Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have rtkbtmnt.exe, Other Malware??


  • This topic is locked This topic is locked
21 replies to this topic

#1 jtphenom

jtphenom

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 28 July 2013 - 03:15 PM

Hi folks,

My customer just brought me his computer complaining of malware. I checked it out and he's got some nasty stuff that MSE couldn't fully remove. Strange audio playing in background, BitTorrent pages coming up, all kinds of nasty stuff. Anyway, I ran TDSSKiller and OTL. TDSSKiller had to reboot once, and so I will post both logs. I used the Custom Scan script that I've seen in some other posts when I ran OTL. I hope that's alright! After running both, things still aren't quite right. For instance, IE takes me to the below URL when I type in www.msn.com, whereas Firefox takes me to the home page of msn.com like it's supposed to. So I don't trust this URL. Below the URL are my logs, TDSSKiller logs in one post and OTL in the next. Please assist if you can! Thanks!!! :D

https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1375042252&rver=6.1.6195.0&wp=MBI_SSL&wreply=https:%2F%2Flogin.secure.co1.msn.com%2Fwlsignin.aspx%3Fru%3Dhttp%253a%252f%252fwww.msn.com%252f&lc=1033&id=1184

15:06:36.0071 9652  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:06:38.0076 9652  ============================================================
15:06:38.0076 9652  Current date / time: 2013/07/28 15:06:38.0076
15:06:38.0076 9652  SystemInfo:
15:06:38.0076 9652  
15:06:38.0076 9652  OS Version: 6.0.6002 ServicePack: 2.0
15:06:38.0076 9652  Product type: Workstation
15:06:38.0077 9652  ComputerName: FRANK-PC
15:06:38.0077 9652  UserName: frank
15:06:38.0077 9652  Windows directory: C:\Windows
15:06:38.0077 9652  System windows directory: C:\Windows
15:06:38.0078 9652  Processor architecture: Intel x86
15:06:38.0078 9652  Number of processors: 2
15:06:38.0078 9652  Page size: 0x1000
15:06:38.0078 9652  Boot type: Normal boot
15:06:38.0078 9652  ============================================================
15:06:41.0520 9652  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:06:41.0524 9652  Drive \Device\Harddisk1\DR2 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:06:41.0525 9652  ============================================================
15:06:41.0525 9652  \Device\Harddisk0\DR0:
15:06:41.0526 9652  MBR partitions:
15:06:41.0526 9652  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1802000, BlocksNum 0x11E16800
15:06:41.0526 9652  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13618800, BlocksNum 0x11E15800
15:06:41.0526 9652  \Device\Harddisk1\DR2:
15:06:41.0527 9652  MBR partitions:
15:06:41.0527 9652  \Device\Harddisk1\DR2\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x776080
15:06:41.0527 9652  ============================================================
15:06:41.0915 9652  C: <-> \Device\Harddisk0\DR0\Partition1
15:06:42.0123 9652  D: <-> \Device\Harddisk0\DR0\Partition2
15:06:42.0123 9652  ============================================================
15:06:42.0123 9652  Initialize success
15:06:42.0123 9652  ============================================================
15:06:49.0139 9764  ============================================================
15:06:49.0140 9764  Scan started
15:06:49.0140 9764  Mode: Manual;
15:06:49.0140 9764  ============================================================
15:06:54.0538 9764  ================ Scan system memory ========================
15:06:54.0538 9764  System memory - ok
15:06:54.0541 9764  ================ Scan services =============================
15:06:55.0090 9764  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
15:06:55.0100 9764  ACPI - ok
15:06:55.0264 9764  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:06:55.0375 9764  AdobeARMservice - ok
15:06:55.0829 9764  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:06:55.0999 9764  AdobeFlashPlayerUpdateSvc - ok
15:06:57.0005 9764  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:06:57.0036 9764  adp94xx - ok
15:06:57.0389 9764  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:06:57.0401 9764  adpahci - ok
15:06:57.0502 9764  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
15:06:57.0508 9764  adpu160m - ok
15:06:57.0558 9764  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:06:57.0586 9764  adpu320 - ok
15:06:57.0979 9764  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:06:57.0981 9764  AeLookupSvc - ok
15:06:58.0272 9764  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
15:06:58.0557 9764  AFD - ok
15:06:58.0759 9764  [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
15:06:58.0839 9764  AgereModemAudio - ok
15:06:58.0915 9764  [ 38325C6AA8EAE011897D61CE48EC6435 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
15:06:59.0575 9764  AgereSoftModem - ok
15:06:59.0651 9764  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:06:59.0657 9764  agp440 - ok
15:06:59.0897 9764  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
15:06:59.0927 9764  aic78xx - ok
15:07:00.0070 9764  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
15:07:00.0076 9764  ALG - ok
15:07:00.0259 9764  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:07:00.0267 9764  aliide - ok
15:07:00.0515 9764  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:07:00.0521 9764  amdagp - ok
15:07:00.0640 9764  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:07:00.0647 9764  amdide - ok
15:07:00.0786 9764  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
15:07:00.0795 9764  AmdK7 - ok
15:07:00.0839 9764  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:07:00.0845 9764  AmdK8 - ok
15:07:01.0146 9764  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
15:07:01.0148 9764  Appinfo - ok
15:07:01.0740 9764  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:07:01.0835 9764  Apple Mobile Device - ok
15:07:01.0936 9764  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
15:07:01.0967 9764  arc - ok
15:07:02.0132 9764  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:07:02.0153 9764  arcsas - ok
15:07:02.0308 9764  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:07:02.0318 9764  AsyncMac - ok
15:07:02.0353 9764  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:07:02.0354 9764  atapi - ok
15:07:02.0498 9764  [ 99D78248BFD454BFA9B5BEC37350FADE ] athr            C:\Windows\system32\DRIVERS\athr.sys
15:07:02.0847 9764  athr - ok
15:07:02.0944 9764  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:07:02.0947 9764  AudioEndpointBuilder - ok
15:07:03.0111 9764  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:07:03.0114 9764  Audiosrv - ok
15:07:03.0734 9764  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:07:03.0738 9764  Beep - ok
15:07:03.0803 9764  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
15:07:03.0815 9764  BFE - ok
15:07:04.0267 9764  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
15:07:04.0397 9764  BITS - ok
15:07:04.0429 9764  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:07:04.0435 9764  blbdrive - ok
15:07:04.0717 9764  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:07:04.0832 9764  Bonjour Service - ok
15:07:05.0095 9764  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:07:05.0173 9764  bowser - ok
15:07:05.0278 9764  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
15:07:05.0294 9764  BrFiltLo - ok
15:07:05.0581 9764  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
15:07:05.0596 9764  BrFiltUp - ok
15:07:06.0257 9764  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
15:07:06.0269 9764  Browser - ok
15:07:06.0363 9764  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
15:07:06.0371 9764  Brserid - ok
15:07:06.0589 9764  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
15:07:06.0597 9764  BrSerWdm - ok
15:07:06.0666 9764  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
15:07:06.0670 9764  BrUsbMdm - ok
15:07:06.0730 9764  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
15:07:06.0738 9764  BrUsbSer - ok
15:07:06.0965 9764  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:07:06.0971 9764  BTHMODEM - ok
15:07:07.0040 9764  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:07:07.0043 9764  cdfs - ok
15:07:07.0293 9764  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:07:07.0304 9764  cdrom - ok
15:07:07.0439 9764  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:07:07.0441 9764  CertPropSvc - ok
15:07:07.0513 9764  [ 25C323075C5EA4A2555E35355A01F793 ] cfwids          C:\Windows\system32\drivers\cfwids.sys
15:07:07.0590 9764  cfwids - ok
15:07:08.0074 9764  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
15:07:08.0083 9764  circlass - ok
15:07:08.0119 9764  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
15:07:08.0280 9764  CLFS - ok
15:07:08.0796 9764  [ 8B67044AE0621C005245EF62EEF0746F ] CLHNService     C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
15:07:08.0907 9764  CLHNService - ok
15:07:08.0978 9764  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:07:08.0984 9764  clr_optimization_v2.0.50727_32 - ok
15:07:09.0364 9764  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:07:10.0175 9764  clr_optimization_v4.0.30319_32 - ok
15:07:10.0932 9764  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:07:11.0019 9764  CmBatt - ok
15:07:11.0429 9764  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:07:11.0436 9764  cmdide - ok
15:07:11.0500 9764  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:07:11.0504 9764  Compbatt - ok
15:07:11.0537 9764  COMSysApp - ok
15:07:11.0549 9764  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:07:11.0556 9764  crcdisk - ok
15:07:11.0969 9764  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
15:07:11.0981 9764  Crusoe - ok
15:07:12.0593 9764  [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:07:12.0596 9764  CryptSvc - ok
15:07:12.0831 9764  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:07:12.0839 9764  DcomLaunch - ok
15:07:12.0899 9764  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:07:12.0996 9764  DfsC - ok
15:07:13.0463 9764  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
15:07:13.0711 9764  DFSR - ok
15:07:14.0190 9764  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
15:07:14.0192 9764  Dhcp - ok
15:07:14.0761 9764  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
15:07:14.0768 9764  disk - ok
15:07:15.0308 9764  [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr         C:\Windows\system32\DRIVERS\DKbFltr.sys
15:07:15.0388 9764  DKbFltr - ok
15:07:15.0818 9764  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:07:15.0820 9764  Dnscache - ok
15:07:15.0925 9764  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:07:15.0935 9764  dot3svc - ok
15:07:16.0001 9764  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
15:07:16.0008 9764  DPS - ok
15:07:17.0369 9764  [ 5C918D413F5837E67A85775C9873775E ] DritekPortIO    C:\PROGRA~1\LAUNCH~1\DPortIO.sys
15:07:17.0450 9764  DritekPortIO - ok
15:07:17.0587 9764  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:07:17.0596 9764  drmkaud - ok
15:07:17.0901 9764  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:07:18.0032 9764  DXGKrnl - ok
15:07:18.0625 9764  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
15:07:18.0641 9764  E1G60 - ok
15:07:18.0719 9764  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
15:07:18.0719 9764  EapHost - ok
15:07:18.0937 9764  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
15:07:18.0937 9764  Ecache - ok
15:07:19.0327 9764  [ B1F2503E23425B386DF0F3413B2596F3 ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
15:07:19.0437 9764  eDataSecurity Service - ok
15:07:19.0546 9764  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:07:19.0593 9764  ehRecvr - ok
15:07:19.0639 9764  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
15:07:19.0639 9764  ehSched - ok
15:07:19.0702 9764  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
15:07:19.0717 9764  ehstart - ok
15:07:19.0842 9764  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:07:19.0858 9764  elxstor - ok
15:07:19.0951 9764  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
15:07:19.0951 9764  EMDMgmt - ok
15:07:20.0076 9764  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:07:20.0092 9764  ErrDev - ok
15:07:20.0232 9764  [ F25247D0E011A643EE60052CE23BE05E ] ETService       C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
15:07:20.0295 9764  ETService - ok
15:07:20.0435 9764  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
15:07:20.0435 9764  EventSystem - ok
15:07:20.0638 9764  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
15:07:20.0638 9764  exfat - ok
15:07:20.0966 9764  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:07:20.0966 9764  fastfat - ok
15:07:21.0044 9764  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:07:21.0059 9764  fdc - ok
15:07:21.0168 9764  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:07:21.0168 9764  fdPHost - ok
15:07:21.0184 9764  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:07:21.0184 9764  FDResPub - ok
15:07:21.0231 9764  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:07:21.0231 9764  FileInfo - ok
15:07:21.0371 9764  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:07:21.0387 9764  Filetrace - ok
15:07:21.0543 9764  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:07:21.0543 9764  flpydisk - ok
15:07:21.0714 9764  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:07:21.0730 9764  FltMgr - ok
15:07:22.0027 9764  [ 119ACA7CADCA75BEA6B38E999443BAA6 ] FontCache       C:\Windows\system32\FntCache.dll
15:07:22.0105 9764  FontCache - ok
15:07:22.0229 9764  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:07:22.0229 9764  FontCache3.0.0.0 - ok
15:07:22.0339 9764  [ D909075FA72C090F27AA926C32CB4612 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
15:07:22.0495 9764  fssfltr - ok
15:07:24.0523 9764  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:07:25.0116 9764  fsssvc - ok
15:07:25.0303 9764  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:07:25.0381 9764  Fs_Rec - ok
15:07:25.0506 9764  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:07:25.0521 9764  gagp30kx - ok
15:07:25.0787 9764  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:07:25.0849 9764  GEARAspiWDM - ok
15:07:26.0239 9764  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
15:07:26.0333 9764  GoogleDesktopManager-051210-111108 - ok
15:07:26.0941 9764  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:07:26.0972 9764  gpsvc - ok
15:07:27.0144 9764  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:07:27.0144 9764  HdAudAddService - ok
15:07:27.0191 9764  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:07:27.0222 9764  HDAudBus - ok
15:07:27.0285 9764  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:07:27.0285 9764  HidBth - ok
15:07:27.0316 9764  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:07:27.0347 9764  HidIr - ok
15:07:27.0394 9764  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
15:07:27.0394 9764  hidserv - ok
15:07:27.0441 9764  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:07:27.0441 9764  HidUsb - ok
15:07:27.0534 9764  [ D61E53E3FEC0C92BC8DD3969FAD63F87 ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
15:07:27.0612 9764  HipShieldK - ok
15:07:27.0799 9764  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:07:27.0815 9764  hkmsvc - ok
15:07:28.0205 9764  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
15:07:28.0205 9764  HpCISSs - ok
15:07:28.0283 9764  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:07:28.0299 9764  HTTP - ok
15:07:28.0377 9764  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
15:07:28.0377 9764  i2omp - ok
15:07:28.0611 9764  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:07:28.0626 9764  i8042prt - ok
15:07:28.0751 9764  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
15:07:28.0767 9764  iaStorV - ok
15:07:29.0703 9764  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:07:30.0047 9764  idsvc - ok
15:07:30.0983 9764  [ DCE0B53570703CCE580D066F89EF58CD ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
15:07:31.0842 9764  igfx - ok
15:07:31.0889 9764  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:07:31.0889 9764  iirsp - ok
15:07:32.0124 9764  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:07:32.0124 9764  IKEEXT - ok
15:07:32.0171 9764  [ 58FF11C95C3681C9250914521CB9F036 ] int15           C:\Windows\system32\drivers\int15.sys
15:07:32.0249 9764  int15 - ok
15:07:33.0014 9764  [ CF2219A2FED4F8F2E0817A2BF1658799 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:07:33.0935 9764  IntcAzAudAddService - ok
15:07:34.0233 9764  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:07:34.0233 9764  intelide - ok
15:07:34.0529 9764  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:07:34.0560 9764  intelppm - ok
15:07:34.0950 9764  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:07:34.0966 9764  IPBusEnum - ok
15:07:35.0013 9764  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:07:35.0013 9764  IpFilterDriver - ok
15:07:35.0607 9764  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:07:35.0607 9764  iphlpsvc - ok
15:07:35.0638 9764  IpInIp - ok
15:07:35.0669 9764  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
15:07:35.0685 9764  IPMIDRV - ok
15:07:35.0778 9764  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
15:07:35.0794 9764  IPNAT - ok
15:07:35.0856 9764  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:07:36.0012 9764  iPod Service - ok
15:07:36.0168 9764  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:07:36.0184 9764  IRENUM - ok
15:07:36.0340 9764  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:07:36.0340 9764  isapnp - ok
15:07:36.0465 9764  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:07:36.0480 9764  iScsiPrt - ok
15:07:36.0636 9764  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
15:07:36.0652 9764  iteatapi - ok
15:07:36.0683 9764  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
15:07:36.0683 9764  iteraid - ok
15:07:36.0761 9764  [ 8C17DEB1995E593853373C30485E7368 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
15:07:36.0917 9764  JMCR - ok
15:07:36.0995 9764  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:07:36.0995 9764  kbdclass - ok
15:07:37.0089 9764  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:07:37.0104 9764  kbdhid - ok
15:07:37.0245 9764  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
15:07:37.0338 9764  KeyIso - ok
15:07:37.0479 9764  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:07:37.0666 9764  KSecDD - ok
15:07:38.0181 9764  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:07:38.0181 9764  KtmRm - ok
15:07:38.0373 9764  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:07:38.0443 9764  LanmanServer - ok
15:07:38.0983 9764  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:07:38.0993 9764  LanmanWorkstation - ok
15:07:39.0163 9764  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:07:39.0173 9764  lltdio - ok
15:07:39.0813 9764  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:07:39.0828 9764  lltdsvc - ok
15:07:40.0125 9764  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:07:40.0172 9764  lmhosts - ok
15:07:40.0218 9764  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:07:40.0281 9764  LSI_FC - ok
15:07:40.0343 9764  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:07:40.0343 9764  LSI_SAS - ok
15:07:40.0484 9764  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:07:40.0499 9764  LSI_SCSI - ok
15:07:40.0562 9764  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
15:07:40.0577 9764  luafv - ok
15:07:40.0858 9764  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:07:41.0030 9764  MBAMProtector - ok
15:07:41.0420 9764  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:07:41.0545 9764  MBAMScheduler - ok
15:07:41.0732 9764  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:07:41.0857 9764  MBAMService - ok
15:07:42.0356 9764  [ 10C84498D8A315178CEC55BF98BD4336 ] McAfee SiteAdvisor Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
15:07:42.0543 9764  McAfee SiteAdvisor Service - ok
15:07:42.0996 9764  [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe
15:07:42.0996 9764  McComponentHostService - ok
15:07:43.0198 9764  [ ECAB006AC6136F1307E140B633CDB8C2 ] McMPFSvc        C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:07:43.0198 9764  McMPFSvc - ok
15:07:43.0635 9764  [ ECAB006AC6136F1307E140B633CDB8C2 ] mcmscsvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:07:43.0635 9764  mcmscsvc - ok
15:07:43.0791 9764  [ ECAB006AC6136F1307E140B633CDB8C2 ] McNaiAnn        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:07:43.0791 9764  McNaiAnn - ok
15:07:43.0838 9764  [ ECAB006AC6136F1307E140B633CDB8C2 ] McNASvc         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:07:43.0838 9764  McNASvc - ok
15:07:43.0979 9764  [ C7DA06C9A9AEEFBE37AAC281EA6385D5 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
15:07:43.0979 9764  McODS - ok
15:07:43.0994 9764  [ ECAB006AC6136F1307E140B633CDB8C2 ] McProxy         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:07:44.0010 9764  McProxy - ok
15:07:44.0369 9764  [ 6FE0532CB16300C09D098F808EAAEE9D ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
15:07:44.0369 9764  McShield - ok
15:07:44.0415 9764  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:07:44.0431 9764  Mcx2Svc - ok
15:07:44.0571 9764  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:07:44.0587 9764  megasas - ok
15:07:44.0696 9764  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
15:07:44.0712 9764  MegaSR - ok
15:07:44.0852 9764  [ 6708AD7D9ABDD6FDE1EB9B54FFE426B0 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
15:07:44.0946 9764  mfeapfk - ok
15:07:45.0024 9764  [ 375DE90B68533D9D0D7766D4CCB4CA32 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
15:07:45.0133 9764  mfeavfk - ok
15:07:45.0164 9764  mfeavfk01 - ok
15:07:45.0227 9764  [ 5ED806D4DF27AC11236BD9AD2CC10B7E ] mfebopk         C:\Windows\system32\drivers\mfebopk.sys
15:07:45.0336 9764  mfebopk - ok
15:07:45.0570 9764  [ 1A427BB508ACBEE09A88F08D1CA38E2F ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:07:45.0679 9764  mfefire - ok
15:07:45.0898 9764  [ 16BF9475BFCFAA420A8CB29E40284457 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
15:07:46.0303 9764  mfefirek - ok
15:07:46.0647 9764  [ 875452ECDF4AEBE12B8C2EFD8599A36F ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
15:07:48.0300 9764  mfehidk - ok
15:07:48.0753 9764  [ D669ACBE7672819109706C3CFF6BD1DB ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
15:07:48.0768 9764  mferkdet - ok
15:07:49.0049 9764  [ D66A1A16166897A5F7D04961F582F03B ] mfevtp          C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
15:07:49.0159 9764  mfevtp - ok
15:07:49.0377 9764  [ 28A9A52052006AC4B5EF1992C2984252 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
15:07:49.0486 9764  mfewfpk - ok
15:07:49.0564 9764  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
15:07:49.0580 9764  MMCSS - ok
15:07:49.0705 9764  MobilityService - ok
15:07:49.0783 9764  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
15:07:49.0798 9764  Modem - ok
15:07:49.0861 9764  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:07:49.0907 9764  monitor - ok
15:07:50.0095 9764  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:07:50.0095 9764  mouclass - ok
15:07:50.0173 9764  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:07:50.0173 9764  mouhid - ok
15:07:50.0391 9764  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
15:07:50.0391 9764  MountMgr - ok
15:07:50.0750 9764  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:07:50.0766 9764  mpio - ok
15:07:50.0797 9764  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:07:50.0812 9764  mpsdrv - ok
15:07:50.0906 9764  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:07:50.0922 9764  MpsSvc - ok
15:07:51.0608 9764  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
15:07:51.0624 9764  Mraid35x - ok
15:07:51.0827 9764  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:07:51.0827 9764  MRxDAV - ok
15:07:51.0951 9764  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:07:52.0123 9764  mrxsmb - ok
15:07:52.0326 9764  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:07:52.0622 9764  mrxsmb10 - ok
15:07:52.0763 9764  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:07:53.0044 9764  mrxsmb20 - ok
15:07:53.0137 9764  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:07:53.0153 9764  msahci - ok
15:07:53.0200 9764  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:07:53.0215 9764  msdsm - ok
15:07:53.0293 9764  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
15:07:53.0293 9764  MSDTC - ok
15:07:54.0371 9764  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:07:54.0371 9764  Msfs - ok
15:07:54.0620 9764  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:07:54.0620 9764  msisadrv - ok
15:07:54.0745 9764  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:07:54.0792 9764  MSiSCSI - ok
15:07:54.0792 9764  msiserver - ok
15:07:54.0854 9764  [ ECAB006AC6136F1307E140B633CDB8C2 ] MSK80Service    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:07:54.0854 9764  MSK80Service - ok
15:07:54.0979 9764  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:07:55.0026 9764  MSKSSRV - ok
15:07:55.0198 9764  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:07:55.0198 9764  MSPCLOCK - ok
15:07:55.0260 9764  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:07:55.0276 9764  MSPQM - ok
15:07:55.0322 9764  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:07:55.0322 9764  MsRPC - ok
15:07:55.0416 9764  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:07:55.0416 9764  mssmbios - ok
15:07:55.0588 9764  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:07:55.0588 9764  MSTEE - ok
15:07:55.0666 9764  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
15:07:55.0666 9764  Mup - ok
15:07:55.0791 9764  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
15:07:55.0791 9764  napagent - ok
15:07:55.0900 9764  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:07:55.0900 9764  NativeWifiP - ok
15:07:56.0009 9764  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:07:56.0056 9764  NDIS - ok
15:07:56.0149 9764  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:07:56.0149 9764  NdisTapi - ok
15:07:56.0181 9764  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:07:56.0196 9764  Ndisuio - ok
15:07:56.0321 9764  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:07:56.0368 9764  NdisWan - ok
15:07:56.0508 9764  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:07:56.0524 9764  NDProxy - ok
15:07:56.0539 9764  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:07:56.0555 9764  NetBIOS - ok
15:07:56.0649 9764  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
15:07:56.0680 9764  netbt - ok
15:07:56.0711 9764  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
15:07:56.0727 9764  Netlogon - ok
15:07:57.0292 9764  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
15:07:57.0332 9764  Netman - ok
15:07:57.0372 9764  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
15:07:57.0382 9764  netprofm - ok
15:07:57.0841 9764  [ E9F451618E9C56865FBD94F7A72CD9B2 ] netr28          C:\Windows\system32\DRIVERS\netr28.sys
15:07:58.0089 9764  netr28 - ok
15:07:58.0231 9764  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:07:58.0299 9764  NetTcpPortSharing - ok
15:07:58.0806 9764  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:07:58.0914 9764  nfrd960 - ok
15:07:59.0021 9764  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:07:59.0025 9764  NlaSvc - ok
15:07:59.0168 9764  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:07:59.0172 9764  Npfs - ok
15:07:59.0316 9764  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
15:07:59.0325 9764  nsi - ok
15:07:59.0402 9764  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:07:59.0694 9764  nsiproxy - ok
15:08:00.0639 9764  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:08:01.0934 9764  Ntfs - ok
15:08:02.0094 9764  [ 973DCB15731339FCA176E534055CF115 ] NTIBackupSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
15:08:02.0224 9764  NTIBackupSvc - ok
15:08:02.0344 9764  [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
15:08:02.0504 9764  NTIDrvr - ok
15:08:02.0914 9764  [ 58751F9248D50BCE1053976C9E2F0859 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
15:08:03.0004 9764  NTISchedulerSvc - ok
15:08:03.0084 9764  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
15:08:03.0094 9764  ntrigdigi - ok
15:08:03.0194 9764  [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
15:08:03.0194 9764  NuidFltr - ok
15:08:03.0435 9764  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
15:08:03.0435 9764  Null - ok
15:08:03.0475 9764  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:08:03.0495 9764  nvraid - ok
15:08:03.0997 9764  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:08:04.0062 9764  nvstor - ok
15:08:04.0219 9764  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:08:04.0228 9764  nv_agp - ok
15:08:04.0253 9764  NwlnkFlt - ok
15:08:04.0285 9764  NwlnkFwd - ok
15:08:05.0008 9764  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:08:05.0137 9764  odserv - ok
15:08:05.0398 9764  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:08:05.0575 9764  ohci1394 - ok
15:08:06.0135 9764  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:08:06.0387 9764  ose - ok
15:08:06.0857 9764  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
15:08:06.0972 9764  p2pimsvc - ok
15:08:07.0168 9764  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:08:07.0176 9764  p2psvc - ok
15:08:07.0300 9764  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
15:08:07.0433 9764  Parport - ok
15:08:07.0487 9764  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:08:07.0645 9764  partmgr - ok
15:08:07.0893 9764  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
15:08:07.0914 9764  Parvdm - ok
15:08:08.0050 9764  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:08:08.0071 9764  PcaSvc - ok
15:08:08.0412 9764  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
15:08:08.0467 9764  pci - ok
15:08:08.0782 9764  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
15:08:08.0786 9764  pciide - ok
15:08:08.0912 9764  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:08:08.0921 9764  pcmcia - ok
15:08:09.0112 9764  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:08:09.0554 9764  PEAUTH - ok
15:08:11.0423 9764  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
15:08:11.0452 9764  pla - ok
15:08:11.0809 9764  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:08:11.0816 9764  PlugPlay - ok
15:08:12.0050 9764  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
15:08:12.0058 9764  PNRPAutoReg - ok
15:08:12.0095 9764  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
15:08:12.0103 9764  PNRPsvc - ok
15:08:12.0164 9764  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:08:12.0259 9764  PolicyAgent - ok
15:08:12.0430 9764  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:08:12.0439 9764  PptpMiniport - ok
15:08:12.0552 9764  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
15:08:12.0559 9764  Processor - ok
15:08:12.0735 9764  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:08:12.0765 9764  ProfSvc - ok
15:08:12.0809 9764  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:08:12.0812 9764  ProtectedStorage - ok
15:08:12.0866 9764  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
15:08:12.0869 9764  PSched - ok
15:08:12.0907 9764  [ 628321C8DD76AD369B362B202E655A68 ] PSDFilter       C:\Windows\system32\DRIVERS\psdfilter.sys
15:08:12.0982 9764  PSDFilter - ok
15:08:13.0014 9764  [ 79D7117E62709C7690CF3DD55ACEAD37 ] PSDNServ        C:\Windows\system32\DRIVERS\PSDNServ.sys
15:08:13.0089 9764  PSDNServ - ok
15:08:13.0130 9764  [ CAE5E82827990CF4BD4A49576BDE3A43 ] psdvdisk        C:\Windows\system32\DRIVERS\PSDVdisk.sys
15:08:13.0223 9764  psdvdisk - ok
15:08:13.0423 9764  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:08:14.0130 9764  ql2300 - ok
15:08:14.0272 9764  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:08:14.0279 9764  ql40xx - ok
15:08:14.0827 9764  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
15:08:15.0083 9764  QWAVE - ok
15:08:15.0195 9764  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:08:15.0205 9764  QWAVEdrv - ok
15:08:15.0285 9764  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:08:15.0295 9764  RasAcd - ok
15:08:15.0425 9764  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
15:08:15.0435 9764  RasAuto - ok
15:08:15.0545 9764  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:08:15.0545 9764  Rasl2tp - ok
15:08:15.0675 9764  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
15:08:15.0825 9764  RasMan - ok
15:08:16.0395 9764  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:08:16.0405 9764  RasPppoe - ok
15:08:16.0485 9764  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:08:16.0535 9764  RasSstp - ok
15:08:17.0035 9764  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:08:18.0083 9764  rdbss - ok
15:08:18.0374 9764  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:08:18.0453 9764  RDPCDD - ok
15:08:18.0763 9764  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
15:08:18.0957 9764  rdpdr - ok
15:08:19.0014 9764  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:08:19.0222 9764  RDPENCDD - ok
15:08:19.0355 9764  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:08:19.0591 9764  RDPWD - ok
15:08:19.0790 9764  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:08:19.0800 9764  RemoteAccess - ok
15:08:20.0042 9764  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:08:20.0086 9764  RemoteRegistry - ok
15:08:20.0402 9764  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo       C:\Program Files\Cyberlink\Shared files\RichVideo.exe
15:08:20.0717 9764  RichVideo - ok
15:08:21.0112 9764  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
15:08:21.0218 9764  RpcLocator - ok
15:08:21.0359 9764  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
15:08:21.0366 9764  RpcSs - ok
15:08:21.0613 9764  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:08:21.0653 9764  rspndr - ok
15:08:21.0936 9764  [ 974AF42FC1CB6DC35DE34109BEF80054 ] RS_Service      C:\Program Files\Acer\Acer VCM\RS_Service.exe
15:08:22.0097 9764  RS_Service - ok
15:08:22.0660 9764  [ 125C504A34D0A2E152517E342E7E432C ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
15:08:23.0083 9764  RTL8169 - ok
15:08:23.0307 9764  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
15:08:23.0419 9764  SamSs - ok
15:08:24.0342 9764  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:08:24.0357 9764  sbp2port - ok
15:08:24.0478 9764  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:08:24.0487 9764  SCardSvr - ok
15:08:24.0573 9764  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
15:08:24.0659 9764  Schedule - ok
15:08:25.0472 9764  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:08:25.0473 9764  SCPolicySvc - ok
15:08:25.0755 9764  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
15:08:25.0764 9764  sdbus - ok
15:08:25.0838 9764  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:08:25.0852 9764  SDRSVC - ok
15:08:25.0882 9764  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:08:25.0886 9764  secdrv - ok
15:08:25.0953 9764  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
15:08:25.0957 9764  seclogon - ok
15:08:25.0974 9764  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
15:08:25.0982 9764  SENS - ok
15:08:26.0010 9764  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:08:26.0016 9764  Serenum - ok
15:08:26.0056 9764  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
15:08:26.0065 9764  Serial - ok
15:08:26.0152 9764  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:08:26.0156 9764  sermouse - ok
15:08:26.0470 9764  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:08:26.0475 9764  SessionEnv - ok
15:08:26.0672 9764  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:08:26.0745 9764  sffdisk - ok
15:08:26.0779 9764  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:08:26.0807 9764  sffp_mmc - ok
15:08:26.0847 9764  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:08:26.0856 9764  sffp_sd - ok
15:08:26.0889 9764  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:08:26.0897 9764  sfloppy - ok
15:08:27.0444 9764  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:08:27.0457 9764  SharedAccess - ok
15:08:27.0542 9764  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:08:27.0546 9764  ShellHWDetection - ok
15:08:27.0581 9764  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:08:27.0586 9764  sisagp - ok
15:08:27.0601 9764  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
15:08:27.0615 9764  SiSRaid2 - ok
15:08:27.0636 9764  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:08:27.0646 9764  SiSRaid4 - ok
15:08:27.0911 9764  [ 7C70691D01181E3F441C6B9D429D24CC ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
15:08:36.0949 9764  SkypeUpdate - ok
15:08:37.0098 9764  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
15:08:37.0159 9764  slsvc - ok
15:08:37.0247 9764  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
15:08:37.0256 9764  SLUINotify - ok
15:08:37.0348 9764  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:08:37.0355 9764  Smb - ok
15:08:38.0135 9764  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:08:38.0138 9764  SNMPTRAP - ok
15:08:38.0414 9764  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
15:08:38.0440 9764  spldr - ok
15:08:38.0479 9764  Spooler - ok
15:08:38.0668 9764  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:08:38.0911 9764  srv - ok
15:08:39.0167 9764  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:08:39.0452 9764  srv2 - ok
15:08:39.0541 9764  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:08:39.0627 9764  srvnet - ok
15:08:39.0740 9764  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:08:39.0766 9764  SSDPSRV - ok
15:08:39.0998 9764  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:08:40.0002 9764  SstpSvc - ok
15:08:40.0494 9764  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
15:08:40.0557 9764  stisvc - ok
15:08:40.0680 9764  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:08:40.0717 9764  swenum - ok
15:08:40.0810 9764  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
15:08:40.0929 9764  swprv - ok
15:08:41.0201 9764  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
15:08:41.0250 9764  Symc8xx - ok
15:08:41.0347 9764  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
15:08:41.0455 9764  Sym_hi - ok
15:08:41.0526 9764  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
15:08:41.0571 9764  Sym_u3 - ok
15:08:42.0078 9764  [ 32E8B307F0E9F72B66B518FD62EAB91E ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
15:08:42.0407 9764  SynTP - ok
15:08:42.0755 9764  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
15:08:43.0232 9764  SysMain - ok
15:08:43.0267 9764  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:08:43.0280 9764  TabletInputService - ok
15:08:43.0330 9764  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:08:43.0342 9764  TapiSrv - ok
15:08:43.0432 9764  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
15:08:43.0437 9764  TBS - ok
15:08:43.0667 9764  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:08:44.0090 9764  Tcpip - ok
15:08:44.0300 9764  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
15:08:44.0318 9764  Tcpip6 - ok
15:08:44.0630 9764  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:08:44.0785 9764  tcpipreg - ok
15:08:44.0997 9764  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:08:45.0097 9764  TDPIPE - ok
15:08:45.0159 9764  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:08:45.0284 9764  TDTCP - ok
15:08:45.0359 9764  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:08:45.0442 9764  tdx - ok
15:08:46.0669 9764  [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7     C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
15:08:46.0851 9764  TeamViewer7 - ok
15:08:47.0085 9764  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:08:47.0146 9764  TermDD - ok
15:08:47.0284 9764  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
15:08:47.0311 9764  TermService - ok
15:08:47.0503 9764  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
15:08:47.0507 9764  Themes - ok
15:08:47.0896 9764  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
15:08:47.0899 9764  THREADORDER - ok
15:08:48.0156 9764  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
15:08:48.0394 9764  TrkWks - ok
15:08:48.0567 9764  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:08:48.0570 9764  TrustedInstaller - ok
15:08:48.0721 9764  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:08:48.0819 9764  tssecsrv - ok
15:08:49.0261 9764  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
15:08:49.0311 9764  tunmp - ok
15:08:49.0586 9764  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:08:49.0641 9764  tunnel - ok
15:08:49.0761 9764  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:08:49.0856 9764  uagp35 - ok
15:08:49.0996 9764  [ F763E070843EE2803DE1395002B42938 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
15:08:50.0472 9764  UBHelper - ok
15:08:50.0546 9764  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:08:50.0560 9764  udfs - ok
15:08:51.0826 9764  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:08:51.0882 9764  UI0Detect - ok
15:08:52.0318 9764  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:08:53.0133 9764  uliagpkx - ok
15:08:53.0195 9764  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
15:08:53.0205 9764  uliahci - ok
15:08:53.0355 9764  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
15:08:53.0365 9764  UlSata - ok
15:08:53.0400 9764  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
15:08:53.0409 9764  ulsata2 - ok
15:08:53.0599 9764  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:08:53.0608 9764  umbus - ok
15:08:53.0648 9764  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
15:08:53.0654 9764  upnphost - ok
15:08:53.0893 9764  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:08:53.0903 9764  usbccgp - ok
15:08:53.0962 9764  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:08:53.0971 9764  usbcir - ok
15:08:54.0230 9764  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:08:54.0237 9764  usbehci - ok
15:08:54.0288 9764  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:08:54.0297 9764  usbhub - ok
15:08:54.0359 9764  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:08:54.0364 9764  usbohci - ok
15:08:54.0446 9764  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
15:08:54.0452 9764  usbprint - ok
15:08:54.0521 9764  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:08:54.0523 9764  USBSTOR - ok
15:08:54.0670 9764  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:08:54.0670 9764  usbuhci - ok
15:08:54.0730 9764  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
15:08:54.0830 9764  usbvideo - ok
15:08:54.0880 9764  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
15:08:54.0960 9764  UxSms - ok
15:08:55.0060 9764  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
15:08:55.0070 9764  vds - ok
15:08:55.0105 9764  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:08:55.0110 9764  vga - ok
15:08:55.0180 9764  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:08:55.0190 9764  VgaSave - ok
15:08:55.0533 9764  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:08:55.0540 9764  viaagp - ok
15:08:55.0562 9764  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
15:08:55.0573 9764  ViaC7 - ok
15:08:55.0608 9764  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
15:08:55.0614 9764  viaide - ok
15:08:55.0670 9764  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:08:55.0678 9764  volmgr - ok
15:08:55.0851 9764  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:08:55.0861 9764  volmgrx - ok
15:08:55.0992 9764  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:08:56.0279 9764  volsnap - ok
15:08:56.0375 9764  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:08:56.0383 9764  vsmraid - ok
15:08:56.0463 9764  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
15:08:56.0876 9764  VSS - ok
15:08:56.0920 9764  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
15:08:56.0934 9764  W32Time - ok
15:08:57.0435 9764  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:08:57.0439 9764  WacomPen - ok
15:08:57.0469 9764  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
15:08:57.0479 9764  Wanarp - ok
15:08:57.0488 9764  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:08:57.0489 9764  Wanarpv6 - ok
15:08:57.0635 9764  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:08:57.0664 9764  wcncsvc - ok
15:08:57.0724 9764  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:08:57.0735 9764  WcsPlugInService - ok
15:08:57.0822 9764  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
15:08:57.0846 9764  Wd - ok
15:08:58.0004 9764  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:08:58.0308 9764  Wdf01000 - ok
15:08:58.0345 9764  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:08:58.0354 9764  WdiServiceHost - ok
15:08:58.0368 9764  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:08:58.0372 9764  WdiSystemHost - ok
15:08:58.0418 9764  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
15:08:58.0432 9764  WebClient - ok
15:08:58.0488 9764  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:08:58.0610 9764  Wecsvc - ok
15:08:58.0641 9764  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:08:58.0651 9764  wercplsupport - ok
15:08:58.0720 9764  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:08:58.0730 9764  WerSvc - ok
15:08:58.0784 9764  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:08:58.0822 9764  WinDefend - ok
15:08:58.0843 9764  WinHttpAutoProxySvc - ok
15:08:58.0968 9764  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:08:59.0124 9764  Winmgmt - ok
15:08:59.0329 9764  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:08:59.0726 9764  WinRM - ok
15:08:59.0806 9764  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:08:59.0836 9764  Wlansvc - ok
15:08:59.0958 9764  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:09:00.0057 9764  wlcrasvc - ok
15:09:00.0339 9764  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:09:00.0496 9764  wlidsvc - ok
15:09:00.0709 9764  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:09:00.0727 9764  WmiAcpi - ok
15:09:01.0248 9764  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:09:01.0260 9764  wmiApSrv - ok
15:09:01.0397 9764  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:09:01.0444 9764  WMPNetworkSvc - ok
15:09:02.0317 9764  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:09:02.0330 9764  WPCSvc - ok
15:09:02.0505 9764  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:09:02.0513 9764  WPDBusEnum - ok
15:09:02.0980 9764  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:09:03.0251 9764  WPFFontCache_v0400 - ok
15:09:03.0292 9764  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:09:03.0297 9764  ws2ifsl - ok
15:09:03.0343 9764  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
15:09:03.0347 9764  wscsvc - ok
15:09:03.0355 9764  WSearch - ok
15:09:03.0528 9764  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:09:03.0816 9764  wuauserv - ok
15:09:04.0343 9764  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:09:04.0345 9764  WudfPf - ok
15:09:04.0850 9764  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:09:04.0852 9764  WUDFRd - ok
15:09:05.0295 9764  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:09:05.0556 9764  wudfsvc - ok
15:09:05.0712 9764  ================ Scan global ===============================
15:09:05.0871 9764  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:09:06.0068 9764  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
15:09:06.0238 9764  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
15:09:06.0855 9764  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:09:06.0863 9764  [Global] - ok
15:09:07.0139 9764  ================ Scan MBR ==================================
15:09:07.0311 9764  [ B68834F359AAEECE960DFCE11774571C ] \Device\Harddisk0\DR0
15:09:07.0312 9764  Suspicious mbr (Forged): \Device\Harddisk0\DR0
15:09:07.0491 9764  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected
15:09:07.0491 9764  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0)
15:09:07.0501 9764  [ 23B571400A29918F5392F6E85EEB756E ] \Device\Harddisk1\DR2
15:09:07.0537 9764  \Device\Harddisk1\DR2 - ok
15:09:07.0541 9764  ================ Scan VBR ==================================
15:09:07.0550 9764  [ ED7101971908AC6D0B68885E3602185B ] \Device\Harddisk0\DR0\Partition1
15:09:07.0553 9764  \Device\Harddisk0\DR0\Partition1 - ok
15:09:07.0622 9764  [ B1B367017BB195368F6F74D641C833D2 ] \Device\Harddisk0\DR0\Partition2
15:09:07.0624 9764  \Device\Harddisk0\DR0\Partition2 - ok
15:09:07.0630 9764  [ F00BDC13E90185967CBEA187A68BA5B9 ] \Device\Harddisk1\DR2\Partition1
15:09:07.0631 9764  \Device\Harddisk1\DR2\Partition1 - ok
15:09:07.0634 9764  ============================================================
15:09:07.0634 9764  Scan finished
15:09:07.0634 9764  ============================================================
15:09:07.0701 9740  Detected object count: 1
15:09:07.0701 9740  Actual detected object count: 1
15:11:03.0931 9740  \Device\Harddisk0\DR0\# - copied to quarantine
15:11:03.0955 9740  \Device\Harddisk0\DR0 - copied to quarantine
15:11:09.0312 9740  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - will be cured on reboot
15:11:09.0838 9740  \Device\Harddisk0\DR0 - ok
15:11:12.0101 9740  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Cure
15:11:21.0291 9632  Deinitialize success


15:25:22.0894 3108  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:25:23.0389 3108  ============================================================
15:25:23.0390 3108  Current date / time: 2013/07/28 15:25:23.0389
15:25:23.0390 3108  SystemInfo:
15:25:23.0390 3108  
15:25:23.0390 3108  OS Version: 6.0.6002 ServicePack: 2.0
15:25:23.0390 3108  Product type: Workstation
15:25:23.0390 3108  ComputerName: FRANK-PC
15:25:23.0427 3108  UserName: frank
15:25:23.0427 3108  Windows directory: C:\Windows
15:25:23.0427 3108  System windows directory: C:\Windows
15:25:23.0427 3108  Processor architecture: Intel x86
15:25:23.0427 3108  Number of processors: 2
15:25:23.0427 3108  Page size: 0x1000
15:25:23.0427 3108  Boot type: Normal boot
15:25:23.0427 3108  ============================================================
15:25:32.0979 3108  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:25:32.0979 3108  Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:25:32.0979 3108  ============================================================
15:25:32.0979 3108  \Device\Harddisk0\DR0:
15:25:32.0979 3108  MBR partitions:
15:25:32.0979 3108  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1802000, BlocksNum 0x11E16800
15:25:32.0979 3108  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13618800, BlocksNum 0x11E15800
15:25:32.0979 3108  \Device\Harddisk1\DR1:
15:25:32.0979 3108  MBR partitions:
15:25:32.0979 3108  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x776080
15:25:32.0979 3108  ============================================================
15:25:33.0010 3108  C: <-> \Device\Harddisk0\DR0\Partition1
15:25:34.0305 3108  D: <-> \Device\Harddisk0\DR0\Partition2
15:25:34.0305 3108  ============================================================
15:25:34.0305 3108  Initialize success
15:25:34.0305 3108  ============================================================
15:26:22.0692 4456  ============================================================
15:26:22.0692 4456  Scan started
15:26:22.0692 4456  Mode: Manual;
15:26:22.0692 4456  ============================================================
15:26:24.0034 4456  ================ Scan system memory ========================
15:26:24.0034 4456  System memory - ok
15:26:24.0034 4456  ================ Scan services =============================
15:26:24.0315 4456  33828659 - ok
15:26:24.0487 4456  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
15:26:24.0487 4456  ACPI - ok
15:26:24.0643 4456  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:26:24.0643 4456  AdobeARMservice - ok
15:26:24.0830 4456  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:26:24.0861 4456  AdobeFlashPlayerUpdateSvc - ok
15:26:24.0986 4456  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:26:25.0033 4456  adp94xx - ok
15:26:25.0080 4456  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:26:25.0111 4456  adpahci - ok
15:26:25.0142 4456  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
15:26:25.0173 4456  adpu160m - ok
15:26:25.0189 4456  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:26:25.0220 4456  adpu320 - ok
15:26:25.0267 4456  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:26:25.0283 4456  AeLookupSvc - ok
15:26:25.0329 4456  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
15:26:25.0361 4456  AFD - ok
15:26:25.0392 4456  [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
15:26:25.0407 4456  AgereModemAudio - ok
15:26:25.0454 4456  [ 38325C6AA8EAE011897D61CE48EC6435 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
15:26:25.0485 4456  AgereSoftModem - ok
15:26:25.0532 4456  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:26:25.0548 4456  agp440 - ok
15:26:25.0579 4456  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
15:26:25.0595 4456  aic78xx - ok
15:26:25.0641 4456  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
15:26:25.0641 4456  ALG - ok
15:26:25.0657 4456  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:26:25.0688 4456  aliide - ok
15:26:25.0704 4456  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:26:25.0704 4456  amdagp - ok
15:26:25.0719 4456  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:26:25.0735 4456  amdide - ok
15:26:25.0751 4456  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
15:26:25.0766 4456  AmdK7 - ok
15:26:25.0782 4456  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:26:25.0797 4456  AmdK8 - ok
15:26:25.0844 4456  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
15:26:25.0844 4456  Appinfo - ok
15:26:25.0922 4456  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:26:25.0938 4456  Apple Mobile Device - ok
15:26:25.0953 4456  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
15:26:25.0985 4456  arc - ok
15:26:26.0016 4456  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:26:26.0031 4456  arcsas - ok
15:26:26.0094 4456  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:26:26.0110 4456  AsyncMac - ok
15:26:26.0156 4456  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:26:26.0156 4456  atapi - ok
15:26:26.0515 4456  [ 99D78248BFD454BFA9B5BEC37350FADE ] athr            C:\Windows\system32\DRIVERS\athr.sys
15:26:26.0640 4456  athr - ok
15:26:26.0936 4456  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:26:26.0952 4456  AudioEndpointBuilder - ok
15:26:27.0014 4456  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:26:27.0014 4456  Audiosrv - ok
15:26:27.0077 4456  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:26:27.0092 4456  Beep - ok
15:26:27.0155 4456  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
15:26:27.0171 4456  BFE - ok
15:26:27.0217 4456  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
15:26:27.0264 4456  BITS - ok
15:26:27.0280 4456  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:26:27.0295 4456  blbdrive - ok
15:26:27.0389 4456  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:26:27.0420 4456  Bonjour Service - ok
15:26:27.0467 4456  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:26:27.0467 4456  bowser - ok
15:26:27.0576 4456  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
15:26:27.0592 4456  BrFiltLo - ok
15:26:27.0701 4456  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
15:26:27.0717 4456  BrFiltUp - ok
15:26:27.0810 4456  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
15:26:27.0826 4456  Browser - ok
15:26:27.0935 4456  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
15:26:27.0951 4456  Brserid - ok
15:26:27.0966 4456  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
15:26:27.0982 4456  BrSerWdm - ok
15:26:28.0060 4456  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
15:26:28.0075 4456  BrUsbMdm - ok
15:26:28.0154 4456  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
15:26:28.0169 4456  BrUsbSer - ok
15:26:28.0216 4456  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:26:28.0232 4456  BTHMODEM - ok
15:26:28.0263 4456  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:26:28.0278 4456  cdfs - ok
15:26:28.0310 4456  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:26:28.0341 4456  cdrom - ok
15:26:28.0388 4456  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:26:28.0403 4456  CertPropSvc - ok
15:26:28.0466 4456  [ 25C323075C5EA4A2555E35355A01F793 ] cfwids          C:\Windows\system32\drivers\cfwids.sys
15:26:28.0466 4456  cfwids - ok
15:26:28.0497 4456  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
15:26:28.0512 4456  circlass - ok
15:26:28.0544 4456  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
15:26:28.0559 4456  CLFS - ok
15:26:28.0700 4456  [ 8B67044AE0621C005245EF62EEF0746F ] CLHNService     C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
15:26:28.0715 4456  CLHNService - ok
15:26:28.0824 4456  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:26:28.0934 4456  clr_optimization_v2.0.50727_32 - ok
15:26:29.0058 4456  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:26:29.0215 4456  clr_optimization_v4.0.30319_32 - ok
15:26:29.0277 4456  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:26:29.0277 4456  CmBatt - ok
15:26:29.0417 4456  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:26:29.0433 4456  cmdide - ok
15:26:29.0480 4456  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:26:29.0480 4456  Compbatt - ok
15:26:29.0495 4456  COMSysApp - ok
15:26:29.0495 4456  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:26:29.0511 4456  crcdisk - ok
15:26:29.0542 4456  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
15:26:29.0558 4456  Crusoe - ok
15:26:29.0745 4456  [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:26:29.0745 4456  CryptSvc - ok
15:26:29.0963 4456  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:26:29.0963 4456  DcomLaunch - ok
15:26:30.0057 4456  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:26:30.0057 4456  DfsC - ok
15:26:30.0260 4456  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
15:26:30.0385 4456  DFSR - ok
15:26:30.0447 4456  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
15:26:30.0447 4456  Dhcp - ok
15:26:30.0478 4456  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
15:26:30.0494 4456  disk - ok
15:26:30.0541 4456  [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr         C:\Windows\system32\DRIVERS\DKbFltr.sys
15:26:30.0541 4456  DKbFltr - ok
15:26:30.0588 4456  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:26:30.0603 4456  Dnscache - ok
15:26:30.0634 4456  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:26:30.0634 4456  dot3svc - ok
15:26:30.0681 4456  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
15:26:30.0681 4456  DPS - ok
15:26:30.0744 4456  [ 5C918D413F5837E67A85775C9873775E ] DritekPortIO    C:\PROGRA~1\LAUNCH~1\DPortIO.sys
15:26:30.0759 4456  DritekPortIO - ok
15:26:30.0806 4456  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:26:30.0822 4456  drmkaud - ok
15:26:31.0024 4456  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:26:31.0040 4456  DXGKrnl - ok
15:26:31.0134 4456  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
15:26:31.0227 4456  E1G60 - ok
15:26:31.0368 4456  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
15:26:31.0368 4456  EapHost - ok
15:26:31.0477 4456  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
15:26:31.0524 4456  Ecache - ok
15:26:31.0617 4456  [ B1F2503E23425B386DF0F3413B2596F3 ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
15:26:31.0649 4456  eDataSecurity Service - ok
15:26:31.0836 4456  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:26:31.0867 4456  ehRecvr - ok
15:26:31.0883 4456  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
15:26:31.0898 4456  ehSched - ok
15:26:31.0945 4456  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
15:26:31.0945 4456  ehstart - ok
15:26:32.0039 4456  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:26:32.0070 4456  elxstor - ok
15:26:32.0132 4456  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
15:26:32.0164 4456  EMDMgmt - ok
15:26:32.0195 4456  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:26:32.0210 4456  ErrDev - ok
15:26:32.0257 4456  [ F25247D0E011A643EE60052CE23BE05E ] ETService       C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
15:26:32.0273 4456  ETService - ok
15:26:32.0335 4456  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
15:26:32.0335 4456  EventSystem - ok
15:26:32.0444 4456  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
15:26:32.0460 4456  exfat - ok
15:26:32.0507 4456  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:26:32.0507 4456  fastfat - ok
15:26:32.0569 4456  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:26:32.0569 4456  fdc - ok
15:26:32.0632 4456  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:26:32.0647 4456  fdPHost - ok
15:26:32.0663 4456  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:26:32.0678 4456  FDResPub - ok
15:26:32.0710 4456  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:26:32.0725 4456  FileInfo - ok
15:26:32.0756 4456  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:26:32.0772 4456  Filetrace - ok
15:26:32.0803 4456  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:26:32.0819 4456  flpydisk - ok
15:26:32.0850 4456  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:26:32.0866 4456  FltMgr - ok
15:26:33.0037 4456  [ 119ACA7CADCA75BEA6B38E999443BAA6 ] FontCache       C:\Windows\system32\FntCache.dll
15:26:33.0068 4456  FontCache - ok
15:26:33.0147 4456  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:26:33.0162 4456  FontCache3.0.0.0 - ok
15:26:33.0256 4456  [ D909075FA72C090F27AA926C32CB4612 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
15:26:33.0303 4456  fssfltr - ok
15:26:33.0568 4456  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:26:33.0786 4456  fsssvc - ok
15:26:33.0833 4456  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:26:33.0849 4456  Fs_Rec - ok
15:26:33.0958 4456  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:26:33.0973 4456  gagp30kx - ok
15:26:34.0114 4456  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:26:34.0129 4456  GEARAspiWDM - ok
15:26:34.0223 4456  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
15:26:34.0223 4456  GoogleDesktopManager-051210-111108 - ok
15:26:34.0301 4456  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:26:34.0332 4456  gpsvc - ok
15:26:34.0395 4456  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:26:34.0410 4456  HdAudAddService - ok
15:26:34.0535 4456  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:26:34.0535 4456  HDAudBus - ok
15:26:34.0582 4456  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:26:34.0613 4456  HidBth - ok
15:26:34.0676 4456  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:26:34.0691 4456  HidIr - ok
15:26:34.0722 4456  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
15:26:34.0738 4456  hidserv - ok
15:26:34.0769 4456  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:26:34.0800 4456  HidUsb - ok
15:26:34.0847 4456  [ D61E53E3FEC0C92BC8DD3969FAD63F87 ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
15:26:34.0863 4456  HipShieldK - ok
15:26:34.0894 4456  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:26:34.0910 4456  hkmsvc - ok
15:26:34.0941 4456  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
15:26:34.0956 4456  HpCISSs - ok
15:26:35.0066 4456  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:26:35.0081 4456  HTTP - ok
15:26:35.0128 4456  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
15:26:35.0144 4456  i2omp - ok
15:26:35.0206 4456  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:26:35.0222 4456  i8042prt - ok
15:26:35.0269 4456  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
15:26:35.0300 4456  iaStorV - ok
15:26:35.0393 4456  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:26:35.0440 4456  idsvc - ok
15:26:35.0737 4456  [ DCE0B53570703CCE580D066F89EF58CD ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
15:26:35.0815 4456  igfx - ok
15:26:35.0846 4456  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:26:35.0877 4456  iirsp - ok
15:26:35.0939 4456  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:26:35.0971 4456  IKEEXT - ok
15:26:36.0017 4456  [ 58FF11C95C3681C9250914521CB9F036 ] int15           C:\Windows\system32\drivers\int15.sys
15:26:36.0033 4456  int15 - ok
15:26:36.0127 4456  [ CF2219A2FED4F8F2E0817A2BF1658799 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:26:36.0158 4456  IntcAzAudAddService - ok
15:26:36.0220 4456  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:26:36.0252 4456  intelide - ok
15:26:36.0283 4456  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:26:36.0283 4456  intelppm - ok
15:26:36.0314 4456  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:26:36.0330 4456  IPBusEnum - ok
15:26:36.0345 4456  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:26:36.0376 4456  IpFilterDriver - ok
15:26:36.0408 4456  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:26:36.0423 4456  iphlpsvc - ok
15:26:36.0423 4456  IpInIp - ok
15:26:36.0454 4456  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
15:26:36.0595 4456  IPMIDRV - ok
15:26:36.0720 4456  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
15:26:36.0735 4456  IPNAT - ok
15:26:36.0829 4456  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:26:36.0844 4456  iPod Service - ok
15:26:36.0954 4456  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:26:36.0969 4456  IRENUM - ok
15:26:36.0985 4456  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:26:37.0000 4456  isapnp - ok
15:26:37.0375 4456  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:26:37.0391 4456  iScsiPrt - ok
15:26:37.0453 4456  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
15:26:37.0469 4456  iteatapi - ok
15:26:37.0547 4456  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
15:26:37.0578 4456  iteraid - ok
15:26:37.0687 4456  [ 8C17DEB1995E593853373C30485E7368 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
15:26:37.0703 4456  JMCR - ok
15:26:37.0765 4456  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:26:37.0781 4456  kbdclass - ok
15:26:37.0796 4456  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:26:37.0812 4456  kbdhid - ok
15:26:37.0937 4456  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
15:26:37.0952 4456  KeyIso - ok
15:26:38.0124 4456  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:26:38.0155 4456  KSecDD - ok
15:26:38.0202 4456  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:26:38.0218 4456  KtmRm - ok
15:26:38.0264 4456  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:26:38.0280 4456  LanmanServer - ok
15:26:38.0311 4456  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:26:38.0327 4456  LanmanWorkstation - ok
15:26:38.0374 4456  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:26:38.0389 4456  lltdio - ok
15:26:38.0436 4456  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:26:38.0452 4456  lltdsvc - ok
15:26:38.0530 4456  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:26:38.0530 4456  lmhosts - ok
15:26:38.0561 4456  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:26:38.0576 4456  LSI_FC - ok
15:26:38.0608 4456  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:26:38.0639 4456  LSI_SAS - ok
15:26:38.0701 4456  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:26:38.0888 4456  LSI_SCSI - ok
15:26:38.0935 4456  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
15:26:38.0935 4456  luafv - ok
15:26:38.0966 4456  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:26:38.0982 4456  MBAMProtector - ok
15:26:39.0107 4456  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:26:39.0122 4456  MBAMScheduler - ok
15:26:39.0169 4456  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:26:39.0201 4456  MBAMService - ok
15:26:39.0466 4456  [ 10C84498D8A315178CEC55BF98BD4336 ] McAfee SiteAdvisor Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
15:26:39.0497 4456  McAfee SiteAdvisor Service - ok
15:26:39.0669 4456  [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe
15:26:39.0684 4456  McComponentHostService - ok
15:26:39.0793 4456  [ ECAB006AC6136F1307E140B633CDB8C2 ] McMPFSvc        C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:26:39.0809 4456  McMPFSvc - ok
15:26:39.0887 4456  [ ECAB006AC6136F1307E140B633CDB8C2 ] mcmscsvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:26:39.0887 4456  mcmscsvc - ok
15:26:39.0887 4456  [ ECAB006AC6136F1307E140B633CDB8C2 ] McNaiAnn        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:26:39.0903 4456  McNaiAnn - ok
15:26:39.0903 4456  [ ECAB006AC6136F1307E140B633CDB8C2 ] McNASvc         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:26:39.0903 4456  McNASvc - ok
15:26:39.0965 4456  [ C7DA06C9A9AEEFBE37AAC281EA6385D5 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
15:26:39.0981 4456  McODS - ok
15:26:39.0996 4456  [ ECAB006AC6136F1307E140B633CDB8C2 ] McProxy         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:26:39.0996 4456  McProxy - ok
15:26:40.0074 4456  [ 6FE0532CB16300C09D098F808EAAEE9D ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
15:26:40.0090 4456  McShield - ok
15:26:40.0121 4456  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:26:40.0121 4456  Mcx2Svc - ok
15:26:40.0324 4456  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:26:40.0355 4456  megasas - ok
15:26:40.0574 4456  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
15:26:40.0605 4456  MegaSR - ok
15:26:40.0667 4456  [ 6708AD7D9ABDD6FDE1EB9B54FFE426B0 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
15:26:40.0667 4456  mfeapfk - ok
15:26:40.0761 4456  [ 375DE90B68533D9D0D7766D4CCB4CA32 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
15:26:40.0808 4456  mfeavfk - ok
15:26:40.0808 4456  mfeavfk01 - ok
15:26:40.0886 4456  [ 5ED806D4DF27AC11236BD9AD2CC10B7E ] mfebopk         C:\Windows\system32\drivers\mfebopk.sys
15:26:40.0901 4456  mfebopk - ok
15:26:40.0948 4456  [ 1A427BB508ACBEE09A88F08D1CA38E2F ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:26:40.0964 4456  mfefire - ok
15:26:41.0042 4456  [ 16BF9475BFCFAA420A8CB29E40284457 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
15:26:41.0057 4456  mfefirek - ok
15:26:41.0120 4456  [ 875452ECDF4AEBE12B8C2EFD8599A36F ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
15:26:41.0182 4456  mfehidk - ok
15:26:41.0245 4456  [ D669ACBE7672819109706C3CFF6BD1DB ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
15:26:41.0260 4456  mferkdet - ok
15:26:41.0354 4456  [ D66A1A16166897A5F7D04961F582F03B ] mfevtp          C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
15:26:41.0369 4456  mfevtp - ok
15:26:41.0525 4456  [ 28A9A52052006AC4B5EF1992C2984252 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
15:26:41.0541 4456  mfewfpk - ok
15:26:41.0650 4456  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
15:26:41.0666 4456  MMCSS - ok
15:26:41.0728 4456  MobilityService - ok
15:26:41.0759 4456  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
15:26:41.0759 4456  Modem - ok
15:26:41.0775 4456  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:26:41.0775 4456  monitor - ok
15:26:41.0853 4456  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:26:41.0869 4456  mouclass - ok
15:26:41.0884 4456  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:26:41.0884 4456  mouhid - ok
15:26:41.0915 4456  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
15:26:41.0931 4456  MountMgr - ok
15:26:42.0165 4456  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:26:42.0196 4456  mpio - ok
15:26:42.0228 4456  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:26:42.0259 4456  mpsdrv - ok
15:26:42.0337 4456  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:26:42.0352 4456  MpsSvc - ok
15:26:42.0399 4456  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
15:26:42.0415 4456  Mraid35x - ok
15:26:42.0462 4456  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:26:42.0555 4456  MRxDAV - ok
15:26:42.0633 4456  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:26:42.0649 4456  mrxsmb - ok
15:26:42.0696 4456  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:26:42.0727 4456  mrxsmb10 - ok
15:26:42.0758 4456  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:26:42.0789 4456  mrxsmb20 - ok
15:26:42.0852 4456  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:26:42.0883 4456  msahci - ok
15:26:42.0961 4456  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:26:42.0992 4456  msdsm - ok
15:26:43.0008 4456  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
15:26:43.0023 4456  MSDTC - ok
15:26:43.0132 4456  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:26:43.0148 4456  Msfs - ok
15:26:43.0179 4456  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:26:43.0195 4456  msisadrv - ok
15:26:43.0257 4456  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:26:43.0257 4456  MSiSCSI - ok
15:26:43.0273 4456  msiserver - ok
15:26:43.0772 4456  [ ECAB006AC6136F1307E140B633CDB8C2 ] MSK80Service    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:26:43.0772 4456  MSK80Service - ok
15:26:43.0991 4456  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:26:44.0006 4456  MSKSSRV - ok
15:26:44.0100 4456  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:26:44.0115 4456  MSPCLOCK - ok
15:26:44.0147 4456  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:26:44.0162 4456  MSPQM - ok
15:26:44.0225 4456  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:26:44.0240 4456  MsRPC - ok
15:26:44.0662 4456  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:26:44.0662 4456  mssmbios - ok
15:26:44.0724 4456  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:26:44.0724 4456  MSTEE - ok
15:26:44.0989 4456  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
15:26:45.0036 4456  Mup - ok
15:26:45.0083 4456  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
15:26:45.0645 4456  napagent - ok
15:26:45.0691 4456  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:26:45.0723 4456  NativeWifiP - ok
15:26:45.0925 4456  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:26:45.0925 4456  NDIS - ok
15:26:45.0972 4456  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:26:45.0988 4456  NdisTapi - ok
15:26:46.0222 4456  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:26:46.0238 4456  Ndisuio - ok
15:26:46.0347 4456  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:26:46.0362 4456  NdisWan - ok
15:26:46.0409 4456  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:26:46.0425 4456  NDProxy - ok
15:26:46.0456 4456  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:26:46.0456 4456  NetBIOS - ok
15:26:46.0596 4456  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
15:26:46.0628 4456  netbt - ok
15:26:46.0674 4456  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
15:26:46.0690 4456  Netlogon - ok
15:26:46.0721 4456  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
15:26:46.0721 4456  Netman - ok
15:26:46.0830 4456  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
15:26:46.0830 4456  netprofm - ok
15:26:46.0908 4456  [ E9F451618E9C56865FBD94F7A72CD9B2 ] netr28          C:\Windows\system32\DRIVERS\netr28.sys
15:26:46.0940 4456  netr28 - ok
15:26:46.0986 4456  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:26:47.0002 4456  NetTcpPortSharing - ok
15:26:47.0096 4456  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:26:47.0111 4456  nfrd960 - ok
15:26:47.0142 4456  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:26:47.0158 4456  NlaSvc - ok
15:26:47.0267 4456  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:26:47.0267 4456  Npfs - ok
15:26:47.0314 4456  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
15:26:47.0314 4456  nsi - ok
15:26:47.0345 4456  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:26:47.0361 4456  nsiproxy - ok
15:26:47.0423 4456  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:26:47.0501 4456  Ntfs - ok
15:26:47.0548 4456  [ 973DCB15731339FCA176E534055CF115 ] NTIBackupSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
15:26:47.0564 4456  NTIBackupSvc - ok
15:26:47.0564 4456  [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
15:26:47.0595 4456  NTIDrvr - ok
15:26:47.0626 4456  [ 58751F9248D50BCE1053976C9E2F0859 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
15:26:47.0642 4456  NTISchedulerSvc - ok
15:26:47.0767 4456  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
15:26:47.0782 4456  ntrigdigi - ok
15:26:47.0907 4456  [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
15:26:47.0923 4456  NuidFltr - ok
15:26:47.0985 4456  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
15:26:48.0001 4456  Null - ok
15:26:48.0047 4456  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:26:48.0079 4456  nvraid - ok
15:26:48.0157 4456  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:26:48.0172 4456  nvstor - ok
15:26:48.0266 4456  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:26:48.0422 4456  nv_agp - ok
15:26:48.0438 4456  NwlnkFlt - ok
15:26:48.0438 4456  NwlnkFwd - ok
15:26:49.0140 4456  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:26:49.0171 4456  odserv - ok
15:26:49.0343 4456  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:26:49.0358 4456  ohci1394 - ok
15:26:49.0592 4456  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:26:49.0608 4456  ose - ok
15:26:49.0655 4456  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
15:26:49.0686 4456  p2pimsvc - ok
15:26:49.0701 4456  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:26:49.0701 4456  p2psvc - ok
15:26:49.0748 4456  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
15:26:49.0764 4456  Parport - ok
15:26:49.0811 4456  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:26:49.0842 4456  partmgr - ok
15:26:49.0904 4456  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
15:26:49.0920 4456  Parvdm - ok
15:26:49.0967 4456  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:26:49.0967 4456  PcaSvc - ok
15:26:50.0029 4456  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
15:26:50.0045 4456  pci - ok
15:26:50.0201 4456  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
15:26:50.0357 4456  pciide - ok
15:26:50.0606 4456  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:26:50.0622 4456  pcmcia - ok
15:26:50.0669 4456  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:26:50.0700 4456  PEAUTH - ok
15:26:50.0794 4456  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
15:26:50.0809 4456  pla - ok
15:26:50.0856 4456  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:26:50.0872 4456  PlugPlay - ok
15:26:50.0918 4456  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
15:26:50.0918 4456  PNRPAutoReg - ok
15:26:51.0012 4456  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
15:26:51.0028 4456  PNRPsvc - ok
15:26:51.0059 4456  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:26:51.0074 4456  PolicyAgent - ok
15:26:51.0152 4456  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:26:51.0168 4456  PptpMiniport - ok
15:26:51.0199 4456  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
15:26:51.0199 4456  Processor - ok
15:26:51.0262 4456  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:26:51.0262 4456  ProfSvc - ok
15:26:51.0371 4456  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:26:51.0371 4456  ProtectedStorage - ok
15:26:51.0402 4456  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
15:26:51.0418 4456  PSched - ok
15:26:51.0465 4456  [ 628321C8DD76AD369B362B202E655A68 ] PSDFilter       C:\Windows\system32\DRIVERS\psdfilter.sys
15:26:51.0480 4456  PSDFilter - ok
15:26:51.0496 4456  [ 79D7117E62709C7690CF3DD55ACEAD37 ] PSDNServ        C:\Windows\system32\DRIVERS\PSDNServ.sys
15:26:51.0511 4456  PSDNServ - ok
15:26:51.0667 4456  [ CAE5E82827990CF4BD4A49576BDE3A43 ] psdvdisk        C:\Windows\system32\DRIVERS\PSDVdisk.sys
15:26:51.0683 4456  psdvdisk - ok
15:26:51.0761 4456  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:26:51.0839 4456  ql2300 - ok
15:26:51.0917 4456  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:26:52.0182 4456  ql40xx - ok
15:26:52.0260 4456  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
15:26:52.0276 4456  QWAVE - ok
15:26:52.0292 4456  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:26:52.0323 4456  QWAVEdrv - ok
15:26:52.0370 4456  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:26:52.0385 4456  RasAcd - ok
15:26:52.0432 4456  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
15:26:52.0448 4456  RasAuto - ok
15:26:52.0494 4456  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:26:52.0510 4456  Rasl2tp - ok
15:26:52.0557 4456  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
15:26:52.0650 4456  RasMan - ok
15:26:52.0775 4456  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:26:52.0791 4456  RasPppoe - ok
15:26:52.0900 4456  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:26:52.0916 4456  RasSstp - ok
15:26:52.0962 4456  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:26:52.0994 4456  rdbss - ok
15:26:53.0056 4456  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:26:53.0072 4456  RDPCDD - ok
15:26:53.0103 4456  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
15:26:53.0118 4456  rdpdr - ok
15:26:53.0134 4456  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:26:53.0134 4456  RDPENCDD - ok
15:26:53.0290 4456  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:26:53.0321 4456  RDPWD - ok
15:26:53.0384 4456  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:26:53.0399 4456  RemoteAccess - ok
15:26:53.0446 4456  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:26:53.0462 4456  RemoteRegistry - ok
15:26:53.0524 4456  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo       C:\Program Files\Cyberlink\Shared files\RichVideo.exe
15:26:53.0540 4456  RichVideo - ok
15:26:53.0555 4456  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
15:26:53.0571 4456  RpcLocator - ok
15:26:53.0602 4456  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
15:26:53.0618 4456  RpcSs - ok
15:26:53.0649 4456  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:26:53.0665 4456  rspndr - ok
15:26:53.0711 4456  [ 974AF42FC1CB6DC35DE34109BEF80054 ] RS_Service      C:\Program Files\Acer\Acer VCM\RS_Service.exe
15:26:53.0727 4456  RS_Service - ok
15:26:53.0805 4456  [ 125C504A34D0A2E152517E342E7E432C ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
15:26:53.0836 4456  RTL8169 - ok
15:26:53.0852 4456  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
15:26:53.0852 4456  SamSs - ok
15:26:53.0899 4456  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:26:53.0914 4456  sbp2port - ok
15:26:53.0961 4456  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:26:53.0961 4456  SCardSvr - ok
15:26:54.0039 4456  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
15:26:54.0086 4456  Schedule - ok
15:26:54.0179 4456  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:26:54.0179 4456  SCPolicySvc - ok
15:26:54.0289 4456  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
15:26:54.0304 4456  sdbus - ok
15:26:54.0523 4456  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:26:54.0616 4456  SDRSVC - ok
15:26:54.0679 4456  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:26:54.0710 4456  secdrv - ok
15:26:54.0726 4456  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
15:26:54.0741 4456  seclogon - ok
15:26:54.0757 4456  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
15:26:54.0772 4456  SENS - ok
15:26:54.0788 4456  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:26:54.0804 4456  Serenum - ok
15:26:54.0850 4456  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
15:26:54.0866 4456  Serial - ok
15:26:54.0882 4456  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:26:54.0897 4456  sermouse - ok
15:26:54.0944 4456  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:26:54.0944 4456  SessionEnv - ok
15:26:54.0991 4456  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:26:55.0006 4456  sffdisk - ok
15:26:55.0038 4456  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:26:55.0053 4456  sffp_mmc - ok
15:26:55.0069 4456  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:26:55.0084 4456  sffp_sd - ok
15:26:55.0100 4456  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:26:55.0116 4456  sfloppy - ok
15:26:55.0178 4456  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:26:55.0194 4456  SharedAccess - ok
15:26:55.0256 4456  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:26:55.0350 4456  ShellHWDetection - ok
15:26:55.0365 4456  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:26:55.0381 4456  sisagp - ok
15:26:55.0443 4456  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
15:26:55.0459 4456  SiSRaid2 - ok
15:26:55.0537 4456  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:26:55.0584 4456  SiSRaid4 - ok
15:26:55.0709 4456  [ 7C70691D01181E3F441C6B9D429D24CC ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
15:26:59.0204 4456  SkypeUpdate - ok
15:26:59.0375 4456  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
15:26:59.0547 4456  slsvc - ok
15:26:59.0609 4456  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
15:26:59.0625 4456  SLUINotify - ok
15:26:59.0656 4456  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:26:59.0672 4456  Smb - ok
15:26:59.0875 4456  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:26:59.0906 4456  SNMPTRAP - ok
15:26:59.0953 4456  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
15:26:59.0968 4456  spldr - ok
15:26:59.0968 4456  Spooler - ok
15:27:00.0015 4456  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:27:00.0046 4456  srv - ok
15:27:00.0077 4456  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:27:00.0109 4456  srv2 - ok
15:27:00.0171 4456  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:27:00.0187 4456  srvnet - ok
15:27:00.0218 4456  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:27:00.0233 4456  SSDPSRV - ok
15:27:00.0311 4456  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:27:00.0311 4456  SstpSvc - ok
15:27:00.0405 4456  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
15:27:00.0436 4456  stisvc - ok
15:27:00.0483 4456  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:27:00.0499 4456  swenum - ok
15:27:00.0889 4456  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
15:27:00.0920 4456  swprv - ok
15:27:00.0951 4456  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
15:27:00.0982 4456  Symc8xx - ok
15:27:00.0998 4456  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
15:27:01.0014 4456  Sym_hi - ok
15:27:01.0029 4456  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
15:27:01.0060 4456  Sym_u3 - ok
15:27:01.0092 4456  [ 32E8B307F0E9F72B66B518FD62EAB91E ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
15:27:01.0107 4456  SynTP - ok
15:27:01.0185 4456  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
15:27:01.0216 4456  SysMain - ok
15:27:01.0263 4456  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:27:01.0279 4456  TabletInputService - ok
15:27:01.0341 4456  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:27:01.0341 4456  TapiSrv - ok
15:27:01.0404 4456  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
15:27:01.0419 4456  TBS - ok
15:27:01.0560 4456  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:27:01.0591 4456  Tcpip - ok
15:27:01.0794 4456  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
15:27:01.0809 4456  Tcpip6 - ok
15:27:01.0872 4456  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:27:01.0903 4456  tcpipreg - ok
15:27:01.0934 4456  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:27:01.0950 4456  TDPIPE - ok
15:27:01.0981 4456  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:27:01.0997 4456  TDTCP - ok
15:27:02.0028 4456  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:27:02.0059 4456  tdx - ok
15:27:02.0231 4456  [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7     C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
15:27:02.0277 4456  TeamViewer7 - ok
15:27:02.0324 4456  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:27:02.0340 4456  TermDD - ok
15:27:02.0402 4456  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
15:27:02.0418 4456  TermService - ok
15:27:02.0449 4456  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
15:27:02.0449 4456  Themes - ok
15:27:02.0480 4456  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
15:27:02.0496 4456  THREADORDER - ok
15:27:02.0543 4456  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
15:27:02.0543 4456  TrkWks - ok
15:27:02.0605 4456  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:27:02.0621 4456  TrustedInstaller - ok
15:27:02.0683 4456  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:27:02.0714 4456  tssecsrv - ok
15:27:02.0746 4456  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
15:27:02.0761 4456  tunmp - ok
15:27:02.0792 4456  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:27:02.0808 4456  tunnel - ok
15:27:02.0839 4456  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:27:02.0855 4456  uagp35 - ok
15:27:02.0933 4456  [ F763E070843EE2803DE1395002B42938 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
15:27:02.0933 4456  UBHelper - ok
15:27:03.0011 4456  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:27:03.0026 4456  udfs - ok
15:27:03.0073 4456  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:27:03.0089 4456  UI0Detect - ok
15:27:03.0120 4456  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:27:03.0136 4456  uliagpkx - ok
15:27:03.0167 4456  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
15:27:03.0198 4456  uliahci - ok
15:27:03.0229 4456  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
15:27:03.0260 4456  UlSata - ok
15:27:03.0292 4456  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
15:27:03.0323 4456  ulsata2 - ok
15:27:03.0339 4456  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:27:03.0354 4456  umbus - ok
15:27:03.0401 4456  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
15:27:03.0417 4456  upnphost - ok
15:27:03.0526 4456  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:27:03.0541 4456  usbccgp - ok
15:27:03.0557 4456  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:27:03.0573 4456  usbcir - ok
15:27:03.0635 4456  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:27:03.0651 4456  usbehci - ok
15:27:03.0666 4456  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:27:03.0697 4456  usbhub - ok
15:27:03.0729 4456  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:27:03.0744 4456  usbohci - ok
15:27:03.0760 4456  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
15:27:03.0791 4456  usbprint - ok
15:27:03.0807 4456  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:27:03.0822 4456  USBSTOR - ok
15:27:03.0853 4456  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:27:03.0869 4456  usbuhci - ok
15:27:03.0900 4456  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
15:27:03.0947 4456  usbvideo - ok
15:27:03.0963 4456  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
15:27:03.0963 4456  UxSms - ok
15:27:04.0025 4456  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
15:27:04.0056 4456  vds - ok
15:27:04.0087 4456  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:27:04.0087 4456  vga - ok
15:27:04.0134 4456  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:27:04.0134 4456  VgaSave - ok
15:27:04.0181 4456  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:27:04.0181 4456  viaagp - ok
15:27:04.0243 4456  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
15:27:04.0243 4456  ViaC7 - ok
15:27:04.0290 4456  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
15:27:04.0306 4456  viaide - ok
15:27:04.0384 4456  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:27:04.0384 4456  volmgr - ok
15:27:04.0462 4456  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:27:04.0493 4456  volmgrx - ok
15:27:04.0540 4456  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:27:04.0556 4456  volsnap - ok
15:27:04.0587 4456  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:27:04.0634 4456  vsmraid - ok
15:27:04.0758 4456  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
15:27:04.0836 4456  VSS - ok
15:27:05.0289 4456  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
15:27:05.0289 4456  W32Time - ok
15:27:05.0383 4456  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:27:05.0507 4456  WacomPen - ok
15:27:05.0585 4456  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
15:27:05.0617 4456  Wanarp - ok
15:27:05.0617 4456  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:27:05.0617 4456  Wanarpv6 - ok
15:27:05.0648 4456  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:27:05.0757 4456  wcncsvc - ok
15:27:05.0819 4456  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:27:05.0835 4456  WcsPlugInService - ok
15:27:05.0851 4456  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
15:27:05.0866 4456  Wd - ok
15:27:05.0960 4456  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:27:05.0991 4456  Wdf01000 - ok
15:27:06.0022 4456  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:27:06.0022 4456  WdiServiceHost - ok
15:27:06.0022 4456  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:27:06.0038 4456  WdiSystemHost - ok
15:27:06.0069 4456  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
15:27:06.0085 4456  WebClient - ok
15:27:06.0116 4456  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:27:06.0131 4456  Wecsvc - ok
15:27:06.0163 4456  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:27:06.0163 4456  wercplsupport - ok
15:27:06.0209 4456  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:27:06.0225 4456  WerSvc - ok
15:27:06.0272 4456  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:27:06.0287 4456  WinDefend - ok
15:27:06.0303 4456  WinHttpAutoProxySvc - ok
15:27:06.0444 4456  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:27:06.0475 4456  Winmgmt - ok
15:27:06.0537 4456  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:27:06.0615 4456  WinRM - ok
15:27:06.0709 4456  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:27:06.0740 4456  Wlansvc - ok
15:27:07.0208 4456  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:27:07.0333 4456  wlcrasvc - ok
15:27:07.0458 4456  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:27:07.0489 4456  wlidsvc - ok
15:27:07.0567 4456  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:27:07.0567 4456  WmiAcpi - ok
15:27:07.0598 4456  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:27:07.0614 4456  wmiApSrv - ok
15:27:07.0754 4456  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:27:07.0770 4456  WMPNetworkSvc - ok
15:27:07.0848 4456  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:27:07.0863 4456  WPCSvc - ok
15:27:07.0926 4456  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:27:07.0926 4456  WPDBusEnum - ok
15:27:08.0129 4456  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:27:08.0175 4456  WPFFontCache_v0400 - ok
15:27:08.0238 4456  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:27:08.0253 4456  ws2ifsl - ok
15:27:08.0347 4456  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
15:27:08.0347 4456  wscsvc - ok
15:27:08.0363 4456  WSearch - ok
15:27:08.0456 4456  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:27:10.0469 4456  wuauserv - ok
15:27:10.0766 4456  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:27:10.0781 4456  WudfPf - ok
15:27:11.0000 4456  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:27:11.0015 4456  WUDFRd - ok
15:27:11.0156 4456  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:27:11.0171 4456  wudfsvc - ok
15:27:11.0171 4456  ================ Scan global ===============================
15:27:11.0421 4456  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:27:11.0593 4456  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
15:27:11.0608 4456  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
15:27:11.0655 4456  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:27:11.0655 4456  [Global] - ok
15:27:11.0655 4456  ================ Scan MBR ==================================
15:27:11.0686 4456  [ EF9CDC51B437D322D54016B68F003416 ] \Device\Harddisk0\DR0
15:27:14.0401 4456  \Device\Harddisk0\DR0 - ok
15:27:14.0417 4456  [ 23B571400A29918F5392F6E85EEB756E ] \Device\Harddisk1\DR1
15:27:14.0448 4456  \Device\Harddisk1\DR1 - ok
15:27:14.0448 4456  ================ Scan VBR ==================================
15:27:14.0464 4456  [ ED7101971908AC6D0B68885E3602185B ] \Device\Harddisk0\DR0\Partition1
15:27:14.0464 4456  \Device\Harddisk0\DR0\Partition1 - ok
15:27:14.0510 4456  [ B1B367017BB195368F6F74D641C833D2 ] \Device\Harddisk0\DR0\Partition2
15:27:14.0526 4456  \Device\Harddisk0\DR0\Partition2 - ok
15:27:14.0526 4456  [ F00BDC13E90185967CBEA187A68BA5B9 ] \Device\Harddisk1\DR1\Partition1
15:27:14.0526 4456  \Device\Harddisk1\DR1\Partition1 - ok
15:27:14.0526 4456  ============================================================
15:27:14.0526 4456  Scan finished
15:27:14.0526 4456  ============================================================
15:27:14.0542 4448  Detected object count: 0
15:27:14.0542 4448  Actual detected object count: 0
15:27:41.0800 2644  Deinitialize success

 



BC AdBot (Login to Remove)

 


#2 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 28 July 2013 - 03:19 PM

And here are the OTL Logs:

OTL logfile created on: 7/28/2013 3:30:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\frank\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.93 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 42.58% Memory free
6.07 Gb Paging File | 4.23 Gb Available in Paging File | 69.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 98.73 Gb Free Space | 69.02% Space Free | Partition Type: NTFS
Drive D: | 143.04 Gb Total Space | 142.95 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 1.41 Gb Free Space | 37.76% Space Free | Partition Type: FAT32
 
Computer Name: FRANK-PC | User Name: frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/28 15:04:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\frank\Desktop\OTL.exe
PRC - [2013/05/22 10:23:58 | 000,101,552 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/13 18:40:08 | 001,278,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2013/02/19 14:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2013/02/19 14:08:52 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2013/02/19 14:06:50 | 000,203,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2012/11/16 22:07:40 | 000,252,256 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\McVsShld.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2012/08/31 13:00:52 | 000,078,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\Core\mchost.exe
PRC - [2012/07/27 16:51:26 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/19 07:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2010/09/03 02:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2009/04/14 08:01:18 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\frank\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009/04/11 02:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/28 14:56:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/11/28 14:08:46 | 000,417,792 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/10/09 01:49:20 | 000,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008/10/09 01:49:12 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008/10/04 08:09:02 | 000,069,632 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008/07/29 21:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/29 21:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/07/19 19:13:44 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2008/07/02 14:35:52 | 000,850,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/06/19 20:52:48 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/03/18 14:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/12/06 20:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007/10/23 14:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/07/16 11:16:51 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f58a8a55eda29b5a43af20c4568f7f91\System.Windows.Forms.ni.dll
MOD - [2013/07/16 11:16:20 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6ac6cab47b69e44769c726610e7f29bc\System.Drawing.ni.dll
MOD - [2013/07/16 11:10:31 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e3cc2cbffd5fb21da64e93d9b6c27c7c\System.ni.dll
MOD - [2013/07/16 11:09:09 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/03/30 00:42:19 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2009/03/30 00:42:19 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2009/02/24 09:18:53 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3013.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2009/02/24 09:18:53 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3013.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2009/02/24 09:18:50 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3013.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008/10/09 01:49:24 | 000,835,584 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/10/09 01:49:18 | 000,007,680 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
MOD - [2008/07/29 21:52:38 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2007/10/23 14:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2003/06/07 16:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2013/06/16 15:46:33 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 16:54:18 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/22 10:23:58 | 000,101,552 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/19 14:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2013/02/19 14:08:52 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/02/19 14:06:50 | 000,203,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/11/16 22:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/07/27 16:51:26 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/19 07:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/28 14:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/10/04 08:09:02 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008/07/29 21:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/07/19 19:13:44 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/03/18 14:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/06 20:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [File_System | Boot | Stopped] -- system32\drivers\40491961.sys -- (33828659)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/19 14:15:04 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2013/02/19 14:12:24 | 000,210,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013/02/19 14:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013/02/19 14:09:52 | 000,565,888 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/02/19 14:09:02 | 000,363,080 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/02/19 14:08:40 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013/02/19 14:08:20 | 000,235,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/02/19 14:07:50 | 000,133,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/04/20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2009/07/09 12:45:36 | 000,116,064 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/11/04 17:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/01 14:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/06/10 21:54:36 | 000,123,904 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/02/29 18:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/03 00:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0309&m=aspire_4730z
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0309&m=aspire_4730z
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm038YYus&ptnrS=UXxdm038YYus&si=bing_maps-exact2&ptb=A639348B-938E-4F32-8B51-491CF366E374&ind=2012091610&n=77ee14da&psa=&st=sb&searchfor={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0309&m=aspire_4730z
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 A3 B7 EE DC BB CA 01  [binary data]
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\..\SearchScopes,DefaultScope = {b0441a0e-a49a-4e16-afc1-74ecced1921f}
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=SOLTDF&pc=SOLTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=F6BF72A9-B094-4D4F-BAA8-19C47C7BFAB0&apn_sauid=255A156F-777B-4FD2-BBB3-F3D7EF2EE138
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\..\SearchScopes\{5E15EA84-4A05-407A-B17B-FD85B7250EB2}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS323
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=E1smLOXsa7T1HpaspgTM57ONpmQ?q={searchTerms}
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\..\SearchScopes\{8E0CE173-9074-414D-BE97-4DC4374832D9}: "URL" = http://www.mysearchresults.com/search?&c=2652&t=03&q={searchTerms}
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm038YYus&ptnrS=UXxdm038YYus&si=bing_maps-exact2&ptb=A639348B-938E-4F32-8B51-491CF366E374&ind=2012091610&n=77ee14da&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\..\SearchScopes\{BCD05C55-6A26-4CF5-9BAC-7B01F4BF2C6A}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130101,17118,0,18,0
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\..\SearchScopes\{E0425328-DEA5-498C-92B7-EEA5D00152DF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_en
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CT3225826.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "BitTorrentControl_v12 Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.6.2
FF - prefs.js..extensions.enabledItems: 39ffxtbr@MapsGalaxy_39.com:2.50.0.51712
FF - prefs.js..extensions.enabledItems: addon@defaulttab.com:1.4.3
FF - prefs.js..extensions.enabledItems: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}:10.13.40.15
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=A639348B-938E-4F32-8B51-491CF366E374&n=77ee8753&ind=2012120915&id=UXxdm038YYus&ptnrS=UXxdm038YYus&si=bing_maps-exact2&searchfor="
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/07/05 16:43:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com: C:\Program Files\MapsGalaxy_39\bar\1.bin [2012/12/04 13:01:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/16 14:10:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/31 16:14:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/07/20 13:55:36 | 000,000,000 | ---D | M]
 
[2010/03/24 21:44:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\frank\AppData\Roaming\Mozilla\Extensions
[2013/01/02 21:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\dotez7ad.default\extensions
[2012/04/20 19:33:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\dotez7ad.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/01/02 21:07:56 | 000,000,000 | ---D | M] (BitTorrentControl_v12) -- C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\dotez7ad.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
[2012/09/16 10:26:05 | 000,000,000 | ---D | M] (MapsGalaxy) -- C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\dotez7ad.default\extensions\39ffxtbr@MapsGalaxy_39.com
[2013/01/02 21:00:21 | 000,000,000 | ---D | M] (Default Tab) -- C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\dotez7ad.default\extensions\addon@defaulttab.com
[2013/07/28 14:48:02 | 000,001,072 | ---- | M] () -- C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\dotez7ad.default\searchplugins\bittorrentcontrolv12-customized-web-search.xml
[2012/12/09 16:27:17 | 000,009,640 | ---- | M] () -- C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\dotez7ad.default\searchplugins\my-web-search.xml
[2013/07/28 14:47:04 | 000,002,025 | ---- | M] () -- C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\dotez7ad.default\searchplugins\search-here.xml
[2012/07/21 17:05:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/21 11:28:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2013/07/05 16:43:08 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
 
O1 HOSTS File: ([2012/04/20 19:21:59 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MapsGalaxy) - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\..\Toolbar\WebBrowser: (MapsGalaxy) - {364EA597-E728-4CE4-BB4A-ED846EF47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll File not found
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1278279126-1122443667-2333013689-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{818A53B4-267C-415F-9C7D-7FD8DB78EF1B}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E4142DE-345E-4395-B47F-CA3AF24265C6}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img15.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img15.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/28 15:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/07/28 15:28:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\frank\Desktop\OTL.exe
[2013/07/28 15:10:57 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/07/28 15:06:01 | 000,000,000 | ---D | C] -- C:\Users\frank\Desktop\tdsskiller
[2013/07/28 14:54:55 | 001,844,864 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\frank\Desktop\rkill.com
[2013/07/16 10:28:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/07/05 09:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[14 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/28 15:32:38 | 000,604,752 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/28 15:32:38 | 000,104,420 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/28 15:24:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013/07/28 15:24:35 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/07/28 15:24:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/28 15:24:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/28 15:24:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/28 15:04:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\frank\Desktop\OTL.exe
[2013/07/28 15:04:52 | 002,218,636 | ---- | M] () -- C:\Users\frank\Desktop\tdsskiller.zip
[2013/07/28 14:52:34 | 001,844,864 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\frank\Desktop\rkill.com
[2013/07/28 14:49:45 | 000,001,356 | ---- | M] () -- C:\Users\frank\AppData\Local\d3d9caps.dat
[2013/07/20 14:47:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/16 11:05:43 | 000,299,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/15 12:02:00 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[14 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/28 15:05:46 | 002,218,636 | ---- | C] () -- C:\Users\frank\Desktop\tdsskiller.zip
[2013/07/03 20:42:50 | 000,001,356 | ---- | C] () -- C:\Users\frank\AppData\Local\d3d9caps.dat
[2013/06/17 13:01:45 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2013/01/02 21:11:39 | 000,000,552 | ---- | C] () -- C:\Users\frank\AppData\Local\d3d8caps.dat
[2013/01/02 21:01:13 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/07/21 08:28:02 | 000,020,992 | ---- | C] () -- C:\Users\frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = C:\Users\frank\AppData\Local\Temp\socyrvt\setoosf\wow.dll
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009/02/24 09:39:44 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2009/02/24 09:39:44 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2011/08/05 12:43:13 | 000,000,000 | -HSD | M] -- C:\Users\frank\AppData\Roaming\.#
[2009/07/23 19:09:17 | 000,000,000 | ---D | M] -- C:\Users\frank\AppData\Roaming\Acer
[2009/02/24 09:39:44 | 000,000,000 | ---D | M] -- C:\Users\frank\AppData\Roaming\Acer GameZone Console
[2010/03/10 21:19:10 | 000,000,000 | ---D | M] -- C:\Users\frank\AppData\Roaming\eSobi
[2009/04/14 08:01:27 | 000,000,000 | ---D | M] -- C:\Users\frank\AppData\Roaming\Leadertech
[2013/03/31 16:23:23 | 000,000,000 | ---D | M] -- C:\Users\frank\AppData\Roaming\Nico Mak Computing
[2010/03/11 18:19:57 | 000,000,000 | ---D | M] -- C:\Users\frank\AppData\Roaming\PowerCinema
[2010/03/10 21:17:24 | 000,000,000 | ---D | M] -- C:\Users\frank\AppData\Roaming\SoftDMA
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[14 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\drivers\*.sys /90 >
[2013/05/08 00:37:21 | 000,905,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:4220A65C

< End of report >


And Extras:

OTL Extras logfile created on: 7/28/2013 3:30:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\frank\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.93 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 42.58% Memory free
6.07 Gb Paging File | 4.23 Gb Available in Paging File | 69.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 98.73 Gb Free Space | 69.02% Space Free | Partition Type: NTFS
Drive D: | 143.04 Gb Total Space | 142.95 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 1.41 Gb Free Space | 37.76% Space Free | Partition Type: FAT32
 
Computer Name: FRANK-PC | User Name: frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00859626-EDE6-4417-B5AE-45E50C365E7E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{29B1A5D0-E2AF-4DF0-AA80-B9138C9005F7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C2052806-9327-4837-AB77-0AB57DE7B619}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F9E81BCD-A9D9-43A1-A740-DE29FEC1E797}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B96111-B4CD-49AF-8CF8-81047251D796}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1050B536-42D4-42AC-B2C1-C3C805DFC89A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{1B935FA0-685A-4CC5-AF08-E7166E3D0800}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1C2B7DDE-76E0-4D1C-A022-3D31FD375FA8}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{20EF727B-C975-4DD1-9878-C7D0AB0A3AED}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{3029BC7B-36E5-47B8-ABBE-19C1B18587B2}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{39816C38-43BF-4660-8270-7A25D252536E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{54B44D92-05DA-4288-AE13-4FD43EBDABF0}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{67B68BA1-A68C-411C-9265-55DC67865E9A}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{776F3883-8798-46EA-902D-76450CBD52EE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{7BFDFC5C-3F5C-45CB-8EE2-F9794D4D535B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{88E3F8CC-EADC-4C36-B49D-7A37B6D45397}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{8C4127B4-12FF-4E8D-96D1-2D0CDB1B4BFE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8CA593CB-BA0E-4951-ADAA-E689309D7611}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{9BA9D9DE-BCC9-4415-B212-B816DC6CF339}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{9CE86385-1122-434D-86F2-F39908F94B7D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9D1625E6-3DD0-444D-8F1D-C6542591CB0A}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{AE8BDAC2-CAE9-4550-A9B8-AA0F004EF9F8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6FEF2F9-FE3A-4145-8C51-FAFC73C4277A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{BB41F5DF-3CA4-4D18-8840-94AC9B13565A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C06FA8AC-CEFA-4BD4-A19F-6971A71F3926}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CDE76136-4197-4A59-9965-6FC962DFDD2A}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{D0885C58-FA06-4715-AA63-4ADBB5F5FEAC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D2CAA8CD-7A5F-43CB-8EB7-72CB8A40CA36}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{D2D25CB6-2556-42B6-B431-8A032806C71B}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{D3E06E18-1DFF-44C6-A06A-6FBD596DF485}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D7779003-EB9D-4AE3-8939-FD9C257A4992}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D96B472D-A6BA-453A-B5AC-CE4F66E0BD3F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{DDBE5E2D-C3F4-4259-AC09-5C6E269FCF17}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{F109F804-A014-473A-9D1B-49F92F04835F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{FB843F89-2CB5-4599-A32C-D725BA3DC30A}" = dir=in | app=c:\program files\itunes\itunes.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216021F0}" = Java™ 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D23837D-18FD-43AE-81E0-B329A7F75898}" = Acer Crystal Eye Webcam 2.0.7
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112028410}" = Putt Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112548397}" = The Rise of Atlantis
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113848220}" = Agatha Christie Peril at End House
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113919217}" = Mythic Mahjong
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}" = Magic Match Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114086870}" = Womens Murder Club
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}" = Magic Farm
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.7
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"MSC" = McAfee Internet Security Suite
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/7/2013 4:39:20 PM | Computer Name = frank-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 6/7/2013 4:39:20 PM | Computer Name = frank-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 6/7/2013 4:39:25 PM | Computer Name = frank-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 6/7/2013 4:39:25 PM | Computer Name = frank-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 6/7/2013 5:44:58 PM | Computer Name = frank-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 6/7/2013 5:44:59 PM | Computer Name = frank-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 6/7/2013 5:45:04 PM | Computer Name = frank-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 6/7/2013 5:45:04 PM | Computer Name = frank-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 6/7/2013 7:00:06 PM | Computer Name = frank-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
 0x47918b89, faulting module JScript9.dll, version 9.0.8112.16483, time stamp 0x515dfa76,
 exception code 0xc0000005, fault offset 0x000536c3,  process id 0x518, application
 start time 0x01ce63be0b9510e0.
 
Error - 6/7/2013 7:07:10 PM | Computer Name = frank-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 7/28/2013 2:46:45 PM | Computer Name = frank-PC | Source = DCOM | ID = 10005
Description =
 
Error - 7/28/2013 2:48:37 PM | Computer Name = frank-PC | Source = DCOM | ID = 10005
Description =
 
Error - 7/28/2013 2:50:20 PM | Computer Name = frank-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
 
Error - 7/28/2013 2:56:08 PM | Computer Name = frank-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
 
Error - 7/28/2013 2:57:26 PM | Computer Name = frank-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 7/28/2013 2:58:59 PM | Computer Name = frank-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 7/28/2013 3:24:26 PM | Computer Name = frank-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:14:35 PM on 7/28/2013 was unexpected.
 
Error - 7/28/2013 3:24:29 PM | Computer Name = frank-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
 
Error - 7/28/2013 3:25:31 PM | Computer Name = frank-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 7/28/2013 3:25:31 PM | Computer Name = frank-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >


 


Edited by jtphenom, 28 July 2013 - 03:20 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:06 PM

Posted 01 August 2013 - 09:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Lets start with these scans.

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#4 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 01 August 2013 - 07:46 PM

Hi nasdaq. Just got back on here. At the moment, I can see rtkbtmnt.exe running in my Task Manager. I thought it was gone, but apparently not. I'm going to get started on these scans right now. Thanks!



#5 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 01 August 2013 - 08:23 PM

OK here are my logs:

AdwCleaner:
# AdwCleaner v2.306 - Logfile created 08/01/2013 at 20:47:36
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : frank - FRANK-PC
# Boot Mode : Normal
# Running from : C:\Users\frank\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\.autoreg
File Found : C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\dotez7ad.default\searchplugins\my-web-search.xml
File Found : C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\dotez7ad.default\searchplugins\search-here.xml
File Found : C:\Windows\system32\roboot.exe
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\mapsgalaxy_39
Folder Found : C:\Program Files\WinZip Registry Optimizer
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\PC Optimizer Pro
Folder Found : C:\Users\frank\AppData\Local\Conduit
Folder Found : C:\Users\frank\AppData\Local\mapsgalaxy_39
Folder Found : C:\Users\frank\AppData\LocalLow\Conduit
Folder Found : C:\Users\frank\AppData\LocalLow\iac
Folder Found : C:\Users\frank\AppData\LocalLow\mapsgalaxy_39
Folder Found : C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\dotez7ad.default\extensions\39ffxtbr@MapsGalaxy_39.com
Folder Found : C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\dotez7ad.default\extensions\39ffxtbr@MapsGalaxy_39.com
Folder Found : C:\Users\frank\Documents\ShopToWin

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\MapsGalaxy_39
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\Software\MapsGalaxy_39
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [39ffxtbr@MapsGalaxy_39.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.28 (en-US)

File : C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\dotez7ad.default\prefs.js

Found : user_pref("CT3225826.embeddedsData", "[{\"appId\":\"129830626805552092\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3225826.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.bleepingcomp[...]
Found : user_pref("CT3225826_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "");
Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3225826");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "BitTorrentControl_v12 Customized Web Search");
Found : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
Found : user_pref("extensions.mywebsearch.prevDefaultEngine", "Ask.com");
Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Found : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jht[...]
Found : user_pref("extensions.mywebsearch.prevSelectedEngine", "Ask.com");
Found : user_pref("extensions.toolbar.mindspark._39Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Found : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=A639348B[...]
Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=13[...]
Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Found : user_pref("smartbar.originalHomepage", "hxxp://my.msn.com/|hxxps://www.facebook.com/#!/");
Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jht[...]
Found : user_pref("smartbar.originalSearchEngine", "My Web Search");

*************************

AdwCleaner[R1].txt - [6006 octets] - [01/08/2013 20:47:36]

########## EOF - C:\AdwCleaner[R1].txt - [6066 octets] ##########
 

 

For the JRT, I got Access Denied 7 times under "Checking Registry". I thought I may have forgotten to run as administrator, so I ran it again, making sure to elevate rights. Is the fact that I ran it twice the reason it seems to have found nothing? Anyway, what can we do about the Access Denied messages?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by frank on Thu 08/01/2013 at 21:02:29.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/01/2013 at 21:05:36.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Rest is in next post..



#6 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 01 August 2013 - 08:25 PM

DDS Log:
 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16496  BrowserJavaVersion: 10.25.2
Run by frank at 21:07:18 on 2013-08-01
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3001.2170 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\locator.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Users\frank\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0309&m=aspire_4730z
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0309&m=aspire_4730z
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0309&m=aspire_4730z
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: MapsGalaxy: {364EA597-E728-4CE4-BB4A-ED846EF47970} -
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} -
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eRecoveryService] <no file>
StartupFolder: c:\users\frank\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{818A53B4-267C-415F-9C7D-7FD8DB78EF1B} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8E4142DE-345E-4395-B47F-CA3AF24265C6} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\frank\appdata\roaming\mozilla\firefox\profiles\dotez7ad.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\npjpi170_25.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mapsgalaxy_39\bar\1.bin\NP39Stub.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\mcafee\SiteAdvisor
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-1 565888]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-1 210608]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-3-5 69632]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-2-24 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-24 101552]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-1 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-1 167784]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-1 167784]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-1 203840]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-1 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-1 172416]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-3-5 233472]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-4-20 2666880]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-1 60920]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-9 116064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-1 235264]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-1 363080]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-8-3 569856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-3 162408]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-12-10 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-2-24 30192]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-10-3 146872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-1 65928]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-1 92632]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-08-02 00:56:36    --------    d-----w-    c:\windows\ERUNT
2013-07-29 01:36:58    --------    d-----w-    c:\program files\iPod
2013-07-29 01:36:55    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-29 01:36:55    --------    d-----w-    c:\program files\iTunes
2013-07-28 21:47:33    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2013-07-28 21:47:33    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-07-28 21:47:33    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-07-28 21:47:33    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-07-28 21:47:33    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-07-28 21:47:33    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
2013-07-28 21:47:32    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2013-07-28 21:47:32    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2013-07-28 21:47:32    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2013-07-28 21:47:32    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin.dll
2013-07-28 21:31:28    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-28 21:30:44    0    ----a-w-    c:\windows\system32\REN7E89.tmp
2013-07-28 21:30:44    0    ----a-w-    c:\windows\system32\REN7E88.tmp
2013-07-28 19:10:57    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-07-12 20:56:53    2049024    ----a-w-    c:\windows\system32\win32k.sys
2013-07-12 20:55:13    1069056    ----a-w-    c:\windows\system32\DWrite.dll
2013-07-12 20:55:12    798208    ----a-w-    c:\windows\system32\FntCache.dll
2013-07-12 20:55:12    486400    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-07-12 20:55:12    189952    ----a-w-    c:\windows\system32\d3d10core.dll
2013-07-12 20:55:11    219648    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-07-12 20:55:11    1029120    ----a-w-    c:\windows\system32\d3d10.dll
2013-07-12 20:55:09    683008    ----a-w-    c:\windows\system32\d2d1.dll
2013-07-12 20:55:09    1172480    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-07-12 20:55:08    160768    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-07-12 20:55:04    505344    ----a-w-    c:\windows\system32\qedit.dll
2013-07-12 20:46:28    1548288    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-12 20:25:06    936960    ----a-w-    c:\program files\common files\microsoft shared\ink\journal.dll
2013-07-12 20:25:06    1218048    ----a-w-    c:\program files\windows journal\NBDoc.DLL
2013-07-12 20:25:05    983552    ----a-w-    c:\program files\windows journal\JNTFiltr.dll
2013-07-12 20:25:05    964608    ----a-w-    c:\program files\windows journal\JNWDRV.dll
.
==================== Find3M  ====================
.
2013-07-28 21:40:23    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-28 21:40:23    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-28 21:31:14    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-05-29 01:50:14    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-05-29 01:41:52    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-05-29 01:41:08    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-05-29 01:37:15    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-05-29 01:36:09    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-05-29 01:33:22    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-08 04:37:21    905576    ----a-w-    c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 21:08:16.05 ===============
 

 

I closed checkup.txt without copying the contents and I can't seem to find the file! Do I have to run that over again or does it save it somewhere?



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:06 PM

Posted 02 August 2013 - 07:47 AM

Please run the SecurityCheck tool one more time and post the log for my review.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please let me know what problem persists with this computer.

#8 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 02 August 2013 - 09:28 PM

Hi again,

 

The computer seems to be running better, just still quite slow. Still wondering why JRT gave me access denied for the registry scans? Also, Combofix says spoolsv.exe is missing from C:\windows\system32. Should I be concerned about that? Anyway, here are my logs.

 

Security Check log:

 Results of screen317's Security Check version 0.99.71  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.1    
 Java™ 6 Update 26  
 Java™ 6 Update 21  
 Java 7 Update 25  
 Adobe Flash Player     11.8.800.94  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (3.6.28) Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 8 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

 

And here is Combofix log:

 

ComboFix 13-08-02.01 - frank 08/02/2013  22:11:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3001.1914 [GMT -4:00]
Running from: c:\users\frank\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\EFBC.tmp
c:\users\frank\AppData\Roaming\.#
c:\users\frank\AppData\Roaming\.#\MBX@C4C@1D82990.###
c:\users\frank\AppData\Roaming\.#\MBX@C4C@1D829C0.###
c:\users\frank\AppData\Roaming\.#\MBX@C4C@1D829F0.###
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-03 to 2013-08-03  )))))))))))))))))))))))))))))))
.
.
2013-08-03 02:19 . 2013-08-03 02:19    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-08-02 02:47 . 2013-08-02 02:53    --------    d-----w-    c:\windows\system32\MRT
2013-08-02 00:56 . 2013-08-02 00:56    --------    d-----w-    c:\windows\ERUNT
2013-07-29 01:36 . 2013-07-29 01:36    --------    d-----w-    c:\program files\iPod
2013-07-29 01:36 . 2013-07-29 01:37    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-29 01:36 . 2013-07-29 01:37    --------    d-----w-    c:\program files\iTunes
2013-07-28 21:47 . 2013-07-28 21:47    159744    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2013-07-28 21:47 . 2013-07-28 21:47    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-07-28 21:47 . 2013-07-28 21:47    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-07-28 21:47 . 2013-07-28 21:47    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-07-28 21:47 . 2013-07-28 21:47    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-07-28 21:47 . 2013-07-28 21:47    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-07-28 21:47 . 2013-07-28 21:47    159744    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2013-07-28 21:47 . 2013-07-28 21:47    159744    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2013-07-28 21:47 . 2013-07-28 21:47    159744    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2013-07-28 21:47 . 2013-07-28 21:47    159744    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2013-07-28 21:46 . 2013-07-28 21:47    --------    d-----w-    c:\program files\QuickTime
2013-07-28 21:31 . 2013-07-28 21:31    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-28 21:30 . 2013-07-28 21:30    0    ----a-w-    c:\windows\system32\REN7E89.tmp
2013-07-28 21:30 . 2013-07-28 21:30    0    ----a-w-    c:\windows\system32\REN7E88.tmp
2013-07-28 19:10 . 2013-07-28 19:10    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-07-12 20:56 . 2013-06-04 01:50    2049024    ----a-w-    c:\windows\system32\win32k.sys
2013-07-12 20:55 . 2013-04-17 10:10    1069056    ----a-w-    c:\windows\system32\DWrite.dll
2013-07-12 20:55 . 2013-04-17 11:28    189952    ----a-w-    c:\windows\system32\d3d10core.dll
2013-07-12 20:55 . 2013-04-17 10:33    486400    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-07-12 20:55 . 2013-04-17 10:10    798208    ----a-w-    c:\windows\system32\FntCache.dll
2013-07-12 20:55 . 2013-04-17 11:28    219648    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-07-12 20:55 . 2013-04-17 11:28    1029120    ----a-w-    c:\windows\system32\d3d10.dll
2013-07-12 20:55 . 2013-04-17 10:34    1172480    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-07-12 20:55 . 2013-04-17 10:14    683008    ----a-w-    c:\windows\system32\d2d1.dll
2013-07-12 20:55 . 2013-04-17 11:28    160768    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-07-12 20:55 . 2013-06-01 04:06    505344    ----a-w-    c:\windows\system32\qedit.dll
2013-07-12 20:46 . 2013-05-08 04:04    1548288    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-12 20:25 . 2013-04-09 03:52    1218048    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2013-07-12 20:25 . 2013-04-09 03:51    936960    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 20:25 . 2013-04-09 03:51    983552    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2013-07-12 20:25 . 2013-04-09 03:51    964608    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2013-07-05 13:28 . 2013-07-05 13:28    --------    d-----w-    c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-28 21:40 . 2012-07-22 01:54    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-28 21:40 . 2012-07-21 21:13    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-28 21:31 . 2011-03-16 15:38    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-05-11 23:43 . 2010-06-24 16:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-08 04:37 . 2013-06-16 20:51    905576    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2010-08-10 17:36 . 2010-08-10 17:36    119808    ----a-w-    c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-08-17 . AAE98B295E88D439A6E0F6E8929424FB . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe
[7] 2010-08-17 . 8554097E5136C3BF9F69FE578A1B35F4 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2\spoolsv.exe
[7] 2010-08-17 . 3665F79026A3F91FBCA63F2C65A09B19 . 126464 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe
[7] 2010-08-17 . E807FC542C295BA256CE3567829E02A6 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93\spoolsv.exe
[7] 2009-04-11 . 524BFBEA40E6E404737CCBC754647A2E . 127488 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe
[7] 2008-01-21 . 846CDF9A3CF4DA9B306ADFB7D55EE4C2 . 125952 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
.
c:\windows\System32\spoolsv.exe ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 01:52    121392    ----a-w-    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-20 6244896]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 417792]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1278064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-11-19 22:17    1261568    ----a-w-    c:\program files\Acer\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-10-17 22:54    167936    ------w-    c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
R0 33828659;33828659;c:\windows\system32\drivers\40491961.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 21:40]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0309&m=aspire_4730z
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\dotez7ad.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-eRecoveryService - (no file)
SafeBoot-33828659.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-02 22:19
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-08-02  22:21:19
ComboFix-quarantined-files.txt  2013-08-03 02:21
.
Pre-Run: 112,740,560,896 bytes free
Post-Run: 115,192,635,392 bytes free
.
- - End Of File - - 87CC943E195E958B149280D6159113EE
EF9CDC51B437D322D54016B68F003416
 



#9 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 02 August 2013 - 09:38 PM

Oh.. also.. why is it telling me that my Adobe Reader is out of date when I know for a fact I have the latest version, and telling me that I need to defrag when it was just defragged yesterday?


Edited by jtphenom, 02 August 2013 - 09:40 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:06 PM

Posted 03 August 2013 - 08:13 AM

Remove these old versions of Java using the Add/Remove Programs list.
Java™ 6 Update 26
Java™ 6 Update 21


Oh.. also.. why is it telling me that my Adobe Reader is out of date when I know for a fact I have the latest version, and telling me that I need to defrag when it was just defragged yesterday?

At each update of Adobe the tool needs to be updated. I will report this.
As for the Defrag I do not know. The important thing is that you already have done it.

Is the issue persisting?

#11 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 03 August 2013 - 10:50 AM

Sounds good. I think it's all good now. But do you know why I got the access denied in JRT?

Thanks for all your help!!



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:06 PM

Posted 03 August 2013 - 12:38 PM

Did you try to run it as an Administrator?

#13 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 03 August 2013 - 01:42 PM

Yes, I did run it as administrator. Is the fact that I still got access denied an indicator that the malware possibly messed with the permissions on my registry? And again, what about the missing spoolsv.exe file?

By the way, Java 6 Update 21 uninstalled fine, but update 26 won't uninstall. I double-click it, click Allow in UAC, and then nothing happens.


Edited by jtphenom, 03 August 2013 - 03:22 PM.


#14 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 03 August 2013 - 03:39 PM

Never mind about the Java thing. I got that uninstalled with Microsoft FixIt tool. :)



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:06 PM

Posted 04 August 2013 - 07:27 AM

what about the missing spoolsv.exe file?
Good catch.
Do you have any problem faxing or printing?

This command will copy the file to the system32 folder.

Open notepad and copy/paste the text in the quote box below into it:


FCOPY::
c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe | c:\windows\System32\spoolsv.exe
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Any remaining issues?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users