Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:Trojan-gen and Win32:SwizDrop-AC[Trj]


  • This topic is locked This topic is locked
29 replies to this topic

#1 simmy555

simmy555

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 22 July 2013 - 02:37 PM

Avast free found these two infections and they have been moved to the chest, however I am not convinced that my system is thoroughly clean.  It is running a bit better now than it was before, but it still isn't great and I am having repeated failures when trying to install some Windows updates.

 

WU error code for all the failures is 80070020

 

I have tried doing a clean boot but msconfig just hangs when I disable all but Microsoft services and try to re-start.

 

Any and all advice/help would be gratefully received!

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16496
Run by Gina at 20:06:33 on 2013-07-22
#Option MBR scan  is disabled.
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3293.1891 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Users\Gina\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.my.yahoo.com/
uSearch Bar = hxxp://google.icq.com/search/search_frame.php
uSearch Page = hxxp://google.icq.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1008&m=aspire_6530g
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1008&m=aspire_6530g
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1008&m=aspire_6530g
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn2\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: ICQ Toolbar: {855F3B16-6D32-4FE6-8A56-BBB695989046} - 
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
mRun: [eRecoveryService] <no file>
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\icq7.7\ICQ.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mushroom%20Age/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{EF668836-723E-4DE3-8C1C-9288EC95794D} : DHCPNameServer = 192.168.1.1
Handler: AutorunsDisabled - <Clsid value has no data>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages =  scecli c:\program files\acer\acer bio protection\PwdFilter
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gina\appdata\roaming\mozilla\firefox\profiles\gh8k4wf2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-10-22 43184]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-5 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-5 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-21 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-8-18 369584]
R1 RapportCerberus_53984;RapportCerberus_53984;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\53984\RapportCerberus32_53984.sys [2013-6-2 317424]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-6-18 103120]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2012/03/15 20:42:41];c:\program files\acer arcade deluxe\playmovie\000.fcl [2012-3-15 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-18 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-8-18 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-7-6 46808]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-10-22 75048]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-7-11 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2008-10-22 3521024]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-10-22 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-6-18 1124632]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2008-10-22 22072]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2013-1-29 1434624]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-6-18 102448]
S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-6-18 174320]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
S4 gupdate1ca2105ff665b2;Google Update Service (gupdate1ca2105ff665b2);c:\program files\google\update\GoogleUpdate.exe [2009-8-19 133104]
S4 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
S4 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S4 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-2-23 2673064]
.
=============== Created Last 30 ================
.
2013-07-22 19:03:47 -------- d--h--w- c:\windows\PIF
2013-07-20 00:30:16 7143960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5f2a901c-650d-4fee-b751-cda360e1c9d5}\mpengine.dll
2013-07-11 02:02:59 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 02:02:17 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-07-11 02:02:17 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 02:02:16 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-11 02:02:15 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-11 02:02:15 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-11 02:02:14 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-07-11 02:02:12 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-07-11 02:02:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-11 02:02:11 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-11 02:01:43 505344 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 02:01:39 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 02:01:29 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-07-11 02:01:28 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2013-07-11 02:01:27 983552 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2013-07-11 02:01:26 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
.
==================== Find3M  ====================
.
2013-07-18 21:57:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-18 21:57:44 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-27 19:41:44 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 19:41:42 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-18 15:14:28 102448 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-05-29 01:50:14 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-05-29 01:41:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-29 01:41:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-05-29 01:37:15 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-29 01:36:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-29 01:33:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-09 08:59:10 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr
2013-05-08 03:40:36 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-08 01:58:22 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-05-02 01:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 20:08:50.68 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:47 AM

Posted 24 July 2013 - 10:36 AM

Hi and Welcome!!
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to this topic so that you can see when there are new responses.
  • IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
 
Having said that.... vegeta_zps7f4345cf.gifLet's get going!!
----------
 
aswmbr-1-1.jpg Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

aswmbrscan.jpg
Click the image to enlarge it
----------
 
adwcleaner.jpgAdwCleaner

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

FSS.jpg Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
  • ----------

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 simmy555

simmy555
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 24 July 2013 - 11:26 AM

Thank you Jeff! :)

 

Here are the three logs

 

aswMBR

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-24 16:55:22
-----------------------------
16:55:22.107    OS Version: Windows 6.0.6002 Service Pack 2
16:55:22.108    Number of processors: 2 586 0x301
16:55:22.111    ComputerName: GINA-PC  UserName: Gina
16:55:27.242    Initialize success
16:55:31.826    AVAST engine defs: 13072301
16:55:45.556    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
16:55:45.572    Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 8
16:55:45.712    Disk 0 MBR read successfully
16:55:45.728    Disk 0 MBR scan
16:55:45.744    Disk 0 unknown MBR code
16:55:45.759    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
16:55:45.790    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       114116 MB offset 20973568
16:55:45.822    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       110489 MB offset 254683136
16:55:45.868    Disk 0 Partition 4 00     12  Compaq diag NTFS         3628 MB offset 480964608
16:55:45.915    Disk 0 scanning sectors +488394752
16:55:46.196    Disk 0 scanning C:\Windows\system32\drivers
16:55:53.745    File: C:\Windows\system32\drivers\int15.sys  **INFECTED** Win32:Zeroot-B [Rtk]
16:56:05.625    Scan finished successfully
16:56:27.897    Disk 0 MBR has been saved successfully to "C:\Users\Gina\Desktop\MBR.dat"
16:56:27.929    The log file has been saved successfully to "C:\Users\Gina\Desktop\aswMBR.txt"
 
 

AdwCleaner

 

# AdwCleaner v2.306 - Logfile created 07/24/2013 at 17:00:17
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Gina - GINA-PC
# Boot Mode : Normal
# Running from : C:\Users\Gina\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Program Files\GamesBar
Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Gina\AppData\Roaming\iWin
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\ICQToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E08A9998-D98F-476F-8F5C-37C80FE0A4DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\XTTB00001
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.XTTBPos00
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.XTTBPos00.1
Key Deleted : HKLM\SOFTWARE\Classes\XTTB00001.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\XTTB00001.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\XTTB00001.XTTB00001
Key Deleted : HKLM\SOFTWARE\Classes\XTTB00001.XTTB00001.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\GamesBarSetup
Key Deleted : HKLM\Software\Messenger Plus!\OpenCandy
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ac591caa011e72b916e5a76adc00008
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\76dee31747e6bf794911eea2eb7ede79
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bfcf1f32cfc8a1f01a423989bad08048
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XTTB00001.XTTB00001Toolbar
Key Deleted : HKLM\Software\OpenCandy NSIS SDK
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16496
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://google.icq.com --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://google.icq.com/search/search_frame.php --> hxxp://www.google.com
 
-\\ Mozilla Firefox v22.0 (en-US)
 
File : C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\gh8k4wf2.default\prefs.js
 
C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\gh8k4wf2.default\user.js ... Deleted !
 
[OK] File is clean.
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Users\Gina\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [4117 octets] - [24/07/2013 17:00:17]
 
########## EOF - C:\AdwCleaner[S1].txt - [4177 octets] ##########
 

 

FSS

 

Farbar Service Scanner Version: 13-07-2013
Ran by Gina (administrator) on 24-07-2013 at 17:15:13
Running from "C:\Users\Gina\Downloads"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-06-12 16:33] - [2013-05-08 04:40] - 0914792 ____A (Microsoft Corporation) 078218D74C4EFC2CE7E4C6DF22A94F2F
 
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:47 AM

Posted 24 July 2013 - 11:27 AM

TDSK.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 simmy555

simmy555
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 24 July 2013 - 11:38 AM

Log attached



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:47 AM

Posted 24 July 2013 - 11:49 AM

Log attached

Are you sure?  Please try to attach it again or you can just copy/paste the results directly to the reply.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 simmy555

simmy555
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 24 July 2013 - 11:52 AM

Hmmm odd! 

 

17:34:38.0296 5396  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:34:38.0780 5396  ============================================================
17:34:38.0780 5396  Current date / time: 2013/07/24 17:34:38.0780
17:34:38.0780 5396  SystemInfo:
17:34:38.0781 5396  
17:34:38.0781 5396  OS Version: 6.0.6002 ServicePack: 2.0
17:34:38.0781 5396  Product type: Workstation
17:34:38.0782 5396  ComputerName: GINA-PC
17:34:38.0783 5396  UserName: Gina
17:34:38.0783 5396  Windows directory: C:\Windows
17:34:38.0783 5396  System windows directory: C:\Windows
17:34:38.0783 5396  Processor architecture: Intel x86
17:34:38.0783 5396  Number of processors: 2
17:34:38.0783 5396  Page size: 0x1000
17:34:38.0783 5396  Boot type: Normal boot
17:34:38.0783 5396  ============================================================
17:34:41.0202 5396  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:34:41.0217 5396  ============================================================
17:34:41.0217 5396  \Device\Harddisk0\DR0:
17:34:41.0217 5396  MBR partitions:
17:34:41.0217 5396  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0xDEE2000
17:34:41.0217 5396  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF2E2800, BlocksNum 0xD7CC800
17:34:41.0217 5396  ============================================================
17:34:41.0249 5396  C: <-> \Device\Harddisk0\DR0\Partition1
17:34:41.0295 5396  D: <-> \Device\Harddisk0\DR0\Partition2
17:34:41.0295 5396  ============================================================
17:34:41.0295 5396  Initialize success
17:34:41.0295 5396  ============================================================
17:34:56.0630 5152  ============================================================
17:34:56.0630 5152  Scan started
17:34:56.0630 5152  Mode: Manual; 
17:34:56.0630 5152  ============================================================
17:34:57.0332 5152  ================ Scan system memory ========================
17:34:57.0332 5152  System memory - ok
17:34:57.0332 5152  ================ Scan services =============================
17:34:57.0441 5152  [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:34:57.0457 5152  !SASCORE - ok
17:34:57.0785 5152  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
17:34:57.0816 5152  ACPI - ok
17:34:57.0925 5152  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:34:57.0925 5152  AdobeARMservice - ok
17:34:58.0081 5152  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:34:58.0081 5152  AdobeFlashPlayerUpdateSvc - ok
17:34:58.0159 5152  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:34:58.0190 5152  adp94xx - ok
17:34:58.0253 5152  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:34:58.0268 5152  adpahci - ok
17:34:58.0315 5152  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
17:34:58.0315 5152  adpu160m - ok
17:34:58.0362 5152  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:34:58.0362 5152  adpu320 - ok
17:34:58.0440 5152  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:34:58.0440 5152  AeLookupSvc - ok
17:34:58.0518 5152  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
17:34:58.0533 5152  AFD - ok
17:34:58.0580 5152  [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
17:34:58.0580 5152  AgereModemAudio - ok
17:34:58.0689 5152  [ 1CFEBA39FC613E45B49D3EDDFBCDA289 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
17:34:58.0736 5152  AgereSoftModem - ok
17:34:58.0799 5152  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:34:58.0799 5152  agp440 - ok
17:34:58.0845 5152  [ 9879FF9F6A04D660BC245788E1881B00 ] ahcix86s        C:\Windows\system32\DRIVERS\ahcix86s.sys
17:34:58.0861 5152  ahcix86s - ok
17:34:58.0892 5152  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
17:34:58.0908 5152  aic78xx - ok
17:34:58.0970 5152  [ 8D59617A9C3DBF4650AA44F4E9215744 ] AlfaFF          C:\Windows\system32\Drivers\AlfaFF.sys
17:34:58.0970 5152  AlfaFF - ok
17:34:59.0001 5152  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
17:34:59.0017 5152  ALG - ok
17:34:59.0048 5152  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:34:59.0048 5152  aliide - ok
17:34:59.0079 5152  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:34:59.0095 5152  amdagp - ok
17:34:59.0126 5152  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:34:59.0126 5152  amdide - ok
17:34:59.0173 5152  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
17:34:59.0173 5152  AmdK7 - ok
17:34:59.0204 5152  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:34:59.0220 5152  AmdK8 - ok
17:34:59.0282 5152  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
17:34:59.0298 5152  Appinfo - ok
17:34:59.0329 5152  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
17:34:59.0329 5152  arc - ok
17:34:59.0376 5152  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:34:59.0376 5152  arcsas - ok
17:34:59.0438 5152  [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
17:34:59.0438 5152  aswFsBlk - ok
17:34:59.0469 5152  [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
17:34:59.0485 5152  aswMonFlt - ok
17:34:59.0563 5152  [ 7B43265F92257A21CBFD88E7A651044C ] aswRdr          C:\Windows\system32\drivers\aswRdr.sys
17:34:59.0579 5152  aswRdr - ok
17:34:59.0625 5152  [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
17:34:59.0641 5152  aswRvrt - ok
17:34:59.0703 5152  [ CCD565A8A72AF7D45F9A242013870926 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
17:34:59.0750 5152  aswSnx - ok
17:34:59.0813 5152  [ 937300BC7C4CDF7576BCCE44E19BBB9D ] aswSP           C:\Windows\system32\drivers\aswSP.sys
17:34:59.0828 5152  aswSP - ok
17:34:59.0891 5152  [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
17:34:59.0891 5152  aswTdi - ok
17:34:59.0937 5152  [ 8CFAA2B965773A653F48F1207A9CB9C4 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
17:34:59.0953 5152  aswVmm - ok
17:35:00.0000 5152  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:35:00.0015 5152  AsyncMac - ok
17:35:00.0062 5152  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:35:00.0062 5152  atapi - ok
17:35:00.0140 5152  [ 8BE56F8300E1C37B578DA23C71816B7A ] athr            C:\Windows\system32\DRIVERS\athr.sys
17:35:00.0187 5152  athr - ok
17:35:00.0296 5152  [ D1CDD3DD7D47BA6DCDE3C392EC94F944 ] athur           C:\Windows\system32\DRIVERS\athur.sys
17:35:00.0374 5152  athur - ok
17:35:00.0452 5152  [ 80129B0F83F361130770D642E36F57AB ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
17:35:00.0499 5152  Ati External Event Utility - ok
17:35:00.0717 5152  [ 5E80C91CA04C46A9AC6D4F39E1BCE636 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:35:00.0905 5152  atikmdag - ok
17:35:00.0983 5152  [ 5A1465AD2E7C1BC39CDA12A355329096 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
17:35:00.0983 5152  AtiPcie - ok
17:35:01.0045 5152  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:35:01.0061 5152  AudioEndpointBuilder - ok
17:35:01.0092 5152  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:35:01.0107 5152  Audiosrv - ok
17:35:01.0201 5152  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
17:35:01.0217 5152  avast! Antivirus - ok
17:35:01.0310 5152  [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
17:35:01.0310 5152  BBSvc - ok
17:35:01.0388 5152  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:35:01.0388 5152  Beep - ok
17:35:01.0466 5152  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
17:35:01.0482 5152  BFE - ok
17:35:01.0575 5152  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
17:35:01.0622 5152  BITS - ok
17:35:01.0653 5152  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
17:35:01.0669 5152  blbdrive - ok
17:35:01.0716 5152  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:35:01.0716 5152  bowser - ok
17:35:01.0778 5152  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
17:35:01.0778 5152  BrFiltLo - ok
17:35:01.0809 5152  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
17:35:01.0809 5152  BrFiltUp - ok
17:35:01.0872 5152  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
17:35:01.0887 5152  Browser - ok
17:35:01.0919 5152  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
17:35:01.0934 5152  Brserid - ok
17:35:01.0965 5152  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
17:35:01.0965 5152  BrSerWdm - ok
17:35:02.0012 5152  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
17:35:02.0012 5152  BrUsbMdm - ok
17:35:02.0043 5152  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
17:35:02.0043 5152  BrUsbSer - ok
17:35:02.0106 5152  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:35:02.0106 5152  BTHMODEM - ok
17:35:02.0184 5152  [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc     C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
17:35:02.0184 5152  BUNAgentSvc - ok
17:35:02.0231 5152  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:35:02.0232 5152  cdfs - ok
17:35:02.0280 5152  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:35:02.0291 5152  cdrom - ok
17:35:02.0339 5152  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:35:02.0346 5152  CertPropSvc - ok
17:35:02.0377 5152  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:35:02.0382 5152  circlass - ok
17:35:02.0420 5152  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
17:35:02.0444 5152  CLFS - ok
17:35:02.0553 5152  [ 1A05E1AF359D8E961279F1EEA30A91EE ] CLHNService     C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
17:35:02.0561 5152  CLHNService - ok
17:35:02.0645 5152  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:35:02.0657 5152  clr_optimization_v2.0.50727_32 - ok
17:35:02.0764 5152  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:35:02.0776 5152  clr_optimization_v4.0.30319_32 - ok
17:35:02.0832 5152  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:35:02.0836 5152  CmBatt - ok
17:35:02.0874 5152  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:35:02.0880 5152  cmdide - ok
17:35:02.0907 5152  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:35:02.0913 5152  Compbatt - ok
17:35:02.0946 5152  COMSysApp - ok
17:35:02.0973 5152  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:35:02.0983 5152  crcdisk - ok
17:35:03.0018 5152  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
17:35:03.0024 5152  Crusoe - ok
17:35:03.0100 5152  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:35:03.0111 5152  CryptSvc - ok
17:35:03.0198 5152  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:35:03.0242 5152  DcomLaunch - ok
17:35:03.0284 5152  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:35:03.0291 5152  DfsC - ok
17:35:03.0427 5152  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
17:35:03.0490 5152  DFSR - ok
17:35:03.0567 5152  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
17:35:03.0582 5152  Dhcp - ok
17:35:03.0633 5152  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
17:35:03.0640 5152  disk - ok
17:35:03.0678 5152  [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr         C:\Windows\system32\DRIVERS\DKbFltr.sys
17:35:03.0693 5152  DKbFltr - ok
17:35:03.0756 5152  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:35:03.0769 5152  Dnscache - ok
17:35:03.0822 5152  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:35:03.0868 5152  dot3svc - ok
17:35:03.0922 5152  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
17:35:03.0947 5152  DPS - ok
17:35:03.0987 5152  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:35:03.0992 5152  drmkaud - ok
17:35:04.0062 5152  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:35:04.0096 5152  DXGKrnl - ok
17:35:04.0142 5152  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
17:35:04.0150 5152  E1G60 - ok
17:35:04.0189 5152  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
17:35:04.0235 5152  EapHost - ok
17:35:04.0297 5152  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
17:35:04.0328 5152  Ecache - ok
17:35:04.0422 5152  [ B1F2503E23425B386DF0F3413B2596F3 ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
17:35:04.0438 5152  eDataSecurity Service - ok
17:35:04.0500 5152  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:35:04.0531 5152  ehRecvr - ok
17:35:04.0562 5152  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
17:35:04.0562 5152  ehSched - ok
17:35:04.0594 5152  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
17:35:04.0594 5152  ehstart - ok
17:35:04.0656 5152  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:35:04.0672 5152  elxstor - ok
17:35:04.0750 5152  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
17:35:04.0796 5152  EMDMgmt - ok
17:35:04.0859 5152  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:35:04.0859 5152  ErrDev - ok
17:35:04.0921 5152  [ 27D2754314D12EB27D81D462FD0D86C0 ] ETService       C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
17:35:04.0921 5152  ETService - ok
17:35:04.0984 5152  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
17:35:05.0015 5152  EventSystem - ok
17:35:05.0093 5152  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
17:35:05.0108 5152  exfat - ok
17:35:05.0140 5152  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:35:05.0140 5152  fastfat - ok
17:35:05.0186 5152  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:35:05.0202 5152  fdc - ok
17:35:05.0233 5152  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:35:05.0264 5152  fdPHost - ok
17:35:05.0296 5152  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:35:05.0311 5152  FDResPub - ok
17:35:05.0358 5152  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:35:05.0374 5152  FileInfo - ok
17:35:05.0389 5152  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:35:05.0405 5152  Filetrace - ok
17:35:05.0436 5152  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:35:05.0436 5152  flpydisk - ok
17:35:05.0483 5152  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:35:05.0498 5152  FltMgr - ok
17:35:05.0608 5152  [ 119ACA7CADCA75BEA6B38E999443BAA6 ] FontCache       C:\Windows\system32\FntCache.dll
17:35:05.0639 5152  FontCache - ok
17:35:05.0701 5152  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:35:05.0717 5152  FontCache3.0.0.0 - ok
17:35:05.0748 5152  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:35:05.0764 5152  Fs_Rec - ok
17:35:05.0810 5152  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:35:05.0810 5152  gagp30kx - ok
17:35:05.0888 5152  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:35:05.0935 5152  gpsvc - ok
17:35:06.0044 5152  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca2105ff665b2 C:\Program Files\Google\Update\GoogleUpdate.exe
17:35:06.0044 5152  gupdate1ca2105ff665b2 - ok
17:35:06.0107 5152  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:35:06.0107 5152  gupdatem - ok
17:35:06.0200 5152  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:35:06.0216 5152  HdAudAddService - ok
17:35:06.0278 5152  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:35:06.0310 5152  HDAudBus - ok
17:35:06.0356 5152  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:35:06.0356 5152  HidBth - ok
17:35:06.0388 5152  [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:35:06.0403 5152  HidIr - ok
17:35:06.0450 5152  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
17:35:06.0466 5152  hidserv - ok
17:35:06.0512 5152  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:35:06.0512 5152  HidUsb - ok
17:35:06.0559 5152  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:35:06.0590 5152  hkmsvc - ok
17:35:06.0637 5152  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
17:35:06.0637 5152  HpCISSs - ok
17:35:06.0700 5152  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:35:06.0731 5152  HTTP - ok
17:35:06.0746 5152  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
17:35:06.0762 5152  i2omp - ok
17:35:06.0809 5152  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:35:06.0824 5152  i8042prt - ok
17:35:06.0871 5152  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
17:35:06.0871 5152  iaStorV - ok
17:35:06.0980 5152  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:35:07.0027 5152  idsvc - ok
17:35:07.0246 5152  [ 3786F369A9C1D0952582DEDA962C27CF ] IGBASVC         C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
17:35:07.0386 5152  IGBASVC - ok
17:35:07.0495 5152  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:35:07.0495 5152  iirsp - ok
17:35:07.0589 5152  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:35:07.0651 5152  IKEEXT - ok
17:35:07.0745 5152  [ 4D8D5B1C895EA0F2A721B98A7CE198F1 ] int15           C:\Windows\system32\drivers\int15.sys
17:35:07.0760 5152  int15 - ok
17:35:07.0932 5152  [ B8716D9677B04B82FA405C8C54954728 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:35:08.0041 5152  IntcAzAudAddService - ok
17:35:08.0088 5152  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:35:08.0088 5152  intelide - ok
17:35:08.0150 5152  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:35:08.0166 5152  intelppm - ok
17:35:08.0228 5152  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:35:08.0244 5152  IPBusEnum - ok
17:35:08.0291 5152  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:35:08.0306 5152  IpFilterDriver - ok
17:35:08.0369 5152  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:35:08.0384 5152  iphlpsvc - ok
17:35:08.0416 5152  IpInIp - ok
17:35:08.0447 5152  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
17:35:08.0462 5152  IPMIDRV - ok
17:35:08.0494 5152  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
17:35:08.0509 5152  IPNAT - ok
17:35:08.0540 5152  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:35:08.0556 5152  IRENUM - ok
17:35:08.0587 5152  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:35:08.0603 5152  isapnp - ok
17:35:08.0650 5152  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:35:08.0681 5152  iScsiPrt - ok
17:35:08.0712 5152  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
17:35:08.0712 5152  iteatapi - ok
17:35:08.0759 5152  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
17:35:08.0759 5152  iteraid - ok
17:35:08.0837 5152  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:35:08.0852 5152  kbdclass - ok
17:35:08.0946 5152  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:35:08.0946 5152  kbdhid - ok
17:35:08.0977 5152  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
17:35:08.0993 5152  KeyIso - ok
17:35:09.0055 5152  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:35:09.0086 5152  KSecDD - ok
17:35:09.0196 5152  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:35:09.0242 5152  KtmRm - ok
17:35:09.0336 5152  [ 24ABDDEB766C8459F9D562EB083B6CB8 ] L1E             C:\Windows\system32\DRIVERS\L1E60x86.sys
17:35:09.0352 5152  L1E - ok
17:35:09.0414 5152  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:35:09.0461 5152  LanmanServer - ok
17:35:09.0539 5152  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:35:09.0586 5152  LanmanWorkstation - ok
17:35:09.0695 5152  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:35:09.0710 5152  LightScribeService - ok
17:35:09.0773 5152  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:35:09.0804 5152  lltdio - ok
17:35:09.0882 5152  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:35:09.0913 5152  lltdsvc - ok
17:35:09.0976 5152  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:35:10.0007 5152  lmhosts - ok
17:35:10.0069 5152  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:35:10.0085 5152  LSI_FC - ok
17:35:10.0116 5152  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:35:10.0132 5152  LSI_SAS - ok
17:35:10.0194 5152  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:35:10.0210 5152  LSI_SCSI - ok
17:35:10.0256 5152  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
17:35:10.0256 5152  luafv - ok
17:35:10.0334 5152  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:35:10.0366 5152  Mcx2Svc - ok
17:35:10.0475 5152  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:35:10.0490 5152  MDM - ok
17:35:10.0568 5152  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:35:10.0568 5152  megasas - ok
17:35:10.0693 5152  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
17:35:10.0709 5152  MegaSR - ok
17:35:10.0787 5152  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
17:35:10.0802 5152  MMCSS - ok
17:35:10.0912 5152  MobilityService - ok
17:35:10.0990 5152  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
17:35:10.0990 5152  Modem - ok
17:35:11.0037 5152  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:35:11.0037 5152  monitor - ok
17:35:11.0108 5152  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:35:11.0119 5152  mouclass - ok
17:35:11.0169 5152  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:35:11.0174 5152  mouhid - ok
17:35:11.0202 5152  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
17:35:11.0210 5152  MountMgr - ok
17:35:11.0287 5152  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:35:11.0297 5152  MozillaMaintenance - ok
17:35:11.0352 5152  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:35:11.0363 5152  mpio - ok
17:35:11.0396 5152  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:35:11.0403 5152  mpsdrv - ok
17:35:11.0471 5152  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:35:11.0504 5152  MpsSvc - ok
17:35:11.0531 5152  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
17:35:11.0538 5152  Mraid35x - ok
17:35:11.0595 5152  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:35:11.0604 5152  MRxDAV - ok
17:35:11.0655 5152  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:35:11.0666 5152  mrxsmb - ok
17:35:11.0718 5152  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:35:11.0741 5152  mrxsmb10 - ok
17:35:11.0765 5152  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:35:11.0773 5152  mrxsmb20 - ok
17:35:11.0819 5152  [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:35:11.0826 5152  msahci - ok
17:35:11.0865 5152  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:35:11.0873 5152  msdsm - ok
17:35:11.0909 5152  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
17:35:11.0944 5152  MSDTC - ok
17:35:12.0026 5152  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:35:12.0037 5152  Msfs - ok
17:35:12.0086 5152  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:35:12.0093 5152  msisadrv - ok
17:35:12.0139 5152  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:35:12.0163 5152  MSiSCSI - ok
17:35:12.0182 5152  msiserver - ok
17:35:12.0267 5152  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:35:12.0283 5152  MSKSSRV - ok
17:35:12.0361 5152  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:35:12.0392 5152  MSPCLOCK - ok
17:35:12.0423 5152  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:35:12.0423 5152  MSPQM - ok
17:35:12.0470 5152  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:35:12.0501 5152  MsRPC - ok
17:35:12.0548 5152  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:35:12.0564 5152  mssmbios - ok
17:35:12.0626 5152  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:35:12.0626 5152  MSTEE - ok
17:35:12.0689 5152  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
17:35:12.0704 5152  Mup - ok
17:35:12.0767 5152  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
17:35:12.0813 5152  napagent - ok
17:35:12.0876 5152  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:35:12.0907 5152  NativeWifiP - ok
17:35:12.0985 5152  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:35:13.0016 5152  NDIS - ok
17:35:13.0063 5152  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:35:13.0079 5152  NdisTapi - ok
17:35:13.0110 5152  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:35:13.0110 5152  Ndisuio - ok
17:35:13.0172 5152  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:35:13.0188 5152  NdisWan - ok
17:35:13.0219 5152  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:35:13.0235 5152  NDProxy - ok
17:35:13.0266 5152  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:35:13.0266 5152  NetBIOS - ok
17:35:13.0328 5152  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
17:35:13.0344 5152  netbt - ok
17:35:13.0375 5152  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
17:35:13.0391 5152  Netlogon - ok
17:35:13.0484 5152  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
17:35:13.0531 5152  Netman - ok
17:35:13.0593 5152  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
17:35:13.0625 5152  netprofm - ok
17:35:13.0671 5152  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:35:13.0671 5152  NetTcpPortSharing - ok
17:35:13.0718 5152  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:35:13.0734 5152  nfrd960 - ok
17:35:13.0781 5152  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:35:13.0812 5152  NlaSvc - ok
17:35:13.0843 5152  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:35:13.0859 5152  Npfs - ok
17:35:13.0890 5152  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
17:35:13.0921 5152  nsi - ok
17:35:13.0968 5152  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:35:13.0983 5152  nsiproxy - ok
17:35:14.0093 5152  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:35:14.0155 5152  Ntfs - ok
17:35:14.0202 5152  [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
17:35:14.0202 5152  NTIBackupSvc - ok
17:35:14.0233 5152  [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
17:35:14.0249 5152  NTIDrvr - ok
17:35:14.0295 5152  [ 547BFA3591C70674B0BFC99354AB78B3 ] NTIPPKernel     C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
17:35:14.0311 5152  NTIPPKernel - ok
17:35:14.0358 5152  [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
17:35:14.0358 5152  NTISchedulerSvc - ok
17:35:14.0405 5152  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
17:35:14.0405 5152  ntrigdigi - ok
17:35:14.0436 5152  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
17:35:14.0451 5152  Null - ok
17:35:14.0483 5152  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:35:14.0483 5152  nvraid - ok
17:35:14.0514 5152  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:35:14.0545 5152  nvstor - ok
17:35:14.0576 5152  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:35:14.0592 5152  nv_agp - ok
17:35:14.0607 5152  NwlnkFlt - ok
17:35:14.0639 5152  NwlnkFwd - ok
17:35:14.0732 5152  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:35:14.0763 5152  odserv - ok
17:35:14.0857 5152  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:35:14.0857 5152  ohci1394 - ok
17:35:14.0904 5152  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:35:14.0904 5152  ose - ok
17:35:14.0982 5152  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
17:35:15.0044 5152  p2pimsvc - ok
17:35:15.0107 5152  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:35:15.0153 5152  p2psvc - ok
17:35:15.0185 5152  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
17:35:15.0200 5152  Parport - ok
17:35:15.0231 5152  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:35:15.0247 5152  partmgr - ok
17:35:15.0294 5152  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
17:35:15.0294 5152  Parvdm - ok
17:35:15.0341 5152  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:35:15.0372 5152  PcaSvc - ok
17:35:15.0434 5152  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
17:35:15.0450 5152  pci - ok
17:35:15.0481 5152  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
17:35:15.0481 5152  pciide - ok
17:35:15.0528 5152  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:35:15.0543 5152  pcmcia - ok
17:35:15.0637 5152  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:35:15.0793 5152  PEAUTH - ok
17:35:15.0965 5152  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
17:35:16.0058 5152  pla - ok
17:35:16.0121 5152  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:35:16.0152 5152  PlugPlay - ok
17:35:16.0214 5152  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
17:35:16.0261 5152  PNRPAutoReg - ok
17:35:16.0308 5152  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
17:35:16.0339 5152  PNRPsvc - ok
17:35:16.0401 5152  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:35:16.0433 5152  PolicyAgent - ok
17:35:16.0495 5152  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:35:16.0495 5152  PptpMiniport - ok
17:35:16.0526 5152  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:35:16.0526 5152  Processor - ok
17:35:16.0589 5152  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:35:16.0635 5152  ProfSvc - ok
17:35:16.0667 5152  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:35:16.0682 5152  ProtectedStorage - ok
17:35:16.0729 5152  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
17:35:16.0745 5152  PSched - ok
17:35:16.0776 5152  [ 628321C8DD76AD369B362B202E655A68 ] PSDFilter       C:\Windows\system32\DRIVERS\psdfilter.sys
17:35:16.0776 5152  PSDFilter - ok
17:35:16.0807 5152  [ 79D7117E62709C7690CF3DD55ACEAD37 ] PSDNServ        C:\Windows\system32\DRIVERS\PSDNServ.sys
17:35:16.0823 5152  PSDNServ - ok
17:35:16.0854 5152  [ CAE5E82827990CF4BD4A49576BDE3A43 ] psdvdisk        C:\Windows\system32\DRIVERS\PSDVdisk.sys
17:35:16.0854 5152  psdvdisk - ok
17:35:16.0885 5152  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
17:35:16.0901 5152  PSI - ok
17:35:17.0010 5152  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:35:17.0072 5152  ql2300 - ok
17:35:17.0103 5152  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:35:17.0103 5152  ql40xx - ok
17:35:17.0181 5152  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
17:35:17.0228 5152  QWAVE - ok
17:35:17.0275 5152  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:35:17.0291 5152  QWAVEdrv - ok
17:35:17.0525 5152  [ D8D25770F45E0D71E33C3D970175ECB4 ] RapportCerberus_53984 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys
17:35:17.0540 5152  RapportCerberus_53984 - ok
17:35:17.0603 5152  [ 7C1D9537813DB5AB9D167446D3EAFD0D ] RapportEI       C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
17:35:17.0618 5152  RapportEI - ok
17:35:17.0681 5152  [ E8F8D0BC2B06CF4421E1B905D13820FC ] RapportKELL     C:\Windows\system32\Drivers\RapportKELL.sys
17:35:17.0681 5152  RapportKELL - ok
17:35:17.0774 5152  [ FBB85BBAF1E8A0F05083B5D7128AD133 ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
17:35:17.0837 5152  RapportMgmtService - ok
17:35:17.0899 5152  [ B0680617015917F8F41D45933D9E17D7 ] RapportPG       C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
17:35:17.0915 5152  RapportPG - ok
17:35:17.0946 5152  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:35:17.0961 5152  RasAcd - ok
17:35:17.0993 5152  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
17:35:18.0039 5152  RasAuto - ok
17:35:18.0071 5152  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:35:18.0071 5152  Rasl2tp - ok
17:35:18.0149 5152  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
17:35:18.0180 5152  RasMan - ok
17:35:18.0227 5152  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:35:18.0242 5152  RasPppoe - ok
17:35:18.0289 5152  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:35:18.0289 5152  RasSstp - ok
17:35:18.0351 5152  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:35:18.0383 5152  rdbss - ok
17:35:18.0429 5152  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:35:18.0429 5152  RDPCDD - ok
17:35:18.0492 5152  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
17:35:18.0507 5152  rdpdr - ok
17:35:18.0539 5152  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:35:18.0554 5152  RDPENCDD - ok
17:35:18.0617 5152  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:35:18.0632 5152  RDPWD - ok
17:35:18.0726 5152  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:35:18.0741 5152  RemoteAccess - ok
17:35:18.0788 5152  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:35:18.0835 5152  RemoteRegistry - ok
17:35:18.0897 5152  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo       C:\Program Files\Cyberlink\Shared files\RichVideo.exe
17:35:18.0913 5152  RichVideo - ok
17:35:18.0960 5152  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
17:35:18.0975 5152  RpcLocator - ok
17:35:19.0038 5152  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
17:35:19.0085 5152  RpcSs - ok
17:35:19.0116 5152  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:35:19.0131 5152  rspndr - ok
17:35:19.0194 5152  [ 065A51298212455584F1811B033B617E ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
17:35:19.0209 5152  RTHDMIAzAudService - ok
17:35:19.0272 5152  [ B0538DEA03E088B80482CA939F4E8740 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
17:35:19.0272 5152  RTSTOR - ok
17:35:19.0303 5152  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
17:35:19.0319 5152  SamSs - ok
17:35:19.0397 5152  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:35:19.0397 5152  SASDIFSV - ok
17:35:19.0443 5152  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:35:19.0459 5152  SASKUTIL - ok
17:35:19.0506 5152  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:35:19.0521 5152  sbp2port - ok
17:35:19.0568 5152  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:35:19.0599 5152  SCardSvr - ok
17:35:19.0662 5152  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
17:35:19.0724 5152  Schedule - ok
17:35:19.0755 5152  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:35:19.0771 5152  SCPolicySvc - ok
17:35:19.0802 5152  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:35:19.0833 5152  SDRSVC - ok
17:35:19.0911 5152  [ 78779EE07231C658B483B1F38B5088DF ] SeaPort         C:\Program Files\Microsoft\BingBar\SeaPort.EXE
17:35:19.0927 5152  SeaPort - ok
17:35:19.0958 5152  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:35:19.0974 5152  secdrv - ok
17:35:20.0021 5152  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
17:35:20.0052 5152  seclogon - ok
17:35:20.0145 5152  [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
17:35:20.0208 5152  Secunia PSI Agent - ok
17:35:20.0270 5152  [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
17:35:20.0286 5152  Secunia Update Agent - ok
17:35:20.0333 5152  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
17:35:20.0364 5152  SENS - ok
17:35:20.0379 5152  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:35:20.0395 5152  Serenum - ok
17:35:20.0442 5152  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
17:35:20.0457 5152  Serial - ok
17:35:20.0489 5152  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:35:20.0489 5152  sermouse - ok
17:35:20.0582 5152  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:35:20.0629 5152  SessionEnv - ok
17:35:20.0660 5152  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:35:20.0676 5152  sffdisk - ok
17:35:20.0707 5152  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:35:20.0707 5152  sffp_mmc - ok
17:35:20.0769 5152  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:35:20.0769 5152  sffp_sd - ok
17:35:20.0801 5152  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:35:20.0816 5152  sfloppy - ok
17:35:20.0879 5152  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:35:20.0894 5152  SharedAccess - ok
17:35:20.0957 5152  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:35:21.0003 5152  ShellHWDetection - ok
17:35:21.0035 5152  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:35:21.0035 5152  sisagp - ok
17:35:21.0066 5152  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
17:35:21.0097 5152  SiSRaid2 - ok
17:35:21.0144 5152  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:35:21.0159 5152  SiSRaid4 - ok
17:35:21.0206 5152  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
17:35:21.0237 5152  SkypeUpdate - ok
17:35:21.0440 5152  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
17:35:21.0612 5152  slsvc - ok
17:35:21.0660 5152  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
17:35:21.0698 5152  SLUINotify - ok
17:35:21.0751 5152  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:35:21.0761 5152  Smb - ok
17:35:21.0851 5152  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:35:21.0885 5152  SNMPTRAP - ok
17:35:21.0908 5152  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
17:35:21.0920 5152  spldr - ok
17:35:21.0983 5152  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
17:35:22.0029 5152  Spooler - ok
17:35:22.0085 5152  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:35:22.0103 5152  srv - ok
17:35:22.0155 5152  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:35:22.0179 5152  srv2 - ok
17:35:22.0209 5152  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:35:22.0224 5152  srvnet - ok
17:35:22.0274 5152  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:35:22.0308 5152  SSDPSRV - ok
17:35:22.0344 5152  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:35:22.0390 5152  SstpSvc - ok
17:35:22.0457 5152  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
17:35:22.0523 5152  stisvc - ok
17:35:22.0572 5152  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:35:22.0579 5152  swenum - ok
17:35:22.0636 5152  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
17:35:22.0674 5152  swprv - ok
17:35:22.0708 5152  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
17:35:22.0721 5152  Symc8xx - ok
17:35:22.0768 5152  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
17:35:22.0776 5152  Sym_hi - ok
17:35:22.0810 5152  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
17:35:22.0822 5152  Sym_u3 - ok
17:35:22.0874 5152  [ 4C9BB4B3B9EAC26211484C30B914C6DC ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:35:22.0898 5152  SynTP - ok
17:35:22.0970 5152  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
17:35:23.0038 5152  SysMain - ok
17:35:23.0081 5152  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:35:23.0115 5152  TabletInputService - ok
17:35:23.0172 5152  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:35:23.0232 5152  TapiSrv - ok
17:35:23.0279 5152  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
17:35:23.0325 5152  TBS - ok
17:35:23.0403 5152  [ 078218D74C4EFC2CE7E4C6DF22A94F2F ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:35:23.0435 5152  Tcpip - ok
17:35:23.0513 5152  [ 078218D74C4EFC2CE7E4C6DF22A94F2F ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
17:35:23.0528 5152  Tcpip6 - ok
17:35:23.0575 5152  [ 4C11A1820DDC37FA653913AD680ACCAE ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:35:23.0575 5152  tcpipreg - ok
17:35:23.0622 5152  [ 72B9E77565DA5FA564581976E000D29B ] TcUsb           C:\Windows\system32\Drivers\tcusb.sys
17:35:23.0622 5152  TcUsb - ok
17:35:23.0669 5152  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:35:23.0684 5152  TDPIPE - ok
17:35:23.0700 5152  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:35:23.0715 5152  TDTCP - ok
17:35:23.0762 5152  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:35:23.0762 5152  tdx - ok
17:35:23.0965 5152  [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7     C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
17:35:24.0043 5152  TeamViewer7 - ok
17:35:24.0121 5152  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:35:24.0121 5152  TermDD - ok
17:35:24.0183 5152  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
17:35:24.0246 5152  TermService - ok
17:35:24.0324 5152  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
17:35:24.0355 5152  Themes - ok
17:35:24.0386 5152  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
17:35:24.0417 5152  THREADORDER - ok
17:35:24.0449 5152  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
17:35:24.0480 5152  TrkWks - ok
17:35:24.0558 5152  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:35:24.0573 5152  TrustedInstaller - ok
17:35:24.0636 5152  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:35:24.0651 5152  tssecsrv - ok
17:35:24.0683 5152  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
17:35:24.0698 5152  tunmp - ok
17:35:24.0729 5152  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:35:24.0729 5152  tunnel - ok
17:35:24.0761 5152  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:35:24.0776 5152  uagp35 - ok
17:35:24.0807 5152  [ F763E070843EE2803DE1395002B42938 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
17:35:24.0823 5152  UBHelper - ok
17:35:24.0870 5152  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:35:24.0885 5152  udfs - ok
17:35:24.0948 5152  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:35:24.0995 5152  UI0Detect - ok
17:35:25.0041 5152  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:35:25.0073 5152  uliagpkx - ok
17:35:25.0104 5152  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
17:35:25.0119 5152  uliahci - ok
17:35:25.0166 5152  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
17:35:25.0166 5152  UlSata - ok
17:35:25.0213 5152  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
17:35:25.0213 5152  ulsata2 - ok
17:35:25.0260 5152  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:35:25.0260 5152  umbus - ok
17:35:25.0322 5152  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
17:35:25.0369 5152  upnphost - ok
17:35:25.0478 5152  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:35:25.0478 5152  usbccgp - ok
17:35:25.0525 5152  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:35:25.0541 5152  usbcir - ok
17:35:25.0587 5152  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:35:25.0587 5152  usbehci - ok
17:35:25.0650 5152  [ EDCA5124B54BCF04E5C0538AA397A9C1 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
17:35:25.0665 5152  usbfilter - ok
17:35:25.0697 5152  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:35:25.0712 5152  usbhub - ok
17:35:25.0759 5152  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
17:35:25.0759 5152  usbohci - ok
17:35:25.0790 5152  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
17:35:25.0806 5152  usbprint - ok
17:35:25.0868 5152  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:35:25.0884 5152  USBSTOR - ok
17:35:25.0931 5152  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:35:25.0931 5152  usbuhci - ok
17:35:25.0993 5152  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:35:26.0009 5152  usbvideo - ok
17:35:26.0055 5152  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
17:35:26.0087 5152  UxSms - ok
17:35:26.0149 5152  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
17:35:26.0211 5152  vds - ok
17:35:26.0258 5152  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:35:26.0258 5152  vga - ok
17:35:26.0305 5152  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:35:26.0305 5152  VgaSave - ok
17:35:26.0336 5152  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:35:26.0352 5152  viaagp - ok
17:35:26.0383 5152  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
17:35:26.0399 5152  ViaC7 - ok
17:35:26.0414 5152  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
17:35:26.0430 5152  viaide - ok
17:35:26.0477 5152  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:35:26.0492 5152  volmgr - ok
17:35:26.0555 5152  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:35:26.0570 5152  volmgrx - ok
17:35:26.0633 5152  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:35:26.0648 5152  volsnap - ok
17:35:26.0679 5152  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:35:26.0695 5152  vsmraid - ok
17:35:26.0804 5152  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
17:35:26.0867 5152  VSS - ok
17:35:26.0960 5152  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
17:35:27.0007 5152  W32Time - ok
17:35:27.0069 5152  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:35:27.0069 5152  WacomPen - ok
17:35:27.0116 5152  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
17:35:27.0132 5152  Wanarp - ok
17:35:27.0147 5152  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:35:27.0163 5152  Wanarpv6 - ok
17:35:27.0225 5152  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:35:27.0288 5152  wcncsvc - ok
17:35:27.0335 5152  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:35:27.0381 5152  WcsPlugInService - ok
17:35:27.0413 5152  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
17:35:27.0413 5152  Wd - ok
17:35:27.0491 5152  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:35:27.0537 5152  Wdf01000 - ok
17:35:27.0584 5152  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:35:27.0631 5152  WdiServiceHost - ok
17:35:27.0647 5152  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:35:27.0693 5152  WdiSystemHost - ok
17:35:27.0740 5152  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
17:35:27.0787 5152  WebClient - ok
17:35:27.0834 5152  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:35:27.0881 5152  Wecsvc - ok
17:35:27.0927 5152  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:35:27.0974 5152  wercplsupport - ok
17:35:28.0037 5152  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:35:28.0083 5152  WerSvc - ok
17:35:28.0130 5152  [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir      C:\Windows\system32\DRIVERS\winbondcir.sys
17:35:28.0146 5152  winbondcir - ok
17:35:28.0224 5152  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:35:28.0224 5152  WinDefend - ok
17:35:28.0271 5152  WinHttpAutoProxySvc - ok
17:35:28.0349 5152  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:35:28.0364 5152  Winmgmt - ok
17:35:28.0473 5152  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:35:28.0583 5152  WinRM - ok
17:35:28.0692 5152  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:35:28.0739 5152  Wlansvc - ok
17:35:28.0879 5152  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:35:28.0957 5152  wlidsvc - ok
17:35:28.0988 5152  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:35:28.0988 5152  WmiAcpi - ok
17:35:29.0066 5152  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:35:29.0082 5152  wmiApSrv - ok
17:35:29.0175 5152  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:35:29.0222 5152  WMPNetworkSvc - ok
17:35:29.0274 5152  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:35:29.0321 5152  WPCSvc - ok
17:35:29.0373 5152  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:35:29.0418 5152  WPDBusEnum - ok
17:35:29.0555 5152  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:35:29.0600 5152  WPFFontCache_v0400 - ok
17:35:29.0644 5152  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:35:29.0656 5152  ws2ifsl - ok
17:35:29.0703 5152  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
17:35:29.0741 5152  wscsvc - ok
17:35:29.0763 5152  WSearch - ok
17:35:29.0938 5152  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
17:35:30.0026 5152  wuauserv - ok
17:35:30.0128 5152  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:35:30.0151 5152  WUDFRd - ok
17:35:30.0189 5152  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:35:30.0234 5152  wudfsvc - ok
17:35:30.0388 5152  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:35:30.0419 5152  YahooAUService - ok
17:35:30.0529 5152  [ 74EC37B9EAF9FCA015B933A526825C7A ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
17:35:30.0529 5152  {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
17:35:30.0607 5152  ================ Scan global ===============================
17:35:30.0685 5152  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:35:30.0763 5152  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
17:35:30.0841 5152  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
17:35:30.0934 5152  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
17:35:30.0965 5152  [Global] - ok
17:35:30.0965 5152  ================ Scan MBR ==================================
17:35:30.0997 5152  [ BB9D3A6A13C5010348DA7C900BB6AF50 ] \Device\Harddisk0\DR0
17:35:33.0639 5152  \Device\Harddisk0\DR0 - ok
17:35:33.0639 5152  ================ Scan VBR ==================================
17:35:33.0654 5152  [ 32DCC18A3448D26A679DC8A7302D05B1 ] \Device\Harddisk0\DR0\Partition1
17:35:33.0654 5152  \Device\Harddisk0\DR0\Partition1 - ok
17:35:33.0717 5152  [ F00D983A2A99379FE44ABE0571C641F4 ] \Device\Harddisk0\DR0\Partition2
17:35:33.0732 5152  \Device\Harddisk0\DR0\Partition2 - ok
17:35:33.0732 5152  ============================================================
17:35:33.0732 5152  Scan finished
17:35:33.0732 5152  ============================================================
17:35:33.0779 5908  Detected object count: 0
17:35:33.0779 5908  Actual detected object count: 0
17:37:44.0971 3052  Deinitialize success


#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:47 AM

Posted 24 July 2013 - 11:56 AM

Hi,

 

Thanks!   :)

 

ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
 
 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.  


  • Please post the C:\ComboFix.txt for further review.

 


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 simmy555

simmy555
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 24 July 2013 - 01:27 PM

That took a while!

 

ComboFix 13-07-24.02 - Gina 24/07/2013  18:20:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3293.2109 [GMT 1:00]
Running from: c:\users\Gina\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\users\Gina\AppData\Roaming\.#
c:\users\Gina\AppData\Roaming\.#\MBX@119C@3F2990.###
c:\users\Gina\AppData\Roaming\.#\MBX@119C@3F29C0.###
c:\users\Gina\AppData\Roaming\.#\MBX@119C@3F29F0.###
c:\users\Gina\AppData\Roaming\.#\MBX@17E0@1CA2990.###
c:\users\Gina\AppData\Roaming\.#\MBX@17E0@1CA29C0.###
c:\users\Gina\AppData\Roaming\.#\MBX@17E0@1CA29F0.###
c:\users\Gina\AppData\Roaming\.#\MBX@DAC@3C2990.###
c:\users\Gina\AppData\Roaming\.#\MBX@DAC@3C29C0.###
c:\users\Gina\AppData\Roaming\.#\MBX@DAC@3C29F0.###
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-24 to 2013-07-24  )))))))))))))))))))))))))))))))
.
.
2013-07-24 18:00 . 2013-07-24 18:10 -------- d-----w- c:\users\Gina\AppData\Local\temp
2013-07-24 00:48 . 2013-07-24 00:58 -------- d-----w- c:\windows\system32\MRT
2013-07-24 00:37 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88520BFA-3CD3-4C6C-861A-B04700463890}\mpengine.dll
2013-07-22 19:03 . 2013-07-22 19:03 -------- d--h--w- c:\windows\PIF
2013-07-11 02:02 . 2013-06-04 01:50 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 02:02 . 2013-04-17 10:10 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 02:02 . 2013-04-17 10:10 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-07-11 02:02 . 2013-04-17 10:33 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-11 02:02 . 2013-04-17 11:28 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-11 02:02 . 2013-04-17 11:28 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-11 02:02 . 2013-04-17 11:28 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-07-11 02:02 . 2013-04-17 10:34 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-11 02:02 . 2013-04-17 10:14 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-07-11 02:02 . 2013-04-17 11:28 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-11 02:01 . 2013-06-01 04:06 505344 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 02:01 . 2013-05-08 04:04 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 02:01 . 2013-04-09 03:51 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 02:01 . 2013-04-09 03:52 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 02:01 . 2013-04-09 03:51 983552 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 02:01 . 2013-04-09 03:51 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-18 21:57 . 2012-09-22 11:38 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-18 21:57 . 2012-08-24 00:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-27 19:41 . 2013-03-05 13:27 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 19:41 . 2011-05-21 15:29 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-27 19:41 . 2009-08-18 14:04 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-18 15:14 . 2013-06-18 15:14 102448 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-05-14 15:57 . 2011-03-28 18:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-03-05 13:27 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2009-08-18 14:04 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2009-08-18 14:04 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2009-08-18 14:04 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2009-08-18 14:04 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2010-08-26 00:01 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2009-08-18 14:04 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-08 03:40 . 2013-06-12 15:33 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-08 01:58 . 2013-06-12 15:33 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-05-02 01:06 . 2011-12-22 12:29 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 00:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 15:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 15:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 15:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 15:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-10-22 3673600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-18 6294048]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-01 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-17 817672]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-07 152872]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-02-26 499608]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-10-22 03:00 3116032 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 22:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2013-04-04 13:50 887432 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2009-05-21 14:42 173288 ------w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]
2012-02-27 14:43 801792 ----a-w- c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-09-18 11:00 1833504 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-07-16 23:57 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-20 02:54 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 21:57]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-19 19:41]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-19 19:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.my.yahoo.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1008&m=aspire_6530g
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\gh8k4wf2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-24 19:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2720)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Acer\Acer Bio Protection\BASVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\acer\Mobility Center\MobilityService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Trusteer\Rapport\bin\RapportService.exe
.
**************************************************************************
.
Completion time: 2013-07-24  19:20:01 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-24 18:19
.
Pre-Run: 47,452,241,920 bytes free
Post-Run: 46,961,295,360 bytes free
.
- - End Of File - - FC86AB669D60001E4D4E8596E7B6CC4F
BB9D3A6A13C5010348DA7C900BB6AF50


#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:47 AM

Posted 24 July 2013 - 06:45 PM

Hi,
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD"= 0 (0x0)

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
Post the new ComboFix log and then let me know how your system is running as well.   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 simmy555

simmy555
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 24 July 2013 - 07:59 PM

It didn't reboot this time but system seems to be ok, although I haven't yet tried Windows Update.

 

Here's the ComboFix log

 

ComboFix 13-07-24.03 - Gina 25/07/2013   1:02.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3293.2294 [GMT 1:00]
Running from: c:\users\Gina\Desktop\ComboFix.exe
Command switches used :: c:\users\Gina\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-25 to 2013-07-25  )))))))))))))))))))))))))))))))
.
.
2013-07-25 00:41 . 2013-07-25 00:42 -------- d-----w- c:\users\Gina\AppData\Local\temp
2013-07-25 00:41 . 2013-07-25 00:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-25 00:41 . 2013-07-25 00:41 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-07-24 00:48 . 2013-07-24 00:58 -------- d-----w- c:\windows\system32\MRT
2013-07-24 00:37 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88520BFA-3CD3-4C6C-861A-B04700463890}\mpengine.dll
2013-07-22 19:03 . 2013-07-22 19:03 -------- d--h--w- c:\windows\PIF
2013-07-11 02:02 . 2013-06-04 01:50 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 02:02 . 2013-04-17 10:10 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 02:02 . 2013-04-17 10:10 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-07-11 02:02 . 2013-04-17 10:33 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-11 02:02 . 2013-04-17 11:28 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-11 02:02 . 2013-04-17 11:28 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-11 02:02 . 2013-04-17 11:28 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-07-11 02:02 . 2013-04-17 10:34 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-11 02:02 . 2013-04-17 10:14 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-07-11 02:02 . 2013-04-17 11:28 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-11 02:01 . 2013-06-01 04:06 505344 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 02:01 . 2013-05-08 04:04 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 02:01 . 2013-04-09 03:51 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 02:01 . 2013-04-09 03:52 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 02:01 . 2013-04-09 03:51 983552 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 02:01 . 2013-04-09 03:51 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-18 21:57 . 2012-09-22 11:38 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-18 21:57 . 2012-08-24 00:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-27 19:41 . 2013-03-05 13:27 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 19:41 . 2011-05-21 15:29 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-27 19:41 . 2009-08-18 14:04 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-18 15:14 . 2013-06-18 15:14 102448 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-05-14 15:57 . 2011-03-28 18:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-03-05 13:27 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2009-08-18 14:04 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2009-08-18 14:04 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2009-08-18 14:04 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2009-08-18 14:04 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2010-08-26 00:01 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2009-08-18 14:04 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-08 03:40 . 2013-06-12 15:33 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-08 01:58 . 2013-06-12 15:33 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-05-02 01:06 . 2011-12-22 12:29 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 00:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 15:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 15:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 15:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 15:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-10-22 3673600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-18 6294048]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-01 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-17 817672]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-07 152872]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-02-26 499608]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-10-22 03:00 3116032 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 22:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2013-04-04 13:50 887432 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2009-05-21 14:42 173288 ------w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]
2012-02-27 14:43 801792 ----a-w- c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-09-18 11:00 1833504 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-07-16 23:57 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-20 02:54 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 21:57]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-19 19:41]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-19 19:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.my.yahoo.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1008&m=aspire_6530g
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\gh8k4wf2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-25 01:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5428)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Completion time: 2013-07-25  01:50:06
ComboFix-quarantined-files.txt  2013-07-25 00:49
ComboFix2.txt  2013-07-24 18:20
.
Pre-Run: 46,631,026,688 bytes free
Post-Run: 46,592,958,464 bytes free
.
- - End Of File - - 9239F73290287DC01262A5932BF8684B
BB9D3A6A13C5010348DA7C900BB6AF50


#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:47 AM

Posted 25 July 2013 - 06:25 AM

Hi,

 

Go ahead and give Windows Update a try and let me know what happens.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 simmy555

simmy555
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 25 July 2013 - 07:54 AM

Gah! they all failed again with the same error code :( 



#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:47 AM

Posted 25 July 2013 - 11:08 AM

Hi,

 

Ok...go to the page here and there will be a Microsoft Window that pops up. Press the link in the popup that says Run Now...run the .exe that is downloaded and follow any prompts and then when complete try to run Windows Update again and let me know what happens.   :)


Edited by jeffce, 25 July 2013 - 11:08 AM.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 simmy555

simmy555
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 25 July 2013 - 11:38 AM

FixIt allegedly repaired WU components but the four updates failed again.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users