Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google ReDirect Virus


  • This topic is locked This topic is locked
34 replies to this topic

#1 nickerfoo

nickerfoo

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 20 August 2012 - 07:24 PM

Hi,

For the past few weeks, every search result on google and other search engines redirects me to various malware-suspicious websites. I've tried running spybot and malwarebytes, but they failed to fix the problem. I turn to you...here are my logs.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
Run by mick at 19:04:06 on 2012-08-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1988 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vfsFPService.exe
C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Users\mick\games\ts\ThrottleStop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://en.us.acer.yahoo.com
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Google Update] "c:\users\mick\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\mick\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\mick\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{40316D43-1C90-4A74-B54A-4DAE08C4440F} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D462BDC0-193E-490E-8EFE-A4A93E9397C7} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mick\appdata\roaming\mozilla\firefox\profiles\e49uu9qo.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\mick\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\mick\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2009-5-20 43184]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-2-25 21752]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-3-21 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-2-25 49152]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-2-25 131072]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-20 2255464]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-4-22 599344]
R2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;c:\program files\winzip system utilities suite\WINZIPSSDefragSrv.exe [2012-5-5 605512]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-3-21 54784]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-4-22 40752]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\mick\games\ts\WinRing0.sys [2006-12-27 14416]
S2 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2009-5-20 3474432]
S2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-5-20 233472]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-16 113120]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-6-28 1310720]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-28 1343400]
.
=============== Created Last 30 ================
.
2012-08-18 18:05:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-08-18 18:03:47 112096 ----a-w- c:\windows\system32\acaptuser32.dll
2012-08-18 18:02:51 103904 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-08-15 03:10:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 03:10:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-08 01:07:41 -------- d-----r- c:\users\mick\Dropbox
2012-08-02 00:02:19 -------- d-----w- c:\programdata\Battle.net
2012-07-29 12:58:08 -------- d-----w- c:\users\mick\appdata\roaming\NVIDIA
2012-07-22 21:49:07 -------- d-----w- c:\users\mick\appdata\roaming\Dropbox
2012-07-22 21:34:49 -------- d-----w- c:\users\mick\appdata\local\Macromedia
2012-07-22 21:08:07 -------- d-----w- c:\program files\Oracle
2012-07-22 20:25:21 -------- d-----w- c:\programdata\036DFF86000C37A402B9C9B4F875F020
.
==================== Find3M ====================
.
2012-07-06 02:06:30 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-06 02:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
.
============= FINISH: 19:06:01.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:57 PM

Posted 22 August 2012 - 10:34 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 nickerfoo

nickerfoo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 23 August 2012 - 07:50 AM

Thanks for the help. I tested a few google searches this morning and the problem appears to have gone away. Here are the logs you requested:




ComboFix 12-08-22.03 - mick 08/22/2012 23:57:33.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.2149 [GMT -4:00]
Running from: c:\users\mick\Desktop\sc2rep\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mick\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
c:\windows\$NtUninstallKB11236$\1223975696\@
c:\windows\$NtUninstallKB11236$\1223975696\Desktop.ini
c:\windows\$NtUninstallKB11236$\1223975696\L\00000004.@
c:\windows\$NtUninstallKB11236$\1223975696\L\201d3dde
c:\windows\$NtUninstallKB11236$\1223975696\L\egrfnxnx
c:\windows\$NtUninstallKB11236$\1223975696\U\00000004.@
c:\windows\$NtUninstallKB11236$\1223975696\U\00000008.@
c:\windows\$NtUninstallKB11236$\1223975696\U\000000cb.@
c:\windows\$NtUninstallKB11236$\1223975696\U\80000000.@
c:\windows\$NtUninstallKB11236$\1223975696\U\80000032.@
c:\windows\$NtUninstallKB11236$\745153627
c:\windows\system32\sysprep\CRYPTBASE.dll_
F:\Autorun.inf
c:\windows\$NtUninstallKB11236$ . . . . Failed to delete
.
c:\windows\system32\drivers\SCDEmu.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))
.
.
2012-08-23 04:16 . 2012-08-23 12:39 -------- d-----w- c:\users\mick\AppData\Local\temp
2012-08-23 04:16 . 2012-08-23 04:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-23 04:16 . 2012-08-23 04:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-23 04:16 . 2012-08-23 04:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-23 03:56 . 2012-08-23 04:18 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E686D2AD-655C-4F27-B8DA-88138CA28603}\offreg.dll
2012-08-18 18:05 . 2009-08-20 04:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-08-18 18:03 . 2012-07-30 19:53 112096 ----a-w- c:\windows\system32\acaptuser32.dll
2012-08-18 18:02 . 2012-07-30 18:52 103904 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-08-15 03:10 . 2012-08-17 00:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 03:10 . 2012-08-17 00:55 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-08 01:07 . 2012-08-23 03:39 -------- d-----r- c:\users\mick\Dropbox
2012-08-02 00:02 . 2012-08-02 00:02 -------- d-----w- c:\programdata\Battle.net
2012-07-29 12:58 . 2012-07-29 12:58 -------- d-----w- c:\users\mick\AppData\Roaming\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 02:06 . 2006-12-30 03:53 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-06 02:06 . 2010-05-12 08:41 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 17:46 . 2010-04-07 15:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 22:24 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 22:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 22:23 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 22:23 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 22:24 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 22:24 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 22:23 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 22:23 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 22:23 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-14 00:17 . 2012-08-17 00:54 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 14:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-03-28 16:22 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\mick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\mick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\mick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2012-08-05 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-26 34040]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\mick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\mick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-05-20 12:37 3024896 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-11-19 22:17 1261568 ----a-w- c:\program files\Acer\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-11-26 18:21 3387392 ----a-w- c:\program files\Acer\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
2009-08-02 12:36 1935360 ----a-w- c:\program files\Curse\CurseClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
2008-03-07 10:36 544768 ----a-w- c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-16 05:13 133104 ----atw- c:\users\mick\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-04-28 11:18 809480 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-07-27 02:37 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-03-11 09:53 5296128 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-08-05 18:13 1353080 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000]
2009-05-20 12:37 3659264 ----a-w- c:\program files\Acer\Acer Bio Protection\PdtWzd.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\mick\games\ts\WinRing0.sys [x]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [x]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [x]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [x]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [x]
S2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;c:\program files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3648875744-829026343-787059900-1000Core.job
- c:\users\mick\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-16 05:13]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3648875744-829026343-787059900-1000UA.job
- c:\users\mick\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-16 05:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.us.acer.yahoo.com
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\mick\AppData\Roaming\Mozilla\Firefox\Profiles\e49uu9qo.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-googletalk - c:\users\mick\AppData\Roaming\Google\Google Talk\googletalk.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,b6,cb,43,86,9a,8f,45,af,1f,42,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,b6,cb,43,86,9a,8f,45,af,1f,42,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3276)
c:\users\mick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-08-23 08:43:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-23 12:43
ComboFix2.txt 2011-12-04 15:55
.
Pre-Run: 14,157,008,896 bytes free
Post-Run: 13,829,754,880 bytes free
.
- - End Of File - - 38DE5C4C127ACEDF082CF0F51CCAAEA5


Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

#4 nickerfoo

nickerfoo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 24 August 2012 - 05:47 PM

Still no issues with redirection on google..

It looks like combofix took care of the situation.

Thanks for the help!

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:57 PM

Posted 24 August 2012 - 05:59 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 nickerfoo

nickerfoo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 24 August 2012 - 07:07 PM

TDSS LOG:


19:21:40.0017 3960 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:21:40.0280 3960 ============================================================
19:21:40.0280 3960 Current date / time: 2012/08/24 19:21:40.0280
19:21:40.0280 3960 SystemInfo:
19:21:40.0280 3960
19:21:40.0280 3960 OS Version: 6.1.7601 ServicePack: 1.0
19:21:40.0280 3960 Product type: Workstation
19:21:40.0280 3960 ComputerName: MICK-PC
19:21:40.0281 3960 UserName: mick
19:21:40.0281 3960 Windows directory: C:\Windows
19:21:40.0281 3960 System windows directory: C:\Windows
19:21:40.0281 3960 Processor architecture: Intel x86
19:21:40.0281 3960 Number of processors: 2
19:21:40.0281 3960 Page size: 0x1000
19:21:40.0281 3960 Boot type: Normal boot
19:21:40.0281 3960 ============================================================
19:21:40.0753 3960 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:21:40.0779 3960 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0D80000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:21:43.0237 3960 ============================================================
19:21:43.0238 3960 \Device\Harddisk0\DR0:
19:21:43.0243 3960 MBR partitions:
19:21:43.0243 3960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0xDEE2000
19:21:43.0243 3960 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF8E2800, BlocksNum 0xD1CC800
19:21:43.0243 3960 \Device\Harddisk1\DR1:
19:21:43.0244 3960 MBR partitions:
19:21:43.0244 3960 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0x74705981
19:21:43.0244 3960 ============================================================
19:21:43.0306 3960 C: <-> \Device\Harddisk0\DR0\Partition1
19:21:43.0352 3960 D: <-> \Device\Harddisk0\DR0\Partition2
19:21:43.0387 3960 F: <-> \Device\Harddisk1\DR1\Partition1
19:21:43.0387 3960 ============================================================
19:21:43.0387 3960 Initialize success
19:21:43.0387 3960 ============================================================
19:21:57.0779 7800 ============================================================
19:21:57.0779 7800 Scan started
19:21:57.0779 7800 Mode: Manual;
19:21:57.0779 7800 ============================================================
19:21:58.0735 7800 ================ Scan system memory ========================
19:21:58.0735 7800 System memory - ok
19:21:58.0736 7800 ================ Scan services =============================
19:21:58.0976 7800 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:21:58.0979 7800 1394ohci - ok
19:21:59.0024 7800 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:21:59.0029 7800 ACPI - ok
19:21:59.0082 7800 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:21:59.0083 7800 AcpiPmi - ok
19:21:59.0125 7800 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:21:59.0132 7800 adp94xx - ok
19:21:59.0156 7800 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:21:59.0161 7800 adpahci - ok
19:21:59.0182 7800 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:21:59.0185 7800 adpu320 - ok
19:21:59.0225 7800 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:21:59.0227 7800 AeLookupSvc - ok
19:21:59.0275 7800 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:21:59.0280 7800 AFD - ok
19:21:59.0347 7800 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
19:21:59.0373 7800 AgereSoftModem - ok
19:21:59.0408 7800 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:21:59.0410 7800 agp440 - ok
19:21:59.0463 7800 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:21:59.0465 7800 aic78xx - ok
19:21:59.0512 7800 [ 8D59617A9C3DBF4650AA44F4E9215744 ] AlfaFF C:\Windows\system32\Drivers\AlfaFF.sys
19:21:59.0513 7800 AlfaFF - ok
19:21:59.0566 7800 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:21:59.0568 7800 ALG - ok
19:21:59.0601 7800 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:21:59.0602 7800 aliide - ok
19:21:59.0647 7800 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:21:59.0648 7800 amdagp - ok
19:21:59.0663 7800 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:21:59.0665 7800 amdide - ok
19:21:59.0720 7800 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:21:59.0722 7800 AmdK8 - ok
19:21:59.0737 7800 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:21:59.0738 7800 AmdPPM - ok
19:21:59.0794 7800 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:21:59.0797 7800 amdsata - ok
19:21:59.0835 7800 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:21:59.0839 7800 amdsbs - ok
19:21:59.0857 7800 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:21:59.0857 7800 amdxata - ok
19:21:59.0906 7800 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:21:59.0907 7800 AppID - ok
19:21:59.0968 7800 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:21:59.0969 7800 AppIDSvc - ok
19:22:00.0006 7800 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
19:22:00.0008 7800 Appinfo - ok
19:22:00.0152 7800 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:22:00.0154 7800 Apple Mobile Device - ok
19:22:00.0222 7800 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:22:00.0224 7800 arc - ok
19:22:00.0234 7800 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:22:00.0237 7800 arcsas - ok
19:22:00.0258 7800 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:22:00.0260 7800 AsyncMac - ok
19:22:00.0313 7800 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:22:00.0314 7800 atapi - ok
19:22:00.0384 7800 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:22:00.0391 7800 AudioEndpointBuilder - ok
19:22:00.0417 7800 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:22:00.0421 7800 Audiosrv - ok
19:22:00.0490 7800 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:22:00.0492 7800 AxInstSV - ok
19:22:00.0528 7800 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:22:00.0534 7800 b06bdrv - ok
19:22:00.0558 7800 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:22:00.0562 7800 b57nd60x - ok
19:22:00.0622 7800 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:22:00.0624 7800 BDESVC - ok
19:22:00.0635 7800 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:22:00.0636 7800 Beep - ok
19:22:00.0684 7800 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:22:00.0691 7800 BFE - ok
19:22:00.0747 7800 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:22:00.0748 7800 blbdrive - ok
19:22:00.0822 7800 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:22:00.0828 7800 Bonjour Service - ok
19:22:00.0879 7800 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:22:00.0880 7800 bowser - ok
19:22:00.0909 7800 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:22:00.0910 7800 BrFiltLo - ok
19:22:00.0930 7800 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:22:00.0931 7800 BrFiltUp - ok
19:22:00.0950 7800 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:22:00.0952 7800 BridgeMP - ok
19:22:01.0013 7800 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
19:22:01.0015 7800 Browser - ok
19:22:01.0042 7800 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:22:01.0047 7800 Brserid - ok
19:22:01.0059 7800 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:22:01.0061 7800 BrSerWdm - ok
19:22:01.0075 7800 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:22:01.0076 7800 BrUsbMdm - ok
19:22:01.0080 7800 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:22:01.0082 7800 BrUsbSer - ok
19:22:01.0101 7800 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:22:01.0102 7800 BTHMODEM - ok
19:22:01.0165 7800 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:22:01.0167 7800 bthserv - ok
19:22:01.0243 7800 [ 610AB863245F18E21D90F15DA4ED1953 ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
19:22:01.0244 7800 BUNAgentSvc - ok
19:22:01.0374 7800 catchme - ok
19:22:01.0396 7800 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:22:01.0398 7800 cdfs - ok
19:22:01.0449 7800 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:22:01.0451 7800 cdrom - ok
19:22:01.0497 7800 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:22:01.0500 7800 CertPropSvc - ok
19:22:01.0551 7800 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:22:01.0552 7800 circlass - ok
19:22:01.0602 7800 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:22:01.0605 7800 CLFS - ok
19:22:01.0705 7800 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:22:01.0707 7800 clr_optimization_v2.0.50727_32 - ok
19:22:01.0728 7800 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:22:01.0730 7800 CmBatt - ok
19:22:01.0770 7800 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:22:01.0772 7800 cmdide - ok
19:22:01.0816 7800 [ 6427525D76F61D0C519B008D3680E8E7 ] CNG C:\Windows\system32\Drivers\cng.sys
19:22:01.0821 7800 CNG - ok
19:22:01.0846 7800 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:22:01.0847 7800 Compbatt - ok
19:22:01.0898 7800 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:22:01.0900 7800 CompositeBus - ok
19:22:01.0908 7800 COMSysApp - ok
19:22:01.0945 7800 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:22:01.0946 7800 crcdisk - ok
19:22:02.0000 7800 [ A585BEBF7D054BD9618EDA0922D5484A ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:22:02.0003 7800 CryptSvc - ok
19:22:02.0051 7800 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:22:02.0061 7800 DcomLaunch - ok
19:22:02.0097 7800 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:22:02.0101 7800 defragsvc - ok
19:22:02.0142 7800 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:22:02.0143 7800 DfsC - ok
19:22:02.0198 7800 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:22:02.0203 7800 Dhcp - ok
19:22:02.0217 7800 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:22:02.0217 7800 discache - ok
19:22:02.0255 7800 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:22:02.0256 7800 Disk - ok
19:22:02.0281 7800 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
19:22:02.0282 7800 DKbFltr - ok
19:22:02.0312 7800 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:22:02.0315 7800 Dnscache - ok
19:22:02.0357 7800 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:22:02.0362 7800 dot3svc - ok
19:22:02.0401 7800 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:22:02.0404 7800 DPS - ok
19:22:02.0484 7800 [ 5C918D413F5837E67A85775C9873775E ] DritekPortIO C:\Program Files\Launch Manager\DPortIO.sys
19:22:02.0485 7800 DritekPortIO - ok
19:22:02.0508 7800 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:22:02.0510 7800 drmkaud - ok
19:22:02.0573 7800 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:22:02.0587 7800 DXGKrnl - ok
19:22:02.0644 7800 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:22:02.0648 7800 EapHost - ok
19:22:02.0775 7800 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:22:02.0898 7800 ebdrv - ok
19:22:03.0068 7800 [ B7DC2580425225C320CEDA78DE55A3D0 ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
19:22:03.0077 7800 eDataSecurity Service - ok
19:22:03.0119 7800 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:22:03.0122 7800 EFS - ok
19:22:03.0219 7800 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:22:03.0234 7800 ehRecvr - ok
19:22:03.0292 7800 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:22:03.0295 7800 ehSched - ok
19:22:03.0348 7800 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:22:03.0356 7800 elxstor - ok
19:22:03.0395 7800 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:22:03.0396 7800 ErrDev - ok
19:22:03.0474 7800 [ A51FD9DF23720485991F56741BBEFCFB ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
19:22:03.0475 7800 ETService - ok
19:22:03.0527 7800 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:22:03.0532 7800 EventSystem - ok
19:22:03.0564 7800 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:22:03.0567 7800 exfat - ok
19:22:03.0587 7800 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:22:03.0590 7800 fastfat - ok
19:22:03.0660 7800 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:22:03.0675 7800 Fax - ok
19:22:03.0708 7800 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:22:03.0710 7800 fdc - ok
19:22:03.0727 7800 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:22:03.0730 7800 fdPHost - ok
19:22:03.0745 7800 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:22:03.0748 7800 FDResPub - ok
19:22:03.0761 7800 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:22:03.0762 7800 FileInfo - ok
19:22:03.0771 7800 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:22:03.0772 7800 Filetrace - ok
19:22:03.0833 7800 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:22:03.0847 7800 FLEXnet Licensing Service - ok
19:22:03.0852 7800 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:22:03.0854 7800 flpydisk - ok
19:22:03.0895 7800 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:22:03.0898 7800 FltMgr - ok
19:22:03.0956 7800 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache C:\Windows\system32\FntCache.dll
19:22:03.0979 7800 FontCache - ok
19:22:04.0114 7800 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:22:04.0117 7800 FontCache3.0.0.0 - ok
19:22:04.0136 7800 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:22:04.0138 7800 FsDepends - ok
19:22:04.0176 7800 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:22:04.0177 7800 Fs_Rec - ok
19:22:04.0225 7800 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:22:04.0228 7800 fvevol - ok
19:22:04.0260 7800 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:22:04.0262 7800 gagp30kx - ok
19:22:04.0299 7800 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:22:04.0300 7800 GEARAspiWDM - ok
19:22:04.0363 7800 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\Windows\system32\giveio.sys
19:22:04.0365 7800 giveio - ok
19:22:04.0433 7800 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:22:04.0449 7800 gpsvc - ok
19:22:04.0479 7800 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:22:04.0480 7800 hcw85cir - ok
19:22:04.0500 7800 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:22:04.0503 7800 HDAudBus - ok
19:22:04.0526 7800 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:22:04.0527 7800 HidBatt - ok
19:22:04.0542 7800 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:22:04.0545 7800 HidBth - ok
19:22:04.0584 7800 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:22:04.0586 7800 HidIr - ok
19:22:04.0624 7800 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
19:22:04.0627 7800 hidserv - ok
19:22:04.0669 7800 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:22:04.0670 7800 HidUsb - ok
19:22:04.0717 7800 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:22:04.0721 7800 hkmsvc - ok
19:22:04.0760 7800 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:22:04.0766 7800 HomeGroupListener - ok
19:22:04.0805 7800 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:22:04.0811 7800 HomeGroupProvider - ok
19:22:04.0835 7800 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:22:04.0837 7800 HpSAMD - ok
19:22:04.0893 7800 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:22:04.0901 7800 HTTP - ok
19:22:04.0946 7800 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:22:04.0947 7800 hwpolicy - ok
19:22:04.0999 7800 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:22:05.0001 7800 i8042prt - ok
19:22:05.0068 7800 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:22:05.0074 7800 IAANTMON - ok
19:22:05.0116 7800 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:22:05.0118 7800 iaStor - ok
19:22:05.0162 7800 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:22:05.0168 7800 iaStorV - ok
19:22:05.0234 7800 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:22:05.0260 7800 idsvc - ok
19:22:05.0419 7800 [ DB606D3D0051A4BA1E035243C5CA59F8 ] IGBASVC C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
19:22:05.0554 7800 IGBASVC - ok
19:22:05.0603 7800 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:22:05.0605 7800 iirsp - ok
19:22:05.0679 7800 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:22:05.0706 7800 IKEEXT - ok
19:22:05.0731 7800 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15 C:\Windows\system32\drivers\int15.sys
19:22:05.0733 7800 int15 - ok
19:22:05.0825 7800 [ 92BCC487F16892CDA495DBD8160272D9 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:22:05.0882 7800 IntcAzAudAddService - ok
19:22:05.0930 7800 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:22:05.0931 7800 intelide - ok
19:22:05.0953 7800 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:22:05.0954 7800 intelppm - ok
19:22:05.0996 7800 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:22:05.0999 7800 IPBusEnum - ok
19:22:06.0019 7800 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:22:06.0021 7800 IpFilterDriver - ok
19:22:06.0096 7800 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:22:06.0105 7800 iphlpsvc - ok
19:22:06.0138 7800 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:22:06.0140 7800 IPMIDRV - ok
19:22:06.0158 7800 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:22:06.0161 7800 IPNAT - ok
19:22:06.0228 7800 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:22:06.0257 7800 iPod Service - ok
19:22:06.0301 7800 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:22:06.0302 7800 IRENUM - ok
19:22:06.0318 7800 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:22:06.0319 7800 isapnp - ok
19:22:06.0361 7800 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:22:06.0365 7800 iScsiPrt - ok
19:22:06.0427 7800 [ 8BCD857C7932AD005D5F9C89329DA2E1 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
19:22:06.0429 7800 itecir - ok
19:22:06.0468 7800 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:22:06.0470 7800 kbdclass - ok
19:22:06.0520 7800 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:22:06.0522 7800 kbdhid - ok
19:22:06.0546 7800 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:22:06.0548 7800 KeyIso - ok
19:22:06.0593 7800 [ F4647BB23DB9038A7536CF6B68F4207F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:22:06.0595 7800 KSecDD - ok
19:22:06.0610 7800 [ E73CAE53BBB72BA26918492C6B4C229D ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:22:06.0613 7800 KSecPkg - ok
19:22:06.0666 7800 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:22:06.0674 7800 KtmRm - ok
19:22:06.0727 7800 [ 8C804B1FFAD1EFA952B747E8285C3B76 ] L1E C:\Windows\system32\DRIVERS\L1E62x86.sys
19:22:06.0729 7800 L1E - ok
19:22:06.0776 7800 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
19:22:06.0782 7800 LanmanServer - ok
19:22:06.0800 7800 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:22:06.0806 7800 LanmanWorkstation - ok
19:22:06.0884 7800 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:22:06.0886 7800 LightScribeService - ok
19:22:06.0947 7800 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:22:06.0949 7800 lltdio - ok
19:22:06.0992 7800 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:22:06.0997 7800 lltdsvc - ok
19:22:07.0018 7800 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:22:07.0021 7800 lmhosts - ok
19:22:07.0058 7800 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:22:07.0061 7800 LSI_FC - ok
19:22:07.0075 7800 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:22:07.0077 7800 LSI_SAS - ok
19:22:07.0090 7800 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:22:07.0092 7800 LSI_SAS2 - ok
19:22:07.0110 7800 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:22:07.0112 7800 LSI_SCSI - ok
19:22:07.0135 7800 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:22:07.0136 7800 luafv - ok
19:22:07.0173 7800 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:22:07.0177 7800 Mcx2Svc - ok
19:22:07.0198 7800 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:22:07.0199 7800 megasas - ok
19:22:07.0225 7800 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:22:07.0229 7800 MegaSR - ok
19:22:07.0317 7800 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
19:22:07.0319 7800 Microsoft Office Groove Audit Service - ok
19:22:07.0356 7800 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:22:07.0359 7800 MMCSS - ok
19:22:07.0384 7800 MobilityService - ok
19:22:07.0397 7800 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:22:07.0399 7800 Modem - ok
19:22:07.0423 7800 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:22:07.0425 7800 monitor - ok
19:22:07.0459 7800 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:22:07.0461 7800 mouclass - ok
19:22:07.0499 7800 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:22:07.0500 7800 mouhid - ok
19:22:07.0550 7800 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:22:07.0552 7800 mountmgr - ok
19:22:07.0636 7800 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:22:07.0638 7800 MozillaMaintenance - ok
19:22:07.0677 7800 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:22:07.0679 7800 mpio - ok
19:22:07.0702 7800 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:22:07.0703 7800 mpsdrv - ok
19:22:07.0781 7800 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:22:07.0797 7800 MpsSvc - ok
19:22:07.0827 7800 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:22:07.0829 7800 MRxDAV - ok
19:22:07.0872 7800 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:22:07.0875 7800 mrxsmb - ok
19:22:07.0924 7800 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:22:07.0927 7800 mrxsmb10 - ok
19:22:07.0944 7800 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:22:07.0946 7800 mrxsmb20 - ok
19:22:07.0970 7800 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:22:07.0971 7800 msahci - ok
19:22:08.0002 7800 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:22:08.0004 7800 msdsm - ok
19:22:08.0027 7800 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:22:08.0032 7800 MSDTC - ok
19:22:08.0072 7800 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:22:08.0073 7800 Msfs - ok
19:22:08.0084 7800 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:22:08.0085 7800 mshidkmdf - ok
19:22:08.0120 7800 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:22:08.0120 7800 msisadrv - ok
19:22:08.0175 7800 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:22:08.0180 7800 MSiSCSI - ok
19:22:08.0184 7800 msiserver - ok
19:22:08.0216 7800 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:22:08.0218 7800 MSKSSRV - ok
19:22:08.0245 7800 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:22:08.0246 7800 MSPCLOCK - ok
19:22:08.0267 7800 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:22:08.0268 7800 MSPQM - ok
19:22:08.0285 7800 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:22:08.0288 7800 MsRPC - ok
19:22:08.0332 7800 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:22:08.0334 7800 mssmbios - ok
19:22:08.0348 7800 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:22:08.0349 7800 MSTEE - ok
19:22:08.0366 7800 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:22:08.0367 7800 MTConfig - ok
19:22:08.0382 7800 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:22:08.0383 7800 Mup - ok
19:22:08.0428 7800 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:22:08.0436 7800 napagent - ok
19:22:08.0490 7800 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:22:08.0495 7800 NativeWifiP - ok
19:22:08.0560 7800 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:22:08.0575 7800 NDIS - ok
19:22:08.0608 7800 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:22:08.0609 7800 NdisCap - ok
19:22:08.0630 7800 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:22:08.0631 7800 NdisTapi - ok
19:22:08.0677 7800 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:22:08.0679 7800 Ndisuio - ok
19:22:08.0713 7800 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:22:08.0716 7800 NdisWan - ok
19:22:08.0727 7800 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:22:08.0729 7800 NDProxy - ok
19:22:08.0744 7800 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:22:08.0745 7800 NetBIOS - ok
19:22:08.0794 7800 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:22:08.0797 7800 NetBT - ok
19:22:08.0815 7800 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:22:08.0818 7800 Netlogon - ok
19:22:08.0881 7800 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:22:08.0889 7800 Netman - ok
19:22:08.0932 7800 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:22:08.0940 7800 netprofm - ok
19:22:08.0984 7800 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:22:08.0986 7800 NetTcpPortSharing - ok
19:22:09.0142 7800 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
19:22:09.0267 7800 netw5v32 - ok
19:22:09.0322 7800 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:22:09.0324 7800 nfrd960 - ok
19:22:09.0359 7800 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:22:09.0366 7800 NlaSvc - ok
19:22:09.0381 7800 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:22:09.0382 7800 Npfs - ok
19:22:09.0422 7800 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:22:09.0425 7800 nsi - ok
19:22:09.0432 7800 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:22:09.0433 7800 nsiproxy - ok
19:22:09.0484 7800 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:22:09.0517 7800 Ntfs - ok
19:22:09.0542 7800 [ A8B8EDB4CDB2927CDC127E5BFE85CA7E ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
19:22:09.0543 7800 NTIBackupSvc - ok
19:22:09.0573 7800 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
19:22:09.0574 7800 NTIDrvr - ok
19:22:09.0604 7800 [ 50B1521BC145CE9634A5ACD1C10D84F7 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
19:22:09.0607 7800 NTISchedulerSvc - ok
19:22:09.0654 7800 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:22:09.0655 7800 Null - ok
19:22:09.0958 7800 [ 4152708C0C24E30DAE7FA87D5AFE1D7B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:22:10.0212 7800 nvlddmkm - ok
19:22:10.0237 7800 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:22:10.0240 7800 nvraid - ok
19:22:10.0283 7800 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:22:10.0287 7800 nvstor - ok
19:22:10.0320 7800 [ 26DB28B32E8D2F57CB5065A4A053801A ] nvsvc C:\Windows\system32\nvvsvc.exe
19:22:10.0338 7800 nvsvc - ok
19:22:10.0475 7800 [ A19BBE1E3E3FEF50B94CA07DCC0FB776 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:22:10.0537 7800 nvUpdatusService - ok
19:22:10.0589 7800 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:22:10.0591 7800 nv_agp - ok
19:22:10.0687 7800 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:22:10.0695 7800 odserv - ok
19:22:10.0710 7800 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:22:10.0712 7800 ohci1394 - ok
19:22:10.0764 7800 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:22:10.0767 7800 ose - ok
19:22:10.0809 7800 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:22:10.0816 7800 p2pimsvc - ok
19:22:10.0884 7800 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:22:10.0892 7800 p2psvc - ok
19:22:10.0934 7800 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:22:10.0937 7800 Parport - ok
19:22:10.0976 7800 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:22:10.0977 7800 partmgr - ok
19:22:10.0996 7800 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:22:10.0997 7800 Parvdm - ok
19:22:11.0022 7800 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:22:11.0027 7800 PcaSvc - ok
19:22:11.0068 7800 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:22:11.0071 7800 pci - ok
19:22:11.0115 7800 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:22:11.0116 7800 pciide - ok
19:22:11.0148 7800 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:22:11.0152 7800 pcmcia - ok
19:22:11.0169 7800 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:22:11.0171 7800 pcw - ok
19:22:11.0195 7800 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:22:11.0209 7800 PEAUTH - ok
19:22:11.0305 7800 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:22:11.0359 7800 pla - ok
19:22:11.0427 7800 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:22:11.0435 7800 PlugPlay - ok
19:22:11.0462 7800 [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
19:22:11.0466 7800 PnkBstrA - ok
19:22:11.0512 7800 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:22:11.0516 7800 PNRPAutoReg - ok
19:22:11.0544 7800 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:22:11.0548 7800 PNRPsvc - ok
19:22:11.0579 7800 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:22:11.0586 7800 PolicyAgent - ok
19:22:11.0626 7800 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:22:11.0632 7800 Power - ok
19:22:11.0688 7800 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:22:11.0690 7800 PptpMiniport - ok
19:22:11.0706 7800 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:22:11.0708 7800 Processor - ok
19:22:11.0749 7800 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
19:22:11.0754 7800 ProfSvc - ok
19:22:11.0764 7800 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:22:11.0767 7800 ProtectedStorage - ok
19:22:11.0823 7800 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:22:11.0825 7800 Psched - ok
19:22:11.0848 7800 [ AB94285FF6C6BC5433407D8D182A4BB4 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
19:22:11.0849 7800 PSDFilter - ok
19:22:11.0853 7800 [ 2AAF9A5D7A63D26BFAEA853C5F2292BC ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys
19:22:11.0855 7800 PSDNServ - ok
19:22:11.0868 7800 [ 0EB8CEC99855BEAE5B0D02C2302619EF ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys
19:22:11.0870 7800 psdvdisk - ok
19:22:11.0923 7800 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:22:11.0969 7800 ql2300 - ok
19:22:11.0984 7800 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:22:11.0987 7800 ql40xx - ok
19:22:12.0024 7800 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:22:12.0031 7800 QWAVE - ok
19:22:12.0038 7800 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:22:12.0040 7800 QWAVEdrv - ok
19:22:12.0062 7800 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:22:12.0064 7800 RasAcd - ok
19:22:12.0114 7800 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:22:12.0116 7800 RasAgileVpn - ok
19:22:12.0135 7800 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:22:12.0140 7800 RasAuto - ok
19:22:12.0151 7800 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:22:12.0153 7800 Rasl2tp - ok
19:22:12.0207 7800 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:22:12.0214 7800 RasMan - ok
19:22:12.0226 7800 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:22:12.0229 7800 RasPppoe - ok
19:22:12.0271 7800 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:22:12.0274 7800 RasSstp - ok
19:22:12.0315 7800 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:22:12.0319 7800 rdbss - ok
19:22:12.0336 7800 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:22:12.0337 7800 rdpbus - ok
19:22:12.0386 7800 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:22:12.0387 7800 RDPCDD - ok
19:22:12.0411 7800 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:22:12.0412 7800 RDPENCDD - ok
19:22:12.0422 7800 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:22:12.0423 7800 RDPREFMP - ok
19:22:12.0464 7800 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:22:12.0467 7800 RDPWD - ok
19:22:12.0506 7800 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:22:12.0509 7800 rdyboost - ok
19:22:12.0550 7800 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:22:12.0554 7800 RemoteAccess - ok
19:22:12.0595 7800 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:22:12.0600 7800 RemoteRegistry - ok
19:22:12.0633 7800 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:22:12.0638 7800 RpcEptMapper - ok
19:22:12.0674 7800 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:22:12.0677 7800 RpcLocator - ok
19:22:12.0699 7800 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:22:12.0705 7800 RpcSs - ok
19:22:12.0758 7800 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:22:12.0760 7800 rspndr - ok
19:22:12.0825 7800 [ 73835C4F79ADC404EF39C8A9E2D4183B ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe
19:22:12.0830 7800 RS_Service - ok
19:22:12.0843 7800 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:22:12.0846 7800 SamSs - ok
19:22:12.0897 7800 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:22:12.0899 7800 sbp2port - ok
19:22:12.0936 7800 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:22:12.0942 7800 SCardSvr - ok
19:22:12.0985 7800 [ A0EE249F62BFF9B60ADC1DA889F22905 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
19:22:12.0987 7800 SCDEmu ( Virus.Win32.ZAccess.c ) - infected
19:22:12.0987 7800 SCDEmu - detected Virus.Win32.ZAccess.c (0)
19:22:13.0032 7800 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:22:13.0034 7800 scfilter - ok
19:22:13.0083 7800 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:22:13.0114 7800 Schedule - ok
19:22:13.0157 7800 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:22:13.0159 7800 SCPolicySvc - ok
19:22:13.0204 7800 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:22:13.0210 7800 SDRSVC - ok
19:22:13.0257 7800 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:22:13.0259 7800 secdrv - ok
19:22:13.0294 7800 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:22:13.0298 7800 seclogon - ok
19:22:13.0306 7800 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
19:22:13.0311 7800 SENS - ok
19:22:13.0368 7800 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:22:13.0372 7800 SensrSvc - ok
19:22:13.0394 7800 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:22:13.0396 7800 Serenum - ok
19:22:13.0413 7800 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:22:13.0415 7800 Serial - ok
19:22:13.0464 7800 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:22:13.0466 7800 sermouse - ok
19:22:13.0509 7800 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:22:13.0515 7800 SessionEnv - ok
19:22:13.0553 7800 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:22:13.0555 7800 sffdisk - ok
19:22:13.0566 7800 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:22:13.0567 7800 sffp_mmc - ok
19:22:13.0591 7800 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:22:13.0592 7800 sffp_sd - ok
19:22:13.0612 7800 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:22:13.0614 7800 sfloppy - ok
19:22:13.0682 7800 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:22:13.0689 7800 SharedAccess - ok
19:22:13.0710 7800 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:22:13.0720 7800 ShellHWDetection - ok
19:22:13.0756 7800 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:22:13.0758 7800 sisagp - ok
19:22:13.0799 7800 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:22:13.0800 7800 SiSRaid2 - ok
19:22:13.0821 7800 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:22:13.0823 7800 SiSRaid4 - ok
19:22:13.0900 7800 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:22:13.0903 7800 SkypeUpdate - ok
19:22:13.0931 7800 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:22:13.0933 7800 Smb - ok
19:22:14.0002 7800 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:22:14.0006 7800 SNMPTRAP - ok
19:22:14.0033 7800 [ 5D6401DB90EC81B71F8E2C5C8F0FEF23 ] speedfan C:\Windows\system32\speedfan.sys
19:22:14.0037 7800 speedfan - ok
19:22:14.0045 7800 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:22:14.0046 7800 spldr - ok
19:22:14.0086 7800 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
19:22:14.0095 7800 Spooler - ok
19:22:14.0181 7800 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:22:14.0283 7800 sppsvc - ok
19:22:14.0336 7800 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:22:14.0341 7800 sppuinotify - ok
19:22:14.0391 7800 [ D15DA1BA189770D93EEA2D7E18F95AF9 ] sptd C:\Windows\system32\Drivers\sptd.sys
19:22:14.0405 7800 sptd - ok
19:22:14.0452 7800 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:22:14.0456 7800 srv - ok
19:22:14.0479 7800 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:22:14.0484 7800 srv2 - ok
19:22:14.0496 7800 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:22:14.0499 7800 srvnet - ok
19:22:14.0533 7800 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:22:14.0540 7800 SSDPSRV - ok
19:22:14.0557 7800 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:22:14.0562 7800 SstpSvc - ok
19:22:14.0590 7800 Steam Client Service - ok
19:22:14.0615 7800 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:22:14.0617 7800 stexstor - ok
19:22:14.0661 7800 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:22:14.0679 7800 StiSvc - ok
19:22:14.0720 7800 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:22:14.0721 7800 swenum - ok
19:22:14.0743 7800 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:22:14.0753 7800 swprv - ok
19:22:14.0806 7800 [ 93D33A3A0A4516584A1394C7821BAE2E ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:22:14.0810 7800 SynTP - ok
19:22:14.0876 7800 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:22:14.0927 7800 SysMain - ok
19:22:14.0969 7800 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:22:14.0974 7800 TabletInputService - ok
19:22:15.0017 7800 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:22:15.0024 7800 TapiSrv - ok
19:22:15.0066 7800 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:22:15.0071 7800 TBS - ok
19:22:15.0151 7800 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:22:15.0204 7800 Tcpip - ok
19:22:15.0240 7800 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:22:15.0248 7800 TCPIP6 - ok
19:22:15.0300 7800 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:22:15.0302 7800 tcpipreg - ok
19:22:15.0341 7800 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:22:15.0343 7800 TDPIPE - ok
19:22:15.0381 7800 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:22:15.0383 7800 TDTCP - ok
19:22:15.0438 7800 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:22:15.0440 7800 tdx - ok
19:22:15.0456 7800 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:22:15.0458 7800 TermDD - ok
19:22:15.0510 7800 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:22:15.0527 7800 TermService - ok
19:22:15.0568 7800 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:22:15.0574 7800 Themes - ok
19:22:15.0589 7800 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:22:15.0592 7800 THREADORDER - ok
19:22:15.0602 7800 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:22:15.0608 7800 TrkWks - ok
19:22:15.0679 7800 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:22:15.0683 7800 TrustedInstaller - ok
19:22:15.0735 7800 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:22:15.0737 7800 tssecsrv - ok
19:22:15.0787 7800 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:22:15.0789 7800 TsUsbFlt - ok
19:22:15.0849 7800 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:22:15.0852 7800 tunnel - ok
19:22:15.0895 7800 [ E266683FC95ABDEC17CD378564E1B54B ] TVICHW32 C:\Windows\system32\DRIVERS\TVICHW32.SYS
19:22:15.0897 7800 TVICHW32 - ok
19:22:15.0932 7800 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:22:15.0934 7800 uagp35 - ok
19:22:15.0966 7800 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
19:22:15.0967 7800 UBHelper - ok
19:22:15.0989 7800 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:22:15.0993 7800 udfs - ok
19:22:16.0036 7800 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:22:16.0041 7800 UI0Detect - ok
19:22:16.0067 7800 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:22:16.0069 7800 uliagpkx - ok
19:22:16.0105 7800 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
19:22:16.0107 7800 umbus - ok
19:22:16.0122 7800 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:22:16.0124 7800 UmPass - ok
19:22:16.0150 7800 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:22:16.0157 7800 upnphost - ok
19:22:16.0200 7800 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:22:16.0201 7800 USBAAPL - ok
19:22:16.0238 7800 [ 8EF48FF1C23B1CE6F96D09A45959EB20 ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys
19:22:16.0240 7800 usbbus - ok
19:22:16.0276 7800 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:22:16.0278 7800 usbccgp - ok
19:22:16.0302 7800 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
19:22:16.0305 7800 usbcir - ok
19:22:16.0359 7800 [ A0E24C5C2D0CFF04BBD3753A72FAE80B ] UsbDiag C:\Windows\system32\DRIVERS\lgusbdiag.sys
19:22:16.0360 7800 UsbDiag - ok
19:22:16.0383 7800 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:22:16.0384 7800 usbehci - ok
19:22:16.0409 7800 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\drivers\usbhub.sys
19:22:16.0414 7800 usbhub - ok
19:22:16.0429 7800 [ CC09A1132B1F6A8362107CC134E90D0B ] USBModem C:\Windows\system32\DRIVERS\lgusbmodem.sys
19:22:16.0431 7800 USBModem - ok
19:22:16.0472 7800 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:22:16.0473 7800 usbohci - ok
19:22:16.0550 7800 [ 41B758CFF0A3C10A69E088F440677399 ] USBPNPA C:\Windows\system32\drivers\CM108.sys
19:22:16.0597 7800 USBPNPA - ok
19:22:16.0645 7800 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:22:16.0646 7800 usbprint - ok
19:22:16.0696 7800 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:22:16.0698 7800 usbscan - ok
19:22:16.0737 7800 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:22:16.0740 7800 USBSTOR - ok
19:22:16.0752 7800 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:22:16.0754 7800 usbuhci - ok
19:22:16.0808 7800 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:22:16.0811 7800 usbvideo - ok
19:22:16.0854 7800 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:22:16.0859 7800 UxSms - ok
19:22:16.0871 7800 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:22:16.0874 7800 VaultSvc - ok
19:22:16.0925 7800 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:22:16.0926 7800 vdrvroot - ok
19:22:16.0976 7800 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:22:16.0992 7800 vds - ok
19:22:17.0028 7800 [ 4D45A93A7DD638CA2DB0A86FBFBF42D1 ] vfs101x C:\Windows\system32\drivers\vfs101x.sys
19:22:17.0030 7800 vfs101x - ok
19:22:17.0078 7800 [ C04033BCF8C9D4C5722BA8FEEE2868A2 ] vfsFPService C:\Windows\system32\vfsFPService.exe
19:22:17.0096 7800 vfsFPService - ok
19:22:17.0130 7800 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:22:17.0132 7800 vga - ok
19:22:17.0150 7800 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:22:17.0152 7800 VgaSave - ok
19:22:17.0173 7800 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:22:17.0176 7800 vhdmp - ok
19:22:17.0216 7800 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:22:17.0218 7800 viaagp - ok
19:22:17.0236 7800 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:22:17.0239 7800 ViaC7 - ok
19:22:17.0291 7800 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:22:17.0293 7800 viaide - ok
19:22:17.0339 7800 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:22:17.0340 7800 volmgr - ok
19:22:17.0360 7800 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:22:17.0365 7800 volmgrx - ok
19:22:17.0386 7800 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:22:17.0390 7800 volsnap - ok
19:22:17.0423 7800 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:22:17.0427 7800 vsmraid - ok
19:22:17.0484 7800 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:22:17.0528 7800 VSS - ok
19:22:17.0534 7800 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:22:17.0535 7800 vwifibus - ok
19:22:17.0595 7800 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:22:17.0604 7800 W32Time - ok
19:22:17.0631 7800 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:22:17.0632 7800 WacomPen - ok
19:22:17.0655 7800 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:22:17.0657 7800 WANARP - ok
19:22:17.0663 7800 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:22:17.0664 7800 Wanarpv6 - ok
19:22:17.0760 7800 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:22:17.0814 7800 WatAdminSvc - ok
19:22:17.0859 7800 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:22:17.0896 7800 wbengine - ok
19:22:17.0934 7800 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:22:17.0941 7800 WbioSrvc - ok
19:22:17.0983 7800 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:22:17.0991 7800 wcncsvc - ok
19:22:18.0009 7800 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:22:18.0016 7800 WcsPlugInService - ok
19:22:18.0053 7800 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:22:18.0054 7800 Wd - ok
19:22:18.0087 7800 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:22:18.0094 7800 Wdf01000 - ok
19:22:18.0113 7800 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:22:18.0119 7800 WdiServiceHost - ok
19:22:18.0123 7800 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:22:18.0129 7800 WdiSystemHost - ok
19:22:18.0172 7800 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:22:18.0179 7800 WebClient - ok
19:22:18.0199 7800 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:22:18.0205 7800 Wecsvc - ok
19:22:18.0223 7800 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:22:18.0228 7800 wercplsupport - ok
19:22:18.0254 7800 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:22:18.0259 7800 WerSvc - ok
19:22:18.0284 7800 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:22:18.0286 7800 WfpLwf - ok
19:22:18.0302 7800 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:22:18.0304 7800 WIMMount - ok
19:22:18.0418 7800 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:22:18.0429 7800 WinDefend - ok
19:22:18.0436 7800 WinHttpAutoProxySvc - ok
19:22:18.0524 7800 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:22:18.0528 7800 Winmgmt - ok
19:22:18.0660 7800 [ 845AF1BA23C8D5E64DEF61BCC441604C ] WinRing0_1_2_0 C:\Users\mick\games\ts\WinRing0.sys
19:22:18.0661 7800 WinRing0_1_2_0 - ok
19:22:18.0725 7800 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:22:18.0776 7800 WinRM - ok
19:22:18.0862 7800 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:22:18.0864 7800 WinUsb - ok
19:22:18.0977 7800 [ 4CC0B0FCA1E6EF1D5E2A4DD6A32269F7 ] WINZIPSSDiskOptimizer C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
19:22:18.0987 7800 WINZIPSSDiskOptimizer - ok
19:22:19.0052 7800 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:22:19.0083 7800 Wlansvc - ok
19:22:19.0183 7800 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:22:19.0238 7800 wlidsvc - ok
19:22:19.0281 7800 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:22:19.0282 7800 WmiAcpi - ok
19:22:19.0321 7800 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:22:19.0324 7800 wmiApSrv - ok
19:22:19.0399 7800 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:22:19.0430 7800 WMPNetworkSvc - ok
19:22:19.0473 7800 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:22:19.0480 7800 WPCSvc - ok
19:22:19.0523 7800 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:22:19.0530 7800 WPDBusEnum - ok
19:22:19.0583 7800 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:22:19.0584 7800 ws2ifsl - ok
19:22:19.0617 7800 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
19:22:19.0623 7800 wscsvc - ok
19:22:19.0629 7800 WSearch - ok
19:22:19.0744 7800 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:22:19.0814 7800 wuauserv - ok
19:22:19.0831 7800 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:22:19.0834 7800 WudfPf - ok
19:22:19.0896 7800 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:22:19.0899 7800 WUDFRd - ok
19:22:19.0952 7800 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:22:19.0958 7800 wudfsvc - ok
19:22:20.0000 7800 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:22:20.0008 7800 WwanSvc - ok
19:22:20.0028 7800 ================ Scan global ===============================
19:22:20.0074 7800 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:22:20.0116 7800 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:22:20.0139 7800 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:22:20.0184 7800 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:22:20.0232 7800 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:22:20.0239 7800 [Global] - ok
19:22:20.0240 7800 ================ Scan MBR ==================================
19:22:20.0254 7800 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:22:20.0562 7800 \Device\Harddisk0\DR0 - ok
19:22:20.0935 7800 [ 180DBDE3AF7EA48B3DB3AC27B1DDF401 ] \Device\Harddisk1\DR1
19:22:21.0150 7800 \Device\Harddisk1\DR1 - ok
19:22:21.0151 7800 ================ Scan VBR ==================================
19:22:21.0154 7800 [ CFB4CFB9619E11F1E669A5BFFC55549C ] \Device\Harddisk0\DR0\Partition1
19:22:21.0156 7800 \Device\Harddisk0\DR0\Partition1 - ok
19:22:21.0201 7800 [ ECD0C6BE7BB77B93007450242233EF95 ] \Device\Harddisk0\DR0\Partition2
19:22:21.0203 7800 \Device\Harddisk0\DR0\Partition2 - ok
19:22:21.0207 7800 [ BBB2534D7F26956C187171A5CF9C9731 ] \Device\Harddisk1\DR1\Partition1
19:22:21.0209 7800 \Device\Harddisk1\DR1\Partition1 - ok
19:22:21.0210 7800 ============================================================
19:22:21.0210 7800 Scan finished
19:22:21.0210 7800 ============================================================
19:22:21.0219 7640 Detected object count: 1
19:22:21.0219 7640 Actual detected object count: 1
19:22:38.0603 7640 C:\Windows\system32\drivers\SCDEmu.sys - copied to quarantine
19:22:40.0471 7640 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\scdemu.sys) error 1813
19:22:58.0037 7640 Backup copy not found, trying to cure infected file..
19:22:58.0038 7640 C:\Windows\system32\drivers\SCDEmu.sys - Cure failed (FFFFFFFF)
19:22:58.0038 7640 C:\Windows\system32\drivers\SCDEmu.sys - processing error
19:22:58.0110 7640 SCDEmu ( Virus.Win32.ZAccess.c ) - User select action: Cure




aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-24 19:23:50
-----------------------------
19:23:50.332 OS Version: Windows 6.1.7601 Service Pack 1
19:23:50.332 Number of processors: 2 586 0xF0B
19:23:50.337 ComputerName: MICK-PC UserName: mick
19:23:51.008 Initialize success
19:24:35.898 AVAST engine defs: 12082402
19:24:40.337 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:24:40.340 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
19:24:40.343 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000008e
19:24:40.346 Disk 1 Vendor: Size: 238475MB BusType: 0
19:24:40.394 Disk 0 MBR read successfully
19:24:40.398 Disk 0 MBR scan
19:24:40.403 Disk 0 Windows 7 default MBR code
19:24:40.445 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
19:24:40.462 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114116 MB offset 27265024
19:24:40.485 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 107417 MB offset 260974592
19:24:40.511 Disk 0 Partition 4 00 12 Compaq diag NTFS 3628 MB offset 480964608
19:24:40.550 Disk 0 scanning sectors +488394752
19:24:40.643 Disk 0 scanning C:\Windows\system32\drivers
19:24:51.635 File: C:\Windows\system32\drivers\scdemu.sys **INFECTED** Win32:Sirefef-PL [Rtk]
19:24:55.639 Disk 0 trace - called modules:
19:24:55.704 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
19:24:55.710 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x875177c8]
19:24:55.717 3 CLASSPNP.SYS[8b80459e] -> nt!IofCallDriver -> [0x8631d700]
19:24:55.724 5 ACPI.sys[8b4ad3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8632f028]
19:24:56.662 AVAST engine scan C:\Windows
19:25:00.462 AVAST engine scan C:\Windows\system32
19:27:50.746 AVAST engine scan C:\Windows\system32\drivers
19:28:02.483 File: C:\Windows\system32\drivers\scdemu.sys **INFECTED** Win32:Sirefef-PL [Rtk]
19:28:07.100 AVAST engine scan C:\Users\mick
19:38:19.883 AVAST engine scan C:\ProgramData
19:48:47.509 Scan finished successfully
20:06:27.328 Disk 0 MBR has been saved successfully to "C:\Users\mick\Desktop\MBR.dat"
20:06:27.337 The log file has been saved successfully to "C:\Users\mick\Desktop\aswMBR.txt"

Edited by nickerfoo, 24 August 2012 - 07:08 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:57 PM

Posted 25 August 2012 - 01:41 AM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
scdemu.sys 
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 nickerfoo

nickerfoo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 25 August 2012 - 12:34 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 12:38 on 25/08/2012 by mick
Administrator - Elevation successful

========== filefind ==========

Searching for "scdemu.sys "
C:\Windows\System32\drivers\scdemu.sys --a---- 58908 bytes [02:43 27/07/2009] [02:43 27/07/2009] A0EE249F62BFF9B60ADC1DA889F22905

-= EOF =-

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:57 PM

Posted 25 August 2012 - 01:23 PM

Greetings

I have change the search a little below and I want you to rerun it for me.


Also do you have access to another windows 7 computer - it needs to be 32 bit

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
scdemu.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 nickerfoo

nickerfoo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 25 August 2012 - 02:26 PM

Hi Gringo,

My computer says its running 32-bit so I figured I should be able to run it on this (the infected) one. Quick side note, I still have had no redirects since running combofix.

Here is a screenshot of my System screen via my control panel:

Posted Image


And Here is the log for the new search you requested:

SystemLook 30.07.11 by jpshortstuff
Log created at 15:13 on 25/08/2012 by mick
Administrator - Elevation successful

========== filefind ==========

Searching for "scdemu.*"
C:\Windows\System32\drivers\scdemu.sys --a---- 58908 bytes [02:43 27/07/2009] [02:43 27/07/2009] A0EE249F62BFF9B60ADC1DA889F22905

-= EOF =-

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:57 PM

Posted 25 August 2012 - 03:11 PM

Hello


That is good news anyway,


I want you to locate this file on your computer - C:\Windows\System32\drivers\scdemu.sys

Copy the file onto a pen drive - CD anything you want to use and move it to the infected PC

I want you to put it on the C Drive so it will be here

C:\scdemu.sys


windows will not allow us to move the file to where it needs to be so I will have to move it in a minute


after you have move the file to the C Drive I want you to run system look again so I can verify that the file is in place



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 nickerfoo

nickerfoo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 26 August 2012 - 07:58 AM

Hi Gringo,

I unfortunately do not have another 32-bit computer which I can copy this file from to put on mine.

Do you know any other solutions?

Thanks.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:57 PM

Posted 26 August 2012 - 03:31 PM

Do you have any friends or family that might be able to help you?



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:57 PM

Posted 28 August 2012 - 11:25 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 nickerfoo

nickerfoo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 29 August 2012 - 11:16 AM

Hey Gringo,

Sorry for the late response - I will need until this weekend to make those changes to my computer. I have had some difficulty in finding a 32bit windows 7 computer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users