Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Torpig in home nettwork


  • This topic is locked This topic is locked
26 replies to this topic

#1 Frank Sovik

Frank Sovik

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 12 November 2012 - 07:13 AM

Hi again :)
Hope you take this one too Gringo

You know what we are looking for


DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.9.2
Run by Viktoria at 13:08:19 on 2012-11-12
Microsoft Windows 7 Starter 6.1.7601.1.1252.47.1044.18.1013.193 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\EgisTec IPS\PmmUpdate.exe
C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\xerox\Phaser 6121MFP\Phaser 6121MFP Scan Dashboard\sd6121.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Viktoria\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.startsiden.no/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&m=aod260&r=27b51210q125l0434ww45w67m2t397
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&m=aod260&r=27b51210q125l0434ww45w67m2t397
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&m=aod260&r=27b51210q125l0434ww45w67m2t397
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5825.1100\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Phaser 6121MFP Scan Dashboard] c:\program files\xerox\phaser 6121mfp\phaser 6121mfp scan dashboard\sd6121.exe -startup
uRun: [Spotify Web Helper] "c:\users\viktoria\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SuiteTray] "c:\program files\egistec mywinlockersuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "c:\program files\egistec ips\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "c:\program files\egistec ips\PmmUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec mywinlocker\x86\mwlDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{444A2630-B0C1-488B-B7EE-2CF605D89614} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{444A2630-B0C1-488B-B7EE-2CF605D89614}\2564B4D2F40554E4 : DHCPNameServer = 152.93.74.4
TCP: Interfaces\{444A2630-B0C1-488B-B7EE-2CF605D89614}\C457E6460214E64656273756E60275C414E4 : DHCPNameServer = 84.208.20.110 84.208.20.111
TCP: Interfaces\{EA1E2BBF-E026-4404-8545-53001EFAF4D6} : DHCPNameServer = 193.213.112.4 130.67.15.198 10.0.0.138
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\viktoria\appdata\roaming\mozilla\firefox\profiles\nt9sudqy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startsiden.no/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\viktoria\appdata\local\myvrnpapi\npmyvr-1.50000.dll
FF - plugin: c:\users\viktoria\appdata\local\myvrnpapi\npmyvr.dll
FF - plugin: c:\users\viktoria\appdata\local\roblox\versions\version-87d7b36a1a2e43ec\NPRobloxProxy.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-3 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-3 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-3 60976]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-6-22 325200]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-9-14 735776]
R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-6-22 260640]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-6-22 68208]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-6-22 82384]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-5 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 MWLService;MyWinLocker Service;c:\program files\egistec mywinlocker\x86\MWLService.exe [2010-4-17 305520]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 99272]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-9 52224]
.
=============== Created Last 30 ================
.
2012-11-12 11:55:36 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-12 11:55:11 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-07 13:15:40 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-11-07 13:15:35 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-11-07 13:15:34 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-11-07 13:15:29 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-11-07 13:15:29 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-11-07 13:15:26 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-11-07 13:15:25 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-11-07 13:15:22 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-11-07 13:15:22 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-07 13:15:21 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-11-07 13:15:18 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 13:15:05 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-07 13:12:06 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-11-07 13:12:04 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-11-07 13:12:04 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-11-07 13:05:00 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-11-07 13:03:39 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-11-07 13:03:00 400896 ----a-w- c:\windows\system32\srcore.dll
2012-11-07 13:02:36 102912 ----a-w- c:\windows\system32\browser.dll
2012-11-07 13:02:35 41984 ----a-w- c:\windows\system32\browcli.dll
2012-11-07 13:02:16 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-11-07 13:02:05 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-11-07 13:01:56 769024 ----a-w- c:\windows\system32\localspl.dll
2012-11-07 12:21:47 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1f8905fa-cc5e-402e-b95f-dae97d9c392c}\mpengine.dll
.
==================== Find3M ====================
.
2012-11-12 11:54:17 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-07 12:19:31 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-07 12:19:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 21:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 21:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-24 16:57:48 981504 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 15:20:39 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 13:09:58,79 ===============

BC AdBot (Login to Remove)

 


#2 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 12 November 2012 - 07:21 AM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume2
Install Date: 24.12.2010 20:39:25
System Uptime: 12.11.2012 02:28:42 (11 hours ago)
.
Motherboard: Acer | | AOD260
Processor: Intel® Atom™ CPU N450 @ 1.66GHz | CPU | 999/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 103,08 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP83: 24.07.2012 14:15:20 - Windows Update
RP84: 07.11.2012 13:17:31 - Windows Update
RP85: 08.11.2012 03:00:31 - Windows Update
RP86: 12.11.2012 12:52:58 - Installed Java 7 Update 9
RP87: 12.11.2012 13:11:23 - Windows Update
.
==== Installed Programs ======================
.
Acer Crystal Eye webcam
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2 MUI
Amazonia
Angry Birds
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Cake Mania
CCleaner
Chicken Invaders 2
D3DX10
Dairy Dash
Dream Day First Home
ENE USB Card Reader Driver
eSobi v2
Farm Frenzy 2
Galapago
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Granny In Paradise
Heroes of Hellas
Identity Card
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java 7 Update 9
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
Launch Manager
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NOR Language Pack
Microsoft Antimalware Service NB-NO Language Pack
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Klikk og bruk 2010
Microsoft Office Starter 2010 - norsk
Microsoft Security Client
Microsoft Security Client NB-NO Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 5.0 (x86 nb-NO)
MSVCRT
MyWinLocker
MyWinLocker Suite
Phaser 6121MFP PC-FAX
Phaser 6121MFP Scan Dashboard
Realtek High Definition Audio Driver
Roblox for Viktoria
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile NOR Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile NOR Language Pack (KB2518870)
Sesam Kart 3D NPAPI Viewer
Shredder
Spin & Win
Spotify
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalleri
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Xerox Phaser 6121MFP
Xerox Phaser 6121MFP Scanner
.
==== End Of File ===========================

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:31 PM

Posted 12 November 2012 - 07:34 AM

lets see if this shows anything to worry about




-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 12 November 2012 - 08:34 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-12 14:32:18
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.01.0
Running: notg3j18.exe; Driver: C:\Users\Viktoria\AppData\Local\Temp\axldrpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81C7EA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81CB84D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\Viktoria\AppData\Local\Temp\mbr.sys Systemet finner ikke angitt fil. !
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A835B000 68 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 4FD5 A835B045 203 Bytes [8B, C6, F0, 0F, BA, 28, 00, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50A1 A835B111 17 Bytes [87, 01, 6A, 00, 6A, 20, A3, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A835B123 629 Bytes [65, 35, A8, FE, 05, 34, 65, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A835B399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3600] ntdll.dll!LdrLoadDll 77BF223E 5 Bytes JMP 008D1410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NTFS-driver/Microsoft Corporation)
Device Sftfslh.sys (Microsoft Application Virtualization File System/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Driverrammeverk under kjøring i kjernemodus/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Driverrammeverk under kjøring i kjernemodus/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:31 PM

Posted 12 November 2012 - 08:35 AM

see post above


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 12 November 2012 - 08:49 AM

# AdwCleaner v2.007 - Logfile created 11/12/2012 at 14:35:09
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Viktoria - AMALIE
# Boot Mode : Normal
# Running from : C:\Users\Viktoria\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Partner

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v5.0 (nb-NO)

Profile name : default
File : C:\Users\Viktoria\AppData\Roaming\Mozilla\Firefox\Profiles\nt9sudqy.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1013 octets] - [12/11/2012 14:35:09]

########## EOF - C:\AdwCleaner[S1].txt - [1073 octets] ##########

#7 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 12 November 2012 - 08:55 AM

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Viktoria [Admin rights]
Mode : Remove -- Date : 11/12/2012 14:54:52

€€€ Bad processes : 0 €€€

€€€ Registry Entries : 2 €€€
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

€€€ Particular Files / Folders: €€€

€€€ Driver : [LOADED] €€€

€€€ HOSTS File: €€€
--> C:\Windows\system32\drivers\etc\hosts



€€€ MBR Check: €€€

+++++ PhysicalDrive0: WDC WD1600BEVT-22A23T0 +++++
--- User ---
[MBR] be68595d6bab3b579a1243c3aeb895dd
[BSP] b76e9d277a19b544d857ec75f8978087 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 139213 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11122012_02d1454.txt >>
RKreport[1]_S_11122012_02d1454.txt ; RKreport[2]_D_11122012_02d1454.txt

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:31 PM

Posted 12 November 2012 - 09:01 AM

Those are very clean



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 12 November 2012 - 09:27 AM

ComboFix 12-11-12.02 - Viktoria 12.11.2012 15:07:35.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.47.1044.18.1013.291 [GMT 1:00]
Kjører fra: c:\users\Viktoria\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2012-10-12 til 2012-11-12 )))))))))))))))))))))))))))))))))
.
.
2012-11-12 14:20 . 2012-11-12 14:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-12 13:50 . 2012-11-12 13:50 14336 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-11-12 12:12 . 2012-10-11 21:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B092BD3-170D-417D-AB11-D4E3A5A7FB6E}\mpengine.dll
2012-11-12 11:55 . 2012-11-12 11:54 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-12 11:55 . 2012-11-12 11:54 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-12 11:54 . 2012-11-12 11:54 -------- d-----w- c:\program files\Common Files\Java
2012-11-07 13:15 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-11-07 13:15 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-11-07 13:15 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-11-07 13:15 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-11-07 13:15 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-11-07 13:15 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-11-07 13:15 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-11-07 13:15 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-07 13:15 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-11-07 13:15 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-11-07 13:15 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 13:15 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-07 13:12 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-11-07 13:12 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-11-07 13:12 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-11-07 13:05 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-11-07 13:03 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-11-07 13:03 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-11-07 13:02 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-11-07 13:02 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-11-07 13:02 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-11-07 13:02 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-11-07 13:01 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-11-07 12:21 . 2012-10-11 21:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-12 11:54 . 2010-12-29 13:25 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-07 12:19 . 2012-07-24 09:14 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-07 12:19 . 2011-06-10 07:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 21:03 . 2012-08-30 21:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 21:03 . 2011-04-27 14:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2011-06-28 09:49 . 2011-04-14 16:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-22 39408]
"Phaser 6121MFP Scan Dashboard"="c:\program files\xerox\Phaser 6121MFP\Phaser 6121MFP Scan Dashboard\sd6121.exe" [2009-03-25 5898240]
"Spotify Web Helper"="c:\users\Viktoria\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-26 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-05-25 9218592]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 150552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-05-25 960080]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-06 715296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-6-22 704032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.SYS [x]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andre tjenester/drivere lastet i minnet ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 12:19]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-02 12:19]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-02 12:19]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.startsiden.no/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&m=aod260&r=27b51210q125l0434ww45w67m2t397
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Viktoria\AppData\Roaming\Mozilla\Firefox\Profiles\nt9sudqy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startsiden.no/
FF - prefs.js: network.proxy.type - 0
.
- - - - TOMME PEKERE FJERNET - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_USERS\S-1-5-21-1936926659-2428547781-2338259178-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1936926659-2428547781-2338259178-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tidspunkt ferdig: 2012-11-12 15:25:15
ComboFix-quarantined-files.txt 2012-11-12 14:25
.
Pre-Run: 112 326 066 176 byte ledig
Post-Run: 112 141 778 944 byte ledig
.
- - End Of File - - ED5E885135A901657C6316D79CDFE703






The computer is slow. I would like it to be alitlen faster

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:31 PM

Posted 12 November 2012 - 11:17 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 12 November 2012 - 12:03 PM

18:01:18.0346 2076 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:01:18.0549 2076 ============================================================
18:01:18.0549 2076 Current date / time: 2012/11/12 18:01:18.0549
18:01:18.0549 2076 SystemInfo:
18:01:18.0549 2076
18:01:18.0549 2076 OS Version: 6.1.7601 ServicePack: 1.0
18:01:18.0549 2076 Product type: Workstation
18:01:18.0549 2076 ComputerName: AMALIE
18:01:18.0549 2076 UserName: Viktoria
18:01:18.0549 2076 Windows directory: C:\Windows
18:01:18.0549 2076 System windows directory: C:\Windows
18:01:18.0549 2076 Processor architecture: Intel x86
18:01:18.0549 2076 Number of processors: 2
18:01:18.0549 2076 Page size: 0x1000
18:01:18.0549 2076 Boot type: Normal boot
18:01:18.0549 2076 ============================================================
18:01:19.0500 2076 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:01:19.0500 2076 ============================================================
18:01:19.0500 2076 \Device\Harddisk0\DR0:
18:01:19.0500 2076 MBR partitions:
18:01:19.0500 2076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
18:01:19.0500 2076 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x10FE6800
18:01:19.0500 2076 ============================================================
18:01:19.0547 2076 C: <-> \Device\Harddisk0\DR0\Partition2
18:01:19.0547 2076 ============================================================
18:01:19.0547 2076 Initialize success
18:01:19.0547 2076 ============================================================
18:01:23.0744 3932 ============================================================
18:01:23.0744 3932 Scan started
18:01:23.0744 3932 Mode: Manual;
18:01:23.0744 3932 ============================================================
18:01:24.0071 3932 ================ Scan system memory ========================
18:01:24.0071 3932 System memory - ok
18:01:24.0087 3932 ================ Scan services =============================
18:01:24.0492 3932 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:01:24.0492 3932 1394ohci - ok
18:01:24.0555 3932 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:01:24.0555 3932 ACPI - ok
18:01:24.0617 3932 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:01:24.0617 3932 AcpiPmi - ok
18:01:24.0711 3932 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:01:24.0726 3932 AdobeFlashPlayerUpdateSvc - ok
18:01:24.0804 3932 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:01:24.0820 3932 adp94xx - ok
18:01:24.0851 3932 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:01:24.0851 3932 adpahci - ok
18:01:24.0898 3932 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:01:24.0898 3932 adpu320 - ok
18:01:24.0945 3932 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:01:24.0960 3932 AeLookupSvc - ok
18:01:25.0038 3932 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
18:01:25.0054 3932 AFD - ok
18:01:25.0085 3932 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
18:01:25.0085 3932 agp440 - ok
18:01:25.0163 3932 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:01:25.0163 3932 aic78xx - ok
18:01:25.0226 3932 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
18:01:25.0241 3932 ALG - ok
18:01:25.0304 3932 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
18:01:25.0304 3932 aliide - ok
18:01:25.0335 3932 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:01:25.0350 3932 amdagp - ok
18:01:25.0366 3932 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
18:01:25.0382 3932 amdide - ok
18:01:25.0413 3932 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:01:25.0428 3932 AmdK8 - ok
18:01:25.0444 3932 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:01:25.0444 3932 AmdPPM - ok
18:01:25.0491 3932 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:01:25.0506 3932 amdsata - ok
18:01:25.0553 3932 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:01:25.0553 3932 amdsbs - ok
18:01:25.0584 3932 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:01:25.0584 3932 amdxata - ok
18:01:25.0631 3932 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
18:01:25.0647 3932 AppID - ok
18:01:25.0709 3932 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:01:25.0709 3932 AppIDSvc - ok
18:01:25.0772 3932 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
18:01:25.0772 3932 Appinfo - ok
18:01:25.0834 3932 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
18:01:25.0850 3932 arc - ok
18:01:25.0881 3932 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:01:25.0881 3932 arcsas - ok
18:01:25.0912 3932 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:01:25.0928 3932 AsyncMac - ok
18:01:25.0974 3932 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
18:01:25.0974 3932 atapi - ok
18:01:26.0099 3932 [ 8D6E8178AB4379C932C34A109D27C5A9 ] athr C:\Windows\system32\DRIVERS\athr.sys
18:01:26.0177 3932 athr - ok
18:01:26.0255 3932 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:01:26.0271 3932 AudioEndpointBuilder - ok
18:01:26.0302 3932 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:01:26.0302 3932 Audiosrv - ok
18:01:26.0364 3932 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:01:26.0380 3932 AxInstSV - ok
18:01:26.0442 3932 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
18:01:26.0458 3932 b06bdrv - ok
18:01:26.0520 3932 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:01:26.0520 3932 b57nd60x - ok
18:01:26.0583 3932 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:01:26.0598 3932 BDESVC - ok
18:01:26.0614 3932 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:01:26.0630 3932 Beep - ok
18:01:26.0692 3932 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
18:01:26.0708 3932 BFE - ok
18:01:26.0770 3932 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
18:01:26.0801 3932 BITS - ok
18:01:26.0832 3932 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:01:26.0832 3932 blbdrive - ok
18:01:26.0879 3932 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:01:26.0879 3932 bowser - ok
18:01:26.0926 3932 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:01:26.0926 3932 BrFiltLo - ok
18:01:26.0957 3932 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:01:26.0957 3932 BrFiltUp - ok
18:01:27.0004 3932 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:01:27.0004 3932 BridgeMP - ok
18:01:27.0051 3932 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
18:01:27.0051 3932 Browser - ok
18:01:27.0082 3932 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:01:27.0098 3932 Brserid - ok
18:01:27.0129 3932 [ 56F59A4011F503149AE4DE826982CA4F ] BrSerIf C:\Windows\system32\Drivers\BrSerIf.sys
18:01:27.0129 3932 BrSerIf - ok
18:01:27.0160 3932 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:01:27.0160 3932 BrSerWdm - ok
18:01:27.0191 3932 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:01:27.0191 3932 BrUsbMdm - ok
18:01:27.0238 3932 [ A24C7B39602218F8DBDB2B6704325FC7 ] BrUsbSer C:\Windows\system32\Drivers\BrUsbSer.sys
18:01:27.0238 3932 BrUsbSer - ok
18:01:27.0285 3932 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:01:27.0285 3932 BTHMODEM - ok
18:01:27.0347 3932 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:01:27.0347 3932 bthserv - ok
18:01:27.0488 3932 catchme - ok
18:01:27.0534 3932 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:01:27.0534 3932 cdfs - ok
18:01:27.0597 3932 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:01:27.0612 3932 cdrom - ok
18:01:27.0675 3932 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
18:01:27.0675 3932 CertPropSvc - ok
18:01:27.0722 3932 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
18:01:27.0722 3932 circlass - ok
18:01:27.0768 3932 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:01:27.0784 3932 CLFS - ok
18:01:27.0909 3932 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:01:27.0909 3932 clr_optimization_v2.0.50727_32 - ok
18:01:28.0034 3932 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:01:28.0034 3932 clr_optimization_v4.0.30319_32 - ok
18:01:28.0080 3932 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:01:28.0080 3932 CmBatt - ok
18:01:28.0112 3932 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:01:28.0112 3932 cmdide - ok
18:01:28.0174 3932 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
18:01:28.0190 3932 CNG - ok
18:01:28.0221 3932 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:01:28.0236 3932 Compbatt - ok
18:01:28.0283 3932 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:01:28.0299 3932 CompositeBus - ok
18:01:28.0314 3932 COMSysApp - ok
18:01:28.0361 3932 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:01:28.0361 3932 crcdisk - ok
18:01:28.0439 3932 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:01:28.0439 3932 CryptSvc - ok
18:01:28.0626 3932 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:01:28.0642 3932 cvhsvc - ok
18:01:28.0704 3932 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:01:28.0751 3932 DcomLaunch - ok
18:01:28.0798 3932 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:01:28.0798 3932 defragsvc - ok
18:01:28.0876 3932 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:01:28.0876 3932 DfsC - ok
18:01:28.0954 3932 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:01:28.0970 3932 Dhcp - ok
18:01:29.0016 3932 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:01:29.0016 3932 discache - ok
18:01:29.0063 3932 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
18:01:29.0063 3932 Disk - ok
18:01:29.0110 3932 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:01:29.0110 3932 Dnscache - ok
18:01:29.0157 3932 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
18:01:29.0172 3932 dot3svc - ok
18:01:29.0219 3932 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
18:01:29.0235 3932 DPS - ok
18:01:29.0266 3932 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:01:29.0266 3932 drmkaud - ok
18:01:29.0360 3932 [ 2643274535FC1770DAA9B73346A027B8 ] DsiWMIService C:\Program Files\Launch Manager\dsiwmis.exe
18:01:29.0375 3932 DsiWMIService - ok
18:01:29.0438 3932 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:01:29.0453 3932 DXGKrnl - ok
18:01:29.0500 3932 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:01:29.0500 3932 EapHost - ok
18:01:29.0656 3932 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
18:01:29.0781 3932 ebdrv - ok
18:01:29.0828 3932 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
18:01:29.0828 3932 EFS - ok
18:01:29.0874 3932 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:01:29.0874 3932 elxstor - ok
18:01:29.0999 3932 [ FC13ED47575A0788FC58D68549DD2A73 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
18:01:30.0046 3932 ePowerSvc - ok
18:01:30.0093 3932 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:01:30.0093 3932 ErrDev - ok
18:01:30.0171 3932 [ D8E44D8DAF4DAC7DC6F8D14313EAC823 ] EUCR C:\Windows\system32\drivers\EUCR6SK.SYS
18:01:30.0186 3932 EUCR - ok
18:01:30.0249 3932 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:01:30.0264 3932 EventSystem - ok
18:01:30.0296 3932 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:01:30.0296 3932 exfat - ok
18:01:30.0327 3932 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:01:30.0342 3932 fastfat - ok
18:01:30.0420 3932 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
18:01:30.0436 3932 Fax - ok
18:01:30.0498 3932 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
18:01:30.0498 3932 fdc - ok
18:01:30.0545 3932 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:01:30.0545 3932 fdPHost - ok
18:01:30.0561 3932 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:01:30.0561 3932 FDResPub - ok
18:01:30.0592 3932 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:01:30.0592 3932 FileInfo - ok
18:01:30.0623 3932 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:01:30.0623 3932 Filetrace - ok
18:01:30.0654 3932 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:01:30.0654 3932 flpydisk - ok
18:01:30.0701 3932 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:01:30.0701 3932 FltMgr - ok
18:01:30.0779 3932 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
18:01:30.0810 3932 FontCache - ok
18:01:30.0888 3932 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:01:30.0904 3932 FontCache3.0.0.0 - ok
18:01:30.0935 3932 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:01:30.0935 3932 FsDepends - ok
18:01:30.0998 3932 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
18:01:30.0998 3932 fssfltr - ok
18:01:31.0107 3932 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:01:31.0200 3932 fsssvc - ok
18:01:31.0247 3932 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:01:31.0247 3932 Fs_Rec - ok
18:01:31.0325 3932 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:01:31.0325 3932 fvevol - ok
18:01:31.0388 3932 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:01:31.0388 3932 gagp30kx - ok
18:01:31.0450 3932 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
18:01:31.0466 3932 gpsvc - ok
18:01:31.0575 3932 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files\Acer\Registration\GREGsvc.exe
18:01:31.0575 3932 GREGService - ok
18:01:31.0684 3932 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:01:31.0684 3932 gupdate - ok
18:01:31.0731 3932 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:01:31.0731 3932 gupdatem - ok
18:01:31.0793 3932 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:01:31.0793 3932 gusvc - ok
18:01:31.0840 3932 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:01:31.0840 3932 hcw85cir - ok
18:01:31.0902 3932 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:01:31.0902 3932 HdAudAddService - ok
18:01:31.0934 3932 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:01:31.0949 3932 HDAudBus - ok
18:01:31.0965 3932 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:01:31.0980 3932 HidBatt - ok
18:01:31.0996 3932 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:01:32.0012 3932 HidBth - ok
18:01:32.0043 3932 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:01:32.0043 3932 HidIr - ok
18:01:32.0074 3932 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
18:01:32.0090 3932 hidserv - ok
18:01:32.0136 3932 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:01:32.0136 3932 HidUsb - ok
18:01:32.0183 3932 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:01:32.0199 3932 hkmsvc - ok
18:01:32.0246 3932 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:01:32.0261 3932 HomeGroupListener - ok
18:01:32.0324 3932 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:01:32.0339 3932 HomeGroupProvider - ok
18:01:32.0402 3932 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:01:32.0402 3932 HpSAMD - ok
18:01:32.0495 3932 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:01:32.0526 3932 HTTP - ok
18:01:32.0589 3932 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:01:32.0589 3932 hwpolicy - ok
18:01:32.0651 3932 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:01:32.0667 3932 i8042prt - ok
18:01:32.0776 3932 [ 660BF3255A1EB18ED803FD2FBA6AE400 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:01:32.0776 3932 IAANTMON - ok
18:01:32.0823 3932 [ 0BAA4115DFFFD6A6D809A89D65E1281A ] iaStor C:\Windows\system32\drivers\iaStor.sys
18:01:32.0823 3932 iaStor - ok
18:01:32.0885 3932 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:01:32.0885 3932 iaStorV - ok
18:01:32.0979 3932 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:01:33.0026 3932 idsvc - ok
18:01:33.0244 3932 [ D0074897C6BC132F3980EA4654BF7FB9 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:01:33.0400 3932 igfx - ok
18:01:33.0447 3932 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:01:33.0462 3932 iirsp - ok
18:01:33.0540 3932 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
18:01:33.0587 3932 IKEEXT - ok
18:01:33.0743 3932 [ 3C5FD6A6282B8EDA40E7C981EA90A891 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:01:33.0868 3932 IntcAzAudAddService - ok
18:01:33.0899 3932 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
18:01:33.0915 3932 intelide - ok
18:01:33.0962 3932 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:01:33.0962 3932 intelppm - ok
18:01:34.0008 3932 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:01:34.0008 3932 IPBusEnum - ok
18:01:34.0040 3932 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:01:34.0055 3932 IpFilterDriver - ok
18:01:34.0118 3932 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:01:34.0118 3932 iphlpsvc - ok
18:01:34.0164 3932 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:01:34.0164 3932 IPMIDRV - ok
18:01:34.0196 3932 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:01:34.0196 3932 IPNAT - ok
18:01:34.0242 3932 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:01:34.0242 3932 IRENUM - ok
18:01:34.0274 3932 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:01:34.0274 3932 isapnp - ok
18:01:34.0320 3932 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:01:34.0320 3932 iScsiPrt - ok
18:01:34.0367 3932 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:01:34.0367 3932 kbdclass - ok
18:01:34.0398 3932 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:01:34.0414 3932 kbdhid - ok
18:01:34.0430 3932 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
18:01:34.0445 3932 KeyIso - ok
18:01:34.0476 3932 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:01:34.0476 3932 KSecDD - ok
18:01:34.0523 3932 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:01:34.0539 3932 KSecPkg - ok
18:01:34.0586 3932 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:01:34.0601 3932 KtmRm - ok
18:01:34.0648 3932 [ 12DE252A44C344A7A044B3C1190DF63B ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
18:01:34.0648 3932 L1C - ok
18:01:34.0726 3932 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
18:01:34.0742 3932 LanmanServer - ok
18:01:34.0773 3932 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:01:34.0788 3932 LanmanWorkstation - ok
18:01:34.0851 3932 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:01:34.0866 3932 lltdio - ok
18:01:34.0898 3932 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:01:34.0913 3932 lltdsvc - ok
18:01:34.0929 3932 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:01:34.0944 3932 lmhosts - ok
18:01:34.0991 3932 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:01:34.0991 3932 LSI_FC - ok
18:01:35.0022 3932 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:01:35.0022 3932 LSI_SAS - ok
18:01:35.0054 3932 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:01:35.0054 3932 LSI_SAS2 - ok
18:01:35.0085 3932 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:01:35.0085 3932 LSI_SCSI - ok
18:01:35.0116 3932 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:01:35.0116 3932 luafv - ok
18:01:35.0147 3932 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
18:01:35.0147 3932 megasas - ok
18:01:35.0194 3932 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:01:35.0194 3932 MegaSR - ok
18:01:35.0241 3932 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:01:35.0241 3932 MMCSS - ok
18:01:35.0303 3932 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:01:35.0319 3932 Modem - ok
18:01:35.0350 3932 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:01:35.0350 3932 monitor - ok
18:01:35.0381 3932 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:01:35.0397 3932 mouclass - ok
18:01:35.0412 3932 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:01:35.0412 3932 mouhid - ok
18:01:35.0459 3932 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:01:35.0475 3932 mountmgr - ok
18:01:35.0537 3932 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:01:35.0537 3932 MpFilter - ok
18:01:35.0584 3932 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
18:01:35.0600 3932 mpio - ok
18:01:35.0631 3932 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:01:35.0646 3932 mpsdrv - ok
18:01:35.0709 3932 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:01:35.0756 3932 MpsSvc - ok
18:01:35.0802 3932 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:01:35.0818 3932 MRxDAV - ok
18:01:35.0865 3932 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:01:35.0880 3932 mrxsmb - ok
18:01:35.0912 3932 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:01:35.0927 3932 mrxsmb10 - ok
18:01:35.0943 3932 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:01:35.0943 3932 mrxsmb20 - ok
18:01:35.0990 3932 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
18:01:35.0990 3932 msahci - ok
18:01:36.0021 3932 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:01:36.0021 3932 msdsm - ok
18:01:36.0068 3932 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:01:36.0068 3932 MSDTC - ok
18:01:36.0130 3932 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:01:36.0146 3932 Msfs - ok
18:01:36.0161 3932 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:01:36.0161 3932 mshidkmdf - ok
18:01:36.0208 3932 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:01:36.0208 3932 msisadrv - ok
18:01:36.0270 3932 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:01:36.0270 3932 MSiSCSI - ok
18:01:36.0286 3932 msiserver - ok
18:01:36.0333 3932 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:01:36.0333 3932 MSKSSRV - ok
18:01:36.0442 3932 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:01:36.0442 3932 MsMpSvc - ok
18:01:36.0489 3932 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:01:36.0489 3932 MSPCLOCK - ok
18:01:36.0536 3932 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:01:36.0536 3932 MSPQM - ok
18:01:36.0567 3932 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:01:36.0582 3932 MsRPC - ok
18:01:36.0645 3932 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:01:36.0645 3932 mssmbios - ok
18:01:36.0676 3932 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:01:36.0676 3932 MSTEE - ok
18:01:36.0707 3932 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:01:36.0707 3932 MTConfig - ok
18:01:36.0738 3932 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:01:36.0738 3932 Mup - ok
18:01:36.0770 3932 [ CB47C414E083CA6E50E634B148F28F64 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
18:01:36.0770 3932 mwlPSDFilter - ok
18:01:36.0801 3932 [ 647B953019559BFF07536F5C6121F333 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
18:01:36.0801 3932 mwlPSDNServ - ok
18:01:36.0816 3932 [ 5A236A36DB8687D1E64DC81C03EAABE1 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
18:01:36.0816 3932 mwlPSDVDisk - ok
18:01:36.0910 3932 [ 0036634E5C92BE109056F7E2380103A9 ] MWLService C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
18:01:36.0926 3932 MWLService - ok
18:01:36.0988 3932 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
18:01:36.0988 3932 napagent - ok
18:01:37.0066 3932 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:01:37.0082 3932 NativeWifiP - ok
18:01:37.0128 3932 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:01:37.0175 3932 NDIS - ok
18:01:37.0206 3932 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:01:37.0222 3932 NdisCap - ok
18:01:37.0253 3932 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:01:37.0253 3932 NdisTapi - ok
18:01:37.0300 3932 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:01:37.0300 3932 Ndisuio - ok
18:01:37.0347 3932 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:01:37.0347 3932 NdisWan - ok
18:01:37.0362 3932 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:01:37.0378 3932 NDProxy - ok
18:01:37.0456 3932 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:01:37.0456 3932 NetBIOS - ok
18:01:37.0518 3932 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:01:37.0534 3932 NetBT - ok
18:01:37.0550 3932 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
18:01:37.0565 3932 Netlogon - ok
18:01:37.0628 3932 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:01:37.0643 3932 Netman - ok
18:01:37.0659 3932 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:01:37.0690 3932 netprofm - ok
18:01:37.0737 3932 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:01:37.0737 3932 NetTcpPortSharing - ok
18:01:37.0799 3932 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:01:37.0799 3932 nfrd960 - ok
18:01:37.0846 3932 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:01:37.0862 3932 NisDrv - ok
18:01:37.0924 3932 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
18:01:37.0924 3932 NisSrv - ok
18:01:37.0971 3932 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:01:37.0986 3932 NlaSvc - ok
18:01:38.0018 3932 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:01:38.0018 3932 Npfs - ok
18:01:38.0049 3932 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:01:38.0064 3932 nsi - ok
18:01:38.0080 3932 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:01:38.0080 3932 nsiproxy - ok
18:01:38.0174 3932 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:01:38.0220 3932 Ntfs - ok
18:01:38.0283 3932 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:01:38.0283 3932 Null - ok
18:01:38.0314 3932 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:01:38.0330 3932 nvraid - ok
18:01:38.0361 3932 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:01:38.0376 3932 nvstor - ok
18:01:38.0408 3932 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:01:38.0423 3932 nv_agp - ok
18:01:38.0470 3932 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:01:38.0470 3932 ohci1394 - ok
18:01:38.0532 3932 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:01:38.0532 3932 ose - ok
18:01:38.0766 3932 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:01:38.0907 3932 osppsvc - ok
18:01:38.0969 3932 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:01:38.0985 3932 p2pimsvc - ok
18:01:39.0016 3932 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:01:39.0047 3932 p2psvc - ok
18:01:39.0094 3932 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
18:01:39.0094 3932 Parport - ok
18:01:39.0141 3932 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:01:39.0156 3932 partmgr - ok
18:01:39.0172 3932 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:01:39.0172 3932 Parvdm - ok
18:01:39.0203 3932 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:01:39.0219 3932 PcaSvc - ok
18:01:39.0250 3932 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
18:01:39.0266 3932 pci - ok
18:01:39.0297 3932 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
18:01:39.0297 3932 pciide - ok
18:01:39.0344 3932 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:01:39.0344 3932 pcmcia - ok
18:01:39.0375 3932 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:01:39.0375 3932 pcw - ok
18:01:39.0437 3932 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:01:39.0468 3932 PEAUTH - ok
18:01:39.0593 3932 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
18:01:39.0671 3932 pla - ok
18:01:39.0734 3932 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:01:39.0765 3932 PlugPlay - ok
18:01:39.0812 3932 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:01:39.0827 3932 PNRPAutoReg - ok
18:01:39.0858 3932 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:01:39.0874 3932 PNRPsvc - ok
18:01:39.0936 3932 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:01:39.0936 3932 PolicyAgent - ok
18:01:39.0999 3932 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
18:01:40.0014 3932 Power - ok
18:01:40.0061 3932 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:01:40.0077 3932 PptpMiniport - ok
18:01:40.0108 3932 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
18:01:40.0108 3932 Processor - ok
18:01:40.0170 3932 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
18:01:40.0186 3932 ProfSvc - ok
18:01:40.0202 3932 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:01:40.0202 3932 ProtectedStorage - ok
18:01:40.0264 3932 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:01:40.0264 3932 Psched - ok
18:01:40.0326 3932 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:01:40.0373 3932 ql2300 - ok
18:01:40.0404 3932 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:01:40.0404 3932 ql40xx - ok
18:01:40.0467 3932 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:01:40.0498 3932 QWAVE - ok
18:01:40.0529 3932 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:01:40.0529 3932 QWAVEdrv - ok
18:01:40.0560 3932 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:01:40.0560 3932 RasAcd - ok
18:01:40.0607 3932 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:01:40.0623 3932 RasAgileVpn - ok
18:01:40.0638 3932 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:01:40.0654 3932 RasAuto - ok
18:01:40.0685 3932 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:01:40.0701 3932 Rasl2tp - ok
18:01:40.0748 3932 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
18:01:40.0763 3932 RasMan - ok
18:01:40.0779 3932 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:01:40.0779 3932 RasPppoe - ok
18:01:40.0810 3932 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:01:40.0810 3932 RasSstp - ok
18:01:40.0872 3932 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:01:40.0872 3932 rdbss - ok
18:01:40.0904 3932 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
18:01:40.0904 3932 rdpbus - ok
18:01:40.0950 3932 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:01:40.0950 3932 RDPCDD - ok
18:01:40.0997 3932 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:01:40.0997 3932 RDPENCDD - ok
18:01:41.0028 3932 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:01:41.0044 3932 RDPREFMP - ok
18:01:41.0075 3932 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:01:41.0091 3932 RDPWD - ok
18:01:41.0153 3932 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:01:41.0153 3932 rdyboost - ok
18:01:41.0200 3932 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:01:41.0216 3932 RemoteAccess - ok
18:01:41.0278 3932 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:01:41.0294 3932 RemoteRegistry - ok
18:01:41.0340 3932 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:01:41.0340 3932 RpcEptMapper - ok
18:01:41.0387 3932 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:01:41.0403 3932 RpcLocator - ok
18:01:41.0434 3932 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
18:01:41.0450 3932 RpcSs - ok
18:01:41.0496 3932 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:01:41.0496 3932 rspndr - ok
18:01:41.0559 3932 [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe
18:01:41.0574 3932 RS_Service - ok
18:01:41.0590 3932 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
18:01:41.0590 3932 SamSs - ok
18:01:41.0637 3932 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:01:41.0652 3932 sbp2port - ok
18:01:41.0699 3932 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:01:41.0699 3932 SCardSvr - ok
18:01:41.0730 3932 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:01:41.0730 3932 scfilter - ok
18:01:41.0793 3932 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
18:01:41.0824 3932 Schedule - ok
18:01:41.0840 3932 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:01:41.0855 3932 SCPolicySvc - ok
18:01:41.0902 3932 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:01:41.0918 3932 SDRSVC - ok
18:01:41.0980 3932 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:01:41.0980 3932 secdrv - ok
18:01:42.0027 3932 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:01:42.0027 3932 seclogon - ok
18:01:42.0058 3932 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
18:01:42.0074 3932 SENS - ok
18:01:42.0089 3932 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:01:42.0089 3932 Serenum - ok
18:01:42.0136 3932 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
18:01:42.0136 3932 Serial - ok
18:01:42.0183 3932 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:01:42.0183 3932 sermouse - ok
18:01:42.0276 3932 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
18:01:42.0292 3932 SessionEnv - ok
18:01:42.0323 3932 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:01:42.0339 3932 sffdisk - ok
18:01:42.0354 3932 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:01:42.0370 3932 sffp_mmc - ok
18:01:42.0386 3932 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:01:42.0401 3932 sffp_sd - ok
18:01:42.0417 3932 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:01:42.0417 3932 sfloppy - ok
18:01:42.0495 3932 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
18:01:42.0510 3932 Sftfs - ok
18:01:42.0604 3932 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
18:01:42.0620 3932 sftlist - ok
18:01:42.0651 3932 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:01:42.0666 3932 Sftplay - ok
18:01:42.0682 3932 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:01:42.0682 3932 Sftredir - ok
18:01:42.0729 3932 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
18:01:42.0729 3932 Sftvol - ok
18:01:42.0760 3932 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
18:01:42.0760 3932 sftvsa - ok
18:01:42.0822 3932 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:01:42.0838 3932 SharedAccess - ok
18:01:42.0885 3932 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:01:42.0900 3932 ShellHWDetection - ok
18:01:42.0932 3932 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:01:42.0947 3932 sisagp - ok
18:01:42.0994 3932 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:01:42.0994 3932 SiSRaid2 - ok
18:01:43.0025 3932 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:01:43.0041 3932 SiSRaid4 - ok
18:01:43.0072 3932 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:01:43.0088 3932 Smb - ok
18:01:43.0166 3932 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:01:43.0166 3932 SNMPTRAP - ok
18:01:43.0197 3932 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:01:43.0212 3932 spldr - ok
18:01:43.0259 3932 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
18:01:43.0290 3932 Spooler - ok
18:01:43.0431 3932 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
18:01:43.0540 3932 sppsvc - ok
18:01:43.0602 3932 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:01:43.0602 3932 sppuinotify - ok
18:01:43.0649 3932 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:01:43.0665 3932 srv - ok
18:01:43.0696 3932 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:01:43.0696 3932 srv2 - ok
18:01:43.0727 3932 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:01:43.0727 3932 srvnet - ok
18:01:43.0790 3932 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:01:43.0805 3932 SSDPSRV - ok
18:01:43.0821 3932 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:01:43.0836 3932 SstpSvc - ok
18:01:43.0868 3932 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:01:43.0868 3932 stexstor - ok
18:01:43.0930 3932 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
18:01:43.0930 3932 StillCam - ok
18:01:43.0992 3932 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
18:01:44.0024 3932 StiSvc - ok
18:01:44.0070 3932 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
18:01:44.0070 3932 swenum - ok
18:01:44.0102 3932 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:01:44.0133 3932 swprv - ok
18:01:44.0195 3932 [ 5CDD124913E91C7F79B4D5CAE1C7C4DE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:01:44.0211 3932 SynTP - ok
18:01:44.0304 3932 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
18:01:44.0367 3932 SysMain - ok
18:01:44.0429 3932 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:01:44.0445 3932 TabletInputService - ok
18:01:44.0523 3932 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
18:01:44.0538 3932 TapiSrv - ok
18:01:44.0570 3932 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:01:44.0585 3932 TBS - ok
18:01:44.0663 3932 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:01:44.0726 3932 Tcpip - ok
18:01:44.0772 3932 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:01:44.0788 3932 TCPIP6 - ok
18:01:44.0850 3932 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:01:44.0850 3932 tcpipreg - ok
18:01:44.0913 3932 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:01:44.0913 3932 TDPIPE - ok
18:01:44.0960 3932 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:01:44.0960 3932 TDTCP - ok
18:01:45.0006 3932 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:01:45.0006 3932 tdx - ok
18:01:45.0053 3932 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:01:45.0053 3932 TermDD - ok
18:01:45.0131 3932 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
18:01:45.0162 3932 TermService - ok
18:01:45.0209 3932 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
18:01:45.0225 3932 Themes - ok
18:01:45.0272 3932 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:01:45.0287 3932 THREADORDER - ok
18:01:45.0318 3932 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:01:45.0334 3932 TrkWks - ok
18:01:45.0396 3932 [ 2AA8F32C3DA1E7BC11669E3E72BFF1A5 ] TrueSight C:\Windows\system32\drivers\TrueSight.sys
18:01:45.0396 3932 TrueSight - ok
18:01:45.0474 3932 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:01:45.0474 3932 TrustedInstaller - ok
18:01:45.0521 3932 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:01:45.0521 3932 tssecsrv - ok
18:01:45.0584 3932 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:01:45.0584 3932 TsUsbFlt - ok
18:01:45.0662 3932 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:01:45.0662 3932 tunnel - ok
18:01:45.0693 3932 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:01:45.0693 3932 uagp35 - ok
18:01:45.0740 3932 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:01:45.0755 3932 udfs - ok
18:01:45.0802 3932 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:01:45.0818 3932 UI0Detect - ok
18:01:45.0864 3932 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:01:45.0864 3932 uliagpkx - ok
18:01:45.0896 3932 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
18:01:45.0911 3932 umbus - ok
18:01:45.0927 3932 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
18:01:45.0942 3932 UmPass - ok
18:01:46.0005 3932 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
18:01:46.0005 3932 Updater Service - ok
18:01:46.0067 3932 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:01:46.0083 3932 upnphost - ok
18:01:46.0130 3932 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:01:46.0130 3932 usbccgp - ok
18:01:46.0176 3932 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:01:46.0192 3932 usbcir - ok
18:01:46.0223 3932 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:01:46.0223 3932 usbehci - ok
18:01:46.0270 3932 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:01:46.0270 3932 usbhub - ok
18:01:46.0301 3932 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:01:46.0317 3932 usbohci - ok
18:01:46.0364 3932 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:01:46.0364 3932 usbprint - ok
18:01:46.0395 3932 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:01:46.0410 3932 usbscan - ok
18:01:46.0426 3932 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:01:46.0442 3932 USBSTOR - ok
18:01:46.0473 3932 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:01:46.0473 3932 usbuhci - ok
18:01:46.0520 3932 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:01:46.0520 3932 usbvideo - ok
18:01:46.0566 3932 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:01:46.0582 3932 UxSms - ok
18:01:46.0598 3932 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
18:01:46.0598 3932 VaultSvc - ok
18:01:46.0660 3932 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:01:46.0660 3932 vdrvroot - ok
18:01:46.0722 3932 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
18:01:46.0754 3932 vds - ok
18:01:46.0785 3932 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:01:46.0800 3932 vga - ok
18:01:46.0816 3932 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:01:46.0816 3932 VgaSave - ok
18:01:46.0863 3932 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:01:46.0863 3932 vhdmp - ok
18:01:46.0925 3932 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:01:46.0925 3932 viaagp - ok
18:01:46.0956 3932 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:01:46.0956 3932 ViaC7 - ok
18:01:46.0972 3932 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
18:01:46.0988 3932 viaide - ok
18:01:47.0003 3932 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:01:47.0003 3932 volmgr - ok
18:01:47.0034 3932 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:01:47.0050 3932 volmgrx - ok
18:01:47.0097 3932 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:01:47.0112 3932 volsnap - ok
18:01:47.0159 3932 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:01:47.0175 3932 vsmraid - ok
18:01:47.0253 3932 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
18:01:47.0315 3932 VSS - ok
18:01:47.0331 3932 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:01:47.0331 3932 vwifibus - ok
18:01:47.0378 3932 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:01:47.0393 3932 vwififlt - ok
18:01:47.0440 3932 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:01:47.0440 3932 vwifimp - ok
18:01:47.0502 3932 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:01:47.0502 3932 W32Time - ok
18:01:47.0549 3932 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:01:47.0549 3932 WacomPen - ok
18:01:47.0612 3932 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:01:47.0612 3932 WANARP - ok
18:01:47.0643 3932 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:01:47.0643 3932 Wanarpv6 - ok
18:01:47.0736 3932 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
18:01:47.0799 3932 wbengine - ok
18:01:47.0830 3932 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:01:47.0846 3932 WbioSrvc - ok
18:01:47.0892 3932 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:01:47.0924 3932 wcncsvc - ok
18:01:47.0939 3932 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:01:47.0955 3932 WcsPlugInService - ok
18:01:48.0002 3932 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
18:01:48.0002 3932 Wd - ok
18:01:48.0033 3932 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:01:48.0048 3932 Wdf01000 - ok
18:01:48.0064 3932 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:01:48.0080 3932 WdiServiceHost - ok
18:01:48.0095 3932 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:01:48.0095 3932 WdiSystemHost - ok
18:01:48.0142 3932 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
18:01:48.0158 3932 WebClient - ok
18:01:48.0189 3932 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:01:48.0204 3932 Wecsvc - ok
18:01:48.0236 3932 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:01:48.0236 3932 wercplsupport - ok
18:01:48.0282 3932 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:01:48.0282 3932 WerSvc - ok
18:01:48.0345 3932 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:01:48.0345 3932 WfpLwf - ok
18:01:48.0360 3932 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:01:48.0376 3932 WIMMount - ok
18:01:48.0454 3932 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:01:48.0485 3932 WinDefend - ok
18:01:48.0501 3932 WinHttpAutoProxySvc - ok
18:01:48.0594 3932 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:01:48.0594 3932 Winmgmt - ok
18:01:48.0704 3932 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
18:01:48.0766 3932 WinRM - ok
18:01:48.0844 3932 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:01:48.0844 3932 WinUsb - ok
18:01:48.0906 3932 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:01:48.0938 3932 Wlansvc - ok
18:01:49.0016 3932 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:01:49.0016 3932 wlcrasvc - ok
18:01:49.0125 3932 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:01:49.0203 3932 wlidsvc - ok
18:01:49.0265 3932 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:01:49.0265 3932 WmiAcpi - ok
18:01:49.0312 3932 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:01:49.0312 3932 wmiApSrv - ok
18:01:49.0421 3932 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:01:49.0484 3932 WMPNetworkSvc - ok
18:01:49.0530 3932 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:01:49.0530 3932 WPCSvc - ok
18:01:49.0577 3932 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:01:49.0593 3932 WPDBusEnum - ok
18:01:49.0624 3932 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:01:49.0624 3932 ws2ifsl - ok
18:01:49.0655 3932 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
18:01:49.0671 3932 wscsvc - ok
18:01:49.0671 3932 WSearch - ok
18:01:49.0796 3932 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:01:49.0858 3932 wuauserv - ok
18:01:49.0920 3932 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:01:49.0920 3932 WudfPf - ok
18:01:49.0998 3932 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:01:49.0998 3932 WUDFRd - ok
18:01:50.0061 3932 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:01:50.0061 3932 wudfsvc - ok
18:01:50.0108 3932 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:01:50.0123 3932 WwanSvc - ok
18:01:50.0170 3932 ================ Scan global ===============================
18:01:50.0217 3932 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:01:50.0264 3932 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
18:01:50.0326 3932 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
18:01:50.0373 3932 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:01:50.0420 3932 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:01:50.0420 3932 [Global] - ok
18:01:50.0435 3932 ================ Scan MBR ==================================
18:01:50.0451 3932 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:01:51.0293 3932 \Device\Harddisk0\DR0 - ok
18:01:51.0293 3932 ================ Scan VBR ==================================
18:01:51.0309 3932 [ B45F6F8D8A06D44659E8F2B53B605ADE ] \Device\Harddisk0\DR0\Partition1
18:01:51.0324 3932 \Device\Harddisk0\DR0\Partition1 - ok
18:01:51.0340 3932 [ 3E4F1F1819DAE83685DE53D22B92226A ] \Device\Harddisk0\DR0\Partition2
18:01:51.0340 3932 \Device\Harddisk0\DR0\Partition2 - ok
18:01:51.0356 3932 ============================================================
18:01:51.0356 3932 Scan finished
18:01:51.0356 3932 ============================================================
18:01:51.0371 5836 Detected object count: 0
18:01:51.0371 5836 Actual detected object count: 0

#12 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 12 November 2012 - 12:15 PM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-12 18:03:58
-----------------------------
18:03:58.297 OS Version: Windows 6.1.7601 Service Pack 1
18:03:58.297 Number of processors: 2 586 0x1C0A
18:03:58.312 ComputerName: AMALIE UserName:
18:04:00.543 Initialize success
18:04:59.361 AVAST engine defs: 12111200
18:05:10.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:05:10.406 Disk 0 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 3
18:05:10.437 Disk 0 MBR read successfully
18:05:10.437 Disk 0 MBR scan
18:05:10.546 Disk 0 Windows 7 default MBR code
18:05:10.578 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
18:05:10.609 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
18:05:10.640 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 139213 MB offset 27469824
18:05:10.671 Disk 0 scanning sectors +312578048
18:05:10.780 Disk 0 scanning C:\Windows\system32\drivers
18:05:31.263 Service scanning
18:06:23.398 Modules scanning
18:06:41.448 Disk 0 trace - called modules:
18:06:41.495 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
18:06:41.510 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e65458]
18:06:41.526 3 CLASSPNP.SYS[86bb559e] -> nt!IofCallDriver -> [0x844723a8]
18:06:41.541 5 ACPI.sys[8648d3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84423028]
18:06:43.133 AVAST engine scan C:\Windows
18:06:49.185 AVAST engine scan C:\Windows\system32
18:12:12.792 AVAST engine scan C:\Windows\system32\drivers
18:12:38.798 AVAST engine scan C:\Users\Viktoria
18:13:50.136 Disk 0 MBR has been saved successfully to "C:\Users\Viktoria\Desktop\MBR.dat"
18:13:50.183 The log file has been saved successfully to "C:\Users\Viktoria\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:31 PM

Posted 12 November 2012 - 12:19 PM

Hello Frank

this computer looks very good not even any adware floating around

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 12 November 2012 - 12:21 PM

funlover has posted to you again

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:31 PM

Posted 12 November 2012 - 12:30 PM

Got it Frank



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users