Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

EXP/CVE-2012-0177.A.1 infection


  • This topic is locked This topic is locked
19 replies to this topic

#1 simplest

simplest

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 14 July 2012 - 05:48 AM

Hi,

I have a laptop which seems to somehow infected with the EXP/CVE-2012-0177.A.1 virus. I was unable to startup my computer normally because when the system trying to boot into windows it gives a BSOD screen everytime.
I managed to boot into safe mode and have my anti-virus scan the entire computer and it found the virus. I removed the virus and I am able to boot into windows normally.

However, there still seems to have signs of virus left as I am unable to enable my anti-virus protections modules (Only the real-time protection seems to work, Web Protection, Firewall etc are disabled) and their options have been greyed out. I tried running Malwarebyte Anti-malware and Spybot scans but neither giving me any results.

I have attached the DDS logs. For some reason when I run the GMER tool most of the options are greyed out (image attched). Hope someone can help me out.

Posted Image

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by Acer at 18:22:23 on 2012-07-14
Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.3076.18.1781.802 [GMT 8:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpncmgr_x64.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c04&m=aspire_4741&r=27360810l406l0458z145t45j1k389
uSearch Page = hxxp://www.toggle.com/en/index.php?rvs=hompag
uSearch Bar = Preserve
mStart Page = hxxp://www.toggle.com/en/index.php?rvs=hompag
mSearch Page = hxxp://www.toggle.com/en/index.php?rvs=hompag
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PACKET~1.LNK - C:\Program Files (x86)\PacketiX VPN Client 64-bit Edition English\vpncmgr_x64.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\籜EM~1.LNK - C:\Program Files (x86)\WINPENJR\Win32\acremchk.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: archlord.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: com.cn\*.cga
Trusted Zone: freerealms.com
Trusted Zone: hangame.com
Trusted Zone: naver.com\archlord
Trusted Zone: ogdev.net
Trusted Zone: sdo.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: taobao.com
DPF: {007F084F-ED3C-4B0F-8E32-3B7030D4CAB7} - hxxp://rfgrid.gridcdn.com/CluAppLauncher.cab
DPF: {0801AC9D-4ED7-4ACE-A2C0-847A408741E2} - hxxp://ava.qq.com/act/a20100426check/Tencent_Check.cab
DPF: {09576291-F706-4F15-BD10-A66FB114CBDC} - hxxp://allstar.paran.com/activex/kSysInfo_opengl.cab
DPF: {24960521-7F51-4743-9D83-906B16D188E5} - hxxp://download.archlord.com/archlord/arch_relay/Archlord_downloader.2.0.0.9.cab
DPF: {2936308A-4942-4A0E-A3B6-BD6DE8E0FF58} - hxxp://launcher.nolto.com/GameStart/objectBK/SonovGStarter.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} - hxxp://addn.gamecdn.paran.com/html/AddOn.cab
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} - hxxp://www.hangame.com/common/CKKeyProInst.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxps://www.g-pin.go.kr/XecureObject/CKKeyPro3024_32k.cab
DPF: {708BFDA5-5B56-435B-8227-726021E197E9} - hxxp://tw.beanfun.com/beanfun_block/embeds/BFServiceAdapter.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {84FA2550-7497-4296-ABC0-B6A1A7B0ED57} - hxxp://allstar.paran.com/activex/WebStarter.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.kr/cdndist/neffynew/NeffyLauncher.cab
DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://su.hanbiton.com/Game/Launcher/HLauncher.cab
DPF: {BB5CB1AB-9613-44C7-B064-0F06ABAF2855} - hxxp://211.239.117.240/kcsdownloader/activex/KCSActiveX.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://pubid.hangame.com/common/HanSetup1040.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0B45A972-218A-488E-8373-71E242E85E52} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0B45A972-218A-488E-8373-71E242E85E52}\14355535 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0B45A972-218A-488E-8373-71E242E85E52}\27F626562747 : DhcpNameServer = 192.168.1.1 202.73.99.4 61.247.0.4
TCP: Interfaces\{C00E3519-38FE-4DE8-9056-19E991F12BB9} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [(Default)]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE-X64: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\
FF - prefs.js: browser.startup.homepage - hxxp://zh-TW.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:zh-TW:official
FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npaliedit.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwangwang.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Nexon\NGM\npNxGame.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Acer\AppData\Local\Alibaba\AliSetup\0.1.0.51\npAliSetupOneClick.dll
FF - plugin: C:\Users\Acer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\system32\npdeployJava1.dll
FF - plugin: C:\Windows\system32\npKeyPro.dll
FF - plugin: C:\Windows\system32\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npKeyPro.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\system32\DRIVERS\MDPMGRNT.SYS --> C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [?]
R1 avfwot;avfwot;C:\Windows\System32\drivers\avfwot.sys [2011-3-17 131336]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 CBDisk;CBDisk;\??\C:\Windows\system32\drivers\CBDisk.sys --> C:\Windows\system32\drivers\CBDisk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-18 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-18 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-30 128752]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-20 325200]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-4-20 865824]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-27 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-27 375208]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2010-7-20 205312]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-5 144640]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-22 1153368]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-3-27 243232]
R2 vpnclient;PacketiX VPN Client;C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe [2008-5-15 4601344]
R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\system32\DRIVERS\avfwim.sys --> C:\Windows\system32\DRIVERS\avfwim.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\system32\DRIVERS\Neo_0094.sys --> C:\Windows\system32\DRIVERS\Neo_0094.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-5-31 15928]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-21 655944]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-3-27 2320920]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-27 250056]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 CEDRIVER55;CEDRIVER55;C:\Program Files (x86)\Cheat Engine\dbk64.sys [2011-1-9 41984]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-20 1436424]
S3 JRSKD24;JRSKD24;\??\C:\Windows\system32\JRSKD24.SYS --> C:\Windows\system32\JRSKD24.SYS [?]
S3 kcrtx64;kcrtx64;\??\C:\Windows\system32\kcrtx64.sys --> C:\Windows\system32\kcrtx64.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-19 113120]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-5 50432]
S3 TesSafe;TesSafe;\??\C:\Windows\system32\TesSafe.sys --> C:\Windows\system32\TesSafe.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows 啟用技術服務;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;透過 UMB 提供 WSD 列印支援;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 AntiVirFirewallService;Avira FireWall;C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-5-1 616400]
S4 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-5-1 342480]
S4 AntiVirSchedulerService;Avira 排程管理員;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-5-1 86736]
S4 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-5-1 110032]
S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-5-1 463824]
S4 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-8 149504]
S4 MDFSYSNT;MacDrive file system driver;C:\Windows\system32\drivers\MDFSYSNT.sys --> C:\Windows\system32\drivers\MDFSYSNT.sys [?]
.
=============== Created Last 30 ================
.
2012-07-13 12:30:22 520192 ----a-r- C:\Users\Acer\AppData\Roaming\Microsoft\Installer\{D8E96886-34D6-4EB7-8A72-639C76EE0B4A}\LineageII.exe1_D8E9688634D64EB78A72639C76EE0B4A.exe
2012-07-13 12:30:22 520192 ----a-r- C:\Users\Acer\AppData\Roaming\Microsoft\Installer\{D8E96886-34D6-4EB7-8A72-639C76EE0B4A}\LineageII.exe_D8E9688634D64EB78A72639C76EE0B4A.exe
2012-07-12 13:40:32 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 13:34:38 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-12 13:34:38 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-30 02:37:31 -------- d-----w- C:\Users\Acer\AppData\Roaming\HpUpdate
2012-06-30 02:37:10 750440 ------w- C:\Windows\System32\HPDiscoPM9311.dll
2012-06-30 02:36:44 -------- d-----w- C:\Program Files (x86)\HP
2012-06-30 02:36:42 -------- d-----w- C:\Program Files\HP
2012-06-30 02:36:08 -------- d-----w- C:\Users\Acer\AppData\Local\HP
2012-06-27 14:27:54 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-27 14:27:54 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-25 11:35:46 -------- d-----w- C:\Users\Acer\AppData\Local\Macromedia
2012-06-22 11:46:22 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 11:45:55 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 11:45:35 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 11:45:35 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-14 10:20:31 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2012-07-14 10:20:29 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2012-07-14 10:11:51 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2012-07-14 10:11:37 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2012-07-12 09:49:51 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 09:49:51 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-12 08:07:04 87488 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-07-12 08:07:04 80800 ----a-w- C:\Windows\System32\LMIinit.dll
2012-07-12 08:07:04 34720 ----a-w- C:\Windows\System32\LMIport.dll
2012-07-03 05:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-18 16:33:27 160384 ----a-w- C:\Windows\System32\TesSafe.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-09 04:21:41 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-09 04:21:36 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 18:24:09.57 ===============


Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/8/2010 下午 7:21:14
System Uptime: 14/7/2012 下午 6:19:58 (0 hours ago)
.
Motherboard: Acer | | Aspire 4741
Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz | CPU 1 | 2244/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 143 GiB total, 10.856 GiB free.
D: is FIXED (NTFS) - 143 GiB total, 27.715 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP260: 13/7/2012 下午 8:09:00 - 已移除 新天堂II
RP261: 13/7/2012 下午 8:10:26 - 已安裝 新天堂II 貳章塔武提
.
==== Installed Programs ======================
.


??? ?? ????
ACE Online EP3-5 3.5.9.1 Full
Acer Backup Manager
Acer Crystal Eye webcam
Acer ePower Management
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.4 - Chinese Traditional
AION永恆紀元 天培爾的淬煉
AION永恆紀元 約定之地
Alcor Micro USB Card Reader
Alipay security plugin 1.3.0.2
Atlantica
Autodesk Backburner 2008.1
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
Autodesk Material Library 2011 Medium Image library
Avira Internet Security 2012
Backup Manager Basic
Blue Mars
Bounty Hounds Online
BPM Counter 1.2.0.0
Champions Online
Cheat Engine 5.6.1
Cheat Engine 6.0
ClientKeeper KeyPro with E2E for 32bit
Counter-Strike Online め狠
CrossFont version 5.7
CyberLink PowerDVD 9
ESET Online Scanner v3
eSobi v2
Folding@home-x86
Free Download Manager 3.0
GrabIt 1.7.2 Beta 4 (build 997)
GraphicsGale version 1.93.17
HP Deskjet 3050 J610 series 說明
HP Update
HSonline2.1.6.321
Identity Card
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java™ 6 Update 33
jTTS 5.0.1 DeskTop
Junk Mail filter update
Kingsoft Office (6.3.0.1870)
Launch Manager
League of Legends
LogMeIn
Lost Sector
Malwarebytes Anti-Malware version 1.62.0.1300
Messenger Plus! 5
Microsoft AppLocale
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Chinese (Traditional)) 2007
Microsoft Office Excel 2007 Help 更新程式 (KB963678)
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (Chinese (Traditional)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office InfoPath MUI (Chinese (Traditional)) 2007
Microsoft Office Language Pack 2007 - Chinese (Hong Kong S.A.R)/中文 (繁體)
Microsoft Office O MUI (Chinese (Traditional)) 2007
Microsoft Office OneNote MUI (Chinese (Traditional)) 2007
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
Microsoft Office PowerPoint 2007 更新程式 (KB963669)
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (Chinese (Traditional)) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word 2007 更新程式 (KB963665)
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Office X MUI (Chinese (Traditional)) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mimo
Mozilla Firefox 13.0.1 (x86 zh-TW)
Mozilla Maintenance Service
MSVCRT
Neffy 1,2,4,0
Nexon Game Manager
NNDD - v1.27.6
Norton Online Backup
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA PhysX
Pando Media Booster
preFab
Prejudice
Prejudice Beta
QuickPar 0.9
REACTOR
Realtek High Definition Audio Driver
SeaTools for Windows
SecondLifeViewer2 (remove only)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Toolbars
Skype? 5.1
Sothink SWF Decompiler
Spybot - Search & Destroy
The KMPlayer (remove only)
Tiled - Tiled Map Editor
Total Immersion D'Fusion @Home Web Plug-In
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
Windows Live 上載工具
Windows Live 程式集
Windows Live 影像中心
ZBrush 4
籜
机甲世纪
机甲世纪革新版
机战
金山詞霸2009 繁體專業版
阿里旺旺2010 正式版SP1
穿越火线
狼队 OL
臸2
新天堂II 貳章塔武提
.
==== End Of File ===========================



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,669 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:20 AM

Posted 19 July 2012 - 05:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/460614 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:20 AM

Posted 20 July 2012 - 12:30 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 simplest

simplest
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 20 July 2012 - 12:45 PM

Hi Gringo. Here are the log files:

Security Check Log

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 33
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Spybot Teatimer.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````








Combofix log

ComboFix 12-07-20.02 - Acer 07/2012 flL˘ 0:30.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.3076.18.1781.817 [GMT 8:00]
√: c:\users\Acer\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( ≥˝∞∏ )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\programdata\114la.ico
c:\users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\GRAZ-{2164D249-4B13-45A0-8BFE-F2366C85DC86}.data
c:\users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\GRAZ-{2164D249-4B13-45A0-8BFE-F2366C85DC86}.skin
c:\users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\GRAZ-{5FE1F05B-0552-4C11-AF7D-39CEC53780A4}.data
c:\users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\GRAZ-{E6081FD1-E88C-4FA4-97CB-BEE13AB75362}.data
c:\users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\GRAZ-{E6081FD1-E88C-4FA4-97CB-BEE13AB75362}.skin
c:\users\Acer\AppData\Local\Temp\VPN_B1B5\B7091C83.dll
c:\users\Acer\AppData\Roaming\updates
c:\users\Acer\Desktop\Setup.exe
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\SysWow64\Temp
c:\windows\TEMP\VPN_91B4\B7091C83.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( ˝∂/∑˛ )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TESSAFE
-------\Service_TesSafe
.
.
((((((((((((((((((((((((( 2012-06-20 2012-07-20 ∞∏ )))))))))))))))))))))))))))))))
.
.
2012-07-20 16:45 . 2012-07-20 16:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-20 16:45 . 2012-07-20 16:45 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-07-20 16:45 . 2012-07-20 16:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 12:30 . 2012-07-13 12:30 520192 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{D8E96886-34D6-4EB7-8A72-639C76EE0B4A}\LineageII.exe1_D8E9688634D64EB78A72639C76EE0B4A.exe
2012-07-13 12:30 . 2012-07-13 12:30 520192 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{D8E96886-34D6-4EB7-8A72-639C76EE0B4A}\LineageII.exe_D8E9688634D64EB78A72639C76EE0B4A.exe
2012-07-12 13:40 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 13:34 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-12 13:34 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-30 02:37 . 2012-06-30 02:37 -------- d-----w- c:\users\Acer\AppData\Roaming\HpUpdate
2012-06-30 02:37 . 2010-11-16 13:24 750440 ------w- c:\windows\system32\HPDiscoPM9311.dll
2012-06-30 02:36 . 2012-06-30 02:38 -------- d-----w- c:\programdata\HP
2012-06-30 02:36 . 2012-06-30 02:37 -------- d-----w- c:\program files (x86)\HP
2012-06-30 02:36 . 2012-06-30 02:36 -------- d-----w- c:\program files\HP
2012-06-30 02:36 . 2012-06-30 02:36 -------- d-----w- c:\users\Acer\AppData\Local\HP
2012-06-27 14:27 . 2012-06-27 14:27 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-27 14:27 . 2012-06-27 14:27 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-25 11:35 . 2012-06-25 11:35 -------- d-----w- c:\users\Acer\AppData\Local\Macromedia
2012-06-22 11:46 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 11:46 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 11:46 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 11:46 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 11:45 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 11:45 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 11:45 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 11:45 . 2012-06-02 07:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 11:45 . 2012-06-02 07:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( ⁄˝∏⁄fi∏∞∏ ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-20 16:48 . 2010-03-17 12:56 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-07-20 16:48 . 2010-03-21 23:58 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-07-14 10:11 . 2010-03-17 12:57 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2012-07-14 10:11 . 2010-03-17 12:56 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2012-07-12 13:36 . 2010-08-29 02:20 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-12 09:49 . 2012-05-26 20:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 09:49 . 2011-05-30 13:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 08:07 . 2010-11-10 19:30 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-07-12 08:07 . 2010-11-10 19:30 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-12 08:07 . 2010-11-10 19:30 80800 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-03 05:46 . 2011-02-21 10:43 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-18 16:33 . 2011-02-15 14:30 160384 ----a-w- c:\windows\system32\TesSafe.sys
2012-05-09 04:21 . 2012-05-03 03:48 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-09 04:21 . 2010-08-13 13:59 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-15 02:26 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-15 02:26 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-15 02:26 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-15 02:26 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-15 02:26 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-15 02:26 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-15 02:26 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-15 02:26 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-15 02:26 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-15 02:26 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-15 02:26 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-15 02:26 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-15 02:26 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-15 02:26 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((( ε ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*◊* ∞◊∫∑Ω≤
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-02-26 1289296]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-26 1125152]
PacketiX VPN Client Task Tray.lnk - c:\program files\PacketiX VPN Client 64-bit Edition English\vpncmgr_x64.exe [2008-5-15 4793856]
XEmail\؇.lnk - c:\program files (x86)\WINPENJR\Win32\acremchk.exe [2011-9-5 311824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-09 86016]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-02 40448]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-06 335400]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 CEDRIVER55;CEDRIVER55;c:\program files (x86)\Cheat Engine\dbk64.sys [2011-01-12 41984]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\PLAYNC\AIONao\bin32\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-20 1436424]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2011-01-14 14056]
R3 kcrtx64;kcrtx64;c:\windows\system32\kcrtx64.sys [2011-01-14 141848]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-27 113120]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-05 50432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows ܢ√g∑˛ђ;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-28 1255736]
R3 wolf;wolf;c:\program files (x86)\skdaren\Wolfteam\wolf64.sys [x]
R3 WSDPrintDevice;∏fl^ UMB ÷π WSD ߑ;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 X6va003;X6va003;c:\users\Acer\AppData\Local\Temp\003A775.tmp [x]
R3 X6va005;X6va005;c:\users\Acer\AppData\Local\Temp\00598E5.tmp [x]
R4 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-02-03 616400]
R4 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-02-03 342480]
R4 AntiVirSchedulerService;Avira ≈≈≥πT;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-02-03 86736]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-02-03 463824]
R4 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-08 149504]
R4 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [2010-10-21 32424]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-02-03 139512]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-02-03 27760]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-05-12 70344]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-02-26 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-05 865824]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-12 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2010-07-20 205312]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-05 144640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S2 vpnclient;PacketiX VPN Client;c:\program files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe [2008-05-15 4601344]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-02-03 113768]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-07 158848]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-01-08 271872]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-15 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0094.sys [2011-02-15 29808]
.
.
ƺ∆ƻҰ ˛ Ե⁄
.
2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 09:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-12 410136]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 193536]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-12 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-12 390680]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-10-08 146432]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 860192]
"combofix"="c:\combofix\CF11363.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_Dlls"=0x0
.
------- ∂Ղ√ -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c04&m=aspire_4741&r=27360810l406l0458z145t45j1k389
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.toggle.com/en/index.php?rvs=hompag
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: archlord.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: com.cn\*.cga
Trusted Zone: freerealms.com
Trusted Zone: hangame.com
Trusted Zone: naver.com\archlord
Trusted Zone: ogdev.net
Trusted Zone: sdo.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {007F084F-ED3C-4B0F-8E32-3B7030D4CAB7} - hxxp://rfgrid.gridcdn.com/CluAppLauncher.cab
DPF: {0801AC9D-4ED7-4ACE-A2C0-847A408741E2} - hxxp://ava.qq.com/act/a20100426check/Tencent_Check.cab
DPF: {09576291-F706-4F15-BD10-A66FB114CBDC} - hxxp://allstar.paran.com/activex/kSysInfo_opengl.cab
DPF: {24960521-7F51-4743-9D83-906B16D188E5} - hxxp://download.archlord.com/archlord/arch_relay/Archlord_downloader.2.0.0.9.cab
DPF: {2936308A-4942-4A0E-A3B6-BD6DE8E0FF58} - hxxp://launcher.nolto.com/GameStart/objectBK/SonovGStarter.cab
DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} - hxxp://addn.gamecdn.paran.com/html/AddOn.cab
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} - hxxp://www.hangame.com/common/CKKeyProInst.cab
DPF: {708BFDA5-5B56-435B-8227-726021E197E9} - hxxp://tw.beanfun.com/beanfun_block/embeds/BFServiceAdapter.cab
DPF: {84FA2550-7497-4296-ABC0-B6A1A7B0ED57} - hxxp://allstar.paran.com/activex/WebStarter.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.kr/cdndist/neffynew/NeffyLauncher.cab
DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://su.hanbiton.com/Game/Launcher/HLauncher.cab
DPF: {BB5CB1AB-9613-44C7-B064-0F06ABAF2855} - hxxp://211.239.117.240/kcsdownloader/activex/KCSActiveX.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://pubid.hangame.com/common/HanSetup1040.cab
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\
FF - prefs.js: browser.startup.homepage - hxxp://zh-TW.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:zh-TW:official
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
AddRemove-XecureCK - c:\windows\system32\CKSetup32.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Acer\AppData\Local\Temp\003A775.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Acer\AppData\Local\Temp\00598E5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3708158517-3727541704-1879287214-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{803EDEE9-73BB-EC99-C0CE-A6529E202957}*]
"oaamhkdhmdfpfgmghinbhkophdljao"=hex:6a,61,6d,69,6d,6c,69,6d,62,62,6f,6d,61,61,
6d,69,62,6c,6c,65,00,6f
"nagnbgghobgcmgkhflajelppbmhj"=hex:6a,61,6d,69,6d,6c,69,6d,62,62,6f,6d,61,61,
6d,69,62,6c,6c,65,00,6f
"gbipjihginpgipicblgbffkcfainecfegfcdbmdolgjoag"=hex:6c,61,65,6e,62,68,65,64,
6a,6d,61,6a,6d,63,6f,70,70,67,67,65,6c,64,61,68,00,00
"bbonpemcklneplmlkhngnkmgilgnjdeickgg"=hex:68,62,61,6d,64,6d,6d,6b,6a,65,61,61,
63,67,6b,65,6d,70,70,6d,6c,6b,64,62,65,6d,65,68,63,6e,6a,6f,6f,6b,70,6d,6b,\
.
[HKEY_USERS\S-1-5-21-3708158517-3727541704-1879287214-1000\Software\SecuROM\License information*]
"datasecu"=hex:81,84,cb,ac,a0,b3,4d,4c,b7,0b,96,14,03,b6,bc,16,af,36,eb,8a,cc,
bb,6e,1a,cc,12,63,50,93,7c,58,76,bf,49,5c,84,13,75,32,41,7f,87,a5,51,82,76,\
"rkeysecu"=hex:96,01,4d,b0,df,be,91,b6,97,75,0b,ad,ca,d4,40,4f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ ∆˚Ω≥ ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\rpcnet.exe
c:\windows\SysWOW64\RunDll32.exe
.
**************************************************************************
.
≥: 2012-07-21 01:06:31 - ∆∂
ComboFix-quarantined-files.txt 2012-07-20 17:06
ComboFix2.txt 2011-03-07 19:57
.
Pre-Run: 17,383,559,168 bytes free
Post-Run: 17,174,937,600 bytes free
.
- - End Of File - - DDD7E81C3AAEC72969AA2A4155E9B3EE

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:20 AM

Posted 20 July 2012 - 09:15 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 simplest

simplest
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 21 July 2012 - 09:37 AM

TDSSKiller log

22:16:35.0813 3576 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
22:16:35.0876 3576 ============================================================
22:16:35.0876 3576 Current date / time: 2012/07/21 22:16:35.0876
22:16:35.0876 3576 SystemInfo:
22:16:35.0876 3576
22:16:35.0876 3576 OS Version: 6.1.7601 ServicePack: 1.0
22:16:35.0876 3576 Product type: Workstation
22:16:35.0876 3576 ComputerName: ACER-PC
22:16:35.0876 3576 UserName: Acer
22:16:35.0876 3576 Windows directory: C:\Windows
22:16:35.0876 3576 System windows directory: C:\Windows
22:16:35.0876 3576 Running under WOW64
22:16:35.0876 3576 Processor architecture: Intel x64
22:16:35.0876 3576 Number of processors: 4
22:16:35.0876 3576 Page size: 0x1000
22:16:35.0876 3576 Boot type: Normal boot
22:16:35.0876 3576 ============================================================
22:16:36.0796 3576 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:16:36.0827 3576 ============================================================
22:16:36.0827 3576 \Device\Harddisk0\DR0:
22:16:36.0827 3576 MBR partitions:
22:16:36.0827 3576 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
22:16:36.0827 3576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x11D43000
22:16:36.0827 3576 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x136D9800, BlocksNum 0x11D54AB0
22:16:36.0827 3576 ============================================================
22:16:36.0874 3576 C: <-> \Device\Harddisk0\DR0\Partition1
22:16:36.0921 3576 D: <-> \Device\Harddisk0\DR0\Partition2
22:16:36.0921 3576 ============================================================
22:16:36.0921 3576 Initialize success
22:16:36.0921 3576 ============================================================
22:16:49.0401 2896 ============================================================
22:16:49.0401 2896 Scan started
22:16:49.0401 2896 Mode: Manual;
22:16:49.0401 2896 ============================================================
22:16:51.0273 2896 !SASCORE (a0709b82fa3b5afad1467e565b8b3ba0) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:16:51.0289 2896 !SASCORE - ok
22:16:51.0523 2896 1394hub - ok
22:16:51.0616 2896 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:16:51.0632 2896 1394ohci - ok
22:16:51.0694 2896 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:16:51.0710 2896 ACPI - ok
22:16:51.0757 2896 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:16:51.0772 2896 AcpiPmi - ok
22:16:51.0960 2896 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:16:51.0991 2896 AdobeFlashPlayerUpdateSvc - ok
22:16:52.0100 2896 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:16:52.0116 2896 adp94xx - ok
22:16:52.0162 2896 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:16:52.0178 2896 adpahci - ok
22:16:52.0225 2896 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:16:52.0240 2896 adpu320 - ok
22:16:52.0272 2896 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:16:52.0287 2896 AeLookupSvc - ok
22:16:52.0381 2896 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:16:52.0396 2896 AFD - ok
22:16:52.0459 2896 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:16:52.0474 2896 agp440 - ok
22:16:52.0506 2896 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:16:52.0506 2896 ALG - ok
22:16:52.0568 2896 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:16:52.0568 2896 aliide - ok
22:16:52.0584 2896 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:16:52.0599 2896 amdide - ok
22:16:52.0662 2896 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:16:52.0677 2896 AmdK8 - ok
22:16:52.0677 2896 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:16:52.0693 2896 AmdPPM - ok
22:16:52.0740 2896 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:16:52.0755 2896 amdsata - ok
22:16:52.0771 2896 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:16:52.0786 2896 amdsbs - ok
22:16:52.0802 2896 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:16:52.0818 2896 amdxata - ok
22:16:52.0896 2896 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
22:16:52.0896 2896 AmUStor - ok
22:16:53.0036 2896 AntiVirFirewallService (15f740255c0bf5c4842a5a27a7055cad) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
22:16:53.0067 2896 AntiVirFirewallService - ok
22:16:53.0161 2896 AntiVirMailService (3dbf4bf9059aac7afc9f4cab52d28fdc) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
22:16:53.0208 2896 AntiVirMailService - ok
22:16:53.0286 2896 AntiVirSchedulerService (b5910e67561c20dcfc602fff370f6d6e) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:16:53.0301 2896 AntiVirSchedulerService - ok
22:16:53.0348 2896 AntiVirService (9ba1a4e776ab8ab8ef0d6222c6b86ca9) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:16:53.0379 2896 AntiVirService - ok
22:16:53.0457 2896 AntiVirWebService (b61dea5e953ff88b1981905aa851acef) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:16:53.0504 2896 AntiVirWebService - ok
22:16:53.0676 2896 ApfiltrService (fab590e0fc28cb474b965f8267458e14) C:\Windows\system32\DRIVERS\Apfiltr.sys
22:16:53.0691 2896 ApfiltrService - ok
22:16:53.0769 2896 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:16:53.0769 2896 AppID - ok
22:16:53.0800 2896 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:16:53.0800 2896 AppIDSvc - ok
22:16:53.0847 2896 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:16:53.0863 2896 Appinfo - ok
22:16:53.0925 2896 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:16:53.0925 2896 arc - ok
22:16:53.0941 2896 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:16:53.0956 2896 arcsas - ok
22:16:54.0081 2896 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:16:54.0128 2896 aspnet_state - ok
22:16:54.0190 2896 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:16:54.0190 2896 AsyncMac - ok
22:16:54.0253 2896 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:16:54.0253 2896 atapi - ok
22:16:54.0424 2896 athr (70260c7c98cc0101316f5b2650c3bb44) C:\Windows\system32\DRIVERS\athrx.sys
22:16:54.0471 2896 athr - ok
22:16:54.0674 2896 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:16:54.0705 2896 AudioEndpointBuilder - ok
22:16:54.0705 2896 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:16:54.0721 2896 AudioSrv - ok
22:16:54.0814 2896 avfwim (886ceddeb9e347f7c37263ca234eae65) C:\Windows\system32\DRIVERS\avfwim.sys
22:16:54.0814 2896 avfwim - ok
22:16:54.0908 2896 avfwot (10ce27cb8e47feb48f557e0cd8d1874d) C:\Windows\system32\DRIVERS\avfwot.sys
22:16:54.0955 2896 avfwot - ok
22:16:55.0017 2896 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
22:16:55.0033 2896 avgntflt - ok
22:16:55.0080 2896 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
22:16:55.0095 2896 avipbb - ok
22:16:55.0126 2896 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
22:16:55.0142 2896 avkmgr - ok
22:16:55.0204 2896 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:16:55.0220 2896 AxInstSV - ok
22:16:55.0298 2896 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:16:55.0314 2896 b06bdrv - ok
22:16:55.0360 2896 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:16:55.0376 2896 b57nd60a - ok
22:16:55.0485 2896 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:16:55.0516 2896 BCM43XX - ok
22:16:55.0579 2896 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:16:55.0579 2896 BDESVC - ok
22:16:55.0641 2896 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:16:55.0657 2896 Beep - ok
22:16:55.0782 2896 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:16:55.0813 2896 BFE - ok
22:16:55.0906 2896 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:16:55.0938 2896 BITS - ok
22:16:56.0000 2896 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:16:56.0016 2896 blbdrive - ok
22:16:56.0062 2896 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:16:56.0062 2896 bowser - ok
22:16:56.0109 2896 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:16:56.0109 2896 BrFiltLo - ok
22:16:56.0125 2896 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:16:56.0125 2896 BrFiltUp - ok
22:16:56.0172 2896 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:16:56.0172 2896 BridgeMP - ok
22:16:56.0218 2896 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:16:56.0234 2896 Browser - ok
22:16:56.0265 2896 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:16:56.0281 2896 Brserid - ok
22:16:56.0312 2896 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:16:56.0312 2896 BrSerWdm - ok
22:16:56.0343 2896 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:16:56.0343 2896 BrUsbMdm - ok
22:16:56.0343 2896 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:16:56.0359 2896 BrUsbSer - ok
22:16:56.0406 2896 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
22:16:56.0406 2896 BthEnum - ok
22:16:56.0437 2896 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:16:56.0437 2896 BTHMODEM - ok
22:16:56.0484 2896 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:16:56.0484 2896 BthPan - ok
22:16:56.0562 2896 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
22:16:56.0577 2896 BTHPORT - ok
22:16:56.0640 2896 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:16:56.0640 2896 bthserv - ok
22:16:56.0702 2896 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
22:16:56.0702 2896 BTHUSB - ok
22:16:56.0764 2896 btwampfl (380b798d30c56ede4af58619d0e86ccb) C:\Windows\system32\drivers\btwampfl.sys
22:16:56.0780 2896 btwampfl - ok
22:16:56.0796 2896 btwaudio (ba5622f5544c6c445dff1a05acc8b19d) C:\Windows\system32\drivers\btwaudio.sys
22:16:56.0811 2896 btwaudio - ok
22:16:56.0858 2896 btwavdt (a11905d0f4bd34771f195217b6aa5ae0) C:\Windows\system32\DRIVERS\btwavdt.sys
22:16:56.0874 2896 btwavdt - ok
22:16:57.0030 2896 btwdins (3930e53ee0bed9dff9afa09f505d0cae) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:16:57.0061 2896 btwdins - ok
22:16:57.0108 2896 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:16:57.0108 2896 btwl2cap - ok
22:16:57.0123 2896 btwrchid (bd776f32d64ec615be4563dc2747224e) C:\Windows\system32\DRIVERS\btwrchid.sys
22:16:57.0139 2896 btwrchid - ok
22:16:57.0186 2896 catchme - ok
22:16:57.0232 2896 CBDisk (b99d91e4cd9017f213645aa2e80eb425) C:\Windows\system32\drivers\CBDisk.sys
22:16:57.0232 2896 CBDisk - ok
22:16:57.0279 2896 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:16:57.0295 2896 cdfs - ok
22:16:57.0373 2896 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:16:57.0388 2896 cdrom - ok
22:16:57.0482 2896 CEDRIVER55 (ecf395ec43481e115230ffac00a6d1be) C:\Program Files (x86)\Cheat Engine\dbk64.sys
22:16:57.0482 2896 CEDRIVER55 - ok
22:16:57.0544 2896 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:16:57.0560 2896 CertPropSvc - ok
22:16:57.0607 2896 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:16:57.0622 2896 circlass - ok
22:16:57.0685 2896 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:16:57.0700 2896 CLFS - ok
22:16:57.0778 2896 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:16:57.0794 2896 clr_optimization_v2.0.50727_32 - ok
22:16:57.0825 2896 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:16:57.0841 2896 clr_optimization_v2.0.50727_64 - ok
22:16:57.0950 2896 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:16:58.0262 2896 clr_optimization_v4.0.30319_32 - ok
22:16:58.0309 2896 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:16:58.0527 2896 clr_optimization_v4.0.30319_64 - ok
22:16:58.0558 2896 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:16:58.0574 2896 CmBatt - ok
22:16:58.0621 2896 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:16:58.0621 2896 cmdide - ok
22:16:58.0730 2896 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
22:16:58.0761 2896 CNG - ok
22:16:58.0808 2896 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:16:58.0839 2896 Compbatt - ok
22:16:58.0902 2896 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:16:58.0917 2896 CompositeBus - ok
22:16:58.0933 2896 COMSysApp - ok
22:16:58.0995 2896 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:16:59.0011 2896 crcdisk - ok
22:16:59.0073 2896 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
22:16:59.0089 2896 CryptSvc - ok
22:16:59.0182 2896 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:16:59.0198 2896 DcomLaunch - ok
22:16:59.0260 2896 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:16:59.0276 2896 defragsvc - ok
22:16:59.0323 2896 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:16:59.0338 2896 DfsC - ok
22:16:59.0385 2896 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:16:59.0416 2896 Dhcp - ok
22:16:59.0432 2896 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:16:59.0448 2896 discache - ok
22:16:59.0510 2896 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:16:59.0510 2896 Disk - ok
22:16:59.0541 2896 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:16:59.0557 2896 Dnscache - ok
22:16:59.0619 2896 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:16:59.0619 2896 dot3svc - ok
22:16:59.0666 2896 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:16:59.0666 2896 DPS - ok
22:16:59.0728 2896 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:16:59.0728 2896 drmkaud - ok
22:16:59.0822 2896 DsiWMIService (55f6f3e0df82e0113082852347bf2c16) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
22:16:59.0869 2896 DsiWMIService - ok
22:16:59.0994 2896 dump_wmimmc - ok
22:17:00.0087 2896 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:17:00.0103 2896 DXGKrnl - ok
22:17:00.0165 2896 EagleX64 - ok
22:17:00.0212 2896 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:17:00.0228 2896 EapHost - ok
22:17:00.0430 2896 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:17:00.0462 2896 ebdrv - ok
22:17:00.0571 2896 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:17:00.0586 2896 EFS - ok
22:17:00.0742 2896 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:17:00.0758 2896 ehRecvr - ok
22:17:00.0789 2896 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:17:00.0805 2896 ehSched - ok
22:17:00.0930 2896 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:17:00.0945 2896 elxstor - ok
22:17:01.0101 2896 ePowerSvc (49eef52bfb986a2b5d70f4ec12637d7b) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
22:17:01.0132 2896 ePowerSvc - ok
22:17:01.0242 2896 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:17:01.0257 2896 ErrDev - ok
22:17:01.0320 2896 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:17:01.0335 2896 EventSystem - ok
22:17:01.0398 2896 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:17:01.0429 2896 exfat - ok
22:17:01.0460 2896 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:17:01.0460 2896 fastfat - ok
22:17:01.0554 2896 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:17:01.0585 2896 Fax - ok
22:17:01.0616 2896 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:17:01.0632 2896 fdc - ok
22:17:01.0663 2896 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:17:01.0678 2896 fdPHost - ok
22:17:01.0710 2896 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:17:01.0741 2896 FDResPub - ok
22:17:01.0803 2896 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:17:01.0819 2896 FileInfo - ok
22:17:01.0834 2896 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:17:01.0834 2896 Filetrace - ok
22:17:02.0006 2896 FLEXnet Licensing Service 64 (a4297244d4f817278a6ae45b1899ca9c) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
22:17:02.0037 2896 FLEXnet Licensing Service 64 - ok
22:17:02.0162 2896 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:17:02.0178 2896 flpydisk - ok
22:17:02.0224 2896 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:17:02.0240 2896 FltMgr - ok
22:17:02.0334 2896 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:17:02.0365 2896 FontCache - ok
22:17:02.0443 2896 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:17:02.0458 2896 FontCache3.0.0.0 - ok
22:17:02.0505 2896 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:17:02.0505 2896 FsDepends - ok
22:17:02.0552 2896 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:17:02.0568 2896 Fs_Rec - ok
22:17:02.0630 2896 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:17:02.0646 2896 fvevol - ok
22:17:02.0692 2896 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:17:02.0708 2896 gagp30kx - ok
22:17:02.0802 2896 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:17:02.0817 2896 gpsvc - ok
22:17:03.0020 2896 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
22:17:03.0082 2896 Greg_Service - ok
22:17:03.0192 2896 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:17:03.0207 2896 hcw85cir - ok
22:17:03.0301 2896 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:17:03.0316 2896 HdAudAddService - ok
22:17:03.0332 2896 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:17:03.0348 2896 HDAudBus - ok
22:17:03.0379 2896 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:17:03.0394 2896 HECIx64 - ok
22:17:03.0426 2896 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:17:03.0426 2896 HidBatt - ok
22:17:03.0441 2896 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:17:03.0441 2896 HidBth - ok
22:17:03.0472 2896 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:17:03.0472 2896 HidIr - ok
22:17:03.0488 2896 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:17:03.0504 2896 hidserv - ok
22:17:03.0550 2896 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:17:03.0550 2896 HidUsb - ok
22:17:03.0613 2896 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:17:03.0613 2896 hkmsvc - ok
22:17:03.0691 2896 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:17:03.0706 2896 HomeGroupListener - ok
22:17:03.0722 2896 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:17:03.0738 2896 HomeGroupProvider - ok
22:17:03.0784 2896 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:17:03.0800 2896 HpSAMD - ok
22:17:03.0878 2896 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:17:03.0894 2896 HTTP - ok
22:17:03.0940 2896 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:17:03.0956 2896 hwpolicy - ok
22:17:04.0018 2896 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:17:04.0065 2896 i8042prt - ok
22:17:04.0128 2896 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
22:17:04.0128 2896 iaStor - ok
22:17:04.0221 2896 IAStorDataMgrSvc (48362e5db5cb2c000c514ee1f3890acd) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
22:17:04.0252 2896 IAStorDataMgrSvc - ok
22:17:04.0315 2896 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:17:04.0330 2896 iaStorV - ok
22:17:04.0471 2896 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:17:04.0502 2896 idsvc - ok
22:17:05.0110 2896 igfx (7467ae8f96ea983423148c62458669fa) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:17:05.0298 2896 igfx - ok
22:17:05.0422 2896 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:17:05.0422 2896 iirsp - ok
22:17:05.0516 2896 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:17:05.0547 2896 IKEEXT - ok
22:17:05.0594 2896 Impcd (c48567d80ad357613cd0eeade18780ae) C:\Windows\system32\DRIVERS\Impcd.sys
22:17:05.0610 2896 Impcd - ok
22:17:05.0797 2896 IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) C:\Windows\system32\drivers\RTKVHD64.sys
22:17:05.0828 2896 IntcAzAudAddService - ok
22:17:06.0000 2896 IntcDAud (da24c1f66ee1b5a92e045376d7a44b58) C:\Windows\system32\DRIVERS\IntcDAud.sys
22:17:06.0015 2896 IntcDAud - ok
22:17:06.0062 2896 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:17:06.0062 2896 intelide - ok
22:17:06.0124 2896 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:17:06.0124 2896 intelppm - ok
22:17:06.0171 2896 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:17:06.0187 2896 IPBusEnum - ok
22:17:06.0234 2896 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:17:06.0234 2896 IpFilterDriver - ok
22:17:06.0312 2896 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:17:06.0327 2896 iphlpsvc - ok
22:17:06.0374 2896 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:17:06.0390 2896 IPMIDRV - ok
22:17:06.0421 2896 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:17:06.0436 2896 IPNAT - ok
22:17:06.0468 2896 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:17:06.0483 2896 IRENUM - ok
22:17:06.0499 2896 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:17:06.0499 2896 isapnp - ok
22:17:06.0530 2896 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:17:06.0546 2896 iScsiPrt - ok
22:17:06.0608 2896 JRSKD24 (e1c9d3942a7a4ac52ce8669db278b9e8) C:\Windows\system32\JRSKD24.SYS
22:17:06.0624 2896 JRSKD24 - ok
22:17:06.0717 2896 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
22:17:06.0733 2896 k57nd60a - ok
22:17:06.0795 2896 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:17:06.0795 2896 kbdclass - ok
22:17:06.0873 2896 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:17:06.0873 2896 kbdhid - ok
22:17:06.0951 2896 kcrtx64 (b2023b8c0aca7a4ff75a69e877dfb2d4) C:\Windows\system32\kcrtx64.sys
22:17:06.0967 2896 kcrtx64 - ok
22:17:07.0014 2896 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:17:07.0014 2896 KeyIso - ok
22:17:07.0060 2896 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
22:17:07.0076 2896 KSecDD - ok
22:17:07.0123 2896 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
22:17:07.0138 2896 KSecPkg - ok
22:17:07.0170 2896 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:17:07.0170 2896 ksthunk - ok
22:17:07.0216 2896 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:17:07.0232 2896 KtmRm - ok
22:17:07.0294 2896 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
22:17:07.0294 2896 L1E - ok
22:17:07.0357 2896 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:17:07.0372 2896 LanmanServer - ok
22:17:07.0435 2896 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:17:07.0435 2896 LanmanWorkstation - ok
22:17:07.0497 2896 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:17:07.0497 2896 lltdio - ok
22:17:07.0544 2896 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:17:07.0560 2896 lltdsvc - ok
22:17:07.0591 2896 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:17:07.0606 2896 lmhosts - ok
22:17:07.0794 2896 LMIGuardianSvc (98b0fcc176dfb711b67651becb88c445) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
22:17:07.0794 2896 LMIGuardianSvc - ok
22:17:07.0825 2896 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
22:17:07.0825 2896 LMIInfo - ok
22:17:07.0872 2896 LMIMaint (b712511029cbd68645a90a241fd6ae43) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
22:17:07.0887 2896 LMIMaint - ok
22:17:07.0887 2896 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
22:17:07.0903 2896 lmimirr - ok
22:17:07.0918 2896 LMIRfsClientNP - ok
22:17:07.0950 2896 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
22:17:07.0965 2896 LMIRfsDriver - ok
22:17:08.0059 2896 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:17:08.0059 2896 LMS - ok
22:17:08.0106 2896 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
22:17:08.0106 2896 LogMeIn - ok
22:17:08.0168 2896 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:17:08.0184 2896 LSI_FC - ok
22:17:08.0199 2896 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:17:08.0199 2896 LSI_SAS - ok
22:17:08.0230 2896 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:17:08.0230 2896 LSI_SAS2 - ok
22:17:08.0262 2896 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:17:08.0262 2896 LSI_SCSI - ok
22:17:08.0293 2896 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:17:08.0293 2896 luafv - ok
22:17:08.0371 2896 M4LIC (543080d7653128b1fa7cd8f7db22badb) C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
22:17:08.0418 2896 M4LIC - ok
22:17:08.0527 2896 MacDrive8Service (95c395fdeaf6813a1dc974ddb7ee04b4) C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
22:17:08.0542 2896 MacDrive8Service - ok
22:17:08.0667 2896 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
22:17:08.0667 2896 MBAMProtector - ok
22:17:08.0776 2896 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:17:08.0792 2896 MBAMService - ok
22:17:08.0870 2896 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:17:08.0870 2896 Mcx2Svc - ok
22:17:08.0964 2896 MDFSYSNT (99875732a0c1373316af28ed79c168cc) C:\Windows\system32\drivers\MDFSYSNT.sys
22:17:08.0979 2896 MDFSYSNT - ok
22:17:09.0057 2896 MDPMGRNT (8d3b834090836a01f49b97f22ae9c83c) C:\Windows\system32\DRIVERS\MDPMGRNT.SYS
22:17:09.0073 2896 MDPMGRNT - ok
22:17:09.0104 2896 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:17:09.0135 2896 megasas - ok
22:17:09.0166 2896 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:17:09.0198 2896 MegaSR - ok
22:17:09.0369 2896 mi-raysat_3dsmax2011_64 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
22:17:09.0416 2896 mi-raysat_3dsmax2011_64 - ok
22:17:09.0447 2896 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:17:09.0463 2896 MMCSS - ok
22:17:09.0478 2896 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:17:09.0478 2896 Modem - ok
22:17:09.0525 2896 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:17:09.0541 2896 monitor - ok
22:17:09.0588 2896 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:17:09.0588 2896 mouclass - ok
22:17:09.0650 2896 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:17:09.0666 2896 mouhid - ok
22:17:09.0712 2896 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:17:09.0728 2896 mountmgr - ok
22:17:09.0853 2896 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:17:09.0884 2896 MozillaMaintenance - ok
22:17:09.0915 2896 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:17:09.0931 2896 mpio - ok
22:17:09.0962 2896 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:17:09.0978 2896 mpsdrv - ok
22:17:10.0056 2896 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:17:10.0087 2896 MpsSvc - ok
22:17:10.0134 2896 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:17:10.0134 2896 MRxDAV - ok
22:17:10.0165 2896 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:17:10.0180 2896 mrxsmb - ok
22:17:10.0212 2896 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:17:10.0227 2896 mrxsmb10 - ok
22:17:10.0258 2896 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:17:10.0258 2896 mrxsmb20 - ok
22:17:10.0290 2896 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:17:10.0305 2896 msahci - ok
22:17:10.0352 2896 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:17:10.0352 2896 msdsm - ok
22:17:10.0383 2896 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:17:10.0399 2896 MSDTC - ok
22:17:10.0430 2896 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:17:10.0446 2896 Msfs - ok
22:17:10.0477 2896 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:17:10.0477 2896 mshidkmdf - ok
22:17:10.0492 2896 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:17:10.0508 2896 msisadrv - ok
22:17:10.0539 2896 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:17:10.0570 2896 MSiSCSI - ok
22:17:10.0570 2896 msiserver - ok
22:17:10.0617 2896 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:17:10.0617 2896 MSKSSRV - ok
22:17:10.0680 2896 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:17:10.0680 2896 MSPCLOCK - ok
22:17:10.0711 2896 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:17:10.0711 2896 MSPQM - ok
22:17:10.0773 2896 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:17:10.0789 2896 MsRPC - ok
22:17:10.0836 2896 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:17:10.0836 2896 mssmbios - ok
22:17:10.0851 2896 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:17:10.0851 2896 MSTEE - ok
22:17:10.0867 2896 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:17:10.0882 2896 MTConfig - ok
22:17:10.0898 2896 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:17:10.0914 2896 Mup - ok
22:17:10.0976 2896 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:17:10.0992 2896 napagent - ok
22:17:11.0085 2896 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:17:11.0085 2896 NativeWifiP - ok
22:17:11.0179 2896 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:17:11.0226 2896 NDIS - ok
22:17:11.0241 2896 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:17:11.0241 2896 NdisCap - ok
22:17:11.0288 2896 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:17:11.0304 2896 NdisTapi - ok
22:17:11.0335 2896 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:17:11.0350 2896 Ndisuio - ok
22:17:11.0397 2896 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:17:11.0413 2896 NdisWan - ok
22:17:11.0413 2896 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:17:11.0428 2896 NDProxy - ok
22:17:11.0491 2896 Neo_VPN (7e7410989adb54f6a60be9919ad2c71d) C:\Windows\system32\DRIVERS\Neo_0094.sys
22:17:11.0491 2896 Neo_VPN - ok
22:17:11.0538 2896 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:17:11.0538 2896 NetBIOS - ok
22:17:11.0600 2896 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:17:11.0616 2896 NetBT - ok
22:17:11.0678 2896 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:17:11.0678 2896 Netlogon - ok
22:17:11.0740 2896 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:17:11.0756 2896 Netman - ok
22:17:11.0881 2896 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:17:11.0928 2896 NetMsmqActivator - ok
22:17:11.0943 2896 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:17:11.0943 2896 NetPipeActivator - ok
22:17:12.0006 2896 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:17:12.0037 2896 netprofm - ok
22:17:12.0037 2896 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:17:12.0037 2896 NetTcpActivator - ok
22:17:12.0037 2896 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:17:12.0037 2896 NetTcpPortSharing - ok
22:17:12.0115 2896 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:17:12.0115 2896 nfrd960 - ok
22:17:12.0177 2896 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:17:12.0193 2896 NlaSvc - ok
22:17:12.0224 2896 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:17:12.0224 2896 Npfs - ok
22:17:12.0255 2896 npggsvc - ok
22:17:12.0255 2896 NPPTNT2 - ok
22:17:12.0286 2896 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:17:12.0286 2896 nsi - ok
22:17:12.0333 2896 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:17:12.0333 2896 nsiproxy - ok
22:17:12.0442 2896 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:17:12.0489 2896 Ntfs - ok
22:17:12.0598 2896 NTI IScheduleSvc (5b3ce960c62dbe864be9a0bd043a3e30) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
22:17:12.0661 2896 NTI IScheduleSvc - ok
22:17:12.0692 2896 NTIBackupSvc (15221dd637d9d0ffc60848ebbf1df538) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
22:17:12.0708 2896 NTIBackupSvc - ok
22:17:12.0832 2896 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
22:17:12.0832 2896 NTIDrvr - ok
22:17:12.0895 2896 NTISchedulerSvc (b5071e15d4c3f5ef5018aff7e85a85e5) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
22:17:12.0988 2896 NTISchedulerSvc - ok
22:17:13.0020 2896 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:17:13.0020 2896 Null - ok
22:17:13.0082 2896 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:17:13.0098 2896 nvraid - ok
22:17:13.0129 2896 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:17:13.0129 2896 nvstor - ok
22:17:13.0191 2896 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:17:13.0207 2896 nv_agp - ok
22:17:13.0222 2896 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:17:13.0222 2896 ohci1394 - ok
22:17:13.0285 2896 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:17:13.0300 2896 ose - ok
22:17:13.0347 2896 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:17:13.0378 2896 p2pimsvc - ok
22:17:13.0425 2896 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:17:13.0441 2896 p2psvc - ok
22:17:13.0488 2896 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:17:13.0503 2896 Parport - ok
22:17:13.0534 2896 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:17:13.0566 2896 partmgr - ok
22:17:13.0612 2896 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:17:13.0628 2896 PcaSvc - ok
22:17:13.0675 2896 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:17:13.0690 2896 pci - ok
22:17:13.0706 2896 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:17:13.0706 2896 pciide - ok
22:17:13.0753 2896 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:17:13.0768 2896 pcmcia - ok
22:17:13.0784 2896 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:17:13.0800 2896 pcw - ok
22:17:13.0831 2896 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:17:13.0846 2896 PEAUTH - ok
22:17:13.0956 2896 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:17:13.0956 2896 PerfHost - ok
22:17:14.0158 2896 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:17:14.0190 2896 pla - ok
22:17:14.0252 2896 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:17:14.0268 2896 PlugPlay - ok
22:17:14.0299 2896 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:17:14.0299 2896 PNRPAutoReg - ok
22:17:14.0330 2896 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:17:14.0330 2896 PNRPsvc - ok
22:17:14.0408 2896 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:17:14.0424 2896 PolicyAgent - ok
22:17:14.0455 2896 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:17:14.0470 2896 Power - ok
22:17:14.0548 2896 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:17:14.0564 2896 PptpMiniport - ok
22:17:14.0595 2896 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:17:14.0595 2896 Processor - ok
22:17:14.0673 2896 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
22:17:14.0689 2896 ProfSvc - ok
22:17:14.0736 2896 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:17:14.0736 2896 ProtectedStorage - ok
22:17:14.0814 2896 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:17:14.0829 2896 Psched - ok
22:17:15.0016 2896 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:17:15.0110 2896 ql2300 - ok
22:17:15.0266 2896 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:17:15.0282 2896 ql40xx - ok
22:17:15.0313 2896 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:17:15.0328 2896 QWAVE - ok
22:17:15.0344 2896 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:17:15.0360 2896 QWAVEdrv - ok
22:17:15.0375 2896 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:17:15.0375 2896 RasAcd - ok
22:17:15.0422 2896 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:17:15.0438 2896 RasAgileVpn - ok
22:17:15.0453 2896 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:17:15.0469 2896 RasAuto - ok
22:17:15.0500 2896 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:17:15.0531 2896 Rasl2tp - ok
22:17:15.0609 2896 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:17:15.0625 2896 RasMan - ok
22:17:15.0656 2896 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:17:15.0672 2896 RasPppoe - ok
22:17:15.0718 2896 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:17:15.0718 2896 RasSstp - ok
22:17:15.0750 2896 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:17:15.0765 2896 rdbss - ok
22:17:15.0781 2896 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:17:15.0781 2896 rdpbus - ok
22:17:15.0812 2896 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:17:15.0828 2896 RDPCDD - ok
22:17:15.0828 2896 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:17:15.0828 2896 RDPENCDD - ok
22:17:15.0843 2896 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:17:15.0843 2896 RDPREFMP - ok
22:17:15.0906 2896 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
22:17:15.0921 2896 RDPWD - ok
22:17:15.0968 2896 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:17:15.0984 2896 rdyboost - ok
22:17:15.0999 2896 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:17:16.0015 2896 RemoteAccess - ok
22:17:16.0077 2896 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:17:16.0093 2896 RemoteRegistry - ok
22:17:16.0155 2896 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:17:16.0186 2896 RFCOMM - ok
22:17:16.0202 2896 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:17:16.0218 2896 RpcEptMapper - ok
22:17:16.0249 2896 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:17:16.0264 2896 RpcLocator - ok
22:17:16.0374 2896 rpcnet (3297445bb9fd3e8363e7559010ed2ae7) C:\Windows\SysWOW64\rpcnet.exe
22:17:16.0389 2896 rpcnet - ok
22:17:16.0467 2896 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:17:16.0483 2896 RpcSs - ok
22:17:16.0545 2896 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:17:16.0561 2896 rspndr - ok
22:17:16.0608 2896 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:17:16.0608 2896 SamSs - ok
22:17:16.0701 2896 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:17:16.0701 2896 SASDIFSV - ok
22:17:16.0779 2896 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:17:16.0779 2896 SASKUTIL - ok
22:17:16.0826 2896 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:17:16.0873 2896 sbp2port - ok
22:17:17.0076 2896 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
22:17:17.0122 2896 SBSDWSCService - ok
22:17:17.0169 2896 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:17:17.0185 2896 SCardSvr - ok
22:17:17.0263 2896 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:17:17.0263 2896 scfilter - ok
22:17:17.0372 2896 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:17:17.0403 2896 Schedule - ok
22:17:17.0434 2896 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:17:17.0434 2896 SCPolicySvc - ok
22:17:17.0481 2896 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:17:17.0497 2896 SDRSVC - ok
22:17:17.0559 2896 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:17:17.0575 2896 secdrv - ok
22:17:17.0590 2896 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:17:17.0590 2896 seclogon - ok
22:17:17.0668 2896 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:17:17.0684 2896 SENS - ok
22:17:17.0715 2896 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:17:17.0715 2896 SensrSvc - ok
22:17:17.0731 2896 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:17:17.0746 2896 Serenum - ok
22:17:17.0778 2896 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:17:17.0793 2896 Serial - ok
22:17:17.0856 2896 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:17:17.0856 2896 sermouse - ok
22:17:17.0902 2896 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:17:17.0934 2896 SessionEnv - ok
22:17:17.0965 2896 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:17:17.0980 2896 sffdisk - ok
22:17:17.0980 2896 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:17:17.0996 2896 sffp_mmc - ok
22:17:17.0996 2896 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:17:18.0012 2896 sffp_sd - ok
22:17:18.0043 2896 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:17:18.0058 2896 sfloppy - ok
22:17:18.0121 2896 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:17:18.0136 2896 SharedAccess - ok
22:17:18.0199 2896 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:17:18.0214 2896 ShellHWDetection - ok
22:17:18.0261 2896 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:17:18.0292 2896 SiSRaid2 - ok
22:17:18.0292 2896 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:17:18.0308 2896 SiSRaid4 - ok
22:17:18.0355 2896 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:17:18.0355 2896 Smb - ok
22:17:18.0417 2896 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:17:18.0417 2896 SNMPTRAP - ok
22:17:18.0433 2896 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:17:18.0433 2896 spldr - ok
22:17:18.0511 2896 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:17:18.0526 2896 Spooler - ok
22:17:18.0792 2896 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:17:18.0823 2896 sppsvc - ok
22:17:18.0979 2896 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:17:18.0994 2896 sppuinotify - ok
22:17:19.0057 2896 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:17:19.0072 2896 srv - ok
22:17:19.0104 2896 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:17:19.0119 2896 srv2 - ok
22:17:19.0135 2896 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:17:19.0150 2896 srvnet - ok
22:17:19.0197 2896 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:17:19.0197 2896 SSDPSRV - ok
22:17:19.0213 2896 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:17:19.0228 2896 SstpSvc - ok
22:17:19.0244 2896 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:17:19.0260 2896 stexstor - ok
22:17:19.0306 2896 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
22:17:19.0306 2896 StillCam - ok
22:17:19.0384 2896 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:17:19.0416 2896 stisvc - ok
22:17:19.0462 2896 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:17:19.0462 2896 swenum - ok
22:17:19.0509 2896 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:17:19.0540 2896 swprv - ok
22:17:19.0665 2896 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:17:19.0681 2896 SysMain - ok
22:17:19.0806 2896 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:17:19.0821 2896 TabletInputService - ok
22:17:19.0884 2896 tap0901 (d4b85bd4ce3cb8083aa050c837a27dcc) C:\Windows\system32\DRIVERS\tap0901.sys
22:17:19.0899 2896 tap0901 - ok
22:17:19.0962 2896 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
22:17:19.0962 2896 taphss - ok
22:17:20.0024 2896 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:17:20.0071 2896 TapiSrv - ok
22:17:20.0102 2896 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:17:20.0102 2896 TBS - ok
22:17:20.0258 2896 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:17:20.0305 2896 Tcpip - ok
22:17:20.0539 2896 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:17:20.0554 2896 TCPIP6 - ok
22:17:20.0632 2896 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:17:20.0648 2896 tcpipreg - ok
22:17:20.0679 2896 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:17:20.0679 2896 TDPIPE - ok
22:17:20.0726 2896 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:17:20.0726 2896 TDTCP - ok
22:17:20.0773 2896 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:17:20.0773 2896 tdx - ok
22:17:21.0054 2896 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:17:21.0054 2896 TermDD - ok
22:17:21.0132 2896 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:17:21.0178 2896 TermService - ok
22:17:21.0210 2896 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:17:21.0225 2896 Themes - ok
22:17:21.0256 2896 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:17:21.0256 2896 THREADORDER - ok
22:17:21.0272 2896 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:17:21.0272 2896 TrkWks - ok
22:17:21.0350 2896 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:17:21.0350 2896 TrustedInstaller - ok
22:17:21.0397 2896 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:17:21.0412 2896 tssecsrv - ok
22:17:21.0459 2896 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:17:21.0459 2896 TsUsbFlt - ok
22:17:21.0522 2896 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:17:21.0522 2896 tunnel - ok
22:17:21.0584 2896 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
22:17:21.0584 2896 TurboB - ok
22:17:21.0678 2896 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
22:17:21.0693 2896 TurboBoost - ok
22:17:21.0724 2896 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:17:21.0724 2896 uagp35 - ok
22:17:21.0740 2896 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
22:17:21.0756 2896 UBHelper - ok
22:17:21.0802 2896 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:17:21.0818 2896 udfs - ok
22:17:21.0849 2896 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:17:21.0849 2896 UI0Detect - ok
22:17:21.0896 2896 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:17:21.0912 2896 uliagpkx - ok
22:17:21.0958 2896 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:17:21.0958 2896 umbus - ok
22:17:22.0021 2896 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:17:22.0021 2896 UmPass - ok
22:17:22.0536 2896 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:17:22.0567 2896 UNS - ok
22:17:22.0754 2896 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
22:17:22.0848 2896 Updater Service - ok
22:17:24.0345 2896 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:17:24.0376 2896 upnphost - ok
22:17:24.0501 2896 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:17:24.0532 2896 usbccgp - ok
22:17:24.0626 2896 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:17:24.0642 2896 usbcir - ok
22:17:24.0704 2896 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:17:24.0720 2896 usbehci - ok
22:17:24.0766 2896 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:17:24.0844 2896 usbhub - ok
22:17:24.0891 2896 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:17:24.0907 2896 usbohci - ok
22:17:24.0954 2896 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:17:24.0954 2896 usbprint - ok
22:17:25.0016 2896 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:17:25.0047 2896 USBSTOR - ok
22:17:25.0125 2896 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:17:25.0141 2896 usbuhci - ok
22:17:25.0312 2896 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:17:25.0328 2896 usbvideo - ok
22:17:25.0390 2896 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:17:25.0406 2896 UxSms - ok
22:17:25.0453 2896 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:17:25.0453 2896 VaultSvc - ok
22:17:25.0578 2896 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:17:25.0593 2896 vdrvroot - ok
22:17:25.0702 2896 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:17:25.0749 2896 vds - ok
22:17:25.0858 2896 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:17:25.0905 2896 vga - ok
22:17:25.0936 2896 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:17:25.0952 2896 VgaSave - ok
22:17:26.0030 2896 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:17:26.0046 2896 vhdmp - ok
22:17:26.0092 2896 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:17:26.0108 2896 viaide - ok
22:17:26.0186 2896 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:17:26.0202 2896 volmgr - ok
22:17:26.0295 2896 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:17:26.0326 2896 volmgrx - ok
22:17:26.0467 2896 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:17:26.0498 2896 volsnap - ok
22:17:27.0434 2896 vpnclient (bf6d8c9ebb734be1b3777ec2aa7e2d47) C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe
22:17:27.0465 2896 vpnclient - ok
22:17:27.0652 2896 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:17:27.0684 2896 vsmraid - ok
22:17:28.0011 2896 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:17:28.0105 2896 VSS - ok
22:17:28.0339 2896 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:17:28.0354 2896 vwifibus - ok
22:17:28.0417 2896 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:17:28.0432 2896 vwififlt - ok
22:17:28.0542 2896 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:17:28.0557 2896 W32Time - ok
22:17:28.0651 2896 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:17:28.0651 2896 WacomPen - ok
22:17:28.0776 2896 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:17:28.0791 2896 WANARP - ok
22:17:28.0822 2896 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:17:28.0822 2896 Wanarpv6 - ok
22:17:29.0197 2896 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:17:29.0337 2896 WatAdminSvc - ok
22:17:29.0665 2896 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:17:29.0774 2896 wbengine - ok
22:17:30.0024 2896 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:17:30.0133 2896 WbioSrvc - ok
22:17:30.0195 2896 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:17:30.0211 2896 wcncsvc - ok
22:17:30.0242 2896 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:17:30.0258 2896 WcsPlugInService - ok
22:17:30.0336 2896 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:17:30.0336 2896 Wd - ok
22:17:30.0492 2896 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:17:30.0585 2896 Wdf01000 - ok
22:17:30.0741 2896 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:17:30.0835 2896 WdiServiceHost - ok
22:17:30.0835 2896 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:17:30.0835 2896 WdiSystemHost - ok
22:17:30.0975 2896 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:17:31.0006 2896 WebClient - ok
22:17:31.0116 2896 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:17:31.0162 2896 Wecsvc - ok
22:17:31.0225 2896 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:17:31.0225 2896 wercplsupport - ok
22:17:31.0350 2896 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:17:31.0365 2896 WerSvc - ok
22:17:31.0521 2896 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:17:31.0615 2896 WfpLwf - ok
22:17:31.0708 2896 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:17:31.0708 2896 WIMMount - ok
22:17:31.0740 2896 WinDefend - ok
22:17:31.0771 2896 WinHttpAutoProxySvc - ok
22:17:31.0880 2896 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:17:31.0927 2896 Winmgmt - ok
22:17:32.0535 2896 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:17:32.0722 2896 WinRM - ok
22:17:33.0362 2896 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:17:33.0378 2896 WinUsb - ok
22:17:33.0736 2896 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:17:33.0877 2896 Wlansvc - ok
22:17:34.0516 2896 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:17:34.0579 2896 wlidsvc - ok
22:17:34.0750 2896 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:17:34.0750 2896 WmiAcpi - ok
22:17:34.0813 2896 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:17:34.0828 2896 wmiApSrv - ok
22:17:34.0891 2896 WMPNetworkSvc - ok
22:17:34.0938 2896 wolf - ok
22:17:34.0969 2896 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:17:34.0969 2896 WPCSvc - ok
22:17:35.0016 2896 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:17:35.0031 2896 WPDBusEnum - ok
22:17:35.0062 2896 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:17:35.0078 2896 ws2ifsl - ok
22:17:35.0094 2896 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:17:35.0140 2896 wscsvc - ok
22:17:35.0203 2896 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:17:35.0203 2896 WSDPrintDevice - ok
22:17:35.0218 2896 WSearch - ok
22:17:35.0390 2896 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:17:35.0406 2896 wuauserv - ok
22:17:35.0546 2896 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:17:35.0562 2896 WudfPf - ok
22:17:35.0608 2896 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:17:35.0624 2896 WUDFRd - ok
22:17:35.0671 2896 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:17:35.0686 2896 wudfsvc - ok
22:17:35.0718 2896 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:17:35.0733 2896 WwanSvc - ok
22:17:35.0796 2896 X6va003 - ok
22:17:35.0827 2896 X6va005 - ok
22:17:35.0874 2896 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:17:36.0092 2896 \Device\Harddisk0\DR0 - ok
22:17:36.0092 2896 Boot (0x1200) (38106e6b46605304b4552edc6e6c07f3) \Device\Harddisk0\DR0\Partition0
22:17:36.0092 2896 \Device\Harddisk0\DR0\Partition0 - ok
22:17:36.0108 2896 Boot (0x1200) (f57b16ec713a36e95ec4fdb6765cc4f8) \Device\Harddisk0\DR0\Partition1
22:17:36.0108 2896 \Device\Harddisk0\DR0\Partition1 - ok
22:17:36.0139 2896 Boot (0x1200) (a505ff8ddeffbc64aadf5e46a47e3a22) \Device\Harddisk0\DR0\Partition2
22:17:36.0139 2896 \Device\Harddisk0\DR0\Partition2 - ok
22:17:36.0139 2896 ============================================================
22:17:36.0139 2896 Scan finished
22:17:36.0139 2896 ============================================================
22:17:36.0186 1948 Detected object count: 0
22:17:36.0186 1948 Actual detected object count: 0





aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-21 22:19:32
-----------------------------
22:19:32.305 OS Version: Windows x64 6.1.7601 Service Pack 1
22:19:32.305 Number of processors: 4 586 0x2502
22:19:32.305 ComputerName: ACER-PC UserName: Acer
22:19:39.185 Initialize success
22:25:34.873 AVAST engine defs: 12072100
22:25:53.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:25:53.671 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
22:25:53.686 Disk 0 MBR read successfully
22:25:53.686 Disk 0 MBR scan
22:25:53.686 Disk 0 Windows 7 default MBR code
22:25:53.702 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
22:25:53.718 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
22:25:53.749 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 146054 MB offset 26830848
22:25:53.780 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 146089 MB offset 325949440
22:25:53.827 Disk 0 scanning C:\Windows\system32\drivers
22:26:07.664 Service scanning
22:26:42.390 Modules scanning
22:26:42.390 Disk 0 trace - called modules:
22:26:42.421 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:26:42.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80025f3060]
22:26:42.437 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002332050]
22:26:44.449 AVAST engine scan C:\Windows
22:26:52.155 AVAST engine scan C:\Windows\system32
22:31:40.974 AVAST engine scan C:\Windows\system32\drivers
22:31:56.356 AVAST engine scan C:\Users\Acer
22:33:04.512 Disk 0 MBR has been saved successfully to "C:\Users\Acer\Desktop\MBR.dat"
22:33:04.512 The log file has been saved successfully to "C:\Users\Acer\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:20 AM

Posted 21 July 2012 - 11:10 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 simplest

simplest
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 22 July 2012 - 11:06 AM

I am attaching the 2nd Combofix log. My AntiVirus still kind of disabled and I am unable to update the virus definitions as before and after running Combofix 2nd time.
Other than that everything else seems fine...


Combofix log

ComboFix 12-07-20.02 - Acer 07/2012 週日 23:38:33.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.3076.18.1781.576 [GMT 8:00]
执行位置: c:\users\Acer\Desktop\ComboFix.exe
Command switches used :: c:\users\Acer\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Acer\AppData\Local\Temp\VPN_C5A6\B7091C83.dll
c:\windows\TEMP\VPN_81F8\B7091C83.dll
.
.
((((((((((((((((((((((((( 2012-06-22 至 2012-07-22 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-07-22 15:50 . 2012-07-22 15:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-22 15:50 . 2012-07-22 15:50 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-07-22 15:50 . 2012-07-22 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 12:30 . 2012-07-13 12:30 520192 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{D8E96886-34D6-4EB7-8A72-639C76EE0B4A}\LineageII.exe1_D8E9688634D64EB78A72639C76EE0B4A.exe
2012-07-13 12:30 . 2012-07-13 12:30 520192 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{D8E96886-34D6-4EB7-8A72-639C76EE0B4A}\LineageII.exe_D8E9688634D64EB78A72639C76EE0B4A.exe
2012-07-12 13:40 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 13:34 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-12 13:34 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-30 02:37 . 2012-06-30 02:37 -------- d-----w- c:\users\Acer\AppData\Roaming\HpUpdate
2012-06-30 02:37 . 2010-11-16 13:24 750440 ------w- c:\windows\system32\HPDiscoPM9311.dll
2012-06-30 02:36 . 2012-06-30 02:38 -------- d-----w- c:\programdata\HP
2012-06-30 02:36 . 2012-06-30 02:37 -------- d-----w- c:\program files (x86)\HP
2012-06-30 02:36 . 2012-06-30 02:36 -------- d-----w- c:\program files\HP
2012-06-30 02:36 . 2012-06-30 02:36 -------- d-----w- c:\users\Acer\AppData\Local\HP
2012-06-27 14:27 . 2012-06-27 14:27 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-27 14:27 . 2012-06-27 14:27 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-25 11:35 . 2012-06-25 11:35 -------- d-----w- c:\users\Acer\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 14:53 . 2010-03-21 23:58 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-07-22 14:53 . 2010-03-17 12:57 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2012-07-22 14:53 . 2010-03-17 12:56 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2012-07-22 14:53 . 2010-03-17 12:56 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-07-12 13:36 . 2010-08-29 02:20 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-12 09:49 . 2012-05-26 20:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 09:49 . 2011-05-30 13:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 08:07 . 2010-11-10 19:30 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-07-12 08:07 . 2010-11-10 19:30 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-12 08:07 . 2010-11-10 19:30 80800 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-03 05:46 . 2011-02-21 10:43 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-18 16:33 . 2011-02-15 14:30 160384 ----a-w- c:\windows\system32\TesSafe.sys
2012-06-02 22:19 . 2012-06-22 11:45 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 11:46 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 11:46 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 11:46 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 11:45 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 11:46 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 11:45 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 07:19 . 2012-06-22 11:45 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 07:15 . 2012-06-22 11:45 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-09 04:21 . 2012-05-03 03:48 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-09 04:21 . 2010-08-13 13:59 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-15 02:26 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-15 02:26 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-15 02:26 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-15 02:26 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-15 02:26 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-15 02:26 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-15 02:26 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-15 02:26 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-15 02:26 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-15 02:26 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-15 02:26 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-15 02:26 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-15 02:26 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-15 02:26 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-20_16.49.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-26 16:45 . 2012-07-22 14:44 77192 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-22 14:55 39178 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-12 11:23 . 2012-07-22 14:44 18938 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3708158517-3727541704-1879287214-1000_UserData.bin
+ 2010-08-12 11:17 . 2012-07-22 14:27 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-12 11:17 . 2012-07-20 14:40 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-12 11:17 . 2012-07-20 14:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-12 11:17 . 2012-07-22 14:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-22 14:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-20 14:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-07-21 14:20 96016 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-07-20 16:48 . 2012-07-20 16:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-22 14:53 . 2012-07-22 14:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-22 14:53 . 2012-07-22 14:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-20 16:48 . 2012-07-20 16:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-04-20 08:19 . 2012-07-20 16:14 392236 c:\windows\system32\prfh0404.dat
+ 2010-04-20 08:19 . 2012-07-22 14:58 392236 c:\windows\system32\prfh0404.dat
+ 2010-04-20 08:19 . 2012-07-22 14:58 114254 c:\windows\system32\prfc0404.dat
- 2010-04-20 08:19 . 2012-07-20 16:14 114254 c:\windows\system32\prfc0404.dat
+ 2009-07-14 02:36 . 2012-07-22 14:58 652376 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-20 16:14 652376 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-22 14:58 121308 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-20 16:14 121308 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-22 14:49 306908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-20 16:47 306908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-02-26 1289296]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-26 1125152]
PacketiX VPN Client Task Tray.lnk - c:\program files\PacketiX VPN Client 64-bit Edition English\vpncmgr_x64.exe [2008-5-15 4793856]
籜Email.lnk - c:\program files (x86)\WINPENJR\Win32\acremchk.exe [2011-9-5 311824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-09 86016]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-02 40448]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-06 335400]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 CEDRIVER55;CEDRIVER55;c:\program files (x86)\Cheat Engine\dbk64.sys [2011-01-12 41984]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\PLAYNC\AION永恆紀元\bin32\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-20 1436424]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2011-01-14 14056]
R3 kcrtx64;kcrtx64;c:\windows\system32\kcrtx64.sys [2011-01-14 141848]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-27 113120]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-05 50432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-28 1255736]
R3 wolf;wolf;c:\program files (x86)\skdaren\Wolfteam\wolf64.sys [x]
R3 WSDPrintDevice;透過 UMB 提供 WSD 列印支援;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 X6va003;X6va003;c:\users\Acer\AppData\Local\Temp\003A775.tmp [x]
R3 X6va005;X6va005;c:\users\Acer\AppData\Local\Temp\00598E5.tmp [x]
R4 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-02-03 616400]
R4 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-02-03 342480]
R4 AntiVirSchedulerService;Avira 排程管理員;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-02-03 86736]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-02-03 463824]
R4 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-08 149504]
R4 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [2010-10-21 32424]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-02-03 139512]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-02-03 27760]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-05-12 70344]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-02-26 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-05 865824]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-12 375208]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2010-07-20 205312]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-05 144640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S2 vpnclient;PacketiX VPN Client;c:\program files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe [2008-05-15 4601344]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-02-03 113768]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-07 158848]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-01-08 271872]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-15 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0094.sys [2011-02-15 29808]
.
.
‘计划任务’ 文件夹 里的内容
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 09:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-12 410136]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 193536]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-12 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-12 390680]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-10-08 146432]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 860192]
.
------- 而外的扫描 -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c04&m=aspire_4741&r=27360810l406l0458z145t45j1k389
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.toggle.com/en/index.php?rvs=hompag
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: archlord.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: com.cn\*.cga
Trusted Zone: freerealms.com
Trusted Zone: hangame.com
Trusted Zone: naver.com\archlord
Trusted Zone: ogdev.net
Trusted Zone: sdo.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {007F084F-ED3C-4B0F-8E32-3B7030D4CAB7} - hxxp://rfgrid.gridcdn.com/CluAppLauncher.cab
DPF: {0801AC9D-4ED7-4ACE-A2C0-847A408741E2} - hxxp://ava.qq.com/act/a20100426check/Tencent_Check.cab
DPF: {09576291-F706-4F15-BD10-A66FB114CBDC} - hxxp://allstar.paran.com/activex/kSysInfo_opengl.cab
DPF: {24960521-7F51-4743-9D83-906B16D188E5} - hxxp://download.archlord.com/archlord/arch_relay/Archlord_downloader.2.0.0.9.cab
DPF: {2936308A-4942-4A0E-A3B6-BD6DE8E0FF58} - hxxp://launcher.nolto.com/GameStart/objectBK/SonovGStarter.cab
DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} - hxxp://addn.gamecdn.paran.com/html/AddOn.cab
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} - hxxp://www.hangame.com/common/CKKeyProInst.cab
DPF: {708BFDA5-5B56-435B-8227-726021E197E9} - hxxp://tw.beanfun.com/beanfun_block/embeds/BFServiceAdapter.cab
DPF: {84FA2550-7497-4296-ABC0-B6A1A7B0ED57} - hxxp://allstar.paran.com/activex/WebStarter.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.kr/cdndist/neffynew/NeffyLauncher.cab
DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://su.hanbiton.com/Game/Launcher/HLauncher.cab
DPF: {BB5CB1AB-9613-44C7-B064-0F06ABAF2855} - hxxp://211.239.117.240/kcsdownloader/activex/KCSActiveX.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://pubid.hangame.com/common/HanSetup1040.cab
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\
FF - prefs.js: browser.startup.homepage - hxxp://zh-TW.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:zh-TW:official
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Acer\AppData\Local\Temp\003A775.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Acer\AppData\Local\Temp\00598E5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3708158517-3727541704-1879287214-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{803EDEE9-73BB-EC99-C0CE-A6529E202957}*]
"oaamhkdhmdfpfgmghinbhkophdljao"=hex:6a,61,6d,69,6d,6c,69,6d,62,62,6f,6d,61,61,
6d,69,62,6c,6c,65,00,6f
"nagnbgghobgcmgkhflajelppbmhj"=hex:6a,61,6d,69,6d,6c,69,6d,62,62,6f,6d,61,61,
6d,69,62,6c,6c,65,00,6f
"gbipjihginpgipicblgbffkcfainecfegfcdbmdolgjoag"=hex:6c,61,65,6e,62,68,65,64,
6a,6d,61,6a,6d,63,6f,70,70,67,67,65,6c,64,61,68,00,00
"bbonpemcklneplmlkhngnkmgilgnjdeickgg"=hex:68,62,61,6d,64,6d,6d,6b,6a,65,61,61,
63,67,6b,65,6d,70,70,6d,6c,6b,64,62,65,6d,65,68,63,6e,6a,6f,6f,6b,70,6d,6b,\
.
[HKEY_USERS\S-1-5-21-3708158517-3727541704-1879287214-1000\Software\SecuROM\License information*]
"datasecu"=hex:81,84,cb,ac,a0,b3,4d,4c,b7,0b,96,14,03,b6,bc,16,af,36,eb,8a,cc,
bb,6e,1a,cc,12,63,50,93,7c,58,76,bf,49,5c,84,13,75,32,41,7f,87,a5,51,82,76,\
"rkeysecu"=hex:96,01,4d,b0,df,be,91,b6,97,75,0b,ad,ca,d4,40,4f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2012-07-22 23:53:49
ComboFix-quarantined-files.txt 2012-07-22 15:53
ComboFix2.txt 2012-07-20 17:06
ComboFix3.txt 2011-03-07 19:57
.
Pre-Run: 16,297,820,160 bytes free
Post-Run: 16,058,986,496 bytes free
.
- - End Of File - - EEB2837DEF5AE9D3092C7343DA735C4F

Edited by simplest, 22 July 2012 - 11:11 AM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:20 AM

Posted 22 July 2012 - 09:33 PM

Greetings


uninstall the antivirus and then reinstall it and let me know if it starts working correctly


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 simplest

simplest
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 23 July 2012 - 08:55 PM

Hi Gringo,

Uninstall and reinstall the antivirus help solved the update and protection problem. I will see if it stay this way for the next few days...
Will let you know by reply to this thread...

:)

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:20 AM

Posted 24 July 2012 - 09:04 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.4.4 - Chinese Traditional
Java 6 Update 33
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 simplest

simplest
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 25 July 2012 - 10:17 AM

For some reason, after uninstalled the old Java version and reinstall the latest version of Java, any Java applications (web and desktop executable) no longer work...
It just give me an error messages.


MalwareByte Antiware log

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.24.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Acer :: ACER-PC [administrator]

Protection: Enabled

25/7/2012 下午 10:03:54
mbam-log-2012-07-25 (22-03-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212406
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



HiJackThis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:21:09, on 25/7/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Users\Acer\Desktop\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: PacketiX VPN Client Task Tray.lnk = C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpncmgr_x64.exe
O4 - Global Startup: XEmail\؇.lnk = ?
O9 - Extra button: ◊∑?„E - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: p[ Windows Live Writer ◊∑?„E(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ?fl OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: ?fl OneNote(E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: icaproxy.dll
O10 - Unknown file in Winsock LSP: icaproxy.dll
O10 - Unknown file in Winsock LSP: icaproxy.dll
O10 - Unknown file in Winsock LSP: icaproxy.dll
O10 - Unknown file in Winsock LSP: icaproxy.dll
O10 - Unknown file in Winsock LSP: icaproxy.dll
O10 - Unknown file in Winsock LSP: icaproxy.dll
O10 - Unknown file in Winsock LSP: icaproxy.dll
O10 - Unknown file in Winsock LSP: icaproxy.dll
O10 - Unknown file in Winsock LSP: icaproxy.dll
O10 - Unknown file in Winsock LSP: icaproxy.dll
O10 - Unknown file in Winsock LSP: icaproxy.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.archlord.com
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: http://*.cga.com.cn
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: http://*.hangame.com
O15 - Trusted Zone: http://archlord.naver.com
O15 - Trusted Zone: http://*.ogdev.net
O15 - Trusted Zone: http://*.sdo.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O15 - Trusted Zone: http://*.taobao.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {007F084F-ED3C-4B0F-8E32-3B7030D4CAB7} (AppCaller Class) - http://rfgrid.gridcdn.com/CluAppLauncher.cab
O16 - DPF: {0801AC9D-4ED7-4ACE-A2C0-847A408741E2} (D3DCheck Class) - http://ava.qq.com/act/a20100426check/Tencent_Check.cab
O16 - DPF: {09576291-F706-4F15-BD10-A66FB114CBDC} (kSysInfo Control) - http://allstar.paran.com/activex/kSysInfo_opengl.cab
O16 - DPF: {24960521-7F51-4743-9D83-906B16D188E5} (Archlord_downloader Control) - http://download.archlord.com/archlord/arch_relay/Archlord_downloader.2.0.0.9.cab
O16 - DPF: {2936308A-4942-4A0E-A3B6-BD6DE8E0FF58} (GStarter Class) - http://launcher.nolto.com/GameStart/objectBK/SonovGStarter.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} (KT ICS Download Component) - http://addn.gamecdn.paran.com/html/AddOn.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
O16 - DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} (CKKeyPro Crypto support Class (CKNhnInst)) - http://www.hangame.com/common/CKKeyProInst.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} (XecureCKKB Class) - https://www.g-pin.go.kr/XecureObject/CKKeyPro3024_32k.cab
O16 - DPF: {708BFDA5-5B56-435B-8227-726021E197E9} (BFServiceAdapterX Control) - http://tw.beanfun.com/beanfun_block/embeds/BFServiceAdapter.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {84FA2550-7497-4296-ABC0-B6A1A7B0ED57} (WebStarter Control) - http://allstar.paran.com/activex/WebStarter.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.kr/cdndist/neffynew/NeffyLauncher.cab
O16 - DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} (HLauncher Control) - http://su.hanbiton.com/Game/Launcher/HLauncher.cab
O16 - DPF: {BB5CB1AB-9613-44C7-B064-0F06ABAF2855} (KCSActiveXCtrl Class) - http://211.239.117.240/kcsdownloader/activex/KCSActiveX.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://pubid.hangame.com/common/HanSetup1040.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: Mediafour M4LIC service (M4LIC) - Mediafour Corporation - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit (mi-raysat_3dsmax2011_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: PacketiX VPN Client (vpnclient) - SoftEther Corporation - C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe

--
End of file - 15776 bytes

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:20 AM

Posted 25 July 2012 - 03:18 PM

Greetings

Uninstall and reinstall java once more and see if it clears up

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 simplest

simplest
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 26 July 2012 - 03:21 PM

Hi Gringo,

Scan the computer with Eset Online scanner but no threads are found.

Also, tried uninstall and reinstall the Java again but it doesn't solve the Java problem...

Other than that, everything else seems normal...

jch02140

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:20 AM

Posted 26 July 2012 - 03:28 PM

Greetings

run this and then try to run java again


:Run JavaRa

  • Please download JavaRa and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users