Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Live Security Platinum


  • This topic is locked This topic is locked
31 replies to this topic

#1 suzyq2626

suzyq2626

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 16 September 2012 - 12:47 AM

I appear to be infected with Live Security Platinum rogue. The minute I boot up my computer in "normal mode" I can't run anything as Live Security Platinum "blocks" it. My computer is running ok only under "Safe Mode with Networking". I'd really really appreciate your help! Below is my DDS log, and I've also attached the attach.txt file:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Acer at 2:27:54 on 2012-09-15
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.2811.2090 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\userinit.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://by159w.bay159.mail.live.com/default.aspx
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5251&r=27360710p815l0414z105t4562n29s
mDefault_Page_URL = hxxp://ca.yahoo.com
mStart Page = hxxp://ca.yahoo.com
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll"
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Acer\AppData\Local\Akamai\netsession_win.exe"
uRun: [XcmqyLMkQQUTNHM.exe] C:\ProgramData\XcmqyLMkQQUTNHM.exe
uRun: [KeApplet] C:\Users\Acer\AppData\Roaming\WinRAR\{F8A66A4B-7D4F-48BE-B518-5E7914C3B641}\Upgrade.exe
uRun: [pnact] "C:\Windows\System32\rundll32.exe" "C:\Users\Acer\AppData\Roaming\pnact.dll",Method_Class
uRunOnce: [7812A3D20007BFC3025359A34F147CE7] C:\ProgramData\7812A3D20007BFC3025359A34F147CE7\7812A3D20007BFC3025359A34F147CE7.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [ConnectionManager] C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MBCAME~1.LNK - C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0A286DF1-A27D-42D7-BE68-9DFFEF4B7789} : DhcpNameServer = 10.110.15.1 10.110.15.2
TCP: Interfaces\{DC76B9A9-FC7B-46BB-BB05-7364C8F88430} : DhcpNameServer = 192.168.0.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll"
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [ConnectionManager] C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ivpxmhxt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://ca.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=ffds1&p=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE [2012-2-20 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-2 325200]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-4-28 865824]
S2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-5 144640]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-8-8 1153368]
S2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe [2010-8-17 24576]
S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-4-2 243232]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-26 250056]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE [2012-2-20 240408]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-5-22 1431888]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 114144]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-2-1 305520]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-5 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-09-14 18:16:35 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-12 23:28:02 -------- d-----w- C:\ProgramData\7812A3D20007BFC3025359A34F147CE7
2012-09-12 23:27:35 -------- d-----w- C:\Users\Acer\AppData\Local\{6B29A4D1-FD31-11E1-8271-B8AC6F996F26}
2012-09-12 23:27:31 419328 ----a-w- C:\Users\Acer\AppData\Roaming\pnact.dll
2012-09-08 16:05:57 -------- d-----w- C:\Users\Acer\AppData\Local\{A374AE10-9AB3-4A2F-A925-E083DDAC36F2}
2012-09-07 18:07:02 -------- d-----w- C:\Users\Acer\AppData\Local\{2AE4213C-F81D-4C53-92F0-C5F24AD1ED15}
2012-09-07 17:36:34 -------- d-----w- C:\Users\Acer\AppData\Local\{885CF59E-5816-435D-AB97-69C0DF7C748F}
2012-09-05 16:22:43 -------- d-----w- C:\Users\Acer\AppData\Roaming\WildTangent
2012-08-27 03:24:56 -------- d-----w- C:\Users\Acer\AppData\Local\{BF822807-B101-45BC-BCE0-C726A0BB6AE1}
2012-08-24 23:45:07 -------- d-----w- C:\Users\Acer\AppData\Local\{9190239F-478C-49AC-BD1F-E4D95E0223A0}
2012-08-19 06:30:31 -------- d-----w- C:\Users\Acer\AppData\Local\{50638D5B-B121-4627-94DC-4F4B760AC264}
2012-08-17 04:19:36 -------- d-----w- C:\Users\Acer\AppData\Local\{AE934C5B-F209-48C5-A02E-55CC5348F699}
2012-08-17 04:18:58 -------- d-----w- C:\Users\Acer\AppData\Local\{F85A0102-EF6D-400C-91F1-D27544F0056C}
.
==================== Find3M ====================
.
2012-09-11 22:58:00 60 ----a-w- C:\Windows\wpd99.drv
2012-08-15 08:47:40 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 08:47:40 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2010-07-03 00:44:36 8589088 ----a-w- C:\Program Files\Firefox Setup 3.6.6.exe
.
============= FINISH: 2:29:31.32 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 PM

Posted 16 September 2012 - 07:39 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 suzyq2626

suzyq2626
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 16 September 2012 - 03:08 PM

Thank you gringo! Just a question -- do I perform all this under Safe Mode with Networking or under Normal Mode?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 PM

Posted 16 September 2012 - 04:54 PM

hello


I want you to use normal mode for now, if it does not run in normal mode then I may have you run it in safe mode




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 suzyq2626

suzyq2626
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 16 September 2012 - 05:34 PM

Computer now seems to be running normally. Here are the logs:

SECURITY CHECK

Results of screen317's Security Check version 0.99.50
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.271 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
Symantec Norton Online Backup Activation NobuActivation.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

ADWCLEANER:

# AdwCleaner v2.002 - Logfile created 09/16/2012 at 18:16:09
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Acer - ACER-PC
# Boot Mode : Normal
# Running from : C:\Users\Acer\Desktop\Virus Fix\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Ask.com
Deleted on reboot : C:\ProgramData\Ask
Deleted on reboot : C:\ProgramData\Partner
Deleted on reboot : C:\Users\Acer\AppData\Local\Temp\boost_interprocess
Deleted on reboot : C:\Users\Acer\AppData\LocalLow\AskToolbar
Deleted on reboot : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ivpxmhxt.default\extensions\toolbar@ask.com
Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ivpxmhxt.default\searchplugins\Askcom.xml

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ivpxmhxt.default\prefs.js

C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ivpxmhxt.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://ca.search.yahoo.com/search?fr=ffds1&p=[...]

-\\ Opera v11.52.1100.0

File : C:\Users\Acer\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5260 octets] - [16/09/2012 18:16:09]

########## EOF - C:\AdwCleaner[S1].txt - [5320 octets] ##########

ROGUE KILLER

RK REPORT 1


RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Acer [Admin rights]
Mode : Scan -- Date : 09/16/2012 18:20:53

Bad processes : 0

Registry Entries : 22
[RUN][SUSP PATH] HKCU\[...]\Run : XcmqyLMkQQUTNHM.exe (C:\ProgramData\XcmqyLMkQQUTNHM.exe) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : KeApplet (C:\Users\Acer\AppData\Roaming\WinRAR\{F8A66A4B-7D4F-48BE-B518-5E7914C3B641}\Upgrade.exe) -> FOUND
[RUN][BLACKLIST DLL] HKCU\[...]\Run : pnact ("C:\Windows\System32\rundll32.exe" "C:\Users\Acer\AppData\Roaming\pnact.dll",Method_Class) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Windows Updater (C:\ProgramData\rgdmk.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2737557507-666661123-879125914-1000[...]\Run : XcmqyLMkQQUTNHM.exe (C:\ProgramData\XcmqyLMkQQUTNHM.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2737557507-666661123-879125914-1000[...]\Run : KeApplet (C:\Users\Acer\AppData\Roaming\WinRAR\{F8A66A4B-7D4F-48BE-B518-5E7914C3B641}\Upgrade.exe) -> FOUND
[RUN][BLACKLIST DLL] HKUS\S-1-5-21-2737557507-666661123-879125914-1000[...]\Run : pnact ("C:\Windows\System32\rundll32.exe" "C:\Users\Acer\AppData\Roaming\pnact.dll",Method_Class) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2737557507-666661123-879125914-1000[...]\Run : Windows Updater (C:\ProgramData\rgdmk.exe) -> FOUND
[TASK][SUSP PATH] task38385824 : C:\Users\Acer\AppData\Local\Temp\0.6562281263109556.exe -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowDownloads (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-2737557507-666661123-879125914-1000\$fea989cf1356bf5ecb09deb312671cce\n.) -> FOUND

Particular Files / Folders:
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-2737557507-666661123-879125914-1000\$fea989cf1356bf5ecb09deb312671cce\n --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2737557507-666661123-879125914-1000\$fea989cf1356bf5ecb09deb312671cce\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2737557507-666661123-879125914-1000\$fea989cf1356bf5ecb09deb312671cce\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2737557507-666661123-879125914-1000\$fea989cf1356bf5ecb09deb312671cce\L --> FOUND

Driver : [NOT LOADED]

Infection : Rans.Gendarm|ZeroAccess
[ZeroAccess] sys32\consrv.dll present!

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: ST9250315AS ATA Device +++++
--- User ---
[MBR] 557d3b61bee3cf1b0e2e212768ac5b3b
[BSP] 1e1be45cbc733fe2f52d1dced8616311 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 14339 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29366820 | Size: 101 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29575665 | Size: 224032 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RK REPORT 2:

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Acer [Admin rights]
Mode : Remove -- Date : 09/16/2012 18:22:05

Bad processes : 0

Registry Entries : 19
[RUN][SUSP PATH] HKCU\[...]\Run : XcmqyLMkQQUTNHM.exe (C:\ProgramData\XcmqyLMkQQUTNHM.exe) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : KeApplet (C:\Users\Acer\AppData\Roaming\WinRAR\{F8A66A4B-7D4F-48BE-B518-5E7914C3B641}\Upgrade.exe) -> DELETED
[RUN][BLACKLIST DLL] HKCU\[...]\Run : pnact ("C:\Windows\System32\rundll32.exe" "C:\Users\Acer\AppData\Roaming\pnact.dll",Method_Class) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Windows Updater (C:\ProgramData\rgdmk.exe) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\RunOnce : KeApplet (C:\Users\Acer\AppData\Roaming\WinRAR\{F8A66A4B-7D4F-48BE-B518-5E7914C3B641}\Upgrade.exe) -> DELETED
[TASK][SUSP PATH] task38385824 : C:\Users\Acer\AppData\Local\Temp\0.6562281263109556.exe -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowDownloads (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-2737557507-666661123-879125914-1000\$fea989cf1356bf5ecb09deb312671cce\n.) -> REPLACED (C:\Windows\system32\shell32.dll)

Particular Files / Folders:
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-2737557507-666661123-879125914-1000\$fea989cf1356bf5ecb09deb312671cce\n --> REMOVED AT REBOOT
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2737557507-666661123-879125914-1000\$fea989cf1356bf5ecb09deb312671cce\@ --> REMOVED AT REBOOT
[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-21-2737557507-666661123-879125914-1000\$fea989cf1356bf5ecb09deb312671cce\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\$recycle.bin\S-1-5-21-2737557507-666661123-879125914-1000\$fea989cf1356bf5ecb09deb312671cce\U\00000008.@ --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\$recycle.bin\S-1-5-21-2737557507-666661123-879125914-1000\$fea989cf1356bf5ecb09deb312671cce\U\000000cb.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\$recycle.bin\S-1-5-21-2737557507-666661123-879125914-1000\$fea989cf1356bf5ecb09deb312671cce\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\$recycle.bin\S-1-5-21-2737557507-666661123-879125914-1000\$fea989cf1356bf5ecb09deb312671cce\U\80000032.@ --> REMOVED
[Del.Parent][FILE] 80000064.@ : C:\$recycle.bin\S-1-5-21-2737557507-666661123-879125914-1000\$fea989cf1356bf5ecb09deb312671cce\U\80000064.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2737557507-666661123-879125914-1000\$fea989cf1356bf5ecb09deb312671cce\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-21-2737557507-666661123-879125914-1000\$fea989cf1356bf5ecb09deb312671cce\L\00000004.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2737557507-666661123-879125914-1000\$fea989cf1356bf5ecb09deb312671cce\L --> REMOVED

Driver : [NOT LOADED]

Infection : Rans.Gendarm|ZeroAccess
[ZeroAccess] sys32\consrv.dll present!

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: ST9250315AS ATA Device +++++
--- User ---
[MBR] 557d3b61bee3cf1b0e2e212768ac5b3b
[BSP] 1e1be45cbc733fe2f52d1dced8616311 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 14339 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29366820 | Size: 101 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29575665 | Size: 224032 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 PM

Posted 16 September 2012 - 05:39 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 suzyq2626

suzyq2626
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 17 September 2012 - 04:27 PM

Followed the steps above running ComboFix, and computer seems to be running well, EXCEPT I now cannot connect to my wireless!! I tried rebooting computer several times, rebooted modem and router several times, tried a few other things found on BC, but it's still not working. I know it's not my internet because my phone connects to it fine.

Here's the ComboFix log:

ComboFix 12-09-15.02 - Acer 16/09/2012 21:21:54.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.2811.1683 [GMT -4:00]
Running from: c:\users\Acer\Desktop\Virus Fix\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\7812A3D20007BFC3025359A34F147CE7
c:\programdata\7812A3D20007BFC3025359A34F147CE7\7812A3D20007BFC3025359A34F147CE7
c:\programdata\7812A3D20007BFC3025359A34F147CE7\7812A3D20007BFC3025359A34F147CE7.exe
c:\programdata\7812A3D20007BFC3025359A34F147CE7\7812A3D20007BFC3025359A34F147CE7.ico
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\programdata\piz_0ef.pad
c:\users\Acer\AppData\Roaming\Help\coredb\storage
c:\users\Acer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\users\Acer\AppData\Roaming\pnact.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))))
.
.
2012-09-17 01:32 . 2012-09-17 01:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-14 18:16 . 2012-09-14 18:16 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-12 23:27 . 2012-09-12 23:27 -------- d-----w- c:\users\Acer\AppData\Local\{6B29A4D1-FD31-11E1-8271-B8AC6F996F26}
2012-09-05 16:22 . 2012-09-05 16:22 -------- d-----w- c:\users\Acer\AppData\Roaming\WildTangent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 08:47 . 2012-04-26 07:52 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 08:47 . 2012-04-26 07:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-29 10:04 . 2012-07-17 13:15 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF1239A4-7CAA-479A-9828-710465A29B70}\mpengine.dll
2010-07-03 00:44 . 2010-07-03 00:44 8589088 ----a-w- c:\program files\Firefox Setup 3.6.6.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Akamai NetSession Interface"="c:\users\Acer\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-18 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"ConnectionManager"="c:\program files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2008-06-10 32768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MBCameraMonitor.lnk - c:\program files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2010-7-24 541976]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe [2008-06-10 24576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe [2012-02-20 240408]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-22 1431888]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-14 114144]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-02-08 239136]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-03 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-17 202752]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe [2012-02-20 193816]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-06 865824]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-17 6405120]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-17 188928]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-03-20 321064]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 08:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-06 860192]
"BbPrintMonitor"="c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe" [2010-11-30 201376]
"BbInstallUser"="c:\program files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe" [2011-10-07 38560]
"combofix"="c:\combofix\CF30401.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://by159w.bay159.mail.live.com/default.aspx
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ca.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ivpxmhxt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://ca.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=ffds1&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Adobe Acrobat Synchronizer - c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe
Wow6432Node-HKCU-Run-Windows Updater - c:\programdata\rgdmk.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\McAfee Security Scan\3.0.207\McUicnt.exe
.
**************************************************************************
.
Completion time: 2012-09-16 21:49:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-17 01:49
.
Pre-Run: 118,253,113,344 bytes free
Post-Run: 115,409,743,872 bytes free
.
- - End Of File - - 31225920F262E3BB2AD70F5F1044C020

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 PM

Posted 17 September 2012 - 04:32 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\WINDOWS\ERDNT\Hiv-backup\erdnt.exe
  • click ok
    click OK in the window that pops up

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 suzyq2626

suzyq2626
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 17 September 2012 - 11:22 PM

Thanks Gringo. Unfortunately this didn't work -- still no internet connection. :-( There were many more steps than what you stated in your post ..

Restoring a registry backup created... Hit ok

Warning! current registry file not found... Restore this file?.... Hit yes

error restoring c:\windows\erdnt\hiv-backup\software to c:\windows\system32\config\software
continue with the next file?........ Hit yes

This is just the first of many windows that came up. Now the computer is running very slowly, even lagging just to move the cursor. Please help!!

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 PM

Posted 17 September 2012 - 11:35 PM

Hello


lets do it this way then


I will need you to navigate to this file C:\WINDOWS\ERDNT\Hiv-backup\erdnt.exe right click on the file and select run as admin


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 suzyq2626

suzyq2626
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 18 September 2012 - 12:37 AM

Thank you gringo. Computer is now running fast again, connected to the Internet, and running normally. You're a genius!!!

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 PM

Posted 18 September 2012 - 12:51 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 PM

Posted 23 September 2012 - 07:02 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 suzyq2626

suzyq2626
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 23 September 2012 - 11:17 AM

TDSSKiller log:

11:42:14.0842 3028 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
11:42:15.0312 3028 ============================================================
11:42:15.0312 3028 Current date / time: 2012/09/23 11:42:15.0312
11:42:15.0312 3028 SystemInfo:
11:42:15.0312 3028
11:42:15.0312 3028 OS Version: 6.1.7600 ServicePack: 0.0
11:42:15.0312 3028 Product type: Workstation
11:42:15.0312 3028 ComputerName: ACER-PC
11:42:15.0312 3028 UserName: Acer
11:42:15.0312 3028 Windows directory: C:\Windows
11:42:15.0312 3028 System windows directory: C:\Windows
11:42:15.0312 3028 Running under WOW64
11:42:15.0312 3028 Processor architecture: Intel x64
11:42:15.0312 3028 Number of processors: 1
11:42:15.0312 3028 Page size: 0x1000
11:42:15.0312 3028 Boot type: Normal boot
11:42:15.0312 3028 ============================================================
11:42:16.0944 3028 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:42:16.0949 3028 ============================================================
11:42:16.0949 3028 \Device\Harddisk0\DR0:
11:42:16.0949 3028 MBR partitions:
11:42:16.0949 3028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C01A24, BlocksNum 0x32FCD
11:42:16.0949 3028 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C349F1, BlocksNum 0x1B59077F
11:42:16.0949 3028 ============================================================
11:42:16.0969 3028 C: <-> \Device\Harddisk0\DR0\Partition2
11:42:16.0969 3028 ============================================================
11:42:16.0969 3028 Initialize success
11:42:16.0969 3028 ============================================================
11:42:20.0838 5012 ============================================================
11:42:20.0838 5012 Scan started
11:42:20.0838 5012 Mode: Manual;
11:42:20.0838 5012 ============================================================
11:42:23.0225 5012 ================ Scan system memory ========================
11:42:23.0225 5012 System memory - ok
11:42:23.0228 5012 ================ Scan services =============================
11:42:23.0402 5012 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
11:42:23.0407 5012 1394ohci - ok
11:42:23.0449 5012 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
11:42:23.0455 5012 ACPI - ok
11:42:23.0487 5012 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
11:42:23.0489 5012 AcpiPmi - ok
11:42:23.0626 5012 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:42:23.0628 5012 AdobeFlashPlayerUpdateSvc - ok
11:42:23.0678 5012 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:42:23.0687 5012 adp94xx - ok
11:42:23.0706 5012 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:42:23.0714 5012 adpahci - ok
11:42:23.0756 5012 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:42:23.0778 5012 adpu320 - ok
11:42:23.0819 5012 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:42:23.0821 5012 AeLookupSvc - ok
11:42:23.0859 5012 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
11:42:23.0867 5012 AFD - ok
11:42:23.0901 5012 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
11:42:23.0903 5012 agp440 - ok
11:42:24.0141 5012 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll
11:42:24.0142 5012 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
11:42:24.0152 5012 Akamai ( HiddenFile.Multi.Generic ) - warning
11:42:24.0152 5012 Akamai - detected HiddenFile.Multi.Generic (1)
11:42:24.0188 5012 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:42:24.0190 5012 ALG - ok
11:42:24.0232 5012 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
11:42:24.0234 5012 aliide - ok
11:42:24.0283 5012 [ 53E74B13EEF0E3ED256F4B8028F91274 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:42:24.0287 5012 AMD External Events Utility - ok
11:42:24.0296 5012 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
11:42:24.0298 5012 amdide - ok
11:42:24.0333 5012 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:42:24.0336 5012 AmdK8 - ok
11:42:24.0486 5012 [ 09A3D41550116E898C4C6F2B941E6D07 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
11:42:24.0613 5012 amdkmdag - ok
11:42:24.0759 5012 [ 5E9D3213040458690EBB61C37EC685BA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:42:24.0798 5012 amdkmdap - ok
11:42:24.0923 5012 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:42:24.0962 5012 AmdPPM - ok
11:42:25.0020 5012 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
11:42:25.0023 5012 amdsata - ok
11:42:25.0058 5012 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:42:25.0062 5012 amdsbs - ok
11:42:25.0082 5012 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
11:42:25.0084 5012 amdxata - ok
11:42:25.0138 5012 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
11:42:25.0144 5012 androidusb - ok
11:42:25.0180 5012 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
11:42:25.0184 5012 AppID - ok
11:42:25.0213 5012 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:42:25.0216 5012 AppIDSvc - ok
11:42:25.0247 5012 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
11:42:25.0251 5012 Appinfo - ok
11:42:25.0306 5012 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:42:25.0310 5012 Apple Mobile Device - ok
11:42:25.0359 5012 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:42:25.0361 5012 arc - ok
11:42:25.0383 5012 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:42:25.0386 5012 arcsas - ok
11:42:25.0531 5012 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:42:25.0533 5012 aspnet_state - ok
11:42:25.0576 5012 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:42:25.0578 5012 AsyncMac - ok
11:42:25.0596 5012 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
11:42:25.0596 5012 atapi - ok
11:42:25.0669 5012 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
11:42:25.0671 5012 AtiPcie - ok
11:42:25.0720 5012 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:42:25.0742 5012 AudioEndpointBuilder - ok
11:42:25.0774 5012 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:42:25.0779 5012 AudioSrv - ok
11:42:25.0852 5012 [ 1992C2A1867D95AA3A0802539358D162 ] Autodesk Content Service C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
11:42:25.0858 5012 Autodesk Content Service - ok
11:42:25.0897 5012 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:42:25.0901 5012 AxInstSV - ok
11:42:25.0943 5012 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:42:25.0953 5012 b06bdrv - ok
11:42:25.0990 5012 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:42:25.0995 5012 b57nd60a - ok
11:42:26.0150 5012 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
11:42:26.0155 5012 BBSvc - ok
11:42:26.0269 5012 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
11:42:26.0275 5012 BBUpdate - ok
11:42:26.0375 5012 [ 5B5C36B2EC500462A715DB6BCBAF5DA7 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
11:42:26.0444 5012 BCM43XX - ok
11:42:26.0495 5012 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:42:26.0498 5012 BDESVC - ok
11:42:26.0540 5012 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:42:26.0541 5012 Beep - ok
11:42:26.0592 5012 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
11:42:26.0602 5012 BFE - ok
11:42:26.0694 5012 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
11:42:26.0717 5012 BITS - ok
11:42:26.0769 5012 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:42:26.0772 5012 blbdrive - ok
11:42:26.0861 5012 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:42:26.0868 5012 Bonjour Service - ok
11:42:26.0886 5012 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:42:26.0889 5012 bowser - ok
11:42:26.0928 5012 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:42:26.0930 5012 BrFiltLo - ok
11:42:26.0941 5012 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:42:26.0941 5012 BrFiltUp - ok
11:42:26.0976 5012 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:42:26.0979 5012 BridgeMP - ok
11:42:27.0012 5012 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
11:42:27.0015 5012 Browser - ok
11:42:27.0038 5012 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:42:27.0044 5012 Brserid - ok
11:42:27.0086 5012 [ 80E52EF092F3DAD03E0EE15E64F97245 ] BrSerIf C:\Windows\system32\DRIVERS\BrSerIf.sys
11:42:27.0089 5012 BrSerIf - ok
11:42:27.0098 5012 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:42:27.0100 5012 BrSerWdm - ok
11:42:27.0129 5012 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:42:27.0130 5012 BrUsbMdm - ok
11:42:27.0166 5012 [ 601CB966FFFEBC6806626DC8E7AA0EF2 ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
11:42:27.0169 5012 BrUsbSer - ok
11:42:27.0207 5012 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:42:27.0210 5012 BTHMODEM - ok
11:42:27.0266 5012 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:42:27.0269 5012 bthserv - ok
11:42:27.0292 5012 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:42:27.0294 5012 cdfs - ok
11:42:27.0322 5012 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:42:27.0326 5012 cdrom - ok
11:42:27.0359 5012 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
11:42:27.0362 5012 CertPropSvc - ok
11:42:27.0390 5012 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:42:27.0392 5012 circlass - ok
11:42:27.0417 5012 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:42:27.0423 5012 CLFS - ok
11:42:27.0484 5012 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:42:27.0486 5012 clr_optimization_v2.0.50727_32 - ok
11:42:27.0527 5012 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:42:27.0529 5012 clr_optimization_v2.0.50727_64 - ok
11:42:27.0613 5012 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:42:27.0617 5012 clr_optimization_v4.0.30319_32 - ok
11:42:27.0639 5012 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:42:27.0643 5012 clr_optimization_v4.0.30319_64 - ok
11:42:27.0690 5012 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:42:27.0692 5012 CmBatt - ok
11:42:27.0712 5012 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
11:42:27.0714 5012 cmdide - ok
11:42:27.0742 5012 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
11:42:27.0750 5012 CNG - ok
11:42:27.0786 5012 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:42:27.0788 5012 Compbatt - ok
11:42:27.0802 5012 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:42:27.0805 5012 CompositeBus - ok
11:42:27.0823 5012 COMSysApp - ok
11:42:27.0847 5012 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:42:27.0850 5012 crcdisk - ok
11:42:27.0915 5012 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:42:27.0919 5012 CryptSvc - ok
11:42:27.0962 5012 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:42:27.0974 5012 DcomLaunch - ok
11:42:28.0003 5012 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:42:28.0009 5012 defragsvc - ok
11:42:28.0032 5012 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:42:28.0034 5012 DfsC - ok
11:42:28.0073 5012 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
11:42:28.0078 5012 Dhcp - ok
11:42:28.0123 5012 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:42:28.0124 5012 discache - ok
11:42:28.0163 5012 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:42:28.0165 5012 Disk - ok
11:42:28.0205 5012 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:42:28.0209 5012 Dnscache - ok
11:42:28.0232 5012 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
11:42:28.0238 5012 dot3svc - ok
11:42:28.0277 5012 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
11:42:28.0281 5012 DPS - ok
11:42:28.0330 5012 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:42:28.0332 5012 drmkaud - ok
11:42:28.0399 5012 [ 61E894FE1E9CC720C909E6E343351794 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
11:42:28.0405 5012 DsiWMIService - ok
11:42:28.0474 5012 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:42:28.0507 5012 DXGKrnl - ok
11:42:28.0553 5012 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:42:28.0565 5012 EapHost - ok
11:42:28.0927 5012 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:42:29.0010 5012 ebdrv - ok
11:42:29.0033 5012 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
11:42:29.0038 5012 EFS - ok
11:42:29.0201 5012 [ 3D69FAE60EDE442E004611A4EE4DB44C ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:42:29.0225 5012 ehRecvr - ok
11:42:29.0255 5012 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:42:29.0259 5012 ehSched - ok
11:42:29.0315 5012 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:42:29.0325 5012 elxstor - ok
11:42:29.0418 5012 [ 49EEF52BFB986A2B5D70F4EC12637D7B ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
11:42:29.0441 5012 ePowerSvc - ok
11:42:29.0467 5012 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
11:42:29.0469 5012 ErrDev - ok
11:42:29.0554 5012 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:42:29.0561 5012 EventSystem - ok
11:42:29.0585 5012 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:42:29.0590 5012 exfat - ok
11:42:29.0623 5012 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:42:29.0629 5012 fastfat - ok
11:42:29.0678 5012 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
11:42:29.0701 5012 Fax - ok
11:42:29.0722 5012 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:42:29.0724 5012 fdc - ok
11:42:29.0761 5012 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:42:29.0763 5012 fdPHost - ok
11:42:29.0777 5012 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:42:29.0779 5012 FDResPub - ok
11:42:29.0810 5012 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:42:29.0814 5012 FileInfo - ok
11:42:29.0827 5012 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:42:29.0830 5012 Filetrace - ok
11:42:29.0928 5012 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
11:42:29.0963 5012 FLEXnet Licensing Service 64 - ok
11:42:30.0252 5012 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:42:30.0255 5012 flpydisk - ok
11:42:30.0288 5012 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:42:30.0295 5012 FltMgr - ok
11:42:30.0361 5012 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll
11:42:30.0396 5012 FontCache - ok
11:42:30.0454 5012 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:42:30.0456 5012 FontCache3.0.0.0 - ok
11:42:30.0484 5012 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:42:30.0487 5012 FsDepends - ok
11:42:30.0597 5012 [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
11:42:30.0600 5012 fssfltr - ok
11:42:30.0973 5012 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
11:42:31.0019 5012 fsssvc - ok
11:42:31.0039 5012 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:42:31.0043 5012 Fs_Rec - ok
11:42:31.0140 5012 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:42:31.0145 5012 fvevol - ok
11:42:31.0187 5012 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:42:31.0190 5012 gagp30kx - ok
11:42:31.0318 5012 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
11:42:31.0323 5012 GamesAppService - ok
11:42:31.0402 5012 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:42:31.0404 5012 GEARAspiWDM - ok
11:42:31.0444 5012 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
11:42:31.0466 5012 gpsvc - ok
11:42:31.0529 5012 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
11:42:31.0532 5012 GREGService - ok
11:42:31.0560 5012 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:42:31.0563 5012 hcw85cir - ok
11:42:31.0584 5012 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:42:31.0592 5012 HdAudAddService - ok
11:42:31.0628 5012 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:42:31.0631 5012 HDAudBus - ok
11:42:31.0642 5012 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:42:31.0643 5012 HidBatt - ok
11:42:31.0655 5012 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:42:31.0660 5012 HidBth - ok
11:42:31.0700 5012 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:42:31.0702 5012 HidIr - ok
11:42:31.0730 5012 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:42:31.0732 5012 hidserv - ok
11:42:31.0770 5012 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:42:31.0773 5012 HidUsb - ok
11:42:31.0795 5012 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:42:31.0798 5012 hkmsvc - ok
11:42:31.0824 5012 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:42:31.0830 5012 HomeGroupListener - ok
11:42:31.0864 5012 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:42:31.0869 5012 HomeGroupProvider - ok
11:42:31.0923 5012 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
11:42:31.0926 5012 HpSAMD - ok
11:42:31.0979 5012 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:42:32.0002 5012 HTTP - ok
11:42:32.0022 5012 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:42:32.0023 5012 hwpolicy - ok
11:42:32.0057 5012 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:42:32.0059 5012 i8042prt - ok
11:42:32.0102 5012 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
11:42:32.0110 5012 iaStorV - ok
11:42:32.0166 5012 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:42:32.0189 5012 idsvc - ok
11:42:32.0233 5012 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:42:32.0235 5012 iirsp - ok
11:42:32.0297 5012 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
11:42:32.0320 5012 IKEEXT - ok
11:42:32.0409 5012 [ FEADC18677A85A123E95A9B976101120 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:42:32.0467 5012 IntcAzAudAddService - ok
11:42:32.0498 5012 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
11:42:32.0499 5012 intelide - ok
11:42:32.0620 5012 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:42:32.0625 5012 intelppm - ok
11:42:32.0920 5012 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:42:32.0923 5012 IPBusEnum - ok
11:42:32.0963 5012 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:42:32.0971 5012 IpFilterDriver - ok
11:42:32.0982 5012 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:42:32.0983 5012 IPMIDRV - ok
11:42:33.0139 5012 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:42:33.0141 5012 IPNAT - ok
11:42:33.0197 5012 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:42:33.0220 5012 iPod Service - ok
11:42:33.0249 5012 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:42:33.0251 5012 IRENUM - ok
11:42:33.0277 5012 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
11:42:33.0283 5012 isapnp - ok
11:42:33.0305 5012 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
11:42:33.0311 5012 iScsiPrt - ok
11:42:33.0362 5012 [ C9B4ECC187581E5BF3F76648884B7829 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
11:42:33.0368 5012 k57nd60a - ok
11:42:33.0390 5012 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:42:33.0393 5012 kbdclass - ok
11:42:33.0433 5012 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:42:33.0435 5012 kbdhid - ok
11:42:33.0457 5012 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
11:42:33.0458 5012 KeyIso - ok
11:42:33.0478 5012 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:42:33.0481 5012 KSecDD - ok
11:42:33.0508 5012 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:42:33.0512 5012 KSecPkg - ok
11:42:33.0540 5012 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:42:33.0542 5012 ksthunk - ok
11:42:33.0593 5012 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:42:33.0601 5012 KtmRm - ok
11:42:33.0639 5012 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:42:33.0645 5012 LanmanServer - ok
11:42:33.0684 5012 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:42:33.0689 5012 LanmanWorkstation - ok
11:42:33.0734 5012 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:42:33.0736 5012 lltdio - ok
11:42:33.0773 5012 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:42:33.0780 5012 lltdsvc - ok
11:42:33.0798 5012 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:42:33.0800 5012 lmhosts - ok
11:42:33.0835 5012 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:42:33.0838 5012 LSI_FC - ok
11:42:33.0881 5012 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:42:33.0884 5012 LSI_SAS - ok
11:42:33.0896 5012 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:42:33.0899 5012 LSI_SAS2 - ok
11:42:33.0931 5012 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:42:33.0934 5012 LSI_SCSI - ok
11:42:33.0955 5012 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:42:33.0958 5012 luafv - ok
11:42:34.0016 5012 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
11:42:34.0020 5012 McComponentHostService - ok
11:42:34.0058 5012 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:42:34.0062 5012 Mcx2Svc - ok
11:42:34.0110 5012 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:42:34.0113 5012 megasas - ok
11:42:34.0141 5012 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:42:34.0147 5012 MegaSR - ok
11:42:34.0167 5012 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:42:34.0169 5012 MMCSS - ok
11:42:34.0181 5012 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:42:34.0182 5012 Modem - ok
11:42:34.0216 5012 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:42:34.0218 5012 monitor - ok
11:42:34.0251 5012 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:42:34.0253 5012 mouclass - ok
11:42:34.0287 5012 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:42:34.0290 5012 mouhid - ok
11:42:34.0309 5012 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:42:34.0313 5012 mountmgr - ok
11:42:34.0386 5012 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:42:34.0389 5012 MozillaMaintenance - ok
11:42:34.0414 5012 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
11:42:34.0418 5012 mpio - ok
11:42:34.0440 5012 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:42:34.0442 5012 mpsdrv - ok
11:42:34.0464 5012 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:42:34.0469 5012 MRxDAV - ok
11:42:34.0500 5012 [ 767A4C3BCF9410C286CED15A2DB17108 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:42:34.0504 5012 mrxsmb - ok
11:42:34.0567 5012 [ 920EE0FF995FCFDEB08C41605A959E1C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:42:34.0640 5012 mrxsmb10 - ok
11:42:34.0663 5012 [ 740D7EA9D72C981510A5292CF6ADC941 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:42:34.0669 5012 mrxsmb20 - ok
11:42:34.0770 5012 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
11:42:34.0773 5012 msahci - ok
11:42:34.0982 5012 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
11:42:34.0987 5012 msdsm - ok
11:42:35.0031 5012 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:42:35.0034 5012 MSDTC - ok
11:42:35.0084 5012 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:42:35.0086 5012 Msfs - ok
11:42:35.0113 5012 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:42:35.0115 5012 mshidkmdf - ok
11:42:35.0129 5012 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
11:42:35.0132 5012 msisadrv - ok
11:42:35.0165 5012 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:42:35.0170 5012 MSiSCSI - ok
11:42:35.0179 5012 msiserver - ok
11:42:35.0219 5012 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:42:35.0222 5012 MSKSSRV - ok
11:42:35.0242 5012 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:42:35.0243 5012 MSPCLOCK - ok
11:42:35.0261 5012 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:42:35.0264 5012 MSPQM - ok
11:42:35.0290 5012 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:42:35.0298 5012 MsRPC - ok
11:42:35.0319 5012 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:42:35.0321 5012 mssmbios - ok
11:42:35.0340 5012 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:42:35.0341 5012 MSTEE - ok
11:42:35.0353 5012 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:42:35.0354 5012 MTConfig - ok
11:42:35.0375 5012 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:42:35.0377 5012 Mup - ok
11:42:35.0424 5012 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
11:42:35.0427 5012 mwlPSDFilter - ok
11:42:35.0448 5012 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
11:42:35.0451 5012 mwlPSDNServ - ok
11:42:35.0465 5012 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
11:42:35.0468 5012 mwlPSDVDisk - ok
11:42:35.0535 5012 [ 22A4905C958BEB68D78385B633C1351B ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
11:42:35.0541 5012 MWLService - ok
11:42:35.0579 5012 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
11:42:35.0589 5012 napagent - ok
11:42:35.0651 5012 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:42:35.0656 5012 NativeWifiP - ok
11:42:35.0703 5012 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
11:42:35.0729 5012 NDIS - ok
11:42:35.0759 5012 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:42:35.0761 5012 NdisCap - ok
11:42:35.0815 5012 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:42:35.0817 5012 NdisTapi - ok
11:42:35.0842 5012 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:42:35.0844 5012 Ndisuio - ok
11:42:35.0866 5012 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:42:35.0870 5012 NdisWan - ok
11:42:35.0888 5012 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:42:35.0890 5012 NDProxy - ok
11:42:35.0923 5012 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:42:35.0925 5012 NetBIOS - ok
11:42:35.0950 5012 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:42:35.0955 5012 NetBT - ok
11:42:35.0977 5012 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
11:42:35.0978 5012 Netlogon - ok
11:42:36.0022 5012 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:42:36.0029 5012 Netman - ok
11:42:36.0070 5012 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:42:36.0073 5012 NetMsmqActivator - ok
11:42:36.0087 5012 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:42:36.0088 5012 NetPipeActivator - ok
11:42:36.0144 5012 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:42:36.0152 5012 netprofm - ok
11:42:36.0162 5012 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:42:36.0165 5012 NetTcpActivator - ok
11:42:36.0175 5012 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:42:36.0176 5012 NetTcpPortSharing - ok
11:42:36.0250 5012 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:42:36.0253 5012 nfrd960 - ok
11:42:36.0284 5012 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:42:36.0291 5012 NlaSvc - ok
11:42:36.0312 5012 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:42:36.0314 5012 Npfs - ok
11:42:36.0338 5012 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:42:36.0341 5012 nsi - ok
11:42:36.0358 5012 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:42:36.0359 5012 nsiproxy - ok
11:42:36.0415 5012 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:42:36.0461 5012 Ntfs - ok
11:42:36.0523 5012 [ 5B3CE960C62DBE864BE9A0BD043A3E30 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
11:42:36.0562 5012 NTI IScheduleSvc - ok
11:42:36.0827 5012 [ 15221DD637D9D0FFC60848EBBF1DF538 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
11:42:36.0831 5012 NTIBackupSvc - ok
11:42:36.0891 5012 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
11:42:36.0893 5012 NTIDrvr - ok
11:42:36.0942 5012 [ B5071E15D4C3F5EF5018AFF7E85A85E5 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
11:42:36.0983 5012 NTISchedulerSvc - ok
11:42:37.0010 5012 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:42:37.0011 5012 Null - ok
11:42:37.0047 5012 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
11:42:37.0051 5012 nvraid - ok
11:42:37.0085 5012 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
11:42:37.0089 5012 nvstor - ok
11:42:37.0109 5012 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
11:42:37.0118 5012 nv_agp - ok
11:42:37.0136 5012 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
11:42:37.0139 5012 ohci1394 - ok
11:42:37.0175 5012 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:42:37.0182 5012 p2pimsvc - ok
11:42:37.0208 5012 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:42:37.0216 5012 p2psvc - ok
11:42:37.0242 5012 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:42:37.0244 5012 Parport - ok
11:42:37.0269 5012 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:42:37.0272 5012 partmgr - ok
11:42:37.0297 5012 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:42:37.0303 5012 PcaSvc - ok
11:42:37.0321 5012 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
11:42:37.0325 5012 pci - ok
11:42:37.0347 5012 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
11:42:37.0349 5012 pciide - ok
11:42:37.0377 5012 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:42:37.0382 5012 pcmcia - ok
11:42:37.0403 5012 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:42:37.0406 5012 pcw - ok
11:42:37.0437 5012 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:42:37.0460 5012 PEAUTH - ok
11:42:37.0541 5012 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:42:37.0543 5012 PerfHost - ok
11:42:37.0615 5012 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
11:42:37.0651 5012 pla - ok
11:42:37.0683 5012 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:42:37.0692 5012 PlugPlay - ok
11:42:37.0707 5012 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:42:37.0710 5012 PNRPAutoReg - ok
11:42:37.0737 5012 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:42:37.0740 5012 PNRPsvc - ok
11:42:37.0785 5012 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:42:37.0793 5012 PolicyAgent - ok
11:42:37.0815 5012 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:42:37.0820 5012 Power - ok
11:42:37.0868 5012 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:42:37.0872 5012 PptpMiniport - ok
11:42:37.0899 5012 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:42:37.0902 5012 Processor - ok
11:42:37.0947 5012 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
11:42:37.0952 5012 ProfSvc - ok
11:42:37.0970 5012 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
11:42:37.0971 5012 ProtectedStorage - ok
11:42:38.0002 5012 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:42:38.0005 5012 Psched - ok
11:42:38.0067 5012 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:42:38.0111 5012 ql2300 - ok
11:42:38.0123 5012 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:42:38.0126 5012 ql40xx - ok
11:42:38.0159 5012 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:42:38.0165 5012 QWAVE - ok
11:42:38.0183 5012 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:42:38.0186 5012 QWAVEdrv - ok
11:42:38.0196 5012 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:42:38.0197 5012 RasAcd - ok
11:42:38.0244 5012 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:42:38.0246 5012 RasAgileVpn - ok
11:42:38.0267 5012 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:42:38.0273 5012 RasAuto - ok
11:42:38.0296 5012 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:42:38.0299 5012 Rasl2tp - ok
11:42:38.0324 5012 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
11:42:38.0331 5012 RasMan - ok
11:42:38.0354 5012 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:42:38.0357 5012 RasPppoe - ok
11:42:38.0374 5012 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:42:38.0376 5012 RasSstp - ok
11:42:38.0400 5012 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:42:38.0408 5012 rdbss - ok
11:42:38.0432 5012 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:42:38.0434 5012 rdpbus - ok
11:42:38.0461 5012 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:42:38.0462 5012 RDPCDD - ok
11:42:38.0489 5012 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:42:38.0490 5012 RDPENCDD - ok
11:42:38.0505 5012 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:42:38.0506 5012 RDPREFMP - ok
11:42:38.0546 5012 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:42:38.0563 5012 RDPWD - ok
11:42:38.0632 5012 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:42:38.0637 5012 rdyboost - ok
11:42:38.0753 5012 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:42:38.0757 5012 RemoteAccess - ok
11:42:38.0787 5012 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:42:38.0793 5012 RemoteRegistry - ok
11:42:38.0813 5012 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:42:38.0816 5012 RpcEptMapper - ok
11:42:38.0840 5012 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:42:38.0843 5012 RpcLocator - ok
11:42:38.0868 5012 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
11:42:38.0874 5012 RpcSs - ok
11:42:38.0924 5012 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:42:38.0927 5012 rspndr - ok
11:42:38.0987 5012 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
11:42:38.0992 5012 RSUSBSTOR - ok
11:42:39.0027 5012 [ 4E821C740A675F6D040BE41D59A62B1D ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
11:42:39.0031 5012 RTHDMIAzAudService - ok
11:42:39.0048 5012 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
11:42:39.0050 5012 SamSs - ok
11:42:39.0073 5012 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
11:42:39.0076 5012 sbp2port - ok
11:42:39.0159 5012 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
11:42:39.0193 5012 SBSDWSCService - ok
11:42:39.0226 5012 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:42:39.0231 5012 SCardSvr - ok
11:42:39.0255 5012 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:42:39.0258 5012 scfilter - ok
11:42:39.0295 5012 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll
11:42:39.0329 5012 Schedule - ok
11:42:39.0355 5012 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:42:39.0356 5012 SCPolicySvc - ok
11:42:39.0376 5012 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:42:39.0382 5012 SDRSVC - ok
11:42:39.0410 5012 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:42:39.0415 5012 secdrv - ok
11:42:39.0431 5012 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
11:42:39.0433 5012 seclogon - ok
11:42:39.0450 5012 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:42:39.0453 5012 SENS - ok
11:42:39.0474 5012 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:42:39.0477 5012 SensrSvc - ok
11:42:39.0498 5012 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:42:39.0500 5012 Serenum - ok
11:42:39.0522 5012 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:42:39.0526 5012 Serial - ok
11:42:39.0540 5012 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:42:39.0542 5012 sermouse - ok
11:42:39.0579 5012 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
11:42:39.0584 5012 SessionEnv - ok
11:42:39.0595 5012 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
11:42:39.0597 5012 sffdisk - ok
11:42:39.0607 5012 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:42:39.0609 5012 sffp_mmc - ok
11:42:39.0618 5012 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
11:42:39.0621 5012 sffp_sd - ok
11:42:39.0631 5012 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:42:39.0632 5012 sfloppy - ok
11:42:39.0678 5012 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:42:39.0684 5012 SharedAccess - ok
11:42:39.0708 5012 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:42:39.0715 5012 ShellHWDetection - ok
11:42:39.0835 5012 [ 20A9284A879A3402AFEC51040C4FC227 ] Simply Accounting Database Connection Manager C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe
11:42:39.0836 5012 Simply Accounting Database Connection Manager - ok
11:42:39.0877 5012 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:42:39.0881 5012 SiSRaid2 - ok
11:42:39.0891 5012 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:42:39.0893 5012 SiSRaid4 - ok
11:42:39.0927 5012 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:42:39.0930 5012 Smb - ok
11:42:39.0976 5012 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:42:39.0979 5012 SNMPTRAP - ok
11:42:39.0999 5012 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:42:40.0003 5012 spldr - ok
11:42:40.0033 5012 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe
11:42:40.0043 5012 Spooler - ok
11:42:40.0136 5012 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
11:42:40.0216 5012 sppsvc - ok
11:42:40.0233 5012 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:42:40.0237 5012 sppuinotify - ok
11:42:40.0277 5012 [ 37C3ABC2338010E110D2A6A3930F3149 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:42:40.0287 5012 srv - ok
11:42:40.0302 5012 [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:42:40.0309 5012 srv2 - ok
11:42:40.0328 5012 [ CCE32BB223E9FF55D241099A858FA889 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:42:40.0334 5012 srvnet - ok
11:42:40.0392 5012 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
11:42:40.0395 5012 ssadbus - ok
11:42:40.0457 5012 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
11:42:40.0460 5012 ssadmdfl - ok
11:42:40.0493 5012 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
11:42:40.0498 5012 ssadmdm - ok
11:42:40.0530 5012 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
11:42:40.0537 5012 ssadserd - ok
11:42:40.0671 5012 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:42:40.0676 5012 SSDPSRV - ok
11:42:40.0704 5012 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:42:40.0709 5012 SstpSvc - ok
11:42:40.0735 5012 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:42:40.0738 5012 stexstor - ok
11:42:40.0776 5012 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
11:42:40.0799 5012 stisvc - ok
11:42:40.0878 5012 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:42:40.0880 5012 swenum - ok
11:42:40.0908 5012 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:42:40.0917 5012 swprv - ok
11:42:40.0965 5012 [ 064A2530A4A7C7CEC1BE6A1945645BE4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:42:40.0970 5012 SynTP - ok
11:42:41.0027 5012 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
11:42:41.0072 5012 SysMain - ok
11:42:41.0093 5012 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:42:41.0097 5012 TabletInputService - ok
11:42:41.0128 5012 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
11:42:41.0135 5012 TapiSrv - ok
11:42:41.0152 5012 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:42:41.0157 5012 TBS - ok
11:42:41.0241 5012 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:42:41.0286 5012 Tcpip - ok
11:42:41.0350 5012 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:42:41.0363 5012 TCPIP6 - ok
11:42:41.0384 5012 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:42:41.0386 5012 tcpipreg - ok
11:42:41.0413 5012 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:42:41.0415 5012 TDPIPE - ok
11:42:41.0437 5012 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:42:41.0439 5012 TDTCP - ok
11:42:41.0469 5012 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:42:41.0474 5012 tdx - ok
11:42:41.0488 5012 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:42:41.0491 5012 TermDD - ok
11:42:41.0531 5012 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
11:42:41.0554 5012 TermService - ok
11:42:41.0571 5012 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:42:41.0574 5012 Themes - ok
11:42:41.0607 5012 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:42:41.0609 5012 THREADORDER - ok
11:42:41.0630 5012 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:42:41.0634 5012 TrkWks - ok
11:42:41.0681 5012 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:42:41.0684 5012 TrustedInstaller - ok
11:42:41.0708 5012 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:42:41.0712 5012 tssecsrv - ok
11:42:41.0747 5012 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:42:41.0750 5012 tunnel - ok
11:42:41.0775 5012 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:42:41.0778 5012 uagp35 - ok
11:42:41.0811 5012 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
11:42:41.0813 5012 UBHelper - ok
11:42:41.0842 5012 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:42:41.0848 5012 udfs - ok
11:42:41.0883 5012 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:42:41.0886 5012 UI0Detect - ok
11:42:41.0915 5012 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
11:42:41.0917 5012 uliagpkx - ok
11:42:41.0967 5012 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:42:41.0969 5012 umbus - ok
11:42:41.0996 5012 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:42:41.0998 5012 UmPass - ok
11:42:42.0068 5012 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
11:42:42.0073 5012 Updater Service - ok
11:42:42.0108 5012 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:42:42.0116 5012 upnphost - ok
11:42:42.0133 5012 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:42:42.0135 5012 usbccgp - ok
11:42:42.0166 5012 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
11:42:42.0169 5012 usbcir - ok
11:42:42.0188 5012 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:42:42.0190 5012 usbehci - ok
11:42:42.0232 5012 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
11:42:42.0234 5012 usbfilter - ok
11:42:42.0276 5012 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:42:42.0309 5012 usbhub - ok
11:42:42.0329 5012 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:42:42.0331 5012 usbohci - ok
11:42:42.0366 5012 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:42:42.0368 5012 usbprint - ok
11:42:42.0399 5012 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:42:42.0401 5012 usbscan - ok
11:42:42.0423 5012 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:42:42.0426 5012 USBSTOR - ok
11:42:42.0443 5012 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:42:42.0445 5012 usbuhci - ok
11:42:42.0473 5012 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:42:42.0479 5012 usbvideo - ok
11:42:42.0514 5012 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:42:42.0518 5012 UxSms - ok
11:42:42.0536 5012 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
11:42:42.0538 5012 VaultSvc - ok
11:42:42.0610 5012 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
11:42:42.0619 5012 vdrvroot - ok
11:42:42.0823 5012 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
11:42:42.0846 5012 vds - ok
11:42:42.0878 5012 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:42:42.0881 5012 vga - ok
11:42:42.0905 5012 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:42:42.0907 5012 VgaSave - ok
11:42:42.0930 5012 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
11:42:42.0934 5012 vhdmp - ok
11:42:42.0945 5012 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
11:42:42.0946 5012 viaide - ok
11:42:42.0971 5012 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
11:42:42.0978 5012 volmgr - ok
11:42:42.0999 5012 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:42:43.0004 5012 volmgrx - ok
11:42:43.0029 5012 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
11:42:43.0035 5012 volsnap - ok
11:42:43.0065 5012 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:42:43.0069 5012 vsmraid - ok
11:42:43.0124 5012 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
11:42:43.0160 5012 VSS - ok
11:42:43.0173 5012 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:42:43.0175 5012 vwifibus - ok
11:42:43.0200 5012 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:42:43.0203 5012 vwififlt - ok
11:42:43.0234 5012 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:42:43.0241 5012 W32Time - ok
11:42:43.0257 5012 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:42:43.0258 5012 WacomPen - ok
11:42:43.0304 5012 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:42:43.0306 5012 WANARP - ok
11:42:43.0329 5012 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:42:43.0330 5012 Wanarpv6 - ok
11:42:43.0406 5012 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:42:43.0441 5012 WatAdminSvc - ok
11:42:43.0505 5012 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
11:42:43.0540 5012 wbengine - ok
11:42:43.0561 5012 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:42:43.0566 5012 WbioSrvc - ok
11:42:43.0589 5012 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:42:43.0598 5012 wcncsvc - ok
11:42:43.0620 5012 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:42:43.0624 5012 WcsPlugInService - ok
11:42:43.0657 5012 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:42:43.0659 5012 Wd - ok
11:42:43.0699 5012 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:42:43.0721 5012 Wdf01000 - ok
11:42:43.0744 5012 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:42:43.0748 5012 WdiServiceHost - ok
11:42:43.0756 5012 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:42:43.0759 5012 WdiSystemHost - ok
11:42:43.0792 5012 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
11:42:43.0799 5012 WebClient - ok
11:42:43.0819 5012 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:42:43.0824 5012 Wecsvc - ok
11:42:43.0840 5012 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:42:43.0844 5012 wercplsupport - ok
11:42:43.0878 5012 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:42:43.0883 5012 WerSvc - ok
11:42:43.0929 5012 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:42:43.0933 5012 WfpLwf - ok
11:42:43.0960 5012 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:42:43.0963 5012 WIMMount - ok
11:42:43.0995 5012 WinDefend - ok
11:42:44.0012 5012 WinHttpAutoProxySvc - ok
11:42:44.0072 5012 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:42:44.0077 5012 Winmgmt - ok
11:42:44.0154 5012 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
11:42:44.0207 5012 WinRM - ok
11:42:44.0316 5012 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:42:44.0318 5012 WinUsb - ok
11:42:44.0377 5012 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:42:44.0403 5012 Wlansvc - ok
11:42:44.0485 5012 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:42:44.0487 5012 wlcrasvc - ok
11:42:45.0159 5012 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:42:45.0238 5012 wlidsvc - ok
11:42:45.0269 5012 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:42:45.0270 5012 WmiAcpi - ok
11:42:45.0303 5012 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:42:45.0307 5012 wmiApSrv - ok
11:42:45.0333 5012 WMPNetworkSvc - ok
11:42:45.0365 5012 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:42:45.0368 5012 WPCSvc - ok
11:42:45.0392 5012 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:42:45.0397 5012 WPDBusEnum - ok
11:42:45.0425 5012 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:42:45.0426 5012 ws2ifsl - ok
11:42:45.0450 5012 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
11:42:45.0454 5012 wscsvc - ok
11:42:45.0465 5012 WSearch - ok
11:42:45.0573 5012 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:42:45.0631 5012 wuauserv - ok
11:42:45.0649 5012 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:42:45.0652 5012 WudfPf - ok
11:42:45.0700 5012 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:42:45.0704 5012 WUDFRd - ok
11:42:45.0729 5012 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:42:45.0733 5012 wudfsvc - ok
11:42:45.0752 5012 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:42:45.0758 5012 WwanSvc - ok
11:42:45.0775 5012 ================ Scan global ===============================
11:42:45.0808 5012 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:42:45.0835 5012 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
11:42:45.0890 5012 [ 4D7CDE615A0F534BD5E359951829554B ] C:\Windows\system32\consrv.dll
11:42:45.0943 5012 C:\Windows\system32\consrv.dll ( Backdoor.Multi.ZAccess.genb ) - infected
11:42:45.0943 5012 C:\Windows\system32\consrv.dll - detected Backdoor.Multi.ZAccess.genb (0)
11:42:45.0985 5012 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:42:45.0995 5012 ================ Scan MBR ==================================
11:42:46.0012 5012 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:42:46.0211 5012 \Device\Harddisk0\DR0 - ok
11:42:46.0214 5012 ================ Scan VBR ==================================
11:42:46.0219 5012 [ 5E37F47DACE41D9383461DA50BE6EC73 ] \Device\Harddisk0\DR0\Partition1
11:42:46.0220 5012 \Device\Harddisk0\DR0\Partition1 - ok
11:42:46.0239 5012 [ 253B328DAD8BB04C0168EBE3D95F12BD ] \Device\Harddisk0\DR0\Partition2
11:42:46.0242 5012 \Device\Harddisk0\DR0\Partition2 - ok
11:42:46.0245 5012 ============================================================
11:42:46.0245 5012 Scan finished
11:42:46.0245 5012 ============================================================
11:42:46.0261 2496 Detected object count: 2
11:42:46.0261 2496 Actual detected object count: 2
11:43:07.0060 2496 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
11:43:07.0060 2496 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
11:43:07.0138 2496 C:\Windows\system32\consrv.dll - copied to quarantine
11:43:07.0598 2496 C:\Windows\assembly\temp\U\00000001.@ - copied to quarantine
11:43:07.0617 2496 C:\Windows\assembly\temp\U\00000002.@ - copied to quarantine
11:43:07.0632 2496 C:\Windows\assembly\temp\U\00000004.@ - copied to quarantine
11:43:07.0648 2496 C:\Windows\assembly\temp\U\000000c0.@ - copied to quarantine
11:43:07.0661 2496 C:\Windows\assembly\temp\U\000000cb.@ - copied to quarantine
11:43:07.0668 2496 C:\Windows\assembly\temp\U\000000cf.@ - copied to quarantine
11:43:07.0680 2496 C:\Windows\assembly\temp\U\80000000.@ - copied to quarantine
11:43:07.0696 2496 C:\Windows\assembly\temp\U\80000004.@ - copied to quarantine
11:43:07.0697 2496 C:\Windows\assembly\temp\U\80000032.@ - copied to quarantine
11:43:07.0722 2496 C:\Windows\assembly\temp\U\80000064.@ - copied to quarantine
11:43:07.0745 2496 C:\Windows\assembly\temp\U\800000c0.@ - copied to quarantine
11:43:07.0755 2496 C:\Windows\assembly\temp\U\800000cb.@ - copied to quarantine
11:43:07.0768 2496 C:\Windows\assembly\temp\U\800000cf.@ - copied to quarantine
11:43:07.0769 2496 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
11:43:07.0781 2496 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
11:43:07.0795 2496 C:\Windows\assembly\temp\@ - copied to quarantine
11:43:07.0796 2496 C:\Windows\assembly\temp\cfg.ini - copied to quarantine
11:43:09.0223 2496 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems:Windows - will be cured on reboot
11:43:09.0223 2496 C:\Windows\system32\consrv.dll - will be deleted on reboot
11:43:09.0288 2496 C:\Windows\assembly\temp\U\00000001.@ - will be deleted on reboot
11:43:09.0288 2496 C:\Windows\assembly\temp\U\00000002.@ - will be deleted on reboot
11:43:09.0289 2496 C:\Windows\assembly\temp\U\00000004.@ - will be deleted on reboot
11:43:09.0289 2496 C:\Windows\assembly\temp\U\000000c0.@ - will be deleted on reboot
11:43:09.0289 2496 C:\Windows\assembly\temp\U\000000cb.@ - will be deleted on reboot
11:43:09.0289 2496 C:\Windows\assembly\temp\U\000000cf.@ - will be deleted on reboot
11:43:09.0289 2496 C:\Windows\assembly\temp\U\80000000.@ - will be deleted on reboot
11:43:09.0289 2496 C:\Windows\assembly\temp\U\80000004.@ - will be deleted on reboot
11:43:09.0289 2496 C:\Windows\assembly\temp\U\80000032.@ - will be deleted on reboot
11:43:09.0289 2496 C:\Windows\assembly\temp\U\80000064.@ - will be deleted on reboot
11:43:09.0290 2496 C:\Windows\assembly\temp\U\800000c0.@ - will be deleted on reboot
11:43:09.0290 2496 C:\Windows\assembly\temp\U\800000cb.@ - will be deleted on reboot
11:43:09.0290 2496 C:\Windows\assembly\temp\U\800000cf.@ - will be deleted on reboot
11:43:09.0290 2496 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot
11:43:09.0290 2496 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot
11:43:09.0290 2496 C:\Windows\assembly\temp\@ - will be deleted on reboot
11:43:09.0290 2496 C:\Windows\assembly\temp\cfg.ini - will be deleted on reboot
11:43:09.0322 2496 C:\Windows\system32\consrv.dll ( Backdoor.Multi.ZAccess.genb ) - User select action: Delete
11:43:13.0672 5380 Deinitialize success

11:52:13.0558 2904 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
11:52:14.0182 2904 ============================================================
11:52:14.0182 2904 Current date / time: 2012/09/23 11:52:14.0182
11:52:14.0182 2904 SystemInfo:
11:52:14.0182 2904
11:52:14.0182 2904 OS Version: 6.1.7600 ServicePack: 0.0
11:52:14.0182 2904 Product type: Workstation
11:52:14.0182 2904 ComputerName: ACER-PC
11:52:14.0182 2904 UserName: Acer
11:52:14.0182 2904 Windows directory: C:\Windows
11:52:14.0182 2904 System windows directory: C:\Windows
11:52:14.0182 2904 Running under WOW64
11:52:14.0182 2904 Processor architecture: Intel x64
11:52:14.0182 2904 Number of processors: 1
11:52:14.0182 2904 Page size: 0x1000
11:52:14.0182 2904 Boot type: Normal boot
11:52:14.0182 2904 ============================================================
11:52:26.0257 2904 BG loaded
11:52:29.0672 2904 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:52:29.0677 2904 ============================================================
11:52:29.0677 2904 \Device\Harddisk0\DR0:
11:52:29.0678 2904 MBR partitions:
11:52:29.0678 2904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C01A24, BlocksNum 0x32FCD
11:52:29.0678 2904 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C349F1, BlocksNum 0x1B59077F
11:52:29.0678 2904 ============================================================
11:52:29.0789 2904 C: <-> \Device\Harddisk0\DR0\Partition2
11:52:29.0789 2904 ============================================================
11:52:29.0789 2904 Initialize success
11:52:29.0789 2904 ============================================================
11:53:57.0920 3068 Deinitialize success


aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-23 11:54:11
-----------------------------
11:54:11.390 OS Version: Windows x64 6.1.7600
11:54:11.390 Number of processors: 1 586 0x603
11:54:11.390 ComputerName: ACER-PC UserName: Acer
11:54:12.451 Initialize success
12:07:25.958 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:07:25.958 Disk 0 Vendor: ST9250315AS 0001SDM1 Size: 238475MB BusType: 11
12:07:26.036 Disk 0 MBR read successfully
12:07:26.036 Disk 0 MBR scan
12:07:26.036 Disk 0 Windows 7 default MBR code
12:07:26.051 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14339 MB offset 63
12:07:26.067 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 29366820
12:07:26.083 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 224032 MB offset 29575665
12:07:26.098 Disk 0 scanning C:\Windows\system32\drivers
12:07:34.600 Service scanning
12:07:52.868 Modules scanning
12:07:52.868 Disk 0 trace - called modules:
12:07:52.930 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:07:52.930 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800309e060]
12:07:53.445 3 CLASSPNP.SYS[fffff8800192843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003067060]
12:07:53.445 Scan finished successfully
12:11:02.701 Disk 0 MBR has been saved successfully to "C:\Users\Acer\Desktop\Virus Fix\MBR.dat"
12:11:02.712 The log file has been saved successfully to "C:\Users\Acer\Desktop\Virus Fix\aswMBR.txt"

#15 suzyq2626

suzyq2626
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 23 September 2012 - 11:40 AM

BTW, it seems I've now got another problem. I'm getting the Google redirects everytime I search. I don't know if this problem is showing up in the logs I just posted or not. It seems to only be happening with Mozilla Firefox, not Internet Explorer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users