Users\karen\AppData\Roaming\Downloaded Installations
2013-09-07 02:24:00    --------    d-----w-    C:\Users\karen\AppData\Roaming\SumatraPDF
2013-09-07 02:23:53    --------    d-----w-    C:\Program Files (x86)\SumatraPDF
2013-09-04 23:43:42    45880    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
.
==================== Find3M  ====================
.
2013-09-15 00:02:49    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-15 00:02:48    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-10 05:22:18    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-08-10 05:20:59    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43    3155456    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-07 02:22:02    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-08-02 02:23:53    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-02 02:15:03    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-08-02 00:59:09    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-08-02 00:45:37    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 23:51:00    311608    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2013-07-19 23:50:56    71480    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2013-07-19 23:50:56    246072    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-19 23:50:50    206648    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2013-07-19 01:58:42    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-19 01:41:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH:  2:18:48,76 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 karentaliesin

karentaliesin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:29 AM

Posted 30 September 2013 - 07:35 AM

Hi again,

there are various running issues occuring with my computer happening

whilst backing up to my external hard drive last night,  trying to eject the hard drive, it kept telling me  that it had files open and to close them first before ejecting,  i had no known files open,   i switched computer off and tried to reboot,   windows wouldnt reboot,  tried again and i selected it to check  (as opposed to rebooting normally) and offered me the chance of recuperating the system;  which i didnt do, as i have posted here and prefer to wait for advice, (as i dont know what the heck i am doing).

also my usb key,  has suddenly become write protected, and i cannot move files off it, to it ,or format it.

shockwave keeps giving me a message that the plug in is not working, it does eventually when i select continue.

and odd things  like when plugging my password in when i open firefox browser will not work if i press ok button but will if i hit the return button.

 

not sure if any of this is connectedc to the above issues that i have not removed with agv since posting here,  as requested to sit with things untim someone could assess the situation, 

 

really appreciate you give time freely, and i am not trying to hurry anyone up,  just thought i would add this info to the thread.

(im used to dealing with biological  human viruses and stuff,  not computer things :)  )

 

Thanks

Karen



#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,686 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 30 September 2013 - 07:49 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

im used to dealing with biological  human viruses

 

So is my mother! :)

 

 

I think you have the same false positives created by avg than many other users, but let´s see:

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 karentaliesin

karentaliesin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:29 AM

Posted 30 September 2013 - 09:52 AM

Hi Marius,

thanks for your help. i have followed the instructions. and hoping that it is something that is nothing (false positives!)

 

(by the way i used the defogger first in case i had  cd emulation programs .  i have no idea what that/they might be???   as instructed to in the post at top of forum . so that is and remains on disabled. i hope that was correct.)

 

Once again  your help is much appreciated.

Karen

 

the aswMBR log result

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-30 15:45:58
-----------------------------
15:45:58.983    OS Version: Windows x64 6.1.7601 Service Pack 1
15:45:58.983    Number of processors: 2 586 0x170A
15:45:58.987    ComputerName: KARENTALIESIN  UserName: karen
15:46:02.039    Initialize success
15:53:20.645    AVAST engine defs: 13093000
15:53:51.867    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:53:51.871    Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
15:53:51.990    Disk 0 MBR read successfully
15:53:51.994    Disk 0 MBR scan
15:53:52.009    Disk 0 Windows 7 default MBR code
15:53:52.033    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13000 MB offset 2048
15:53:52.057    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 26626048
15:53:52.085    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       368772 MB offset 26830848
15:53:52.101    Disk 0 Partition - 00     0F Extended LBA             95065 MB offset 782077952
15:53:52.148    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        95064 MB offset 782080000
15:53:52.330    Disk 0 scanning C:\Windows\system32\drivers
15:54:16.614    Service scanning
15:55:11.003    Modules scanning
15:55:11.016    Disk 0 trace - called modules:
15:55:11.051    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:55:11.061    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800578c060]
15:55:11.071    3 CLASSPNP.SYS[fffff8800108743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800468a050]
15:55:11.928    AVAST engine scan C:\Windows
15:55:18.984    AVAST engine scan C:\Windows\system32
16:04:42.648    AVAST engine scan C:\Windows\system32\drivers
16:05:17.162    AVAST engine scan C:\Users\karen
16:20:34.014    AVAST engine scan C:\ProgramData
16:24:00.890    Scan finished successfully
16:27:58.648    Disk 0 MBR has been saved successfully to "C:\Users\karen\Desktop\MBR.dat"
16:27:58.667    The log file has been saved successfully to "C:\Users\karen\Desktop\aswMBR.txt"

TDSSkiller   log

 

16:31:31.0073 6036  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:31:31.0681 6036  ============================================================
16:31:31.0681 6036  Current date / time: 2013/09/30 16:31:31.0681
16:31:31.0681 6036  SystemInfo:
16:31:31.0681 6036  
16:31:31.0681 6036  OS Version: 6.1.7601 ServicePack: 1.0
16:31:31.0681 6036  Product type: Workstation
16:31:31.0681 6036  ComputerName: KARENTALIESIN
16:31:31.0682 6036  UserName: karen
16:31:31.0682 6036  Windows directory: C:\Windows
16:31:31.0682 6036  System windows directory: C:\Windows
16:31:31.0682 6036  Running under WOW64
16:31:31.0682 6036  Processor architecture: Intel x64
16:31:31.0682 6036  Number of processors: 2
16:31:31.0682 6036  Page size: 0x1000
16:31:31.0682 6036  Boot type: Normal boot
16:31:31.0682 6036  ============================================================
16:31:32.0499 6036  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:31:32.0507 6036  ============================================================
16:31:32.0507 6036  \Device\Harddisk0\DR0:
16:31:32.0521 6036  MBR partitions:
16:31:32.0521 6036  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
16:31:32.0521 6036  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x2D042690
16:31:32.0542 6036  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2E9D9800, BlocksNum 0xB9AC000
16:31:32.0542 6036  ============================================================
16:31:32.0585 6036  C: <-> \Device\Harddisk0\DR0\Partition2
16:31:32.0631 6036  D: <-> \Device\Harddisk0\DR0\Partition3
16:31:32.0631 6036  ============================================================
16:31:32.0632 6036  Initialize success
16:31:32.0632 6036  ============================================================
16:31:54.0698 5696  ============================================================
16:31:54.0698 5696  Scan started
16:31:54.0698 5696  Mode: Manual;
16:31:54.0698 5696  ============================================================
16:31:55.0275 5696  ================ Scan system memory ========================
16:31:55.0276 5696  System memory - ok
16:31:55.0276 5696  ================ Scan services =============================
16:31:55.0446 5696  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:31:55.0451 5696  1394ohci - ok
16:31:55.0479 5696  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:31:55.0485 5696  ACPI - ok
16:31:55.0529 5696  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:31:55.0530 5696  AcpiPmi - ok
16:31:55.0575 5696  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:31:55.0584 5696  adp94xx - ok
16:31:55.0608 5696  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:31:55.0612 5696  adpahci - ok
16:31:55.0640 5696  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:31:55.0643 5696  adpu320 - ok
16:31:55.0673 5696  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:31:55.0675 5696  AeLookupSvc - ok
16:31:55.0722 5696  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:31:55.0728 5696  AFD - ok
16:31:55.0770 5696  [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
16:31:55.0771 5696  AgereModemAudio - ok
16:31:55.0818 5696  [ AF4748EF93416159459769A24A0053AF ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
16:31:55.0835 5696  AgereSoftModem - ok
16:31:55.0884 5696  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:31:55.0886 5696  agp440 - ok
16:31:55.0917 5696  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:31:55.0918 5696  ALG - ok
16:31:55.0964 5696  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:31:55.0966 5696  aliide - ok
16:31:55.0984 5696  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:31:55.0985 5696  amdide - ok
16:31:56.0020 5696  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:31:56.0021 5696  AmdK8 - ok
16:31:56.0044 5696  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:31:56.0045 5696  AmdPPM - ok
16:31:56.0089 5696  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:31:56.0091 5696  amdsata - ok
16:31:56.0123 5696  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:31:56.0126 5696  amdsbs - ok
16:31:56.0160 5696  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:31:56.0162 5696  amdxata - ok
16:31:56.0198 5696  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:31:56.0199 5696  AppID - ok
16:31:56.0233 5696  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:31:56.0234 5696  AppIDSvc - ok
16:31:56.0273 5696  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
16:31:56.0275 5696  Appinfo - ok
16:31:56.0398 5696  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:31:56.0401 5696  Apple Mobile Device - ok
16:31:56.0427 5696  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:31:56.0429 5696  arc - ok
16:31:56.0459 5696  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:31:56.0461 5696  arcsas - ok
16:31:56.0481 5696  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:31:56.0482 5696  AsyncMac - ok
16:31:56.0520 5696  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:31:56.0521 5696  atapi - ok
16:31:56.0581 5696  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
16:31:56.0603 5696  athr - ok
16:31:56.0665 5696  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:31:56.0675 5696  AudioEndpointBuilder - ok
16:31:56.0691 5696  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:31:56.0699 5696  AudioSrv - ok
16:31:56.0864 5696  [ 4DB93F4DB7077801D2D82013506AC1D0 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
16:31:56.0894 5696  AVGIDSAgent - ok
16:31:56.0928 5696  [ 241C32E942869FD1351CC5864976C3AC ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
16:31:56.0931 5696  AVGIDSDriver - ok
16:31:56.0961 5696  [ C8D9EEACF266512C1FA52E2ECF5AD944 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
16:31:56.0963 5696  AVGIDSHA - ok
16:31:56.0988 5696  [ FACD18A89FDEBC35C85CAF762B294BE2 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
16:31:56.0991 5696  Avgldx64 - ok
16:31:57.0018 5696  [ 29FCDEAC6086FB7E55344B51E35D99CE ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
16:31:57.0022 5696  Avgloga - ok
16:31:57.0049 5696  [ 85053293DCDE19829E8691A9E9E8A6FF ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
16:31:57.0051 5696  Avgmfx64 - ok
16:31:57.0084 5696  [ 4494718783294ECFFBA7E89D82BAE6E1 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
16:31:57.0085 5696  Avgrkx64 - ok
16:31:57.0111 5696  [ 69BD90E337625F96C718CACE7A9C9E29 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
16:31:57.0115 5696  Avgtdia - ok
16:31:57.0146 5696  [ 48939D9F350AEF9370F03A1E49A49BE2 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
16:31:57.0149 5696  avgwd - ok
16:31:57.0189 5696  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:31:57.0191 5696  AxInstSV - ok
16:31:57.0232 5696  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:31:57.0240 5696  b06bdrv - ok
16:31:57.0262 5696  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:31:57.0265 5696  b57nd60a - ok
16:31:57.0325 5696  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
16:31:57.0341 5696  BCM43XX - ok
16:31:57.0378 5696  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:31:57.0380 5696  BDESVC - ok
16:31:57.0411 5696  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:31:57.0412 5696  Beep - ok
16:31:57.0467 5696  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:31:57.0478 5696  BFE - ok
16:31:57.0511 5696  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:31:57.0521 5696  BITS - ok
16:31:57.0539 5696  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:31:57.0540 5696  blbdrive - ok
16:31:57.0583 5696  [ DAA72C9154459E613EED88502624C340 ] BlueletAudio    C:\Windows\system32\DRIVERS\blueletaudio.sys
16:31:57.0585 5696  BlueletAudio - ok
16:31:57.0605 5696  [ 8AF05BCB15D846E1E8B34AF0635879C9 ] BlueletSCOAudio C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
16:31:57.0607 5696  BlueletSCOAudio - ok
16:31:57.0653 5696  [ 2072720F0848312C40E01C2AEC8ED439 ] BlueSoleil Hid Service C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
16:31:57.0656 5696  BlueSoleil Hid Service - ok
16:31:57.0678 5696  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:31:57.0681 5696  bowser - ok
16:31:57.0712 5696  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:31:57.0713 5696  BrFiltLo - ok
16:31:57.0730 5696  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:31:57.0731 5696  BrFiltUp - ok
16:31:57.0754 5696  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:31:57.0757 5696  Browser - ok
16:31:57.0783 5696  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:31:57.0787 5696  Brserid - ok
16:31:57.0809 5696  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:31:57.0810 5696  BrSerWdm - ok
16:31:57.0820 5696  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:31:57.0821 5696  BrUsbMdm - ok
16:31:57.0839 5696  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:31:57.0840 5696  BrUsbSer - ok
16:31:57.0879 5696  [ 0F890E854FCBE98F4574ACC6423FCCEF ] BT              C:\Windows\system32\DRIVERS\btnetdrv.sys
16:31:57.0881 5696  BT - ok
16:31:57.0903 5696  [ 7C5893EA5AA483E051B8311BDB36E19A ] Btcsrusb        C:\Windows\system32\Drivers\btcusb.sys
16:31:57.0905 5696  Btcsrusb - ok
16:31:57.0927 5696  [ E49A371185D5E79C103765DA93856EE1 ] BTHidEnum       C:\Windows\system32\Drivers\vbtenum.sys
16:31:57.0930 5696  BTHidEnum - ok
16:31:57.0944 5696  [ 8FA060B557C7DE309D2D5C16C3DA2EF6 ] BTHidMgr        C:\Windows\system32\Drivers\BTHidMgr.sys
16:31:57.0946 5696  BTHidMgr - ok
16:31:57.0960 5696  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:31:57.0962 5696  BTHMODEM - ok
16:31:57.0994 5696  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:31:57.0996 5696  bthserv - ok
16:31:58.0009 5696  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:31:58.0011 5696  cdfs - ok
16:31:58.0049 5696  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:31:58.0052 5696  cdrom - ok
16:31:58.0090 5696  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:31:58.0092 5696  CertPropSvc - ok
16:31:58.0119 5696  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:31:58.0120 5696  circlass - ok
16:31:58.0147 5696  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:31:58.0152 5696  CLFS - ok
16:31:58.0217 5696  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:31:58.0220 5696  clr_optimization_v2.0.50727_32 - ok
16:31:58.0261 5696  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:31:58.0264 5696  clr_optimization_v2.0.50727_64 - ok
16:31:58.0307 5696  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:31:58.0338 5696  clr_optimization_v4.0.30319_32 - ok
16:31:58.0364 5696  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:31:58.0367 5696  clr_optimization_v4.0.30319_64 - ok
16:31:58.0399 5696  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:31:58.0401 5696  CmBatt - ok
16:31:58.0438 5696  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:31:58.0440 5696  cmdide - ok
16:31:58.0483 5696  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
16:31:58.0491 5696  CNG - ok
16:31:58.0522 5696  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:31:58.0524 5696  Compbatt - ok
16:31:58.0560 5696  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:31:58.0562 5696  CompositeBus - ok
16:31:58.0569 5696  COMSysApp - ok
16:31:58.0594 5696  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:31:58.0596 5696  crcdisk - ok
16:31:58.0642 5696  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:31:58.0645 5696  CryptSvc - ok
16:31:58.0690 5696  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:31:58.0699 5696  DcomLaunch - ok
16:31:58.0732 5696  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:31:58.0736 5696  defragsvc - ok
16:31:58.0768 5696  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:31:58.0770 5696  DfsC - ok
16:31:58.0811 5696  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:31:58.0817 5696  Dhcp - ok
16:31:58.0841 5696  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:31:58.0843 5696  discache - ok
16:31:58.0856 5696  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:31:58.0858 5696  Disk - ok
16:31:58.0930 5696  [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr         C:\Windows\syswow64\Drivers\DKbFltr.sys
16:31:58.0932 5696  DKbFltr - ok
16:31:58.0965 5696  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:31:58.0968 5696  Dnscache - ok
16:31:59.0017 5696  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:31:59.0021 5696  dot3svc - ok
16:31:59.0046 5696  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
16:31:59.0049 5696  Dot4 - ok
16:31:59.0079 5696  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
16:31:59.0080 5696  Dot4Print - ok
16:31:59.0102 5696  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
16:31:59.0104 5696  dot4usb - ok
16:31:59.0137 5696  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:31:59.0140 5696  DPS - ok
16:31:59.0164 5696  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:31:59.0165 5696  drmkaud - ok
16:31:59.0206 5696  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:31:59.0221 5696  DXGKrnl - ok
16:31:59.0259 5696  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:31:59.0261 5696  EapHost - ok
16:31:59.0359 5696  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:31:59.0439 5696  ebdrv - ok
16:31:59.0487 5696  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:31:59.0488 5696  EFS - ok
16:31:59.0558 5696  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:31:59.0589 5696  ehRecvr - ok
16:31:59.0612 5696  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:31:59.0615 5696  ehSched - ok
16:31:59.0655 5696  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:31:59.0661 5696  elxstor - ok
16:31:59.0755 5696  [ 7C35C6865957289D9EFE6CC73F4AB2E1 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
16:31:59.0767 5696  ePowerSvc - ok
16:31:59.0804 5696  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:31:59.0805 5696  ErrDev - ok
16:31:59.0854 5696  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:31:59.0859 5696  EventSystem - ok
16:31:59.0912 5696  [ 62D6246A3E6AB69690F08F1BD1706F3D ] ewusbmbb        C:\Windows\system32\DRIVERS\ewusbwwan.sys
16:31:59.0917 5696  ewusbmbb - ok
16:31:59.0960 5696  [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:31:59.0962 5696  ew_hwusbdev - ok
16:31:59.0988 5696  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:31:59.0991 5696  exfat - ok
16:32:00.0009 5696  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:32:00.0013 5696  fastfat - ok
16:32:00.0059 5696  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:32:00.0070 5696  Fax - ok
16:32:00.0093 5696  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:32:00.0094 5696  fdc - ok
16:32:00.0125 5696  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:32:00.0127 5696  fdPHost - ok
16:32:00.0138 5696  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:32:00.0141 5696  FDResPub - ok
16:32:00.0154 5696  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:32:00.0157 5696  FileInfo - ok
16:32:00.0176 5696  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:32:00.0176 5696  Filetrace - ok
16:32:00.0200 5696  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:32:00.0201 5696  flpydisk - ok
16:32:00.0238 5696  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:32:00.0242 5696  FltMgr - ok
16:32:00.0309 5696  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
16:32:00.0327 5696  FontCache - ok
16:32:00.0408 5696  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:32:00.0411 5696  FontCache3.0.0.0 - ok
16:32:00.0443 5696  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:32:00.0445 5696  FsDepends - ok
16:32:00.0482 5696  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:32:00.0484 5696  Fs_Rec - ok
16:32:00.0518 5696  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:32:00.0523 5696  fvevol - ok
16:32:00.0541 5696  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:32:00.0543 5696  gagp30kx - ok
16:32:00.0597 5696  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:32:00.0599 5696  GEARAspiWDM - ok
16:32:00.0654 5696  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:32:00.0666 5696  gpsvc - ok
16:32:00.0730 5696  [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
16:32:00.0747 5696  Greg_Service - ok
16:32:00.0792 5696  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:32:00.0797 5696  gusvc - ok
16:32:00.0838 5696  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:32:00.0839 5696  hcw85cir - ok
16:32:00.0883 5696  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:32:00.0888 5696  HdAudAddService - ok
16:32:00.0925 5696  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:32:00.0928 5696  HDAudBus - ok
16:32:00.0952 5696  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:32:00.0953 5696  HidBatt - ok
16:32:00.0975 5696  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:32:00.0977 5696  HidBth - ok
16:32:01.0010 5696  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:32:01.0011 5696  HidIr - ok
16:32:01.0044 5696  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:32:01.0045 5696  hidserv - ok
16:32:01.0069 5696  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:32:01.0070 5696  HidUsb - ok
16:32:01.0110 5696  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:32:01.0113 5696  hkmsvc - ok
16:32:01.0154 5696  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:32:01.0158 5696  HomeGroupListener - ok
16:32:01.0194 5696  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:32:01.0198 5696  HomeGroupProvider - ok
16:32:01.0252 5696  [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
16:32:01.0256 5696  hpqcxs08 - ok
16:32:01.0287 5696  [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
16:32:01.0290 5696  hpqddsvc - ok
16:32:01.0332 5696  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:32:01.0335 5696  HpSAMD - ok
16:32:01.0396 5696  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:32:01.0407 5696  HTTP - ok
16:32:01.0451 5696  [ CCE3DB0BA3C615CAA321EB1301532688 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:32:01.0453 5696  huawei_enumerator - ok
16:32:01.0491 5696  [ CE93B8AF848FE2AA44455A4769C1BC8A ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:32:01.0494 5696  hwdatacard - ok
16:32:01.0584 5696  [ E90DA42B87D684DEBFB73B38A718A006 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
16:32:01.0589 5696  HWDeviceService64.exe - ok
16:32:01.0631 5696  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:32:01.0633 5696  hwpolicy - ok
16:32:01.0669 5696  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:32:01.0670 5696  i8042prt - ok
16:32:01.0718 5696  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:32:01.0725 5696  IAANTMON - ok
16:32:01.0758 5696  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
16:32:01.0761 5696  iaStor - ok
16:32:01.0804 5696  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:32:01.0809 5696  iaStorV - ok
16:32:01.0877 5696  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:32:01.0891 5696  idsvc - ok
16:32:02.0085 5696  [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
16:32:02.0241 5696  igfx - ok
16:32:02.0282 5696  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:32:02.0284 5696  iirsp - ok
16:32:02.0339 5696  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:32:02.0349 5696  IKEEXT - ok
16:32:02.0405 5696  [ 9AA6A93852E36FE76C3F7FC2904F3B01 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:32:02.0427 5696  IntcAzAudAddService - ok
16:32:02.0461 5696  [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
16:32:02.0463 5696  IntcHdmiAddService - ok
16:32:02.0508 5696  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:32:02.0509 5696  intelide - ok
16:32:02.0544 5696  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:32:02.0546 5696  intelppm - ok
16:32:02.0581 5696  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:32:02.0584 5696  IPBusEnum - ok
16:32:02.0618 5696  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:32:02.0621 5696  IpFilterDriver - ok
16:32:02.0671 5696  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:32:02.0679 5696  iphlpsvc - ok
16:32:02.0714 5696  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:32:02.0715 5696  IPMIDRV - ok
16:32:02.0745 5696  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:32:02.0747 5696  IPNAT - ok
16:32:02.0832 5696  [ 78486992AC657AE5065C4A2135838570 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:32:02.0841 5696  iPod Service - ok
16:32:02.0875 5696  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:32:02.0876 5696  IRENUM - ok
16:32:02.0914 5696  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:32:02.0915 5696  isapnp - ok
16:32:02.0940 5696  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:32:02.0946 5696  iScsiPrt - ok
16:32:02.0999 5696  [ BF65E6D039AE37C988D5B2B680E7D718 ] ISWKL           C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
16:32:03.0001 5696  ISWKL - ok
16:32:03.0036 5696  [ 99148599FE4D0A5CD7C7EB74ED5A63E4 ] IswSvc          C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
16:32:03.0049 5696  IswSvc - ok
16:32:03.0084 5696  [ 249EE2D26CB1530F3BEDE0AC8B9E3099 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
16:32:03.0090 5696  k57nd60a - ok
16:32:03.0125 5696  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
16:32:03.0127 5696  kbdclass - ok
16:32:03.0155 5696  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:32:03.0156 5696  kbdhid - ok
16:32:03.0176 5696  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:32:03.0178 5696  KeyIso - ok
16:32:03.0222 5696  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:32:03.0225 5696  KSecDD - ok
16:32:03.0264 5696  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:32:03.0267 5696  KSecPkg - ok
16:32:03.0297 5696  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:32:03.0298 5696  ksthunk - ok
16:32:03.0347 5696  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:32:03.0354 5696  KtmRm - ok
16:32:03.0378 5696  [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
16:32:03.0379 5696  L1E - ok
16:32:03.0422 5696  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:32:03.0428 5696  LanmanServer - ok
16:32:03.0477 5696  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:32:03.0482 5696  LanmanWorkstation - ok
16:32:03.0505 5696  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:32:03.0508 5696  lltdio - ok
16:32:03.0545 5696  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:32:03.0549 5696  lltdsvc - ok
16:32:03.0562 5696  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:32:03.0564 5696  lmhosts - ok
16:32:03.0602 5696  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:32:03.0604 5696  LSI_FC - ok
16:32:03.0621 5696  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:32:03.0625 5696  LSI_SAS - ok
16:32:03.0645 5696  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:32:03.0647 5696  LSI_SAS2 - ok
16:32:03.0668 5696  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:32:03.0671 5696  LSI_SCSI - ok
16:32:03.0686 5696  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:32:03.0688 5696  luafv - ok
16:32:03.0726 5696  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:32:03.0728 5696  Mcx2Svc - ok
16:32:03.0750 5696  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:32:03.0752 5696  megasas - ok
16:32:03.0784 5696  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:32:03.0788 5696  MegaSR - ok
16:32:03.0825 5696  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:32:03.0827 5696  MMCSS - ok
16:32:03.0846 5696  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:32:03.0848 5696  Modem - ok
16:32:03.0872 5696  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:32:03.0873 5696  monitor - ok
16:32:03.0890 5696  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
16:32:03.0891 5696  mouclass - ok
16:32:03.0905 5696  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:32:03.0906 5696  mouhid - ok
16:32:03.0943 5696  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:32:03.0945 5696  mountmgr - ok
16:32:03.0994 5696  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:32:03.0997 5696  MozillaMaintenance - ok
16:32:04.0035 5696  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:32:04.0038 5696  mpio - ok
16:32:04.0072 5696  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:32:04.0074 5696  mpsdrv - ok
16:32:04.0134 5696  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:32:04.0147 5696  MpsSvc - ok
16:32:04.0197 5696  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:32:04.0199 5696  MRxDAV - ok
16:32:04.0239 5696  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:32:04.0244 5696  mrxsmb - ok
16:32:04.0289 5696  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:32:04.0293 5696  mrxsmb10 - ok
16:32:04.0310 5696  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:32:04.0313 5696  mrxsmb20 - ok
16:32:04.0349 5696  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:32:04.0351 5696  msahci - ok
16:32:04.0386 5696  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:32:04.0389 5696  msdsm - ok
16:32:04.0408 5696  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:32:04.0410 5696  MSDTC - ok
16:32:04.0441 5696  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:32:04.0443 5696  Msfs - ok
16:32:04.0463 5696  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:32:04.0464 5696  mshidkmdf - ok
16:32:04.0487 5696  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:32:04.0489 5696  msisadrv - ok
16:32:04.0533 5696  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:32:04.0535 5696  MSiSCSI - ok
16:32:04.0544 5696  msiserver - ok
16:32:04.0566 5696  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:32:04.0567 5696  MSKSSRV - ok
16:32:04.0583 5696  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:32:04.0584 5696  MSPCLOCK - ok
16:32:04.0604 5696  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:32:04.0605 5696  MSPQM - ok
16:32:04.0644 5696  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:32:04.0649 5696  MsRPC - ok
16:32:04.0681 5696  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:32:04.0682 5696  mssmbios - ok
16:32:04.0701 5696  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:32:04.0702 5696  MSTEE - ok
16:32:04.0720 5696  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:32:04.0721 5696  MTConfig - ok
16:32:04.0740 5696  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:32:04.0742 5696  Mup - ok
16:32:04.0765 5696  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
16:32:04.0766 5696  mwlPSDFilter - ok
16:32:04.0782 5696  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
16:32:04.0783 5696  mwlPSDNServ - ok
16:32:04.0801 5696  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
16:32:04.0803 5696  mwlPSDVDisk - ok
16:32:04.0858 5696  [ 0F5FAAC852DB4C340B7A2F187E3358B8 ] MWLService      C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
16:32:04.0862 5696  MWLService - ok
16:32:04.0909 5696  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:32:04.0918 5696  napagent - ok
16:32:04.0954 5696  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:32:04.0959 5696  NativeWifiP - ok
16:32:05.0020 5696  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:32:05.0035 5696  NDIS - ok
16:32:05.0056 5696  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:32:05.0057 5696  NdisCap - ok
16:32:05.0090 5696  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:32:05.0091 5696  NdisTapi - ok
16:32:05.0127 5696  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:32:05.0129 5696  Ndisuio - ok
16:32:05.0162 5696  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:32:05.0165 5696  NdisWan - ok
16:32:05.0207 5696  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:32:05.0208 5696  NDProxy - ok
16:32:05.0229 5696  [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:32:05.0231 5696  Net Driver HPZ12 - ok
16:32:05.0259 5696  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:32:05.0261 5696  NetBIOS - ok
16:32:05.0312 5696  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:32:05.0315 5696  NetBT - ok
16:32:05.0332 5696  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:32:05.0335 5696  Netlogon - ok
16:32:05.0373 5696  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:32:05.0378 5696  Netman - ok
16:32:05.0406 5696  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:32:05.0412 5696  netprofm - ok
16:32:05.0448 5696  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:32:05.0451 5696  NetTcpPortSharing - ok
16:32:05.0480 5696  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:32:05.0482 5696  nfrd960 - ok
16:32:05.0532 5696  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:32:05.0539 5696  NlaSvc - ok
16:32:05.0561 5696  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:32:05.0563 5696  Npfs - ok
16:32:05.0592 5696  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:32:05.0594 5696  nsi - ok
16:32:05.0607 5696  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:32:05.0608 5696  nsiproxy - ok
16:32:05.0671 5696  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:32:05.0690 5696  Ntfs - ok
16:32:05.0753 5696  [ 70E3EB0CEF795D348F05E5A9B115F491 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
16:32:05.0756 5696  NTI IScheduleSvc - ok
16:32:05.0796 5696  [ FD324CCE1D4D5BB5AF65F8E55B462C7E ] NTIBackupSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
16:32:05.0798 5696  NTIBackupSvc - ok
16:32:05.0834 5696  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
16:32:05.0835 5696  NTIDrvr - ok
16:32:05.0872 5696  [ 3F6268A2EC33CD38CF75C880AF8DED42 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
16:32:05.0896 5696  NTISchedulerSvc - ok
16:32:05.0918 5696  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:32:05.0918 5696  Null - ok
16:32:05.0955 5696  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:32:05.0958 5696  nvraid - ok
16:32:05.0972 5696  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:32:05.0976 5696  nvstor - ok
16:32:06.0019 5696  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:32:06.0022 5696  nv_agp - ok
16:32:06.0037 5696  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:32:06.0038 5696  ohci1394 - ok
16:32:06.0073 5696  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:32:06.0079 5696  p2pimsvc - ok
16:32:06.0107 5696  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:32:06.0113 5696  p2psvc - ok
16:32:06.0149 5696  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:32:06.0150 5696  Parport - ok
16:32:06.0188 5696  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:32:06.0190 5696  partmgr - ok
16:32:06.0229 5696  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:32:06.0233 5696  PcaSvc - ok
16:32:06.0255 5696  pccsmcfd - ok
16:32:06.0302 5696  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:32:06.0304 5696  pci - ok
16:32:06.0350 5696  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:32:06.0352 5696  pciide - ok
16:32:06.0384 5696  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:32:06.0388 5696  pcmcia - ok
16:32:06.0409 5696  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:32:06.0411 5696  pcw - ok
16:32:06.0441 5696  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:32:06.0448 5696  PEAUTH - ok
16:32:06.0515 5696  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:32:06.0548 5696  PerfHost - ok
16:32:06.0632 5696  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:32:06.0652 5696  pla - ok
16:32:06.0728 5696  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:32:06.0737 5696  PlugPlay - ok
16:32:06.0757 5696  [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:32:06.0760 5696  Pml Driver HPZ12 - ok
16:32:06.0790 5696  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:32:06.0792 5696  PNRPAutoReg - ok
16:32:06.0817 5696  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:32:06.0821 5696  PNRPsvc - ok
16:32:06.0864 5696  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:32:06.0870 5696  PolicyAgent - ok
16:32:06.0904 5696  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:32:06.0907 5696  Power - ok
16:32:06.0939 5696  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:32:06.0942 5696  PptpMiniport - ok
16:32:06.0964 5696  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:32:06.0965 5696  Processor - ok
16:32:06.0996 5696  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:32:07.0000 5696  ProfSvc - ok
16:32:07.0021 5696  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:32:07.0023 5696  ProtectedStorage - ok
16:32:07.0068 5696  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:32:07.0070 5696  Psched - ok
16:32:07.0080 5696  pwdrvio - ok
16:32:07.0117 5696  [ 2F7F3D3BDB65CAFCE52F3E1D52CAB937 ] pwdspio         C:\Windows\system32\pwdspio.sys
16:32:07.0119 5696  pwdspio - ok
16:32:07.0166 5696  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:32:07.0183 5696  ql2300 - ok
16:32:07.0220 5696  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:32:07.0223 5696  ql40xx - ok
16:32:07.0254 5696  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:32:07.0258 5696  QWAVE - ok
16:32:07.0274 5696  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:32:07.0275 5696  QWAVEdrv - ok
16:32:07.0294 5696  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:32:07.0295 5696  RasAcd - ok
16:32:07.0321 5696  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:32:07.0323 5696  RasAgileVpn - ok
16:32:07.0345 5696  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:32:07.0348 5696  RasAuto - ok
16:32:07.0382 5696  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:32:07.0385 5696  Rasl2tp - ok
16:32:07.0425 5696  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:32:07.0430 5696  RasMan - ok
16:32:07.0443 5696  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:32:07.0445 5696  RasPppoe - ok
16:32:07.0459 5696  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:32:07.0462 5696  RasSstp - ok
16:32:07.0498 5696  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:32:07.0502 5696  rdbss - ok
16:32:07.0529 5696  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:32:07.0530 5696  rdpbus - ok
16:32:07.0550 5696  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:32:07.0551 5696  RDPCDD - ok
16:32:07.0574 5696  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:32:07.0575 5696  RDPENCDD - ok
16:32:07.0587 5696  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:32:07.0589 5696  RDPREFMP - ok
16:32:07.0659 5696  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:32:07.0660 5696  RdpVideoMiniport - ok
16:32:07.0696 5696  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:32:07.0698 5696  RDPWD - ok
16:32:07.0736 5696  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:32:07.0739 5696  rdyboost - ok
16:32:07.0783 5696  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:32:07.0786 5696  RemoteAccess - ok
16:32:07.0814 5696  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:32:07.0818 5696  RemoteRegistry - ok
16:32:07.0843 5696  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
16:32:07.0844 5696  ROOTMODEM - ok
16:32:07.0859 5696  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:32:07.0862 5696  RpcEptMapper - ok
16:32:07.0886 5696  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:32:07.0888 5696  RpcLocator - ok
16:32:07.0935 5696  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:32:07.0943 5696  RpcSs - ok
16:32:07.0968 5696  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:32:07.0970 5696  rspndr - ok
16:32:08.0002 5696  [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
16:32:08.0005 5696  RSUSBSTOR - ok
16:32:08.0013 5696  RtsUIR - ok
16:32:08.0032 5696  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:32:08.0034 5696  SamSs - ok
16:32:08.0070 5696  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:32:08.0072 5696  sbp2port - ok
16:32:08.0106 5696  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:32:08.0110 5696  SCardSvr - ok
16:32:08.0148 5696  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:32:08.0149 5696  scfilter - ok
16:32:08.0217 5696  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:32:08.0233 5696  Schedule - ok
16:32:08.0279 5696  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:32:08.0281 5696  SCPolicySvc - ok
16:32:08.0321 5696  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:32:08.0324 5696  SDRSVC - ok
16:32:08.0362 5696  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:32:08.0363 5696  secdrv - ok
16:32:08.0407 5696  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:32:08.0411 5696  seclogon - ok
16:32:08.0457 5696  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:32:08.0460 5696  SENS - ok
16:32:08.0481 5696  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:32:08.0484 5696  SensrSvc - ok
16:32:08.0503 5696  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:32:08.0504 5696  Serenum - ok
16:32:08.0541 5696  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:32:08.0542 5696  Serial - ok
16:32:08.0586 5696  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:32:08.0587 5696  sermouse - ok
16:32:08.0647 5696  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:32:08.0650 5696  SessionEnv - ok
16:32:08.0663 5696  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:32:08.0664 5696  sffdisk - ok
16:32:08.0685 5696  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:32:08.0686 5696  sffp_mmc - ok
16:32:08.0707 5696  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:32:08.0708 5696  sffp_sd - ok
16:32:08.0730 5696  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:32:08.0731 5696  sfloppy - ok
16:32:08.0774 5696  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:32:08.0778 5696  SharedAccess - ok
16:32:08.0825 5696  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:32:08.0830 5696  ShellHWDetection - ok
16:32:08.0858 5696  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:32:08.0859 5696  SiSRaid2 - ok
16:32:08.0882 5696  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:32:08.0884 5696  SiSRaid4 - ok
16:32:09.0099 5696  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:32:09.0169 5696  Skype C2C Service - ok
16:32:09.0236 5696  [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:32:09.0242 5696  SkypeUpdate - ok
16:32:09.0289 5696  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:32:09.0292 5696  Smb - ok
16:32:09.0339 5696  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:32:09.0342 5696  SNMPTRAP - ok
16:32:09.0362 5696  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:32:09.0365 5696  spldr - ok
16:32:09.0403 5696  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:32:09.0411 5696  Spooler - ok
16:32:09.0523 5696  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:32:09.0606 5696  sppsvc - ok
16:32:09.0649 5696  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:32:09.0652 5696  sppuinotify - ok
16:32:09.0709 5696  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\System32\Drivers\sptd.sys
16:32:09.0718 5696  sptd - ok
16:32:09.0765 5696  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:32:09.0771 5696  srv - ok
16:32:09.0797 5696  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:32:09.0802 5696  srv2 - ok
16:32:09.0824 5696  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:32:09.0826 5696  srvnet - ok
16:32:09.0865 5696  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:32:09.0869 5696  SSDPSRV - ok
16:32:09.0890 5696  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:32:09.0892 5696  SstpSvc - ok
16:32:09.0936 5696  [ 329EBFCE6BA46C29EA1B8624E7823CAD ] Start BT in service C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
16:32:09.0937 5696  Start BT in service - ok
16:32:09.0970 5696  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:32:09.0973 5696  stexstor - ok
16:32:10.0025 5696  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:32:10.0035 5696  stisvc - ok
16:32:10.0072 5696  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:32:10.0074 5696  swenum - ok
16:32:10.0113 5696  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:32:10.0121 5696  swprv - ok
16:32:10.0155 5696  [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
16:32:10.0159 5696  SynTP - ok
16:32:10.0241 5696  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:32:10.0264 5696  SysMain - ok
16:32:10.0307 5696  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:32:10.0310 5696  TabletInputService - ok
16:32:10.0331 5696  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:32:10.0336 5696  TapiSrv - ok
16:32:10.0362 5696  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:32:10.0364 5696  TBS - ok
16:32:10.0446 5696  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:32:10.0475 5696  Tcpip - ok
16:32:10.0506 5696  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:32:10.0519 5696  TCPIP6 - ok
16:32:10.0559 5696  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:32:10.0560 5696  tcpipreg - ok
16:32:10.0589 5696  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:32:10.0590 5696  TDPIPE - ok
16:32:10.0632 5696  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:32:10.0634 5696  TDTCP - ok
16:32:10.0681 5696  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:32:10.0682 5696  tdx - ok
16:32:10.0719 5696  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:32:10.0721 5696  TermDD - ok
16:32:10.0763 5696  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:32:10.0772 5696  TermService - ok
16:32:10.0821 5696  [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk       C:\Windows\System32\Drivers\TFsExDisk.sys
16:32:10.0823 5696  TFsExDisk - ok
16:32:10.0929 5696  [ AB10AFD7809ABA275A8E20F215C5C0BD ] TGCM_ImportWiFiSvc C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe
16:32:10.0933 5696  TGCM_ImportWiFiSvc - ok
16:32:10.0967 5696  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:32:10.0970 5696  Themes - ok
16:32:10.0993 5696  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:32:10.0995 5696  THREADORDER - ok
16:32:11.0013 5696  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:32:11.0016 5696  TrkWks - ok
16:32:11.0084 5696  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:32:11.0088 5696  TrustedInstaller - ok
16:32:11.0131 5696  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:32:11.0132 5696  tssecsrv - ok
16:32:11.0170 5696  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:32:11.0171 5696  TsUsbFlt - ok
16:32:11.0210 5696  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:32:11.0213 5696  tunnel - ok
16:32:11.0240 5696  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:32:11.0242 5696  uagp35 - ok
16:32:11.0263 5696  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
16:32:11.0264 5696  UBHelper - ok
16:32:11.0310 5696  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:32:11.0314 5696  udfs - ok
16:32:11.0355 5696  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:32:11.0357 5696  UI0Detect - ok
16:32:11.0377 5696  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:32:11.0379 5696  uliagpkx - ok
16:32:11.0416 5696  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
16:32:11.0417 5696  umbus - ok
16:32:11.0450 5696  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:32:11.0451 5696  UmPass - ok
16:32:11.0530 5696  [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
16:32:11.0534 5696  Updater Service - ok
16:32:11.0579 5696  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:32:11.0585 5696  upnphost - ok
16:32:11.0639 5696  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
16:32:11.0641 5696  USBAAPL64 - ok
16:32:11.0683 5696  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:32:11.0686 5696  usbaudio - ok
16:32:11.0720 5696  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:32:11.0722 5696  usbccgp - ok
16:32:11.0732 5696  USBCCID - ok
16:32:11.0761 5696  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:32:11.0763 5696  usbcir - ok
16:32:11.0786 5696  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:32:11.0788 5696  usbehci - ok
16:32:11.0823 5696  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:32:11.0828 5696  usbhub - ok
16:32:11.0863 5696  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:32:11.0864 5696  usbohci - ok
16:32:11.0880 5696  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:32:11.0882 5696  usbprint - ok
16:32:11.0913 5696  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:32:11.0914 5696  usbscan - ok
16:32:11.0961 5696  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
16:32:11.0962 5696  usbser - ok
16:32:11.0997 5696  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:32:11.0999 5696  USBSTOR - ok
16:32:12.0019 5696  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:32:12.0021 5696  usbuhci - ok
16:32:12.0068 5696  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:32:12.0072 5696  usbvideo - ok
16:32:12.0114 5696  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:32:12.0117 5696  UxSms - ok
16:32:12.0132 5696  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:32:12.0134 5696  VaultSvc - ok
16:32:12.0176 5696  [ B9B0A0B9232A51BBDE9F28CA41716D61 ] VComm           C:\Windows\system32\DRIVERS\VComm.sys
16:32:12.0178 5696  VComm - ok
16:32:12.0193 5696  [ F1B2D9AC422F8B72BF417C8D77C85A3B ] VcommMgr        C:\Windows\system32\Drivers\VcommMgr.sys
16:32:12.0195 5696  VcommMgr - ok
16:32:12.0219 5696  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:32:12.0220 5696  vdrvroot - ok
16:32:12.0269 5696  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:32:12.0277 5696  vds - ok
16:32:12.0309 5696  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:32:12.0310 5696  vga - ok
16:32:12.0334 5696  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:32:12.0335 5696  VgaSave - ok
16:32:12.0373 5696  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:32:12.0377 5696  vhdmp - ok
16:32:12.0410 5696  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:32:12.0411 5696  viaide - ok
16:32:12.0432 5696  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:32:12.0434 5696  volmgr - ok
16:32:12.0484 5696  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:32:12.0489 5696  volmgrx - ok
16:32:12.0516 5696  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:32:12.0520 5696  volsnap - ok
16:32:12.0560 5696  [ 239D8D72730226CD460BDC8CA0A23D43 ] Vsdatant        C:\Windows\system32\DRIVERS\vsdatant.sys
16:32:12.0566 5696  Vsdatant - ok
16:32:12.0611 5696  vsmon - ok
16:32:12.0656 5696  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:32:12.0660 5696  vsmraid - ok
16:32:12.0735 5696  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:32:12.0760 5696  VSS - ok
16:32:12.0775 5696  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:32:12.0776 5696  vwifibus - ok
16:32:12.0803 5696  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:32:12.0805 5696  vwififlt - ok
16:32:12.0843 5696  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:32:12.0851 5696  W32Time - ok
16:32:12.0887 5696  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:32:12.0888 5696  WacomPen - ok
16:32:12.0928 5696  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:32:12.0930 5696  WANARP - ok
16:32:12.0938 5696  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:32:12.0940 5696  Wanarpv6 - ok
16:32:13.0014 5696  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:32:13.0033 5696  WatAdminSvc - ok
16:32:13.0105 5696  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:32:13.0124 5696  wbengine - ok
16:32:13.0156 5696  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:32:13.0160 5696  WbioSrvc - ok
16:32:13.0202 5696  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:32:13.0207 5696  wcncsvc - ok
16:32:13.0229 5696  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:32:13.0232 5696  WcsPlugInService - ok
16:32:13.0267 5696  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:32:13.0268 5696  Wd - ok
16:32:13.0320 5696  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:32:13.0329 5696  Wdf01000 - ok
16:32:13.0366 5696  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:32:13.0368 5696  WdiServiceHost - ok
16:32:13.0378 5696  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:32:13.0381 5696  WdiSystemHost - ok
16:32:13.0420 5696  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:32:13.0425 5696  WebClient - ok
16:32:13.0447 5696  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:32:13.0452 5696  Wecsvc - ok
16:32:13.0473 5696  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:32:13.0476 5696  wercplsupport - ok
16:32:13.0495 5696  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:32:13.0499 5696  WerSvc - ok
16:32:13.0530 5696  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:32:13.0531 5696  WfpLwf - ok
16:32:13.0552 5696  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:32:13.0554 5696  WIMMount - ok
16:32:13.0584 5696  WinDefend - ok
16:32:13.0602 5696  WinHttpAutoProxySvc - ok
16:32:13.0673 5696  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:32:13.0678 5696  Winmgmt - ok
16:32:13.0769 5696  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:32:13.0795 5696  WinRM - ok
16:32:13.0864 5696  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:32:13.0865 5696  WinUsb - ok
16:32:13.0917 5696  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:32:13.0932 5696  Wlansvc - ok
16:32:14.0052 5696  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:32:14.0082 5696  wlidsvc - ok
16:32:14.0117 5696  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:32:14.0118 5696  WmiAcpi - ok
16:32:14.0175 5696  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:32:14.0194 5696  wmiApSrv - ok
16:32:14.0231 5696  WMPNetworkSvc - ok
16:32:14.0254 5696  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:32:14.0256 5696  WPCSvc - ok
16:32:14.0299 5696  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:32:14.0302 5696  WPDBusEnum - ok
16:32:14.0330 5696  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:32:14.0331 5696  ws2ifsl - ok
16:32:14.0356 5696  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:32:14.0359 5696  wscsvc - ok
16:32:14.0368 5696  WSearch - ok
16:32:14.0467 5696  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:32:14.0495 5696  wuauserv - ok
16:32:14.0541 5696  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:32:14.0542 5696  WudfPf - ok
16:32:14.0562 5696  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:32:14.0565 5696  WUDFRd - ok
16:32:14.0602 5696  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:32:14.0605 5696  wudfsvc - ok
16:32:14.0630 5696  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:32:14.0634 5696  WwanSvc - ok
16:32:14.0701 5696  ================ Scan global ===============================
16:32:14.0733 5696  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:32:14.0776 5696  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
16:32:14.0785 5696  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
16:32:14.0809 5696  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:32:14.0846 5696  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:32:14.0851 5696  [Global] - ok
16:32:14.0852 5696  ================ Scan MBR ==================================
16:32:14.0870 5696  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:32:15.0080 5696  \Device\Harddisk0\DR0 - ok
16:32:15.0080 5696  ================ Scan VBR ==================================
16:32:15.0086 5696  [ C3C7515379E5AD0B59C48177AB59CC2B ] \Device\Harddisk0\DR0\Partition1
16:32:15.0088 5696  \Device\Harddisk0\DR0\Partition1 - ok
16:32:15.0099 5696  [ D9851D27F7AEC1A9CF48A03A7C9FD890 ] \Device\Harddisk0\DR0\Partition2
16:32:15.0100 5696  \Device\Harddisk0\DR0\Partition2 - ok
16:32:15.0129 5696  [ B54D50042D579FE9337513F2FDE6BB2A ] \Device\Harddisk0\DR0\Partition3
16:32:15.0131 5696  \Device\Harddisk0\DR0\Partition3 - ok
16:32:15.0131 5696  ============================================================
16:32:15.0131 5696  Scan finished
16:32:15.0131 5696  ============================================================
16:32:15.0144 3140  Detected object count: 0
16:32:15.0144 3140  Actual detected object count: 0
 

 

think that everything so far. 

karen  :)



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,686 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 01 October 2013 - 12:06 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 karentaliesin

karentaliesin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:29 AM

Posted 01 October 2013 - 02:48 PM

Hiya Marius,

I have followed instructions (grateful for your very clear step by step it has made it easy to follow thanks)

and the results are that malware found 22 objects.  and i removed them  after scanning see log below.

 

Next I ran the Eset online scan,  i disabled AVG first, it gave me a list of antivirus progs on my computer (avg and zone alarm- my firewall, ) so i then disabled the firewall  and ran the scan 0  objects where found and there was no offer of a log  to save ,only finish.   which i did.

 

  I have re enabled AVG and zone alarm to post this.

 

Malwarebytes  log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
karen :: KARENTALIESIN [administrator]

01/10/2013 14:37:30
mbam-log-2013-10-01 (14-37-30).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 384231
Time elapsed: 1 hour(s), 29 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc.1 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\Software\mysearchdial.com (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MYSEARCHDIAL (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\InstallCore\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\mysearchdial|TM (PUP.Optional.MySearchDial.A) -> Data: 0131 -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutD0C0E0E0EyC0C0A0ByC0FzytA0F0BtCtN0D0Tzu0CyDyByCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1147949709&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 3
C:\Users\karen\AppData\Roaming\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\karen\AppData\Roaming\mysearchdial\icons_2.2.4.731 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\karen\AppData\Roaming\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Files Detected: 5
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\wajam_update[1].exe (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
C:\Users\karen\AppData\Roaming\mysearchdial\icons_2.2.4.731\magnifying.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\karen\AppData\Roaming\mysearchdial\icons_2.2.4.731\star2.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\karen\AppData\Roaming\mysearchdial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\karen\AppData\Roaming\mysearchdial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

(end)
 

no log file ESET, 

0 threats detected

 

 

so i send this to you, and await your reply.

have a great evening, :)

Regards Karen



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,686 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 02 October 2013 - 12:27 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 karentaliesin

karentaliesin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:29 AM

Posted 02 October 2013 - 07:28 AM

Hi Marius

no issues that i have noticed so far, all went smoothly on scanning,

here are the logs requested from the above post .

(im sorry the adware ,  have come up in french, but im guessing you can understand whats needed.) nettoyer -clean  supprimer  -delete

 

 

Adware

 

# AdwCleaner v3.006 - Rapport créé le 02/10/2013 à 13:51:08
# Mis à jour le 01/10/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : karen - KARENTALIESIN
# Exécuté depuis : C:\Users\karen\Desktop\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\Ask
Dossier Supprimé : C:\ProgramData\Partner
Dossier Supprimé : C:\Program Files (x86)\Conduit
Dossier Supprimé : C:\Users\karen\AppData\Local\Conduit
Dossier Supprimé : C:\Users\karen\AppData\Local\Wajam
Dossier Supprimé : C:\Users\karen\AppData\LocalLow\Conduit
Dossier Supprimé : C:\Users\karen\AppData\LocalLow\PriceGong
Fichier Supprimé : C:\END
Fichier Supprimé : C:\Users\karen\AppData\Roaming\Mozilla\Firefox\Profiles\7g18t2fd.default\searchplugins\Askcom.xml
Fichier Supprimé : C:\Users\karen\AppData\Roaming\Mozilla\Firefox\Profiles\.BackupManager\searchplugins\Mysearchdial.xml
Fichier Supprimé : C:\Users\karen\AppData\Roaming\Mozilla\Firefox\Profiles\.BackupManager\user.js
Fichier Supprimé : C:\Users\karen\AppData\Roaming\Mozilla\Firefox\Profiles\7g18t2fd.default\user.js

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT3282722
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\YahooPartnerToolbar
Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Clé Supprimée : HKCU\Software\AppDataLow\Software\PriceGong
Clé Supprimée : HKCU\Software\AppDataLow\Software\smartbar
Clé Supprimée : HKLM\Software\AVG Secure Search
Clé Supprimée : HKLM\Software\AVG Security Toolbar
Clé Supprimée : HKLM\Software\Conduit
Clé Supprimée : HKLM\Software\InstallCore
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16686

Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 

 

 

Security check

 

 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Java version out of Date!
 Adobe Flash Player 11.8.800.168  
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm zatray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````
 

 

 

 over to you,

Regards Karen



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,686 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 02 October 2013 - 07:46 AM

Bien sûre, pas de problem! :)

 

 

Your system is clean now! :)

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.

After the reboot
  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
  • Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.
  • Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 karentaliesin

karentaliesin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:29 AM

Posted 03 October 2013 - 04:06 PM

Hi Marius,

 

all done,  and yes clean and my ext hard drive is also stopped acting funny as well on reconnection to see if there was a difference.

 

so maybe its time to change from AVG to Avast. which sent me the 2014 update just after i did the java update.  and everything else is updated as far as i can tell i usually have things pn automatic updates,  as for a Brain   i try to use it!!!  but i am very grateful for the lending of yours,  i am guessing it was basically adware and  as opposed to anything very malicious?   and i feel like ive understood some of what we did at least as a process.

 

So i am not sure if you have anything else to get me to do,  or if we are done? as it would appear that is so.

 

Thank you very much, to your good self and those that make this forum happen.

and i shall continue to read around on this site and try to upgrade my brain.

 

Kind Regards,

Karen.

 

edit here,  

my updated avg has just done its full scan (01.25am now)  and it has produced a whole of similar reports as before see log below.

 

what i have done since earlier, removal of the programs using delfix.

 

i  enabled the cd emulator,  (i still have no idea if i have any of this or not,  i have the log if its required.)

 

i connected external hard drive, and ran a scan on that avg and malwarebytes nothing found there.

connected to a couple of safe web sites of friends blogs,

opened and used facebook for five mins and played one game of bejewelled blitz on facebook,  (should i get rid off that??? maybe)

also connected to http://www.tvguide.co.uk/default.asp (which i have used for about four or five years without problem).

my AVG did its scheduled scan and showed up the infections once again, (the earlier scan it did when it upgraded showed nothing.

 

so what do i do? any suggestions    ignore them,  or  repeat the whole processs again,  what causes these things?  do i have cd emulation programs that are causing this, and should i disable that again, and it will all go away again,

 

arrggghhh   i am confused dont think the brain upgraded somewhere.

sorry 

regards Karen

 

avg logs

 

Whole Computer Scan                   Medium priority 47 0 47               Folders selected for scanning: Scan whole computer           Started: 04/10/2013, 00:58:09                   Finished: 04/10/2013, 01:08:29                   Total object scanned: 230485                 User who launched the scan: karen                                     Status Priority Name Description Result               Infected Medium atapi.sys, hooked import ataport.SYS AtaPortReadPortBufferUshort -> splb.sys +0x2D35C C:\Windows\System32\Drivers\splb.sys Infected Infected Medium IRP hook, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_FLUSH_BUFFERS -> splb.sys +0x40B00 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_CLOSE -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_CLEANUP -> splb.sys +0x40B00 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\system32\drivers\atapi.sys IRP_MJ_INTERNAL_DEVICE_CONTROL -> splb.sys +0x413C4 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\system32\drivers\atapi.sys IRP_MJ_CREATE -> splb.sys +0x413C4 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_SYSTEM_CONTROL -> splb.sys +0x40B00 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_SHUTDOWN -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_SET_SECURITY -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_DEVICE_CONTROL -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium atapi.sys, hooked import ataport.SYS AtaPortReadPortUchar -> splb.sys +0x2D224 C:\Windows\System32\Drivers\splb.sys Infected Infected Medium IRP hook, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_READ -> splb.sys +0x40B00 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium atapi.sys, hooked import ataport.SYS AtaPortWritePortBufferUshort -> splb.sys +0x2DBA0 C:\Windows\System32\Drivers\splb.sys Infected Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_SET_VOLUME_INFORMATION -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\system32\drivers\atapi.sys IRP_MJ_PNP -> splb.sys +0x413C4 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_PNP -> splb.sys +0x40B00 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_PNP -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium Inline hook ataport.SYS DllUnload -> splb.sys +0x5E360 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_SET_QUOTA -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_SET_EA -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\system32\drivers\atapi.sys IRP_MJ_DEVICE_CONTROL -> splb.sys +0x413C4 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_FILE_SYSTEM_CONTROL -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_SHUTDOWN -> splb.sys +0x40B00 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_QUERY_INFORMATION -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_DEVICE_CONTROL -> splb.sys +0x40B00 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_READ -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_INTERNAL_DEVICE_CONTROL -> splb.sys +0x40B00 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_QUERY_QUOTA -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_LOCK_CONTROL -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_SET_INFORMATION -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\system32\drivers\atapi.sys IRP_MJ_CLOSE -> splb.sys +0x413C4 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_QUERY_VOLUME_INFORMATION -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium pci.sys, hooked import ntoskrnl.exe IoAttachDeviceToDeviceStack -> splb.sys +0x62650 C:\Windows\System32\Drivers\splb.sys Infected Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_CLEANUP -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium pci.sys, hooked import ntoskrnl.exe IoDetachDevice -> splb.sys +0x625DC C:\Windows\System32\Drivers\splb.sys Infected Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_DIRECTORY_CONTROL -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_QUERY_SECURITY -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_POWER -> splb.sys +0x40B00 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\system32\drivers\atapi.sys IRP_MJ_SYSTEM_CONTROL -> splb.sys +0x413C4 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_WRITE -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_FLUSH_BUFFERS -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium atapi.sys, hooked import ataport.SYS AtaPortWritePortUchar -> splb.sys +0x2DA24 C:\Windows\System32\Drivers\splb.sys Infected Infected Medium IRP hook, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_CREATE -> splb.sys +0x40B00 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\system32\drivers\atapi.sys IRP_MJ_POWER -> splb.sys +0x413C4 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_QUERY_EA -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_CREATE -> splb.sys +0x3FB68 C:\Windows\System32\Drivers\splb.sys Infected   Infected Medium IRP hook, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_WRITE -> splb.sys +0x40B00 C:\Windows\System32\Drivers\splb.sys Infected  

 

 

i so hate not understanding why its come back or whats going on, ........ and what to do now,   :(

 

 

edit no2

 

so i have been playing around following intuition rather than knowledge

but i disabled the  cd emulator and full rescanwith avg  no infections reported

re enabled   defogger cd eulation  rescanned  47 infections

disabled again defogger emulator scanned avg no infections,

and repeated once again to be sure

 

so im guessing the issues are to do with this, but i have no idea what programmes i have that use a virtual drive   and the question is are they dangerous? to my useage or do i need them.

 

ok bit long this thread and edits   and im off to sleep,

 

thanks for your help  i guess i just need to know now if i need to do anything?

regards karen


Edited by karentaliesin, 03 October 2013 - 08:50 PM.


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,686 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 08 October 2013 - 02:41 AM

cd emulators have to act as rootkits to avoid being detected (and disabled!) by cd copy protection.

This hiding functionality is what triggers your antivirus program´s rootkit detection.

 

Everything is fine with your computer, don´t be afraid! :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 karentaliesin

karentaliesin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:29 AM

Posted 08 October 2013 - 05:35 AM

cd emulators have to act as rootkits to avoid being detected (and disabled!) by cd copy protection.

This hiding functionality is what triggers your antivirus program´s rootkit detection.

 

Everything is fine with your computer, don´t be afraid! :)

 

 

Thank you so much Marius,

for all your help and your time spent on this problem. (i will just ignore them and ensure theres nothing else pops in that is different, occasionally.)

i feel very reassured now,  and also a little more knowledgeable too;

wishing you all the best,  and i cannot say enough how helpful you and this forum are.

 

Kindest Regards

Karen



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,686 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 08 October 2013 - 07:02 AM

You´re welcome! :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,686 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 08 October 2013 - 07:02 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users