Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Patched_C.LYU


  • This topic is locked This topic is locked
18 replies to this topic

#1 Risc

Risc

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 16 July 2012 - 05:45 PM

Hello forum,


I was searching through google about a game called Slender, don't go to any page about it by the way, and I opened up the official website for it and something popped up on the internet screen for half a second and then disappeared. I quickly shut the page off hoping that kept whatever it was off my PC, but I was wrong. I decided to listen to some music on youtube when everything started going horribly slow. I went into my task manager and saw that Internet explorer was running twice, but I did not have it up, and a whole bunch of stuff that was not there before. Now my PC runs at 91%-84% Physical memory. I can't load anything that requires Adobe or some music/video player. It also goes really slow if I open up my Office programs as well.

So I ran AVG and it found some problems. It removed some of them, but two of them are whitelisted because they are critical system files. It says a trojan horse patched the services.exe but it can't be removed. Since then, most of the sites I try to go to redirects me to Newsfudge now (DON'T GO THERE!) and weird looking photoshop sites and more.

My PC is a Acer Aspire One, and is a notebook. It is also a Windows 7 Starter 32bit. Notebooks have no CD-drives, so I can't even attempt to reinstall Windows, even though it didn't come with a disc, just a key. So I was hoping this forum could help me solve this issue.

The other problems found and deleted/solved:

(Warning) Found registry key with reference to infected file: C:\Users\Risc\AppData\Roaming\dsielp.dll
(Infection) Virus Found Win32/Cryptor C:\Users\Risc\AppData\Roaming\dsielp.dll
(Malware) IDP.Virus79AAE1FC C:\Users\Risc\AppData\Roaming\xsecva\xsecva.exe

The above was removed, AVG says, and put into the Vault. I just thought I should include them.

The file that cannot be removed and is the current problem:

Trojan horse patched_C.LYU C:\Windows\System32\services.exe Object is whitelisted (critical/system file that should not be removed)

Every time it redirects the page to one of the websites, a popup from AVG tells me about the trojan, but says it can only be ignored and put into the Resident Shield part of AVG.

I would love any and all help. Thank you,

Risc~

P.S

I haven't tried anything else in case it would mess it up more. I don't know where to start, either. :(

Edited by Risc, 16 July 2012 - 06:13 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:19 AM

Posted 17 July 2012 - 12:48 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Risc

Risc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 18 July 2012 - 05:48 PM

Hello and thank you for the reply.

I don't have anything really important on the computer, but I did save some things on a flash drive just in case.
After, I ran DeFrogger, disabled what needed to be disabled but it did not request a system reboot, so I continued with the Security Check. It couldn't find something, but it went to fast for me to see. Here is the checkup.txt exactly as it was given:

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 32
Java version out of Date!
Adobe Flash Player 11.3.300.265
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

I then disabled all my anti-malware programs that I knew about: AVG, firewall. And then I ran DDS. Here is the DDS notepad it opened:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Risc at 18:40:30 on 2012-07-18
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1012.335 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Launch Manager\LMutilps32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVG\AVG2012\avgcfgex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uWinlogon: Shell=c:\program files\oceanis\systemsetting\WallPaperAgent.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Windows 7 Starter Helper: {d381ff29-7cfb-4d4e-b92a-c4eddc696614} - c:\program files\oceanis\systemsetting\StarterHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Akamai NetSession Interface] "c:\users\risc\appdata\local\akamai\netsession_win.exe"
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SuiteTray] "c:\program files\egistec mywinlockersuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "c:\program files\egistec ips\PmmUpdate.exe"
mRun: [EgisUpdate] "c:\program files\egistec ips\EgisUpdate.exe" -d
mRun: [Norton Online Backup] c:\program files\symantec\norton online backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Power Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: c:\users\risc\appdata\roaming\micros~1\windows\startm~1\programs\startup\pspdisp.lnk - c:\program files\pspdisp\bin\app\PSPdisp.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{BE34F3C2-7A7E-40A6-8D28-A1D79A9FDC65} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{BE34F3C2-7A7E-40A6-8D28-A1D79A9FDC65}\86F6D65623437686A7 : DhcpNameServer = 172.16.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\risc\appdata\roaming\mozilla\firefox\profiles\upijvlar.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bfb7fad6f-9124-48a2-ad29-154d73caba56%7D&mid=9c08a751c11347d0a7c239d3c9c720d1-b364d5b376a49bc9a4747aaf8dcf3d6cdade256d&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-07-16%2020%3A29%3A24&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\1\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2011-3-24 19304]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2011-3-24 16744]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2011-3-24 62048]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2011-3-24 352336]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2011-5-6 739944]
R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-3-24 13336]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2011-3-24 1751656]
R2 Live Updater Service;Live Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2011-3-24 244624]
R2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\NOBuAgent.exe [2010-6-1 2057560]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2011-3-24 260640]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-16 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2011-3-24 250984]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-24 327784]
S2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-6-13 2321560]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\common files\egistec\services\EgisTicketService.exe [2010-9-27 172912]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2011-3-19 35392]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SaiHF51A;SaiHF51A;c:\windows\system32\drivers\SaiHF51A.sys [2007-5-31 135048]
S3 SaiUF51A;SaiUF51A;c:\windows\system32\drivers\SaiUF51A.sys [2007-5-31 28544]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-07-17 02:36:28 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-07-17 02:12:49 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-17 00:30:27 -------- d-----w- c:\users\risc\appdata\roaming\AVG2012
2012-07-17 00:29:17 -------- d-----w- c:\program files\AVG Secure Search
2012-07-17 00:18:12 6762896 ------w- c:\programdata\microsoft\windows defender\definition updates\{3fc99c33-041c-4cac-936b-a6c63508588d}\mpengine.dll
2012-07-16 06:41:20 -------- d-----w- c:\users\risc\appdata\local\AVG Secure Search
2012-07-16 06:40:57 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-16 06:40:53 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-07-16 06:38:28 -------- d--h--w- C:\$AVG
2012-07-16 06:38:28 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-16 06:38:28 -------- d-----w- c:\programdata\AVG2012
2012-07-16 06:37:28 -------- d-----w- c:\program files\AVG
2012-07-16 06:34:23 -------- d--h--w- c:\programdata\Common Files
2012-07-16 06:34:23 -------- d-----w- c:\programdata\MFAData
2012-07-16 00:31:26 -------- d-----w- c:\windows\system32\%APPDATA%
2012-07-16 00:19:42 -------- d-----w- c:\users\risc\appdata\local\{EA016691-CEDB-11E1-8270-B8AC6F996F26}
2012-07-16 00:18:41 -------- d-----w- c:\users\risc\appdata\roaming\xsecva
2012-07-12 01:44:41 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-09 00:29:54 -------- d-----w- c:\users\risc\appdata\local\{02D17A4F-DD18-45E9-A499-6FF233735DC2}
2012-07-09 00:29:36 -------- d-----w- c:\users\risc\appdata\local\{B71831B9-B7F7-40D3-9A74-E48CB95B7763}
2012-06-22 02:46:21 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 02:46:04 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 02:45:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 02:45:50 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 06:24:30 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-21 06:24:30 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-07-17 02:24:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-17 02:24:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-22 01:31:09 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-22 01:31:09 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
============= FINISH: 18:42:11.91 ===============



And here is the contents of the second log, the Attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume2
Install Date: 9/2/2011 12:31:09 PM
System Uptime: 7/18/2012 5:55:26 PM (1 hours ago)
.
Motherboard: Acer | | JE06_PT
Processor: Intel® Atom™ CPU N570 @ 1.66GHz | CPU | 999/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 160.56 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP88: 6/19/2012 1:16:49 PM - Windows Update
RP89: 6/21/2012 10:45:22 PM - Windows Update
RP90: 6/22/2012 8:38:08 PM - Windows Update
RP91: 6/26/2012 6:33:32 PM - Windows Update
RP92: 7/3/2012 3:31:32 PM - Windows Update
RP93: 7/6/2012 3:34:58 PM - Windows Update
RP94: 7/11/2012 9:44:06 PM - Windows Update
RP95: 7/12/2012 6:16:11 PM - Removed Camtasia Studio 7
RP96: 7/13/2012 3:00:34 AM - Windows Update
RP97: 7/16/2012 2:36:39 AM - Installed AVG 2012
RP98: 7/16/2012 2:37:42 AM - Installed AVG 2012
RP99: 7/16/2012 7:59:55 PM - Restore Operation
RP100: 7/16/2012 8:22:20 PM - Installed AVG 2012
RP101: 7/16/2012 8:23:10 PM - Windows Update
RP102: 7/16/2012 8:24:04 PM - Installed AVG 2012
RP103: 7/16/2012 10:09:28 PM - Windows Update
RP104: 7/16/2012 10:36:40 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1 MUI
Akamai NetSession Interface
Akamai NetSession Interface Service
Any Video Converter 3.2.7
AVG 2012
Bejeweled 2 Deluxe
Camtasia Studio 7
Chuzzle Deluxe
Contrôle ActiveX Windows Live Mesh pour connexions à distance
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
eBay Worldwide
FATE
Galerie de photos Windows Live
GIMP 2.6.11
Identity Card
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 32
Jewel Quest Heritage
Jewel Quest Solitaire
JoJo's Fashion Show
Junk Mail filter update
Launch Manager
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MyWinLocker 4
MyWinLocker Suite
Namco All-Stars: PAC-MAN
newsXpresso
NOOK for PC
Norton Online Backup
Oceanis Change Background Windows 7
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Project64 1.6
PSPdisp v0.6
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Shredder
Skip-Bo - Castaway Caper
Slingo Deluxe
Synaptics Pointing Device Driver
System Requirements Lab CYRI
Times Reader
Torchlight
Tradewinds Legends
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Virtual Villagers - The Secret City
VLC media player 1.1.11
Wedding Dash
Welcome Center
WildTangent Games App (Acer Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (32-bit)
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
7/18/2012 5:57:02 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.7. The computer with the IP address 192.168.0.5 did not allow the name to be claimed by this computer.
7/18/2012 5:56:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
7/18/2012 1:30:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/16/2012 5:34:35 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/16/2012 5:34:35 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/16/2012 5:05:16 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/16/2012 5:05:14 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/16/2012 5:05:12 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/11/2012 9:38:36 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Akamai NetSession Interface service, but this action failed with the following error: An instance of the service is already running.
7/11/2012 9:38:35 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
7/11/2012 10:26:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
.
==== End Of File ===========================

All done. :)

P.S

AVG scanned my notebook this morning when I turned it on to check this thread. It said it found a few more problems, and they were exe/processes. csrss.exe was among it. I took pictures of my entire process list if that is needed.

Edited by Risc, 18 July 2012 - 05:50 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:19 AM

Posted 18 July 2012 - 08:07 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Risc

Risc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 19 July 2012 - 09:35 PM

Hello and thanks again for the reply,

This is the log file:

ComboFix 12-07-19.02 - Risc 07/19/2012 21:51:22.1.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1012.388 [GMT -4:00]
Running from: c:\users\Risc\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
c:\users\Risc\AppData\Local\{f885d7b9-8288-03f9-db56-dccdae35813b}
c:\users\Risc\AppData\Local\{f885d7b9-8288-03f9-db56-dccdae35813b}\@
c:\users\Risc\AppData\Local\{f885d7b9-8288-03f9-db56-dccdae35813b}\n
.
.
((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
.
.
2012-07-20 02:08 . 2012-07-20 02:08 -------- d-----w- c:\users\Zenko\AppData\Local\temp
2012-07-20 02:08 . 2012-07-20 02:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 02:36 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-07-17 02:12 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-17 00:30 . 2012-07-17 00:30 -------- d-----w- c:\users\Risc\AppData\Roaming\AVG2012
2012-07-17 00:29 . 2012-07-17 00:29 -------- d-----w- c:\program files\AVG Secure Search
2012-07-17 00:18 . 2012-05-31 03:41 6762896 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FC99C33-041C-4CAC-936B-A6C63508588D}\mpengine.dll
2012-07-16 06:41 . 2012-07-16 06:41 -------- d-----w- c:\users\Risc\AppData\Local\AVG Secure Search
2012-07-16 06:40 . 2012-07-16 06:41 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-16 06:40 . 2012-07-17 00:29 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-16 06:38 . 2012-07-20 01:39 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-16 06:38 . 2012-07-17 00:26 -------- d-----w- c:\programdata\AVG2012
2012-07-16 06:38 . 2012-07-16 06:38 -------- d-----w- C:\$AVG
2012-07-16 06:37 . 2012-07-16 06:37 -------- d-----w- c:\program files\AVG
2012-07-16 06:34 . 2012-07-20 01:39 -------- d-----w- c:\programdata\MFAData
2012-07-16 06:34 . 2012-07-16 06:34 -------- d--h--w- c:\programdata\Common Files
2012-07-16 00:31 . 2012-07-16 00:31 -------- d-----w- c:\windows\system32\%APPDATA%
2012-07-16 00:19 . 2012-07-17 00:10 -------- d-----w- c:\users\Risc\AppData\Local\{EA016691-CEDB-11E1-8270-B8AC6F996F26}
2012-07-16 00:18 . 2012-07-16 06:52 -------- d-----w- c:\users\Risc\AppData\Roaming\xsecva
2012-07-12 01:44 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-25 02:18 . 2012-06-25 02:18 -------- d-----w- c:\users\Zenko\AppData\Local\Diagnostics
2012-06-22 02:46 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 02:46 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 02:46 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 02:46 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 02:46 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 02:46 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 02:46 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 02:45 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 02:45 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 06:24 . 2012-06-21 06:24 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-21 06:24 . 2012-06-21 06:24 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 02:24 . 2012-04-07 20:26 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-17 02:24 . 2011-09-02 17:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-22 01:31 . 2012-05-22 01:31 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-22 01:31 . 2011-09-03 21:35 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-01 04:44 . 2012-06-14 18:16 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-14 18:16 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-14 18:16 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-14 18:16 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-14 18:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-14 18:16 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 18:16 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 18:16 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-21 06:24 . 2012-01-12 06:27 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-17 00:29 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-17 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Risc\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-11 10025576]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 966488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 150552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2011-03-14 1081424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 715368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-17 1107552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
c:\users\Risc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PSPdisp.lnk - c:\program files\PSPdisp\bin\app\PSPdisp.exe [2011-3-19 635392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2011-3-24 704104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SaiHF51A;SaiHF51A;c:\windows\system32\DRIVERS\SaiHF51A.sys [x]
R3 SaiUF51A;SaiUF51A;c:\windows\system32\DRIVERS\SaiUF51A.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 02:24]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Risc\AppData\Roaming\Mozilla\Firefox\Profiles\upijvlar.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bfb7fad6f-9124-48a2-ad29-154d73caba56%7D&mid=9c08a751c11347d0a7c239d3c9c720d1-b364d5b376a49bc9a4747aaf8dcf3d6cdade256d&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-07-16%2020%3A29%3A24&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-19 22:26:45
ComboFix-quarantined-files.txt 2012-07-20 02:26
.
Pre-Run: 173,838,647,296 bytes free
Post-Run: 174,459,904,000 bytes free
.
- - End Of File - - A6A6F7A07BA382E407C639732B783C28

As for how it is doing, I am no longer redirected and the internet explorer exes (the double ups) aren't there anymore, though it is currently now running at 75-80 pm. To be sure I'll have to reboot the computer and see if the exes pop up again.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:19 AM

Posted 19 July 2012 - 09:42 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Risc

Risc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 19 July 2012 - 10:28 PM

Okay, the log from the "TDSSKiller" is as follows:

23:01:34.0264 2496 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
23:01:36.0294 2496 ============================================================
23:01:36.0295 2496 Current date / time: 2012/07/19 23:01:36.0294
23:01:36.0295 2496 SystemInfo:
23:01:36.0295 2496
23:01:36.0295 2496 OS Version: 6.1.7601 ServicePack: 1.0
23:01:36.0295 2496 Product type: Workstation
23:01:36.0296 2496 ComputerName: Risc-PC
23:01:36.0296 2496 UserName: Risc
23:01:36.0296 2496 Windows directory: C:\Windows
23:01:36.0297 2496 System windows directory: C:\Windows
23:01:36.0297 2496 Processor architecture: Intel x86
23:01:36.0297 2496 Number of processors: 4
23:01:36.0297 2496 Page size: 0x1000
23:01:36.0297 2496 Boot type: Normal boot
23:01:36.0297 2496 ============================================================
23:01:38.0182 2496 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:01:38.0209 2496 ============================================================
23:01:38.0209 2496 \Device\Harddisk0\DR0:
23:01:38.0213 2496 MBR partitions:
23:01:38.0213 2496 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
23:01:38.0213 2496 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x1B792800
23:01:38.0213 2496 ============================================================
23:01:38.0245 2496 C: <-> \Device\Harddisk0\DR0\Partition1
23:01:38.0246 2496 ============================================================
23:01:38.0246 2496 Initialize success
23:01:38.0247 2496 ============================================================
23:01:47.0587 1936 ============================================================
23:01:47.0587 1936 Scan started
23:01:47.0587 1936 Mode: Manual;
23:01:47.0587 1936 ============================================================
23:01:48.0997 1936 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
23:01:49.0006 1936 1394ohci - ok
23:01:49.0082 1936 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
23:01:49.0093 1936 ACPI - ok
23:01:49.0141 1936 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
23:01:49.0145 1936 AcpiPmi - ok
23:01:49.0277 1936 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:01:49.0287 1936 AdobeFlashPlayerUpdateSvc - ok
23:01:49.0390 1936 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
23:01:49.0407 1936 adp94xx - ok
23:01:49.0462 1936 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
23:01:49.0473 1936 adpahci - ok
23:01:49.0545 1936 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
23:01:49.0552 1936 adpu320 - ok
23:01:49.0607 1936 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
23:01:49.0615 1936 AeLookupSvc - ok
23:01:49.0703 1936 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
23:01:49.0715 1936 AFD - ok
23:01:49.0767 1936 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
23:01:49.0774 1936 agp440 - ok
23:01:49.0831 1936 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
23:01:49.0836 1936 aic78xx - ok
23:01:50.0498 1936 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files\common files\akamai/netsession_win_4f7fccd.dll
23:01:50.0498 1936 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
23:01:50.0521 1936 Akamai ( HiddenFile.Multi.Generic ) - warning
23:01:50.0521 1936 Akamai - detected HiddenFile.Multi.Generic (1)
23:01:50.0693 1936 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
23:01:50.0699 1936 ALG - ok
23:01:50.0798 1936 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
23:01:50.0802 1936 aliide - ok
23:01:50.0820 1936 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
23:01:50.0826 1936 amdagp - ok
23:01:50.0849 1936 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
23:01:50.0854 1936 amdide - ok
23:01:50.0894 1936 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
23:01:50.0899 1936 AmdK8 - ok
23:01:50.0932 1936 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
23:01:50.0938 1936 AmdPPM - ok
23:01:51.0017 1936 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
23:01:51.0023 1936 amdsata - ok
23:01:51.0078 1936 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
23:01:51.0085 1936 amdsbs - ok
23:01:51.0106 1936 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
23:01:51.0113 1936 amdxata - ok
23:01:51.0179 1936 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
23:01:51.0185 1936 AppID - ok
23:01:51.0236 1936 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
23:01:51.0241 1936 AppIDSvc - ok
23:01:51.0270 1936 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
23:01:51.0275 1936 Appinfo - ok
23:01:51.0330 1936 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
23:01:51.0336 1936 arc - ok
23:01:51.0370 1936 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
23:01:51.0379 1936 arcsas - ok
23:01:51.0415 1936 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:01:51.0419 1936 AsyncMac - ok
23:01:51.0492 1936 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
23:01:51.0497 1936 atapi - ok
23:01:51.0765 1936 athr (c35af075c15827d74b5c9702cbcb175b) C:\Windows\system32\DRIVERS\athr.sys
23:01:51.0810 1936 athr - ok
23:01:52.0031 1936 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
23:01:52.0045 1936 AudioEndpointBuilder - ok
23:01:52.0066 1936 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
23:01:52.0077 1936 Audiosrv - ok
23:01:52.0200 1936 Avgfwfd (c46ba2c177df0b84f9c0bfc1e4574dc7) C:\Windows\system32\DRIVERS\avgfwd6x.sys
23:01:52.0204 1936 Avgfwfd - ok
23:01:52.0636 1936 avgfws (bd5d11cedbcde4fa97d2387e7069b1ff) C:\Program Files\AVG\AVG2012\avgfws.exe
23:01:52.0681 1936 avgfws - ok
23:01:53.0423 1936 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe
23:01:53.0617 1936 AVGIDSAgent - ok
23:01:53.0869 1936 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
23:01:53.0876 1936 AVGIDSDriver - ok
23:01:53.0899 1936 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
23:01:53.0917 1936 AVGIDSFilter - ok
23:01:53.0963 1936 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
23:01:53.0968 1936 AVGIDSHX - ok
23:01:54.0013 1936 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
23:01:54.0018 1936 AVGIDSShim - ok
23:01:54.0097 1936 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
23:01:54.0106 1936 Avgldx86 - ok
23:01:54.0135 1936 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
23:01:54.0140 1936 Avgmfx86 - ok
23:01:54.0210 1936 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
23:01:54.0215 1936 Avgrkx86 - ok
23:01:54.0312 1936 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
23:01:54.0323 1936 Avgtdix - ok
23:01:54.0500 1936 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
23:01:54.0508 1936 avgwd - ok
23:01:54.0564 1936 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
23:01:54.0571 1936 AxInstSV - ok
23:01:54.0660 1936 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
23:01:54.0674 1936 b06bdrv - ok
23:01:54.0736 1936 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:01:54.0745 1936 b57nd60x - ok
23:01:54.0811 1936 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
23:01:54.0818 1936 BDESVC - ok
23:01:54.0854 1936 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
23:01:54.0858 1936 Beep - ok
23:01:54.0963 1936 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
23:01:54.0977 1936 BFE - ok
23:01:55.0068 1936 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
23:01:55.0090 1936 BITS - ok
23:01:55.0119 1936 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\drivers\blbdrive.sys
23:01:55.0125 1936 blbdrive - ok
23:01:55.0181 1936 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
23:01:55.0187 1936 bowser - ok
23:01:55.0218 1936 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
23:01:55.0223 1936 BrFiltLo - ok
23:01:55.0237 1936 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
23:01:55.0242 1936 BrFiltUp - ok
23:01:55.0317 1936 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
23:01:55.0322 1936 BridgeMP - ok
23:01:55.0377 1936 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
23:01:55.0382 1936 Browser - ok
23:01:55.0453 1936 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:01:55.0463 1936 Brserid - ok
23:01:55.0491 1936 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:01:55.0496 1936 BrSerWdm - ok
23:01:55.0511 1936 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:01:55.0516 1936 BrUsbMdm - ok
23:01:55.0534 1936 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:01:55.0540 1936 BrUsbSer - ok
23:01:55.0566 1936 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
23:01:55.0572 1936 BTHMODEM - ok
23:01:55.0640 1936 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
23:01:55.0646 1936 bthserv - ok
23:01:55.0742 1936 catchme - ok
23:01:55.0805 1936 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:01:55.0811 1936 cdfs - ok
23:01:55.0895 1936 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
23:01:55.0902 1936 cdrom - ok
23:01:55.0955 1936 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
23:01:55.0961 1936 CertPropSvc - ok
23:01:55.0995 1936 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
23:01:56.0000 1936 circlass - ok
23:01:56.0084 1936 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:01:56.0094 1936 CLFS - ok
23:01:56.0174 1936 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:01:56.0209 1936 clr_optimization_v2.0.50727_32 - ok
23:01:56.0309 1936 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:01:56.0317 1936 clr_optimization_v4.0.30319_32 - ok
23:01:56.0355 1936 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:01:56.0362 1936 CmBatt - ok
23:01:56.0408 1936 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
23:01:56.0412 1936 cmdide - ok
23:01:56.0515 1936 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
23:01:56.0541 1936 CNG - ok
23:01:56.0596 1936 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
23:01:56.0600 1936 Compbatt - ok
23:01:56.0648 1936 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
23:01:56.0652 1936 CompositeBus - ok
23:01:56.0684 1936 COMSysApp - ok
23:01:56.0731 1936 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
23:01:56.0735 1936 crcdisk - ok
23:01:56.0823 1936 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
23:01:56.0829 1936 CryptSvc - ok
23:01:56.0886 1936 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
23:01:56.0890 1936 dc3d - ok
23:01:56.0982 1936 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
23:01:56.0998 1936 DcomLaunch - ok
23:01:57.0055 1936 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
23:01:57.0063 1936 defragsvc - ok
23:01:57.0114 1936 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
23:01:57.0119 1936 DfsC - ok
23:01:57.0200 1936 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
23:01:57.0209 1936 Dhcp - ok
23:01:57.0244 1936 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:01:57.0248 1936 discache - ok
23:01:57.0288 1936 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
23:01:57.0292 1936 Disk - ok
23:01:57.0351 1936 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
23:01:57.0357 1936 Dnscache - ok
23:01:57.0413 1936 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
23:01:57.0422 1936 dot3svc - ok
23:01:57.0461 1936 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
23:01:57.0468 1936 DPS - ok
23:01:57.0516 1936 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:01:57.0519 1936 drmkaud - ok
23:01:57.0649 1936 DsiWMIService (4ab2a58816cc6be771f1d8c768b804c5) C:\Program Files\Launch Manager\dsiwmis.exe
23:01:57.0658 1936 DsiWMIService - ok
23:01:57.0777 1936 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
23:01:57.0796 1936 DXGKrnl - ok
23:01:57.0825 1936 EagleXNt - ok
23:01:57.0880 1936 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
23:01:57.0887 1936 EapHost - ok
23:01:58.0268 1936 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
23:01:58.0342 1936 ebdrv - ok
23:01:58.0504 1936 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
23:01:58.0512 1936 EFS - ok
23:01:58.0635 1936 EgisTec Ticket Service (03e6888da1a85acf14ac2a3c328a9e62) C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe
23:01:58.0687 1936 EgisTec Ticket Service - ok
23:01:58.0819 1936 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
23:01:58.0833 1936 elxstor - ok
23:01:58.0981 1936 ePowerSvc (884efd5c5586af9233b76132ede51905) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
23:01:59.0000 1936 ePowerSvc - ok
23:01:59.0021 1936 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
23:01:59.0025 1936 ErrDev - ok
23:01:59.0123 1936 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
23:01:59.0134 1936 EventSystem - ok
23:01:59.0197 1936 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:01:59.0205 1936 exfat - ok
23:01:59.0243 1936 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:01:59.0251 1936 fastfat - ok
23:01:59.0359 1936 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
23:01:59.0375 1936 Fax - ok
23:01:59.0410 1936 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
23:01:59.0414 1936 fdc - ok
23:01:59.0445 1936 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
23:01:59.0450 1936 fdPHost - ok
23:01:59.0478 1936 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
23:01:59.0484 1936 FDResPub - ok
23:01:59.0517 1936 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:01:59.0527 1936 FileInfo - ok
23:01:59.0566 1936 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:01:59.0570 1936 Filetrace - ok
23:01:59.0602 1936 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
23:01:59.0605 1936 flpydisk - ok
23:01:59.0668 1936 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:01:59.0675 1936 FltMgr - ok
23:01:59.0802 1936 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
23:01:59.0825 1936 FontCache - ok
23:01:59.0923 1936 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:01:59.0931 1936 FontCache3.0.0.0 - ok
23:01:59.0962 1936 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:01:59.0966 1936 FsDepends - ok
23:02:00.0011 1936 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
23:02:00.0016 1936 Fs_Rec - ok
23:02:00.0093 1936 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
23:02:00.0100 1936 fvevol - ok
23:02:00.0143 1936 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
23:02:00.0148 1936 gagp30kx - ok
23:02:00.0261 1936 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files\WildTangent Games\App\GamesAppService.exe
23:02:00.0322 1936 GamesAppService - ok
23:02:00.0427 1936 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
23:02:00.0445 1936 gpsvc - ok
23:02:00.0523 1936 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files\Acer\Registration\GREGsvc.exe
23:02:00.0527 1936 GREGService - ok
23:02:00.0564 1936 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:02:00.0568 1936 hcw85cir - ok
23:02:00.0626 1936 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
23:02:00.0636 1936 HdAudAddService - ok
23:02:00.0686 1936 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
23:02:00.0692 1936 HDAudBus - ok
23:02:00.0730 1936 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
23:02:00.0734 1936 HidBatt - ok
23:02:00.0762 1936 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
23:02:00.0767 1936 HidBth - ok
23:02:00.0789 1936 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
23:02:00.0796 1936 HidIr - ok
23:02:00.0845 1936 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
23:02:00.0852 1936 hidserv - ok
23:02:00.0924 1936 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
23:02:00.0928 1936 HidUsb - ok
23:02:00.0978 1936 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
23:02:00.0986 1936 hkmsvc - ok
23:02:01.0034 1936 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
23:02:01.0046 1936 HomeGroupListener - ok
23:02:01.0114 1936 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
23:02:01.0126 1936 HomeGroupProvider - ok
23:02:01.0186 1936 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
23:02:01.0191 1936 HpSAMD - ok
23:02:01.0314 1936 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
23:02:01.0337 1936 HTTP - ok
23:02:01.0363 1936 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
23:02:01.0371 1936 hwpolicy - ok
23:02:01.0437 1936 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
23:02:01.0442 1936 i8042prt - ok
23:02:01.0512 1936 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\Windows\system32\drivers\iaStor.sys
23:02:01.0520 1936 iaStor - ok
23:02:01.0633 1936 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:02:01.0637 1936 IAStorDataMgrSvc - ok
23:02:01.0723 1936 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
23:02:01.0734 1936 iaStorV - ok
23:02:01.0994 1936 IconMan_R (2c3cc41fefcb77e2826886e6b7ef93ae) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
23:02:02.0038 1936 IconMan_R - ok
23:02:02.0261 1936 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:02:02.0303 1936 idsvc - ok
23:02:02.0996 1936 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\Windows\system32\DRIVERS\igdkmd32.sys
23:02:03.0174 1936 igfx - ok
23:02:03.0368 1936 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
23:02:03.0373 1936 iirsp - ok
23:02:03.0492 1936 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
23:02:03.0514 1936 IKEEXT - ok
23:02:03.0941 1936 IntcAzAudAddService (feaae1c549d14b9759b88c569f33cd4e) C:\Windows\system32\drivers\RTKVHDA.sys
23:02:04.0020 1936 IntcAzAudAddService - ok
23:02:04.0199 1936 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
23:02:04.0203 1936 intelide - ok
23:02:04.0252 1936 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:02:04.0256 1936 intelppm - ok
23:02:04.0302 1936 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
23:02:04.0311 1936 IPBusEnum - ok
23:02:04.0350 1936 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:02:04.0355 1936 IpFilterDriver - ok
23:02:04.0456 1936 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
23:02:04.0474 1936 iphlpsvc - ok
23:02:04.0510 1936 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
23:02:04.0515 1936 IPMIDRV - ok
23:02:04.0563 1936 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:02:04.0568 1936 IPNAT - ok
23:02:04.0611 1936 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:02:04.0615 1936 IRENUM - ok
23:02:04.0654 1936 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
23:02:04.0659 1936 isapnp - ok
23:02:04.0702 1936 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
23:02:04.0711 1936 iScsiPrt - ok
23:02:04.0761 1936 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
23:02:04.0766 1936 kbdclass - ok
23:02:04.0822 1936 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
23:02:04.0827 1936 kbdhid - ok
23:02:04.0871 1936 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:02:04.0878 1936 KeyIso - ok
23:02:04.0926 1936 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
23:02:04.0931 1936 KSecDD - ok
23:02:05.0018 1936 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
23:02:05.0025 1936 KSecPkg - ok
23:02:05.0098 1936 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
23:02:05.0195 1936 KtmRm - ok
23:02:05.0281 1936 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
23:02:05.0295 1936 LanmanServer - ok
23:02:05.0339 1936 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
23:02:05.0352 1936 LanmanWorkstation - ok
23:02:05.0427 1936 libusb0 (05c10e70b437841f31e1bfa8812895ba) C:\Windows\system32\DRIVERS\libusb0.sys
23:02:05.0431 1936 libusb0 - ok
23:02:05.0514 1936 Live Updater Service (6bcee9c766815bfff89de7d81af34ce1) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
23:02:05.0522 1936 Live Updater Service - ok
23:02:05.0590 1936 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:02:05.0596 1936 lltdio - ok
23:02:05.0656 1936 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
23:02:05.0681 1936 lltdsvc - ok
23:02:05.0707 1936 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
23:02:05.0714 1936 lmhosts - ok
23:02:05.0798 1936 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
23:02:05.0804 1936 LSI_FC - ok
23:02:05.0854 1936 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
23:02:05.0859 1936 LSI_SAS - ok
23:02:05.0899 1936 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
23:02:05.0903 1936 LSI_SAS2 - ok
23:02:05.0926 1936 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
23:02:05.0933 1936 LSI_SCSI - ok
23:02:05.0984 1936 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
23:02:05.0989 1936 luafv - ok
23:02:06.0024 1936 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
23:02:06.0029 1936 megasas - ok
23:02:06.0079 1936 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
23:02:06.0087 1936 MegaSR - ok
23:02:06.0128 1936 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:02:06.0136 1936 MMCSS - ok
23:02:06.0174 1936 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:02:06.0178 1936 Modem - ok
23:02:06.0215 1936 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:02:06.0219 1936 monitor - ok
23:02:06.0280 1936 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:02:06.0285 1936 mouclass - ok
23:02:06.0332 1936 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:02:06.0336 1936 mouhid - ok
23:02:06.0385 1936 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
23:02:06.0391 1936 mountmgr - ok
23:02:06.0506 1936 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:02:06.0537 1936 MozillaMaintenance - ok
23:02:06.0580 1936 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
23:02:06.0586 1936 mpio - ok
23:02:06.0628 1936 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:02:06.0633 1936 mpsdrv - ok
23:02:06.0735 1936 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
23:02:06.0755 1936 MpsSvc - ok
23:02:06.0799 1936 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
23:02:06.0805 1936 MRxDAV - ok
23:02:06.0866 1936 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:02:06.0873 1936 mrxsmb - ok
23:02:06.0920 1936 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:02:06.0928 1936 mrxsmb10 - ok
23:02:06.0962 1936 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:02:06.0968 1936 mrxsmb20 - ok
23:02:07.0016 1936 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
23:02:07.0020 1936 msahci - ok
23:02:07.0078 1936 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
23:02:07.0084 1936 msdsm - ok
23:02:07.0191 1936 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
23:02:07.0246 1936 MSDTC - ok
23:02:07.0303 1936 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:02:07.0308 1936 Msfs - ok
23:02:07.0343 1936 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:02:07.0346 1936 mshidkmdf - ok
23:02:07.0369 1936 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
23:02:07.0376 1936 msisadrv - ok
23:02:07.0443 1936 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
23:02:07.0491 1936 MSiSCSI - ok
23:02:07.0506 1936 msiserver - ok
23:02:07.0557 1936 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:02:07.0561 1936 MSKSSRV - ok
23:02:07.0586 1936 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:02:07.0590 1936 MSPCLOCK - ok
23:02:07.0624 1936 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:02:07.0628 1936 MSPQM - ok
23:02:07.0673 1936 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:02:07.0681 1936 MsRPC - ok
23:02:07.0736 1936 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
23:02:07.0740 1936 mssmbios - ok
23:02:07.0798 1936 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:02:07.0802 1936 MSTEE - ok
23:02:07.0831 1936 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
23:02:07.0835 1936 MTConfig - ok
23:02:07.0870 1936 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:02:07.0875 1936 Mup - ok
23:02:07.0911 1936 mwlPSDFilter (247f867957f2750e32e0ffff60223b14) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
23:02:07.0917 1936 mwlPSDFilter - ok
23:02:07.0961 1936 mwlPSDNServ (f409d176dd75714d927f0a7264d08e51) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
23:02:07.0966 1936 mwlPSDNServ - ok
23:02:07.0995 1936 mwlPSDVDisk (604f49aad2c890e56040b87e88823ddf) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
23:02:08.0000 1936 mwlPSDVDisk - ok
23:02:08.0062 1936 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
23:02:08.0080 1936 napagent - ok
23:02:08.0176 1936 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:02:08.0185 1936 NativeWifiP - ok
23:02:08.0310 1936 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
23:02:08.0329 1936 NDIS - ok
23:02:08.0386 1936 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:02:08.0392 1936 NdisCap - ok
23:02:08.0432 1936 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:02:08.0436 1936 NdisTapi - ok
23:02:08.0482 1936 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
23:02:08.0486 1936 Ndisuio - ok
23:02:08.0523 1936 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
23:02:08.0529 1936 NdisWan - ok
23:02:08.0549 1936 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
23:02:08.0555 1936 NDProxy - ok
23:02:08.0605 1936 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:02:08.0610 1936 NetBIOS - ok
23:02:08.0645 1936 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
23:02:08.0653 1936 NetBT - ok
23:02:08.0693 1936 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:02:08.0700 1936 Netlogon - ok
23:02:08.0778 1936 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
23:02:08.0792 1936 Netman - ok
23:02:08.0882 1936 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
23:02:08.0898 1936 netprofm - ok
23:02:09.0057 1936 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:02:09.0076 1936 NetTcpPortSharing - ok
23:02:09.0130 1936 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
23:02:09.0135 1936 nfrd960 - ok
23:02:09.0194 1936 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
23:02:09.0208 1936 NlaSvc - ok
23:02:09.0513 1936 NOBU (a634584c506f2c82680039371aa1772c) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
23:02:09.0562 1936 NOBU - ok
23:02:09.0734 1936 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:02:09.0739 1936 Npfs - ok
23:02:09.0773 1936 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
23:02:09.0782 1936 nsi - ok
23:02:09.0818 1936 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:02:09.0830 1936 nsiproxy - ok
23:02:10.0008 1936 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
23:02:10.0039 1936 Ntfs - ok
23:02:10.0079 1936 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:02:10.0084 1936 Null - ok
23:02:10.0146 1936 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
23:02:10.0152 1936 nvraid - ok
23:02:10.0188 1936 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
23:02:10.0195 1936 nvstor - ok
23:02:10.0244 1936 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
23:02:10.0251 1936 nv_agp - ok
23:02:10.0274 1936 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
23:02:10.0282 1936 ohci1394 - ok
23:02:10.0415 1936 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:02:10.0469 1936 ose - ok
23:02:11.0045 1936 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:02:11.0277 1936 osppsvc - ok
23:02:11.0452 1936 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:02:11.0468 1936 p2pimsvc - ok
23:02:11.0529 1936 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
23:02:11.0547 1936 p2psvc - ok
23:02:11.0638 1936 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
23:02:11.0644 1936 Parport - ok
23:02:11.0683 1936 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
23:02:11.0688 1936 partmgr - ok
23:02:11.0717 1936 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
23:02:11.0722 1936 Parvdm - ok
23:02:11.0778 1936 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
23:02:11.0790 1936 PcaSvc - ok
23:02:11.0837 1936 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
23:02:11.0844 1936 pci - ok
23:02:11.0880 1936 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
23:02:11.0884 1936 pciide - ok
23:02:11.0923 1936 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
23:02:11.0931 1936 pcmcia - ok
23:02:11.0960 1936 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:02:11.0966 1936 pcw - ok
23:02:12.0060 1936 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:02:12.0076 1936 PEAUTH - ok
23:02:12.0321 1936 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
23:02:12.0365 1936 pla - ok
23:02:12.0557 1936 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
23:02:12.0574 1936 PlugPlay - ok
23:02:12.0615 1936 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
23:02:12.0626 1936 PNRPAutoReg - ok
23:02:12.0684 1936 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:02:12.0696 1936 PNRPsvc - ok
23:02:12.0797 1936 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
23:02:12.0802 1936 Point32 - ok
23:02:12.0878 1936 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
23:02:12.0892 1936 PolicyAgent - ok
23:02:12.0950 1936 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
23:02:12.0963 1936 Power - ok
23:02:13.0023 1936 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:02:13.0029 1936 PptpMiniport - ok
23:02:13.0077 1936 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
23:02:13.0082 1936 Processor - ok
23:02:13.0157 1936 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
23:02:13.0169 1936 ProfSvc - ok
23:02:13.0216 1936 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:02:13.0223 1936 ProtectedStorage - ok
23:02:13.0284 1936 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:02:13.0290 1936 Psched - ok
23:02:13.0471 1936 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
23:02:13.0505 1936 ql2300 - ok
23:02:13.0684 1936 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
23:02:13.0690 1936 ql40xx - ok
23:02:13.0754 1936 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
23:02:13.0769 1936 QWAVE - ok
23:02:13.0803 1936 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:02:13.0807 1936 QWAVEdrv - ok
23:02:13.0831 1936 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:02:13.0835 1936 RasAcd - ok
23:02:13.0894 1936 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:02:13.0899 1936 RasAgileVpn - ok
23:02:13.0958 1936 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
23:02:13.0970 1936 RasAuto - ok
23:02:14.0019 1936 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:02:14.0025 1936 Rasl2tp - ok
23:02:14.0110 1936 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
23:02:14.0127 1936 RasMan - ok
23:02:14.0186 1936 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:02:14.0192 1936 RasPppoe - ok
23:02:14.0216 1936 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:02:14.0222 1936 RasSstp - ok
23:02:14.0270 1936 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
23:02:14.0278 1936 rdbss - ok
23:02:14.0307 1936 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
23:02:14.0311 1936 rdpbus - ok
23:02:14.0337 1936 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:02:14.0341 1936 RDPCDD - ok
23:02:14.0401 1936 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:02:14.0405 1936 RDPENCDD - ok
23:02:14.0457 1936 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:02:14.0461 1936 RDPREFMP - ok
23:02:14.0530 1936 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
23:02:14.0539 1936 RDPWD - ok
23:02:14.0594 1936 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
23:02:14.0601 1936 rdyboost - ok
23:02:14.0646 1936 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
23:02:14.0656 1936 RemoteAccess - ok
23:02:14.0702 1936 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
23:02:14.0714 1936 RemoteRegistry - ok
23:02:14.0764 1936 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
23:02:14.0775 1936 RpcEptMapper - ok
23:02:14.0814 1936 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
23:02:14.0823 1936 RpcLocator - ok
23:02:14.0899 1936 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
23:02:14.0915 1936 RpcSs - ok
23:02:15.0008 1936 RSPCIESTOR (f852110bede5b50d4e0fb3cf68ca85dd) C:\Windows\system32\DRIVERS\RtsPStor.sys
23:02:15.0017 1936 RSPCIESTOR - ok
23:02:15.0072 1936 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:02:15.0077 1936 rspndr - ok
23:02:15.0167 1936 RS_Service (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files\Acer\Acer VCM\RS_Service.exe
23:02:15.0175 1936 RS_Service - ok
23:02:15.0260 1936 RTL8167 (f83feaf4c5a3a559a6cc98e112b62744) C:\Windows\system32\DRIVERS\Rt86win7.sys
23:02:15.0271 1936 RTL8167 - ok
23:02:15.0346 1936 SaiHF51A (e9f6222c66f583b9b3cccf8eb828d922) C:\Windows\system32\DRIVERS\SaiHF51A.sys
23:02:15.0353 1936 SaiHF51A - ok
23:02:15.0399 1936 SaiUF51A (249dab45fcfef6016a12010e5caab469) C:\Windows\system32\DRIVERS\SaiUF51A.sys
23:02:15.0404 1936 SaiUF51A - ok
23:02:15.0450 1936 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:02:15.0457 1936 SamSs - ok
23:02:15.0505 1936 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
23:02:15.0511 1936 sbp2port - ok
23:02:15.0559 1936 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
23:02:15.0573 1936 SCardSvr - ok
23:02:15.0603 1936 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
23:02:15.0608 1936 scfilter - ok
23:02:15.0724 1936 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
23:02:15.0750 1936 Schedule - ok
23:02:15.0801 1936 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
23:02:15.0805 1936 SCPolicySvc - ok
23:02:15.0852 1936 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
23:02:15.0865 1936 SDRSVC - ok
23:02:15.0917 1936 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:02:15.0924 1936 secdrv - ok
23:02:15.0960 1936 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
23:02:15.0971 1936 seclogon - ok
23:02:16.0020 1936 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
23:02:16.0030 1936 SENS - ok
23:02:16.0062 1936 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
23:02:16.0067 1936 Serenum - ok
23:02:16.0108 1936 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
23:02:16.0114 1936 Serial - ok
23:02:16.0132 1936 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
23:02:16.0142 1936 sermouse - ok
23:02:16.0226 1936 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
23:02:16.0239 1936 SessionEnv - ok
23:02:16.0276 1936 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
23:02:16.0280 1936 sffdisk - ok
23:02:16.0296 1936 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
23:02:16.0302 1936 sffp_mmc - ok
23:02:16.0321 1936 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
23:02:16.0325 1936 sffp_sd - ok
23:02:16.0349 1936 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
23:02:16.0353 1936 sfloppy - ok
23:02:16.0434 1936 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
23:02:16.0447 1936 SharedAccess - ok
23:02:16.0519 1936 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
23:02:16.0535 1936 ShellHWDetection - ok
23:02:16.0583 1936 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
23:02:16.0588 1936 sisagp - ok
23:02:16.0619 1936 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
23:02:16.0624 1936 SiSRaid2 - ok
23:02:16.0649 1936 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
23:02:16.0655 1936 SiSRaid4 - ok
23:02:16.0679 1936 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:02:16.0685 1936 Smb - ok
23:02:16.0761 1936 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
23:02:16.0773 1936 SNMPTRAP - ok
23:02:16.0815 1936 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:02:16.0820 1936 spldr - ok
23:02:16.0910 1936 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
23:02:16.0926 1936 Spooler - ok
23:02:17.0308 1936 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
23:02:17.0392 1936 sppsvc - ok
23:02:17.0570 1936 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
23:02:17.0582 1936 sppuinotify - ok
23:02:17.0697 1936 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
23:02:17.0708 1936 srv - ok
23:02:17.0759 1936 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
23:02:17.0769 1936 srv2 - ok
23:02:17.0804 1936 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
23:02:17.0810 1936 srvnet - ok
23:02:17.0863 1936 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
23:02:17.0876 1936 SSDPSRV - ok
23:02:17.0905 1936 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
23:02:17.0918 1936 SstpSvc - ok
23:02:17.0958 1936 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
23:02:17.0963 1936 stexstor - ok
23:02:18.0054 1936 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
23:02:18.0075 1936 StiSvc - ok
23:02:18.0114 1936 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
23:02:18.0119 1936 swenum - ok
23:02:18.0191 1936 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
23:02:18.0209 1936 swprv - ok
23:02:18.0418 1936 SynTP (31b6b2d25fcff1b71ae225000d656cd0) C:\Windows\system32\DRIVERS\SynTP.sys
23:02:18.0451 1936 SynTP - ok
23:02:18.0609 1936 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
23:02:18.0645 1936 SysMain - ok
23:02:18.0682 1936 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
23:02:18.0695 1936 TabletInputService - ok
23:02:18.0798 1936 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
23:02:18.0803 1936 taphss - ok
23:02:18.0876 1936 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
23:02:18.0892 1936 TapiSrv - ok
23:02:18.0923 1936 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
23:02:18.0936 1936 TBS - ok
23:02:19.0145 1936 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
23:02:19.0177 1936 Tcpip - ok
23:02:19.0232 1936 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
23:02:19.0256 1936 TCPIP6 - ok
23:02:19.0318 1936 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
23:02:19.0323 1936 tcpipreg - ok
23:02:19.0361 1936 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
23:02:19.0366 1936 TDPIPE - ok
23:02:19.0404 1936 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
23:02:19.0408 1936 TDTCP - ok
23:02:19.0456 1936 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
23:02:19.0465 1936 tdx - ok
23:02:19.0494 1936 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
23:02:19.0500 1936 TermDD - ok
23:02:19.0590 1936 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
23:02:19.0611 1936 TermService - ok
23:02:19.0646 1936 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
23:02:19.0657 1936 Themes - ok
23:02:19.0699 1936 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:02:19.0706 1936 THREADORDER - ok
23:02:19.0772 1936 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
23:02:19.0785 1936 TrkWks - ok
23:02:19.0853 1936 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
23:02:19.0861 1936 TrustedInstaller - ok
23:02:19.0898 1936 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:02:19.0903 1936 tssecsrv - ok
23:02:19.0935 1936 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
23:02:19.0940 1936 TsUsbFlt - ok
23:02:19.0980 1936 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
23:02:19.0987 1936 TsUsbGD - ok
23:02:20.0053 1936 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
23:02:20.0060 1936 tunnel - ok
23:02:20.0110 1936 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
23:02:20.0116 1936 uagp35 - ok
23:02:20.0162 1936 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
23:02:20.0171 1936 udfs - ok
23:02:20.0236 1936 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
23:02:20.0249 1936 UI0Detect - ok
23:02:20.0299 1936 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
23:02:20.0304 1936 uliagpkx - ok
23:02:20.0346 1936 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
23:02:20.0352 1936 umbus - ok
23:02:20.0406 1936 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
23:02:20.0411 1936 UmPass - ok
23:02:20.0492 1936 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
23:02:20.0509 1936 upnphost - ok
23:02:20.0574 1936 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
23:02:20.0579 1936 usbaudio - ok
23:02:20.0627 1936 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
23:02:20.0633 1936 usbccgp - ok
23:02:20.0700 1936 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
23:02:20.0709 1936 usbcir - ok
23:02:20.0759 1936 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
23:02:20.0765 1936 usbehci - ok
23:02:20.0818 1936 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
23:02:20.0830 1936 usbhub - ok
23:02:20.0872 1936 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
23:02:20.0876 1936 usbohci - ok
23:02:20.0918 1936 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
23:02:20.0923 1936 usbprint - ok
23:02:20.0999 1936 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:02:21.0004 1936 USBSTOR - ok
23:02:21.0059 1936 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
23:02:21.0063 1936 usbuhci - ok
23:02:21.0124 1936 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
23:02:21.0131 1936 usbvideo - ok
23:02:21.0178 1936 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
23:02:21.0189 1936 UxSms - ok
23:02:21.0239 1936 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:02:21.0245 1936 VaultSvc - ok
23:02:21.0291 1936 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
23:02:21.0300 1936 vdrvroot - ok
23:02:21.0388 1936 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
23:02:21.0411 1936 vds - ok
23:02:21.0479 1936 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:02:21.0484 1936 vga - ok
23:02:21.0509 1936 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:02:21.0514 1936 VgaSave - ok
23:02:21.0552 1936 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
23:02:21.0560 1936 vhdmp - ok
23:02:21.0603 1936 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
23:02:21.0608 1936 viaagp - ok
23:02:21.0631 1936 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
23:02:21.0637 1936 ViaC7 - ok
23:02:21.0656 1936 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
23:02:21.0660 1936 viaide - ok
23:02:21.0698 1936 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
23:02:21.0703 1936 volmgr - ok
23:02:21.0766 1936 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:02:21.0777 1936 volmgrx - ok
23:02:21.0829 1936 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
23:02:21.0838 1936 volsnap - ok
23:02:21.0901 1936 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
23:02:21.0909 1936 vsmraid - ok
23:02:22.0067 1936 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
23:02:22.0101 1936 VSS - ok
23:02:22.0347 1936 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
23:02:22.0371 1936 vToolbarUpdater11.2.0 - ok
23:02:22.0559 1936 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
23:02:22.0564 1936 vwifibus - ok
23:02:22.0614 1936 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
23:02:22.0620 1936 vwififlt - ok
23:02:22.0703 1936 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
23:02:22.0720 1936 W32Time - ok
23:02:22.0769 1936 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
23:02:22.0774 1936 WacomPen - ok
23:02:22.0828 1936 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:02:22.0835 1936 WANARP - ok
23:02:22.0854 1936 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:02:22.0858 1936 Wanarpv6 - ok
23:02:23.0026 1936 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
23:02:23.0065 1936 wbengine - ok
23:02:23.0112 1936 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
23:02:23.0127 1936 WbioSrvc - ok
23:02:23.0188 1936 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
23:02:23.0206 1936 wcncsvc - ok
23:02:23.0239 1936 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
23:02:23.0251 1936 WcsPlugInService - ok
23:02:23.0325 1936 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
23:02:23.0329 1936 Wd - ok
23:02:23.0387 1936 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
23:02:23.0391 1936 WDC_SAM - ok
23:02:23.0481 1936 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:02:23.0495 1936 Wdf01000 - ok
23:02:23.0548 1936 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:02:23.0561 1936 WdiServiceHost - ok
23:02:23.0573 1936 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:02:23.0585 1936 WdiSystemHost - ok
23:02:23.0637 1936 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
23:02:23.0653 1936 WebClient - ok
23:02:23.0695 1936 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
23:02:23.0711 1936 Wecsvc - ok
23:02:23.0753 1936 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
23:02:23.0766 1936 wercplsupport - ok
23:02:23.0804 1936 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
23:02:23.0816 1936 WerSvc - ok
23:02:23.0855 1936 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:02:23.0859 1936 WfpLwf - ok
23:02:23.0893 1936 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:02:23.0897 1936 WIMMount - ok
23:02:24.0062 1936 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
23:02:24.0147 1936 WinDefend - ok
23:02:24.0168 1936 WinHttpAutoProxySvc - ok
23:02:24.0260 1936 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
23:02:24.0268 1936 Winmgmt - ok
23:02:24.0437 1936 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
23:02:24.0475 1936 WinRM - ok
23:02:24.0638 1936 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
23:02:24.0667 1936 Wlansvc - ok
23:02:24.0787 1936 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:02:24.0799 1936 wlcrasvc - ok
23:02:25.0086 1936 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:02:25.0127 1936 wlidsvc - ok
23:02:25.0325 1936 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
23:02:25.0329 1936 WmiAcpi - ok
23:02:25.0405 1936 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
23:02:25.0413 1936 wmiApSrv - ok
23:02:25.0615 1936 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:02:25.0642 1936 WMPNetworkSvc - ok
23:02:25.0687 1936 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
23:02:25.0700 1936 WPCSvc - ok
23:02:25.0740 1936 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
23:02:25.0754 1936 WPDBusEnum - ok
23:02:25.0834 1936 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:02:25.0839 1936 ws2ifsl - ok
23:02:25.0889 1936 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
23:02:25.0902 1936 wscsvc - ok
23:02:25.0916 1936 WSearch - ok
23:02:26.0196 1936 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
23:02:26.0250 1936 wuauserv - ok
23:02:26.0462 1936 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
23:02:26.0468 1936 WudfPf - ok
23:02:26.0541 1936 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:02:26.0548 1936 WUDFRd - ok
23:02:26.0609 1936 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
23:02:26.0623 1936 wudfsvc - ok
23:02:26.0676 1936 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
23:02:26.0693 1936 WwanSvc - ok
23:02:26.0799 1936 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys
23:02:26.0804 1936 xusb21 - ok
23:02:26.0873 1936 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:02:27.0338 1936 \Device\Harddisk0\DR0 - ok
23:02:27.0351 1936 Boot (0x1200) (89384dfbdd0cb5d966ba729efb5ec4d4) \Device\Harddisk0\DR0\Partition0
23:02:27.0357 1936 \Device\Harddisk0\DR0\Partition0 - ok
23:02:27.0402 1936 Boot (0x1200) (261c3bf8fbfc8773bd0eccb7bc017e0d) \Device\Harddisk0\DR0\Partition1
23:02:27.0408 1936 \Device\Harddisk0\DR0\Partition1 - ok
23:02:27.0410 1936 ============================================================
23:02:27.0410 1936 Scan finished
23:02:27.0410 1936 ============================================================
23:02:27.0697 5316 Detected object count: 1
23:02:27.0698 5316 Actual detected object count: 1
23:03:14.0056 5316 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
23:03:14.0056 5316 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip


However, the second program you listed to try, aswMBR.exe, gave my PC a bluescreen--and that never happened before. So I couldn't get a log from it. But, I did think this was important:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.11
Locale ID: 1033

Additional information about the problem:
BCCode: d1
BCP1: 00000000
BCP2: 000000FF
BCP3: 00000008
BCP4: 00000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\071912-38048-01.dmp
C:\Users\Risc\AppData\Local\Temp\WER-462652-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:19 AM

Posted 19 July 2012 - 10:36 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Risc

Risc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 19 July 2012 - 11:21 PM

Okay, just ran the program again and turned off other programs etc etc. It froze a bit, but finally pushed through. If its still important, here is the log for it:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-19 23:29:20
-----------------------------
23:29:20.607 OS Version: Windows 6.1.7601 Service Pack 1
23:29:20.607 Number of processors: 4 586 0x1C0A
23:29:20.607 ComputerName: Risc-PC UserName: Risc
23:29:22.869 Initialize success
23:29:42.026 AVAST engine defs: 12071902
23:30:49.855 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:30:49.855 Disk 0 Vendor: Hitachi_ ESBO Size: 238475MB BusType: 3
23:30:49.886 Disk 0 MBR read successfully
23:30:49.902 Disk 0 MBR scan
23:30:49.980 Disk 0 Windows 7 default MBR code
23:30:50.011 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
23:30:50.042 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
23:30:50.058 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225061 MB offset 27469824
23:30:50.089 Disk 0 scanning sectors +488394752
23:30:50.182 Disk 0 scanning C:\Windows\system32\drivers
23:31:09.776 Service scanning
23:32:05.000 Modules scanning
23:32:16.076 Disk 0 trace - called modules:
23:32:16.123 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
23:32:16.139 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f98a20]
23:32:16.170 3 CLASSPNP.SYS[86d8b59e] -> nt!IofCallDriver -> [0x84864e70]
23:32:16.185 5 ACPI.sys[866a93d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84847028]
23:32:17.511 AVAST engine scan C:\Windows
23:32:23.783 AVAST engine scan C:\Windows\system32
23:38:24.377 AVAST engine scan C:\Windows\system32\drivers
23:38:47.824 AVAST engine scan C:\Users\Risc
23:41:17.818 AVAST engine scan C:\ProgramData
23:42:26.131 Scan finished successfully
23:42:44.040 Disk 0 MBR has been saved successfully to "C:\Users\Risc\Desktop\MBR.dat"
23:42:44.071 The log file has been saved successfully to "C:\Users\Risc\Desktop\aswMBR.txt"

And here is the new log you requested. :)

ComboFix 12-07-19.02 - Risc 07/19/2012 23:53:05.2.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1012.346 [GMT -4:00]
Running from: c:\users\Risc\Desktop\ComboFix.exe
Command switches used :: c:\users\Risc\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
.
.
2012-07-20 04:06 . 2012-07-20 04:06 -------- d-----w- c:\users\Zenko\AppData\Local\temp
2012-07-20 04:06 . 2012-07-20 04:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 02:36 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-07-17 02:12 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-17 00:30 . 2012-07-17 00:30 -------- d-----w- c:\users\Risc\AppData\Roaming\AVG2012
2012-07-17 00:29 . 2012-07-17 00:29 -------- d-----w- c:\program files\AVG Secure Search
2012-07-17 00:18 . 2012-05-31 03:41 6762896 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FC99C33-041C-4CAC-936B-A6C63508588D}\mpengine.dll
2012-07-16 06:41 . 2012-07-16 06:41 -------- d-----w- c:\users\Risc\AppData\Local\AVG Secure Search
2012-07-16 06:40 . 2012-07-16 06:41 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-16 06:40 . 2012-07-17 00:29 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-16 06:38 . 2012-07-20 01:39 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-16 06:38 . 2012-07-17 00:26 -------- d-----w- c:\programdata\AVG2012
2012-07-16 06:38 . 2012-07-16 06:38 -------- d-----w- C:\$AVG
2012-07-16 06:37 . 2012-07-16 06:37 -------- d-----w- c:\program files\AVG
2012-07-16 06:34 . 2012-07-20 01:39 -------- d-----w- c:\programdata\MFAData
2012-07-16 06:34 . 2012-07-16 06:34 -------- d--h--w- c:\programdata\Common Files
2012-07-16 00:31 . 2012-07-16 00:31 -------- d-----w- c:\windows\system32\%APPDATA%
2012-07-16 00:19 . 2012-07-17 00:10 -------- d-----w- c:\users\Risc\AppData\Local\{EA016691-CEDB-11E1-8270-B8AC6F996F26}
2012-07-16 00:18 . 2012-07-16 06:52 -------- d-----w- c:\users\Risc\AppData\Roaming\xsecva
2012-07-12 01:44 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-25 02:18 . 2012-06-25 02:18 -------- d-----w- c:\users\Zenko\AppData\Local\Diagnostics
2012-06-22 02:46 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 02:46 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 02:46 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 02:46 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 02:46 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 02:46 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 02:46 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 02:45 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 02:45 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 06:24 . 2012-06-21 06:24 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-21 06:24 . 2012-06-21 06:24 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 02:24 . 2012-04-07 20:26 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-17 02:24 . 2011-09-02 17:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-22 01:31 . 2012-05-22 01:31 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-22 01:31 . 2011-09-03 21:35 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-01 04:44 . 2012-06-14 18:16 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-14 18:16 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-14 18:16 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-14 18:16 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-14 18:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-14 18:16 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 18:16 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 18:16 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-21 06:24 . 2012-01-12 06:27 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-17 00:29 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-17 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Risc\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-11 10025576]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 966488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 150552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2011-03-14 1081424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 715368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-17 1107552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
c:\users\Risc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PSPdisp.lnk - c:\program files\PSPdisp\bin\app\PSPdisp.exe [2011-3-19 635392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2011-3-24 704104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SaiHF51A;SaiHF51A;c:\windows\system32\DRIVERS\SaiHF51A.sys [x]
R3 SaiUF51A;SaiUF51A;c:\windows\system32\DRIVERS\SaiUF51A.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 02:24]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Risc\AppData\Roaming\Mozilla\Firefox\Profiles\upijvlar.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bfb7fad6f-9124-48a2-ad29-154d73caba56%7D&mid=9c08a751c11347d0a7c239d3c9c720d1-b364d5b376a49bc9a4747aaf8dcf3d6cdade256d&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-07-16%2020%3A29%3A24&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5820)
c:\program files\Acer\Acer ePower Management\SysHook.dll
.
Completion time: 2012-07-20 00:10:10
ComboFix-quarantined-files.txt 2012-07-20 04:10
ComboFix2.txt 2012-07-20 02:26
.
Pre-Run: 174,103,838,720 bytes free
Post-Run: 173,948,833,792 bytes free
.
- - End Of File - - B0B565419F14C1B34F11A0D095288764


It now runs at a 70-76 PM, which is better.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:19 AM

Posted 19 July 2012 - 11:33 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.5.1 MUI
Java™ 6 Update 32
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Risc

Risc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 19 July 2012 - 11:52 PM

Thank you for the reply!

I have no idea what P2P is. I just googled it and I don't have any of those programs installed, so I'm unsure of what was found... However, this notebook is intended for school/college use and came preloaded with all sorts of programs and services like Nortons and Skype, so maybe it does have them. Also, Java updater comes up and asks to update, but it always fails.

I'll edit the post with the details in a moment. :)

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:19 AM

Posted 20 July 2012 - 12:19 AM

Greetings Risc


you don't have P2P program on the computer it was my mistake leaving that section in my reply


please do not edit your reply as I will not get notified when you do it - just make a new reply



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Risc

Risc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 20 July 2012 - 12:40 AM

Hello and thanks once more,

That is good news to hear!

Alright, I uninstalled Java and did all those steps (though once I updated Adobe Reader, the previous version was not there to be removed), used Revo and did the CCleaner program as well. Then with Malware program, I did the scan and it reported nothing was wrong, and no "show results" button was given. It did give me this log though:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.20.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Risc :: Risc-PC [administrator]

7/20/2012 1:22:05 AM
mbam-log-2012-07-20 (01-22-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201725
Time elapsed: 8 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

And here is Highjackthis' report logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:37:27 AM, on 7/20/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG2012\avgcfgex.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Risc\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Windows 7 Starter Helper - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Risc\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: PSPdisp.lnk = C:\Program Files\PSPdisp\bin\app\PSPdisp.exe
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files\Acer\Registration\GREGsvc.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

--
End of file - 9828 bytes

No problems thus far with any of the steps. :)

And oh my goodness, it jumped down to 67 PM! Wow!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:19 AM

Posted 20 July 2012 - 12:46 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
      O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Risc\AppData\Local\Akamai\netsession_win.exe"
      O4 - Startup: PSPdisp.lnk = C:\Program Files\PSPdisp\bin\app\PSPdisp.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Risc

Risc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 20 July 2012 - 03:10 AM

The highjack process I did and deleted two process; the others I needed on startup, so I left em be. :)

I ran Eset Online Scanner and got two viruses found; the redirector Trojan and something else. Sorry it was so late; it took 2 hours to complete. It is 4:00 AM right now so I have to log off, but I'll be back on early in the morning. :)

REPORT:

C:\Qoobox\Quarantine\C\Users\Risc\AppData\Local\{f885d7b9-8288-03f9-db56-dccdae35813b}\n.vir Win32/Sirefef.EV trojan
C:\Users\Risc\AppData\Local\{EA016691-CEDB-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users