Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess rootkit infection (Unable to create DDS logs)


  • This topic is locked This topic is locked
26 replies to this topic

#1 i.hate.open.cloud

i.hate.open.cloud

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 31 March 2014 - 12:18 PM

Hello, I was directed to this forum by an advisor in the Am I Infected? forums, who says I have a ZeroAccess rootkit infection. I attempted to use DDS to create the requested logs as per the preparation guide's instructions, but DDS will not complete a scan. When I run it, the program says it is scanning and the progress bar quickly fills up about 85% and them appears to be running, but makes no progress. I let this continue for 15 minutes before attempting to close the program, which froze the computer, requiring a hard shut down. A second attempt provided the same result.

 

My original post can be found at http://www.bleepingcomputer.com/forums/t/529280/program-wanted-to-access-the-command-prompt-unsure-if-infected-or-not/?p=3329630 which is mostly initial diagnostic logs. I apologize for not being able to provide the DDS logs or anything else helpful here.

 

-James

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 01 April 2014 - 09:47 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 i.hate.open.cloud

i.hate.open.cloud
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 01 April 2014 - 10:59 AM

Hello Marius, thank you for helping me. I followed your instructions and these are the logs that were created:

 

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by GWNet (administrator) on GWNET-PC on 01-04-2014 10:34:29
Running from C:\Users\GWNet\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
() C:\Program Files\USBKBTool\SnxUsbDockingKB2267Srv.exe
(Dritek System Inc.) C:\Program Files\Acer\Device Control\DeviceCtrlSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
() C:\Program Files\Acer\Device Control\ADevCtrl.exe
(NTI Corporation) C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Program Files\HIDMon\HIDMON.exe
(Dritek System Inc.) C:\Program Files\Acer\Auto Screen Rotation Blocker\AutoScreenRotationBlocker.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
() C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Acer) C:\Program Files\Acer\TouchApplicationSuite\Acer Ring\Acer Ring.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Dritek System Inc.) C:\Program Files\Acer\Device Control\AdWmiSvc.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-13] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1530472 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [ADevCtrl] - C:\Program Files\Acer\Device Control\ADevCtrl.exe [239696 2011-02-21] ()
HKLM\...\Run: [AcerRingLauncher] - C:\Program Files\Acer\TouchApplicationSuite\Acer Ring\AcerRingLauncher.exe [15248 2011-03-04] (Acer)
HKLM\...\Run: [BackupManagerTray] - C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe [377664 2011-03-03] (NTI Corporation)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [1070160 2011-02-11] (Dritek System Inc.)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368 2011-02-22] (Acer Incorporated)
HKLM\...\Run: [xLaunchHIDMon] - C:\Program Files\HIDMon\HIDMon.exe [114688 2011-02-11] ()
HKLM\...\Run: [AutoScreenRotationBlocker] - C:\Program Files\Acer\Auto Screen Rotation Blocker\AutoScreenRotationBlocker.exe [114768 2011-02-21] (Dritek System Inc.)
HKLM\...\Run: [MICSetting] - C:\OEM\MIC_BF_Setting\RunCMD.exe [236064 2009-09-21] ()
HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995184 2013-07-18] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2014-01-31] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {5E57C69F-7B86-4D6A-886E-F202DAD1F96E} URL = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKCU - {5EAD76BB-64B7-45AA-A74E-D84035BD2E06} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Speckie - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\GWNet\AppData\Roaming\Speckie\bin32\Speckie32.dll (Versoworks Pty Ltd)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1

========================== Services (Whitelisted) =================

S2 0111591378393439mcinstcleanup; C:\Users\GWNet\AppData\Local\Temp\011159~1.EXE [833616 2013-01-30] (McAfee, Inc.)
R2 DsiDeviceControlService; C:\Program Files\Acer\Device Control\DeviceCtrlSvc.exe [66128 2011-02-21] (Dritek System Inc.)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-02-22] (Acer Incorporated)
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-01-31] ()
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2013-07-18] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-07-18] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-03-03] (NTI Corporation)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
R2 SnxUsbDockingKB2267Srv; C:\Program Files\USBKBTool\SnxUsbDockingKB2267Srv.exe [86016 2011-02-04] ()

==================== Drivers (Whitelisted) ====================

R3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-13] (Microsoft Corporation)
R3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [81408 2010-12-31] (ASIX Electronics Corp.)
R1 BST; C:\Windows\System32\DRIVERS\bma150.sys [15936 2011-01-10] (Bosch Sensortec GmbH)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-10-17] (GFI Software)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-01 10:34 - 2014-04-01 10:35 - 00010519 _____ () C:\Users\GWNet\Desktop\FRST.txt
2014-04-01 10:34 - 2014-04-01 10:34 - 00000000 ____D () C:\FRST
2014-04-01 10:32 - 2014-04-01 10:32 - 01145856 _____ (Farbar) C:\Users\GWNet\Desktop\FRST.exe
2014-03-31 11:19 - 2014-03-31 11:19 - 00688992 ____R (Swearware) C:\Users\GWNet\Desktop\dds.com
2014-03-31 03:26 - 2014-03-31 03:27 - 00004642 _____ () C:\Users\GWNet\Desktop\Rkill.txt
2014-03-31 02:51 - 2014-03-31 03:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-31 02:49 - 2014-03-31 03:23 - 00000000 ____D () C:\Users\GWNet\Desktop\mbar
2014-03-31 02:18 - 2014-03-31 02:51 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-31 02:17 - 2014-03-31 02:49 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-31 02:17 - 2014-03-31 02:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-31 02:17 - 2014-03-05 09:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-31 02:10 - 2014-03-31 02:11 - 00048354 _____ () C:\Users\GWNet\Desktop\Result.txt
2014-03-31 02:08 - 2014-03-31 02:09 - 00002767 _____ () C:\Users\GWNet\Desktop\FSS.txt
2014-03-31 02:05 - 2014-03-31 02:05 - 12589848 _____ (Malwarebytes Corp.) C:\Users\GWNet\Desktop\mbar-1.07.0.1009.exe
2014-03-31 02:04 - 2014-03-31 02:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\GWNet\Desktop\rkill.exe
2014-03-31 01:56 - 2014-03-31 01:56 - 00982016 _____ (Farbar) C:\Users\GWNet\Desktop\MiniToolBox.exe
2014-03-31 01:52 - 2014-03-31 01:52 - 00409600 _____ (Farbar) C:\Users\GWNet\Desktop\FSS.exe
2014-03-31 01:51 - 2014-03-31 01:51 - 00987448 _____ () C:\Users\GWNet\Desktop\SecurityCheck.exe
2014-03-06 07:51 - 2014-03-06 07:51 - 00000000 ____D () C:\Users\GWNet\AppData\Local\Macromedia
2014-03-06 07:39 - 2014-03-06 07:39 - 02682880 _____ () C:\Users\GWNet\Downloads\AdbeRdrSecUpd11005.msp

==================== One Month Modified Files and Folders =======

2014-04-01 10:35 - 2014-04-01 10:34 - 00010519 _____ () C:\Users\GWNet\Desktop\FRST.txt
2014-04-01 10:34 - 2014-04-01 10:34 - 00000000 ____D () C:\FRST
2014-04-01 10:32 - 2014-04-01 10:32 - 01145856 _____ (Farbar) C:\Users\GWNet\Desktop\FRST.exe
2014-04-01 09:37 - 2011-03-08 05:34 - 00743352 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 09:35 - 2011-05-06 06:28 - 01155530 _____ () C:\Windows\WindowsUpdate.log
2014-04-01 07:32 - 2014-01-31 09:23 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-03-31 12:09 - 2009-07-13 23:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-31 12:09 - 2009-07-13 23:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-31 12:01 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-31 12:01 - 2009-07-13 23:39 - 00034564 _____ () C:\Windows\setupact.log
2014-03-31 11:19 - 2014-03-31 11:19 - 00688992 ____R (Swearware) C:\Users\GWNet\Desktop\dds.com
2014-03-31 03:27 - 2014-03-31 03:26 - 00004642 _____ () C:\Users\GWNet\Desktop\Rkill.txt
2014-03-31 03:23 - 2014-03-31 02:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-31 03:23 - 2014-03-31 02:49 - 00000000 ____D () C:\Users\GWNet\Desktop\mbar
2014-03-31 02:51 - 2014-03-31 02:18 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-31 02:49 - 2014-03-31 02:17 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-31 02:18 - 2013-02-18 03:52 - 00000000 ____D () C:\Users\GWNet\AppData\Roaming\Malwarebytes
2014-03-31 02:18 - 2013-02-18 03:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-31 02:17 - 2014-03-31 02:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-31 02:11 - 2014-03-31 02:10 - 00048354 _____ () C:\Users\GWNet\Desktop\Result.txt
2014-03-31 02:09 - 2014-03-31 02:08 - 00002767 _____ () C:\Users\GWNet\Desktop\FSS.txt
2014-03-31 02:05 - 2014-03-31 02:05 - 12589848 _____ (Malwarebytes Corp.) C:\Users\GWNet\Desktop\mbar-1.07.0.1009.exe
2014-03-31 02:04 - 2014-03-31 02:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\GWNet\Desktop\rkill.exe
2014-03-31 01:59 - 2013-02-15 21:16 - 00041544 _____ () C:\Windows\PFRO.log
2014-03-31 01:56 - 2014-03-31 01:56 - 00982016 _____ (Farbar) C:\Users\GWNet\Desktop\MiniToolBox.exe
2014-03-31 01:52 - 2014-03-31 01:52 - 00409600 _____ (Farbar) C:\Users\GWNet\Desktop\FSS.exe
2014-03-31 01:51 - 2014-03-31 01:51 - 00987448 _____ () C:\Users\GWNet\Desktop\SecurityCheck.exe
2014-03-29 19:31 - 2013-03-29 01:58 - 00332314 _____ () C:\Users\GWNet\AppData\Local\census.cache
2014-03-29 19:31 - 2013-03-29 01:57 - 00105325 _____ () C:\Users\GWNet\AppData\Local\ars.cache
2014-03-29 05:09 - 2013-12-25 09:41 - 00000000 ____D () C:\Users\GWNet\Documents\Ex3
2014-03-27 05:55 - 2013-02-24 00:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-27 05:55 - 2013-02-24 00:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-26 00:25 - 2013-02-22 00:32 - 00000000 ____D () C:\Users\GWNet\AppData\Local\CrashDumps
2014-03-12 15:41 - 2014-02-06 14:25 - 00001822 _____ () C:\Users\GWNet\Documents\FB Friends.txt
2014-03-06 07:51 - 2014-03-06 07:51 - 00000000 ____D () C:\Users\GWNet\AppData\Local\Macromedia
2014-03-06 07:49 - 2013-02-15 20:13 - 00000000 ____D () C:\Users\GWNet\AppData\Local\Adobe
2014-03-06 07:39 - 2014-03-06 07:39 - 02682880 _____ () C:\Users\GWNet\Downloads\AdbeRdrSecUpd11005.msp
2014-03-06 07:33 - 2013-12-22 09:12 - 00000000 ____D () C:\Program Files\Avant Browser
2014-03-05 09:26 - 2014-03-31 02:17 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2013-02-18 03:52 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\GWNet\AppData\Local\Temp\0111591378393439mcinst.exe
C:\Users\GWNet\AppData\Local\Temp\0c731f1a-bfe1-4713-84d8-76c1dcdcbf81.exe
C:\Users\GWNet\AppData\Local\Temp\3193f7f7-5578-418b-9b93-682877d5f5f6.exe
C:\Users\GWNet\AppData\Local\Temp\33e8b74f-b88a-4f78-a2aa-77aedc9ea401.exe
C:\Users\GWNet\AppData\Local\Temp\3bebb15d-bed6-4e40-b437-df4cdedb9263.exe
C:\Users\GWNet\AppData\Local\Temp\3ce27175-c876-405e-9061-dcd910421e12.exe
C:\Users\GWNet\AppData\Local\Temp\6066e9b0-2741-4998-87e9-3916b0d4e3cc.exe
C:\Users\GWNet\AppData\Local\Temp\71aa48f8-a00b-41cc-ba21-825206a200f0.exe
C:\Users\GWNet\AppData\Local\Temp\8abd2d85-4302-4673-abd0-43ab60b726b6.exe
C:\Users\GWNet\AppData\Local\Temp\9f4a476e-8c11-40f1-bd5f-efb9fd961c1a.exe
C:\Users\GWNet\AppData\Local\Temp\e09c3edc-f641-45d3-8ce5-05438bc0eb3a.exe
C:\Users\GWNet\AppData\Local\Temp\e3a3d2d8-a6ed-45b3-a0ee-4ac4baf41e09.exe
C:\Users\GWNet\AppData\Local\Temp\e8c7eb21-87a4-4508-89fa-3d4188ddcc94.exe
C:\Users\GWNet\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\GWNet\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\GWNet\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\GWNet\AppData\Local\Temp\MSN58FA.exe
C:\Users\GWNet\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-29 20:02

==================== End Of Log ============================

 

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by GWNet at 2014-04-01 10:37:00
Running from C:\Users\GWNet\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Acer Auto Screen Rotation Blocker (HKLM\...\AutoScreenRotationBlocker) (Version: 1.02.1103 - Acer Inc.)
Acer Backup Manager (HKLM\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.3.89 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.1.1421 - CyberLink Corp.)
Acer Crystal Eye Webcam (Version: 1.1.1421 - CyberLink Corp.) Hidden
Acer Device Control (HKLM\...\ADevCtrl) (Version: 1.01.3002 - Acer Inc.)
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Acer Incorporated)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)
Acer Touch Application Suite (HKLM\...\{1C572D82-7E38-4A13-932A-D651AA95E1E9}) (Version: 1.00.3002 - Acer Incorporated)
Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3100 - Acer Incorporated)
Ad-Aware Browsing Protection (HKLM\...\Ad-Aware Browsing Protection) (Version: 1.0.1.110 - Lavasoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe AIR (Version: 2.0.2.12610 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AIM for Windows (HKCU\...\AIM) (Version:  - AOL Inc.)
ATI Catalyst Install Manager (HKLM\...\{93DED073-01CE-E238-919E-2ADF059ACE30}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Avant Browser (remove only) (HKLM\...\AvantBrowser) (Version: 12.5.0.0 - Avant Force)
AX88772B Windows 7 Drivers (HKLM\...\InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}) (Version: 1.0.1.1 - ASIX Electronics Corporation)
AX88772B Windows 7 Drivers (Version: 1.0.1.1 - ASIX Electronics Corporation) Hidden
Backup Manager V3 (Version: 3.0.3.89 - NTI Corporation) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2011.0112.2151.39168 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2011.0112.2151.39168 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2011.0112.2151.39168 - ATI) Hidden
CCC Help Chinese Standard (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Czech (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Danish (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Dutch (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help English (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Finnish (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help French (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help German (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Greek (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Hungarian (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Italian (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Japanese (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Korean (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Norwegian (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Polish (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Portuguese (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Russian (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Spanish (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Swedish (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Thai (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Turkish (Version: 2011.0112.2150.39168 - ATI) Hidden
ccc-core-static (Version: 2011.0112.2151.39168 - ATI) Hidden
ccc-utility (Version: 2011.0112.2151.39168 - ATI) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
HIDMon (HKLM\...\{7166D240-F1EE-4044-B0F3-F6AB1AF8AE72}) (Version: 1.4.0.0211 - eGalax_eMPIA Technology Inc.)
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 5.1.2 - Acer Inc.)
Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Security Client (Version: 4.3.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6302 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Speckie (HKLM\...\{C1A4F1E2-46E6-4EEE-B183-B10908BEF30F}) (Version: 5.9.1 - Versoworks)
USBKBTool 1.0.3.6  (HKLM\...\USBKBTool) (Version: 1.0.3.6 - )
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WMV9/VC-1 Video Playback (Version: 1.0.60112.2202 - ATI Technologies Inc.) Hidden

==================== Restore Points  =========================

01-04-2014 12:44:09 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:04 - 2014-01-31 09:20 - 00040113 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.egdating.net # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.realken.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups

There are 641 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {805F203D-E48E-42CE-AA7D-391CF77DAFC4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {829FF169-3EF0-4BF3-9792-36AA3CC1461B} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {92F49AEE-F1DE-4A29-B38F-AA6934F31DF8} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe

==================== Loaded Modules (whitelisted) =============

2011-02-04 04:12 - 2011-02-04 04:12 - 00086016 _____ () C:\Program Files\USBKBTool\SnxUsbDockingKB2267Srv.exe
2011-03-08 05:21 - 2011-02-21 22:01 - 00239696 _____ () C:\Program Files\Acer\Device Control\ADevCtrl.exe
2011-03-08 05:21 - 2011-02-21 22:01 - 00057424 _____ () C:\Program Files\Acer\Device Control\BrandDetection.dll
2011-03-03 17:00 - 2011-03-03 17:00 - 01081664 _____ () C:\Program Files\NTI\Acer Backup Manager\ACE.dll
2011-03-03 17:00 - 2011-03-03 17:00 - 00465640 _____ () C:\Program Files\NTI\Acer Backup Manager\sqlite3.dll
2011-05-06 07:18 - 2011-02-11 04:53 - 00114688 _____ () C:\Program Files\HIDMon\HIDMON.exe
2014-01-31 09:16 - 2014-01-31 09:16 - 00302961 _____ () C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
2011-03-08 06:24 - 2011-03-04 17:50 - 00008592 _____ () C:\Program Files\Acer\TouchApplicationSuite\TouchBrowser\TouchBrowserMui.dll
2011-03-03 17:00 - 2011-03-03 17:00 - 00125760 _____ () C:\Program Files\NTI\Acer Backup Manager\MailConverter32.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/31/2014 00:01:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: 011159~1.EXE, version: 7.1.107.0, time stamp: 0x51098160
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x4556454c
Faulting process id: 0x6bc
Faulting application start time: 0x011159~1.EXE0
Faulting application path: 011159~1.EXE1
Faulting module path: 011159~1.EXE2
Report Id: 011159~1.EXE3

Error: (03/31/2014 11:46:37 AM) (Source: Application Error) (User: )
Description: Faulting application name: 011159~1.EXE, version: 7.1.107.0, time stamp: 0x51098160
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x4556454c
Faulting process id: 0x6b4
Faulting application start time: 0x011159~1.EXE0
Faulting application path: 011159~1.EXE1
Faulting module path: 011159~1.EXE2
Report Id: 011159~1.EXE3

Error: (03/31/2014 03:40:29 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7600.17197 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c04

Start Time: 01cf4cb569172859

Termination Time: 140

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 187bfade-b8b0-11e3-9763-b27554390a2a

Error: (03/31/2014 02:46:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: 011159~1.EXE, version: 7.1.107.0, time stamp: 0x51098160
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x4556454c
Faulting process id: 0x71c
Faulting application start time: 0x011159~1.EXE0
Faulting application path: 011159~1.EXE1
Faulting module path: 011159~1.EXE2
Report Id: 011159~1.EXE3

Error: (03/31/2014 01:59:58 AM) (Source: Application Error) (User: )
Description: Faulting application name: 011159~1.EXE, version: 7.1.107.0, time stamp: 0x51098160
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x4556454c
Faulting process id: 0x6e8
Faulting application start time: 0x011159~1.EXE0
Faulting application path: 011159~1.EXE1
Faulting module path: 011159~1.EXE2
Report Id: 011159~1.EXE3

Error: (03/31/2014 01:09:14 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (03/29/2014 08:03:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/29/2014 08:03:35 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/29/2014 08:03:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/29/2014 09:02:06 AM) (Source: Application Error) (User: )
Description: Faulting application name: 011159~1.EXE, version: 7.1.107.0, time stamp: 0x51098160
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x4556454c
Faulting process id: 0x6dc
Faulting application start time: 0x011159~1.EXE0
Faulting application path: 011159~1.EXE1
Faulting module path: 011159~1.EXE2
Report Id: 011159~1.EXE3

System errors:
=============
Error: (04/01/2014 07:32:32 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (03/31/2014 00:02:46 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (03/31/2014 00:02:12 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (03/31/2014 00:02:12 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Application Installer Cleanup (0111591378393439) service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/31/2014 00:02:09 PM) (Source: Service Control Manager) (User: )
Description: The HOSTS Anti-PUPs service failed to start due to the following error:
%%1053

Error: (03/31/2014 00:02:09 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HOSTS Anti-PUPs service to connect.

Error: (03/31/2014 00:01:27 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:49:44 AM on ‎3/‎31/‎2014 was unexpected.

Error: (03/31/2014 11:47:32 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DsiWMIService service.

Error: (03/31/2014 11:47:03 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (03/31/2014 11:47:02 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Application Installer Cleanup (0111591378393439) service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (03/31/2014 00:01:49 PM) (Source: Application Error)(User: )
Description: 011159~1.EXE7.1.107.051098160unknown0.0.0.000000000c00000054556454c6bc01cf4d02dec4185eC:\Users\GWNet\AppData\Local\Temp\011159~1.EXEunknown25d315f1-b8f6-11e3-afd2-e069958b4f1c

Error: (03/31/2014 11:46:37 AM) (Source: Application Error)(User: )
Description: 011159~1.EXE7.1.107.051098160unknown0.0.0.000000000c00000054556454c6b401cf4d00bf3f6747C:\Users\GWNet\AppData\Local\Temp\011159~1.EXEunknown061da5b7-b8f4-11e3-b4bc-e069958b4f1c

Error: (03/31/2014 03:40:29 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.7600.17197c0401cf4cb569172859140C:\Program Files\Internet Explorer\iexplore.exe187bfade-b8b0-11e3-9763-b27554390a2a

Error: (03/31/2014 02:46:29 AM) (Source: Application Error)(User: )
Description: 011159~1.EXE7.1.107.051098160unknown0.0.0.000000000c00000054556454c71c01cf4cb54a606227C:\Users\GWNet\AppData\Local\Temp\011159~1.EXEunknown917a60e8-b8a8-11e3-9763-b27554390a2a

Error: (03/31/2014 01:59:58 AM) (Source: Application Error)(User: )
Description: 011159~1.EXE7.1.107.051098160unknown0.0.0.000000000c00000054556454c6e801cf4caecad4cc20C:\Users\GWNet\AppData\Local\Temp\011159~1.EXEunknown11da67ec-b8a2-11e3-87ad-a9ab4e81d32a

Error: (03/31/2014 01:09:14 AM) (Source: Windows Backup)(User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (03/29/2014 08:03:37 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\ASIX Electronics Corporation\AX88772B Windows 7 Drivers\64-bit\DPInst.exe

Error: (03/29/2014 08:03:35 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\NTI\acer backup manager\Migrate\OutlookMsgNet64.exe

Error: (03/29/2014 08:03:31 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\NTI\acer backup manager\OutlookMsgNet64.exe

Error: (03/29/2014 09:02:06 AM) (Source: Application Error)(User: )
Description: 011159~1.EXE7.1.107.051098160unknown0.0.0.000000000c00000054556454c6dc01cf4b576ee7f7b2C:\Users\GWNet\AppData\Local\Temp\011159~1.EXEunknownb5a7ab71-b74a-11e3-ae28-e069958b4f1c

CodeIntegrity Errors:
===================================
  Date: 2013-10-10 13:01:39.008
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-10 13:01:38.520
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-10 13:01:28.568
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-10 13:01:27.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-30 08:48:02.165
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-30 08:48:01.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-12 23:49:46.645
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\SET4077.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-12 23:49:46.625
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\SET4077.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-18 01:57:37.885
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-18 01:57:37.403
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 1641.9 MB
Available physical RAM: 654.87 MB
Total Pagefile: 2141.9 MB
Available Pagefile: 570.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:29.72 GB) (Free:7.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 30 GB) (Disk ID: AD8AA5A3)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

TDSS Killer:

 

10:53:45.0611 0x1180  TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
10:55:53.0438 0x1180  ============================================================
10:55:53.0438 0x1180  Current date / time: 2014/04/01 10:55:53.0438
10:55:53.0438 0x1180  SystemInfo:
10:55:53.0438 0x1180 
10:55:53.0438 0x1180  OS Version: 6.1.7600 ServicePack: 0.0
10:55:53.0438 0x1180  Product type: Workstation
10:55:53.0438 0x1180  ComputerName: GWNET-PC
10:55:53.0453 0x1180  UserName: GWNet
10:55:53.0453 0x1180  Windows directory: C:\Windows
10:55:53.0453 0x1180  System windows directory: C:\Windows
10:55:53.0453 0x1180  Processor architecture: Intel x86
10:55:53.0453 0x1180  Number of processors: 2
10:55:53.0453 0x1180  Page size: 0x1000
10:55:53.0469 0x1180  Boot type: Normal boot
10:55:53.0469 0x1180  ============================================================
10:55:55.0481 0x1180  KLMD registered as C:\Windows\system32\drivers\67448487.sys
10:55:56.0448 0x1180  System UUID: {E41625D2-BC05-0ED9-AB93-AD21A4B63502}
10:56:00.0021 0x1180  Drive \Device\Harddisk0\DR0 - Size: 0x7745D6000 (29.82 Gb), SectorSize: 0x200, Cylinders: 0xF34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:56:00.0036 0x1180  ============================================================
10:56:00.0036 0x1180  \Device\Harddisk0\DR0:
10:56:00.0036 0x1180  MBR partitions:
10:56:00.0036 0x1180  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:56:00.0036 0x1180  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3B706B0
10:56:00.0036 0x1180  ============================================================
10:56:00.0036 0x1180  C: <-> \Device\Harddisk0\DR0\Partition2
10:56:00.0036 0x1180  ============================================================
10:56:00.0036 0x1180  Initialize success
10:56:00.0036 0x1180  ============================================================
10:56:29.0661 0x14f0  ============================================================
10:56:29.0661 0x14f0  Scan started
10:56:29.0661 0x14f0  Mode: Manual;
10:56:29.0661 0x14f0  ============================================================
10:56:29.0661 0x14f0  KSN ping started
10:56:32.0734 0x14f0  KSN ping finished: true
10:56:32.0921 0x14f0  ================ Scan system memory ========================
10:56:32.0921 0x14f0  System memory - ok
10:56:32.0921 0x14f0  ================ Scan services =============================
10:56:32.0999 0x14f0  0111591378393439mcinstcleanup - ok
10:56:33.0124 0x14f0  [ 6D2ACA41739BFE8CB86EE8E85F29697D, 74A4F53C8309A8E5E94CDE4D440DD5308566185E6D8D98FD08E70A25BD728C91 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
10:56:33.0140 0x14f0  1394ohci - ok
10:56:33.0218 0x14f0  [ F0E07D144C8685B8774BC32FC8DA4DF0, 39816ED2623CA9ABE2B2EDCDB2F8481634742F00FEEF7E324F34D2BAAD668A67 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
10:56:33.0249 0x14f0  ACPI - ok
10:56:33.0265 0x14f0  [ 79D6B28027C398B728CE7CD0570248B0, 2BB31BFF659BA864D5C64170EF0B5C4A9A1DE5700DA42028A85847C91DCEE676 ] acpials         C:\Windows\system32\DRIVERS\acpials.sys
10:56:33.0265 0x14f0  acpials - ok
10:56:33.0296 0x14f0  [ 98D81CA942D19F7D9153B095162AC013, ACE5C073323176621F3312AA9B1EE1A3382F8CDD590D90DC57B34035FD6BC281 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
10:56:33.0296 0x14f0  AcpiPmi - ok
10:56:33.0358 0x14f0  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:56:33.0389 0x14f0  adp94xx - ok
10:56:33.0436 0x14f0  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:56:33.0467 0x14f0  adpahci - ok
10:56:33.0514 0x14f0  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:56:33.0530 0x14f0  adpu320 - ok
10:56:33.0577 0x14f0  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:56:33.0577 0x14f0  AeLookupSvc - ok
10:56:33.0639 0x14f0  [ 0DB7A48388D54D154EBEC120461A0FCD, 567B65F96ADE0E8252B7D8CE7F254CB8054C3AE4BC3577C394EFDEF8D8A61427 ] AFD             C:\Windows\system32\drivers\afd.sys
10:56:33.0670 0x14f0  AFD - ok
10:56:33.0686 0x14f0  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
10:56:33.0701 0x14f0  agp440 - ok
10:56:33.0733 0x14f0  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
10:56:33.0733 0x14f0  aic78xx - ok
10:56:33.0764 0x14f0  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
10:56:33.0764 0x14f0  ALG - ok
10:56:33.0795 0x14f0  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
10:56:33.0811 0x14f0  aliide - ok
10:56:33.0842 0x14f0  [ A918B0443EAC271ABE0284BA5A58C125, FBF6279CA076D3BF46AFD317347B05E03D93A712B898FF0B740DB6B35760A7FF ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:56:33.0857 0x14f0  AMD External Events Utility - ok
10:56:33.0889 0x14f0  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
10:56:33.0889 0x14f0  amdagp - ok
10:56:33.0904 0x14f0  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
10:56:33.0920 0x14f0  amdide - ok
10:56:33.0951 0x14f0  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:56:33.0951 0x14f0  AmdK8 - ok
10:56:34.0778 0x14f0  [ E55945478D9A7F652741AE88D0C71794, B9B625B9D18723EEA57754C9D760FAB40A3EB2474AC1C2B2487BC92C0DE6435C ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:56:35.0464 0x14f0  amdkmdag - ok
10:56:35.0558 0x14f0  [ CFB28043A973DBA2125451CE0FFCF7D9, 13A6B3EB25EBC77897B981714F4493C0A933500A89B9AEB6B3F8443F1690DD4B ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
10:56:35.0589 0x14f0  amdkmdap - ok
10:56:35.0620 0x14f0  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:56:35.0620 0x14f0  AmdPPM - ok
10:56:35.0651 0x14f0  [ 2101A86C25C154F8314B24EF49D7FBC2, E4C1326CF55850793B45B2BFDF361C4E98A07FB13E08BFD6DB50135489700998 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
10:56:35.0651 0x14f0  amdsata - ok
10:56:35.0683 0x14f0  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:56:35.0698 0x14f0  amdsbs - ok
10:56:35.0729 0x14f0  [ B81C2B5616F6420A9941EA093A92B150, DA2000C9E06533232F8716A6674BC9DFD5C3AAE1FC46F7A91B8E917DB913F42F ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
10:56:35.0729 0x14f0  amdxata - ok
10:56:35.0776 0x14f0  [ FEB834C02CE1E84B6A38F953CA067706, E5A7F8B632ABFBD1283C3D44FB02449814EDB653B204E1720DAA780A6D64FD01 ] AppID           C:\Windows\system32\drivers\appid.sys
10:56:35.0776 0x14f0  AppID - ok
10:56:35.0807 0x14f0  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:56:35.0807 0x14f0  AppIDSvc - ok
10:56:35.0839 0x14f0  [ 7DEAD9E3F65DCB2794F2711003BBF650, F541C30EEFD1BDB70F361B878B6E51DC728873695DD137148CE531FBACCDA21B ] Appinfo         C:\Windows\System32\appinfo.dll
10:56:35.0839 0x14f0  Appinfo - ok
10:56:35.0870 0x14f0  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:56:35.0870 0x14f0  arc - ok
10:56:35.0901 0x14f0  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:56:35.0917 0x14f0  arcsas - ok
10:56:35.0932 0x14f0  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:56:35.0948 0x14f0  AsyncMac - ok
10:56:35.0979 0x14f0  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
10:56:35.0979 0x14f0  atapi - ok
10:56:36.0010 0x14f0  AthBTPort - ok
10:56:36.0213 0x14f0  [ D3AD5858A58668C65FBF6EA436B3A8FF, 736249ADC047D44978A4BB3ABE1DA1831E6FC6270CF9E75190F5F56460CAD0D1 ] athr            C:\Windows\system32\DRIVERS\athr.sys
10:56:36.0369 0x14f0  athr - ok
10:56:36.0416 0x14f0  [ 95B1E9804CA10D096C0383F7C6684950, 22891AE96904B94D61465E011C655FD75F3AA71CAB871716E8341168D852DEA9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
10:56:36.0431 0x14f0  AtiHDAudioService - ok
10:56:36.0509 0x14f0  [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:56:36.0541 0x14f0  AudioEndpointBuilder - ok
10:56:36.0603 0x14f0  [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] Audiosrv        C:\Windows\System32\Audiosrv.dll
10:56:36.0650 0x14f0  Audiosrv - ok
10:56:36.0681 0x14f0  [ 2C795DB1B509279AC18FE9E5635E3313, 44F51654F144DFC7A350A3914F1A19B537DB09B9D8BC5BA74584356786B43EA2 ] AX88772B        C:\Windows\system32\DRIVERS\ax88772b.sys
10:56:36.0681 0x14f0  AX88772B - ok
10:56:36.0712 0x14f0  [ DD6A431B43E34B91A767D1CE33728175, 8BFF6474C9DFBEC96FA7B2789EF9B17C7910B52DBCF70CDA1F0C698CFA5EFB6E ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:56:36.0712 0x14f0  AxInstSV - ok
10:56:36.0775 0x14f0  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
10:56:36.0821 0x14f0  b06bdrv - ok
10:56:36.0868 0x14f0  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
10:56:36.0884 0x14f0  b57nd60x - ok
10:56:36.0931 0x14f0  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
10:56:36.0931 0x14f0  BDESVC - ok
10:56:36.0962 0x14f0  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:56:36.0962 0x14f0  Beep - ok
10:56:37.0024 0x14f0  [ 85AC71C045CEB054ED48A7841AAE0C11, BA0C0CC50E5C49838116AC9A12A7CF1A683601FD08D3CF6EC06620C51C0806FF ] BFE             C:\Windows\System32\bfe.dll
10:56:37.0071 0x14f0  BFE - ok
10:56:37.0149 0x14f0  [ 53F476476F55A27F580661BDE09C4EC4, 90DFBF97F011CFF41D2CFA2E33978BC746A7E693AC75EED1436130C4F10B4E67 ] BITS            C:\Windows\System32\qmgr.dll
10:56:37.0211 0x14f0  BITS - ok
10:56:37.0243 0x14f0  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:56:37.0243 0x14f0  blbdrive - ok
10:56:37.0258 0x14f0  [ 9A5C671B7FBAE4865149BB11F59B91B2, BE1D5901CB8EF20E34F711D6451BDFBCA4BD65AFAD6028964C5CE1673D94FBAD ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:56:37.0274 0x14f0  bowser - ok
10:56:37.0289 0x14f0  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:56:37.0305 0x14f0  BrFiltLo - ok
10:56:37.0336 0x14f0  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:56:37.0336 0x14f0  BrFiltUp - ok
10:56:37.0383 0x14f0  [ A0E691DC6589D4D2CBE373171D1A49E5, 66BAED3EF7AFE0FB4304FC97ABE2BB106ADE1A956F89DCB52E70F30239461D05 ] Browser         C:\Windows\System32\browser.dll
10:56:37.0399 0x14f0  Browser - ok
10:56:37.0445 0x14f0  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:56:37.0461 0x14f0  Brserid - ok
10:56:37.0492 0x14f0  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:56:37.0508 0x14f0  BrSerWdm - ok
10:56:37.0539 0x14f0  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:56:37.0539 0x14f0  BrUsbMdm - ok
10:56:37.0570 0x14f0  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:56:37.0570 0x14f0  BrUsbSer - ok
10:56:37.0601 0x14f0  [ 664E7861A289E1BBF75BE2D6B02BE40F, C037FD5C099F623F8A86E6900BFB184C04589D292EBE70728E141B77EF84B306 ] BST             C:\Windows\system32\DRIVERS\bma150.sys
10:56:37.0601 0x14f0  BST - ok
10:56:37.0617 0x14f0  BTATH_A2DP - ok
10:56:37.0679 0x14f0  BTATH_BUS - ok
10:56:37.0695 0x14f0  BTATH_HCRP - ok
10:56:37.0726 0x14f0  BTATH_LWFLT - ok
10:56:37.0757 0x14f0  BTATH_RCP - ok
10:56:37.0789 0x14f0  BtFilter - ok
10:56:37.0804 0x14f0  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
10:56:37.0820 0x14f0  BthEnum - ok
10:56:37.0851 0x14f0  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:56:37.0851 0x14f0  BTHMODEM - ok
10:56:37.0882 0x14f0  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
10:56:37.0898 0x14f0  BthPan - ok
10:56:37.0960 0x14f0  [ 04CEDA17A195924070B01174CB1F9AF8, 01095271F02B5C95F32C08812F2557CCFECBBC4EBAB56C91AFC9B367C717DF15 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
10:56:37.0991 0x14f0  BTHPORT - ok
10:56:38.0038 0x14f0  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
10:56:38.0038 0x14f0  bthserv - ok
10:56:38.0069 0x14f0  [ 80E6384BEEC03B8BD45EDEA29802D657, FBFCC6FE940AFD522D781B054AA24668B2C6DBFAAC0FC754FDBBC8230AAAE682 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
10:56:38.0085 0x14f0  BTHUSB - ok
10:56:38.0116 0x14f0  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:56:38.0116 0x14f0  cdfs - ok
10:56:38.0147 0x14f0  [ BA6E70AA0E6091BC39DE29477D866A77, A17A68BDA46995F75FB1C2C593A81CD3B2BFE290CEAA45FA2380DDF5537A23C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:56:38.0163 0x14f0  cdrom - ok
10:56:38.0194 0x14f0  [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] CertPropSvc     C:\Windows\System32\certprop.dll
10:56:38.0210 0x14f0  CertPropSvc - ok
10:56:38.0241 0x14f0  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:56:38.0241 0x14f0  circlass - ok
10:56:38.0288 0x14f0  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
10:56:38.0319 0x14f0  CLFS - ok
10:56:38.0366 0x14f0  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:56:38.0381 0x14f0  clr_optimization_v2.0.50727_32 - ok
10:56:38.0428 0x14f0  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:56:38.0444 0x14f0  clr_optimization_v4.0.30319_32 - ok
10:56:38.0459 0x14f0  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:56:38.0475 0x14f0  CmBatt - ok
10:56:38.0491 0x14f0  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
10:56:38.0491 0x14f0  cmdide - ok
10:56:38.0569 0x14f0  [ DB5E008B3744DD60C8498CBBF2A1CFA6, 1D851BF2433A953B32438A911D194C9DB42A52CD6E8DA296CA3C8DD2CCA83381 ] CNG             C:\Windows\system32\Drivers\cng.sys
10:56:38.0600 0x14f0  CNG - ok
10:56:38.0615 0x14f0  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:56:38.0631 0x14f0  Compbatt - ok
10:56:38.0647 0x14f0  [ F1724BA27E97D627F808FB0BA77A28A6, F7D69082EEFEC0FB8B309F6AEE282D4A5DFC1A40851ED65904AA9582C5DEA5AB ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
10:56:38.0662 0x14f0  CompositeBus - ok
10:56:38.0693 0x14f0  COMSysApp - ok
10:56:38.0725 0x14f0  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:56:38.0725 0x14f0  crcdisk - ok
10:56:38.0771 0x14f0  [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED, 579D206CF49FB78C2D9BA29A9C57489B7875242EB618019CB7B8D336C70A09E6 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:56:38.0818 0x14f0  CryptSvc - ok
10:56:38.0896 0x14f0  [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:56:38.0943 0x14f0  DcomLaunch - ok
10:56:38.0974 0x14f0  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
10:56:39.0005 0x14f0  defragsvc - ok
10:56:39.0037 0x14f0  [ 83D1ECEA8FAAE75604C0FA49AC7AD996, 0EB4F374CB91AFF12ABC7EFC7858BDB6E58B50FCE0ADA1711F90FF592059DA40 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:56:39.0052 0x14f0  DfsC - ok
10:56:39.0099 0x14f0  [ C56495FBD770712367CAD35E5DE72DA6, 9D5456A2E208F542F0B6C951EFCABA2A10919777C4287D7298A28F543D5BAC32 ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:56:39.0130 0x14f0  Dhcp - ok
10:56:39.0161 0x14f0  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
10:56:39.0161 0x14f0  discache - ok
10:56:39.0193 0x14f0  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:56:39.0193 0x14f0  Disk - ok
10:56:39.0239 0x14f0  [ B15BE77A2BACF9C3177D27518AFE26A9, FBF02038C2EC0262B401FCBD348C48DF184AD76E95643E3D6ED32C02E90D8FC9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:56:39.0255 0x14f0  Dnscache - ok
10:56:39.0333 0x14f0  [ 4408C85C21EEA48EB0CE486BAEEF0502, 67EA726F4053665D94D7790EC89616EA0698A7548073A9211E3F75937B4384BE ] dot3svc         C:\Windows\System32\dot3svc.dll
10:56:39.0349 0x14f0  dot3svc - ok
10:56:39.0380 0x14f0  [ 7FA81C6E11CAA594ADB52084DA73A1E5, 9ED1C585D9CA091E75E4A2A1E5B923B104EBDC5FC9D12154DE909C583E4D0CAE ] DPS             C:\Windows\system32\dps.dll
10:56:39.0411 0x14f0  DPS - ok
10:56:39.0427 0x14f0  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:56:39.0427 0x14f0  drmkaud - ok
10:56:39.0473 0x14f0  [ F160BB4D95A030CBE324ADF632CB6BDC, 5F902F6748BD229EBDB7CB0AB2C9C8A354A516A669C18CB03C8B17C6DA2CEB6C ] DsiDeviceControlService C:\Program Files\Acer\Device Control\DeviceCtrlSvc.exe
10:56:39.0489 0x14f0  DsiDeviceControlService - ok
10:56:39.0536 0x14f0  [ 3083EFB8BAFEF49CC7C73ACA9EBDF185, 4D71A79C9310701062C34007133887CA324A15DE1A8877015041BDC0C03EEEB9 ] DsiWMIService   C:\Program Files\Launch Manager\dsiwmis.exe
10:56:39.0583 0x14f0  DsiWMIService - ok
10:56:39.0692 0x14f0  [ 1679A4669326CB1A67CC95658D273234, 57429EC10744956635CAE0742320D7C03B3EEA0CB1F5769AEF21C054C0B5E498 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:56:39.0754 0x14f0  DXGKrnl - ok
10:56:39.0801 0x14f0  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
10:56:39.0817 0x14f0  EapHost - ok
10:56:40.0144 0x14f0  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
10:56:40.0394 0x14f0  ebdrv - ok
10:56:40.0456 0x14f0  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] EFS             C:\Windows\System32\lsass.exe
10:56:40.0472 0x14f0  EFS - ok
10:56:40.0534 0x14f0  [ 1697C39978CD69F6FBC15302EDCECE1F, E496FAE102EE33EBD35AC745E8647976DB9F91EF78E54EB962FF2D04D45B561A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:56:40.0581 0x14f0  ehRecvr - ok
10:56:40.0597 0x14f0  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
10:56:40.0612 0x14f0  ehSched - ok
10:56:40.0675 0x14f0  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:56:40.0721 0x14f0  elxstor - ok
10:56:40.0831 0x14f0  [ 884EFD5C5586AF9233B76132EDE51905, 86D96A41C896D0E9C50BAAEF9E400BA8C7FC57B4C742B1170B2A1965799C35F3 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
10:56:40.0893 0x14f0  ePowerSvc - ok
10:56:40.0924 0x14f0  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
10:56:40.0924 0x14f0  ErrDev - ok
10:56:41.0002 0x14f0  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
10:56:41.0033 0x14f0  EventSystem - ok
10:56:41.0065 0x14f0  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
10:56:41.0080 0x14f0  exfat - ok
10:56:41.0127 0x14f0  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:56:41.0143 0x14f0  fastfat - ok
10:56:41.0205 0x14f0  [ F7EA23CC5E6BF2181F3F399D54F6EFC1, 4659A2EDC5D5171668FB20BED7B56466A674876888519D6F524F7456EBD11263 ] Fax             C:\Windows\system32\fxssvc.exe
10:56:41.0236 0x14f0  Fax - ok
10:56:41.0267 0x14f0  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:56:41.0267 0x14f0  fdc - ok
10:56:41.0283 0x14f0  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
10:56:41.0299 0x14f0  fdPHost - ok
10:56:41.0314 0x14f0  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:56:41.0345 0x14f0  FDResPub - ok
10:56:41.0377 0x14f0  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:56:41.0377 0x14f0  FileInfo - ok
10:56:41.0408 0x14f0  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:56:41.0408 0x14f0  Filetrace - ok
10:56:41.0455 0x14f0  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:56:41.0455 0x14f0  flpydisk - ok
10:56:41.0486 0x14f0  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:56:41.0501 0x14f0  FltMgr - ok
10:56:41.0595 0x14f0  [ 7FE4995528A7529A761875151EE3D512, 63F062A8E6AA9AEF39A46E94ADD548C72B4E21C1090DE9CBDCFB3F4489637BAF ] FontCache       C:\Windows\system32\FntCache.dll
10:56:41.0673 0x14f0  FontCache - ok
10:56:41.0689 0x14f0  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:56:41.0704 0x14f0  FontCache3.0.0.0 - ok
10:56:41.0720 0x14f0  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:56:41.0720 0x14f0  FsDepends - ok
10:56:41.0751 0x14f0  [ 500A9814FD9446A8126858A5A7F7D273, FB9607A43B8DDA87A449A3BFEBDC035F00BA7B5D9CC56AD5F310732A38F56A46 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:56:41.0751 0x14f0  Fs_Rec - ok
10:56:41.0813 0x14f0  [ DAFBD9FE39197495AED6D51F3B85B5D2, 41FDBF786DF833D42CC20A326BA49417AAF100BE230E432EDF825182E1A55250 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:56:41.0829 0x14f0  fvevol - ok
10:56:41.0860 0x14f0  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:56:41.0860 0x14f0  gagp30kx - ok
10:56:41.0876 0x14f0  [ 483924F92E55A5F9423201EC635E2CED, FEDAC3616709F081A0FA48E2BF521CBCC35E11E523EBADDEACA7308AD14338B3 ] gfibto          C:\Windows\system32\drivers\gfibto.sys
10:56:41.0891 0x14f0  gfibto - ok
10:56:41.0969 0x14f0  [ 8BA3C04702BF8F927AB36AE8313CA4EE, 3B6460C8134AA9D6E4FB978201B35FE9B67DD5BBB6C8D9625F3097DDA30C2893 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:56:42.0032 0x14f0  gpsvc - ok
10:56:42.0047 0x14f0  [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService     C:\Program Files\Acer\Registration\GREGsvc.exe
10:56:42.0063 0x14f0  GREGService - ok
10:56:42.0079 0x14f0  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:56:42.0079 0x14f0  hcw85cir - ok
10:56:42.0125 0x14f0  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F, 6706B8AD211A4B89B6571ACD227412026EAD87D71456B3EC6E7DD8FA15B997BE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:56:42.0157 0x14f0  HdAudAddService - ok
10:56:42.0188 0x14f0  [ 717A2207FD6F13AD3E664C7D5A43C7BF, BF28A6F00B64FA0E801493E3289CFFD5E313E724DF7B5AB521C9E37A20890DCF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:56:42.0203 0x14f0  HDAudBus - ok
10:56:42.0235 0x14f0  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:56:42.0235 0x14f0  HidBatt - ok
10:56:42.0281 0x14f0  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:56:42.0281 0x14f0  HidBth - ok
10:56:42.0344 0x14f0  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:56:42.0344 0x14f0  HidIr - ok
10:56:42.0375 0x14f0  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
10:56:42.0391 0x14f0  hidserv - ok
10:56:42.0406 0x14f0  [ 25072FB35AC90B25F9E4E3BACF774102, EBCE089947CC5A251A517CB91E81FCB948B18405FBACA04C874D4A48AF88676D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:56:42.0422 0x14f0  HidUsb - ok
10:56:42.0453 0x14f0  [ 741C2A45CA8407E374AABA3E330B7872, FCF31C46297CFDF8240F0E783A61C8463FEDB1EF7A676AB89DFF0EAE9F3534B4 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:56:42.0469 0x14f0  hkmsvc - ok
10:56:42.0515 0x14f0  [ A768CA158BB06782A2835B907F4873C3, EFF736C6BA38FB8FC8807286AB273E7274F505E8E59D952E8563DF77C412C5AE ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:56:42.0547 0x14f0  HomeGroupListener - ok
10:56:42.0593 0x14f0  [ FB08DEC5EF43D0C66D83B8E9694E7549, 9C9ECE9E90F524791FC5DCE797BAE39605F966592126FF058BA3FA0BEFD07BEB ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:56:42.0625 0x14f0  HomeGroupProvider - ok
10:56:42.0640 0x14f0  HOSTS Anti-PUPs - ok
10:56:42.0671 0x14f0  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
10:56:42.0687 0x14f0  HpSAMD - ok
10:56:42.0749 0x14f0  [ C531C7FD9E8B62021112787C4E2C5A5A, 09205E2A5BFB6C623B312B8AC82F7F7CA8A922B1D9A0E3952BD3BA47BBE1F18C ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:56:42.0796 0x14f0  HTTP - ok
10:56:42.0827 0x14f0  [ 8305F33CDE89AD6C7A0763ED0B5A8D42, A7CA4978DC1FF6105EA39124DF854F0B1FD478476B871ED0E018AF3AE2165282 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:56:42.0827 0x14f0  hwpolicy - ok
10:56:42.0874 0x14f0  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:56:42.0874 0x14f0  i8042prt - ok
10:56:42.0937 0x14f0  [ 934AF4D7C5F457B9F0743F4299B77B67, F232554352BB7CD716D6173FC1AB2661E49480994BB22E9A6FE7A33B51F0A51B ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
10:56:42.0968 0x14f0  iaStorV - ok
10:56:43.0061 0x14f0  [ 5AF815EB5BC9802E5A064E2BA62BFC0C, DC8CED05F623D30C57E8A7A382A219B4266C9C766ABF8A8D71783EACB8607B82 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:56:43.0139 0x14f0  idsvc - ok
10:56:43.0171 0x14f0  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:56:43.0171 0x14f0  iirsp - ok
10:56:43.0249 0x14f0  [ FAC0EE6562B121B1399D6E855583F7A5, 034C9EE9232EB2CE64297EC4BCBEB5DA443ED9176C436CC754EF84FFB4AD4B08 ] IKEEXT          C:\Windows\System32\ikeext.dll
10:56:43.0311 0x14f0  IKEEXT - ok
10:56:43.0670 0x14f0  [ 0859200F021BA9C30B270D8397555605, 73AD7FF37F2CDA04E812C87A1ACE88B65C2B8D28C2219B40BF7FD676C43338E2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
10:56:44.0075 0x14f0  IntcAzAudAddService - ok
10:56:44.0185 0x14f0  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
10:56:44.0185 0x14f0  intelide - ok
10:56:44.0216 0x14f0  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:56:44.0216 0x14f0  intelppm - ok
10:56:44.0247 0x14f0  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:56:44.0263 0x14f0  IPBusEnum - ok
10:56:44.0294 0x14f0  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:56:44.0309 0x14f0  IpFilterDriver - ok
10:56:44.0372 0x14f0  [ 477397B432A256A50EE7E4339EB9EA14, 3722938E69D16962F773F39669E9B90279DC9527BBC63564B33C89DAFD283497 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:56:44.0419 0x14f0  iphlpsvc - ok
10:56:44.0465 0x14f0  [ E4454B6C37D7FFD5649611F6496308A7, 5B2AA8C06076C9A1FF944E5EA07C29BA7FABEBB38E6BFB388ED46933EAC465FB ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:56:44.0465 0x14f0  IPMIDRV - ok
10:56:44.0497 0x14f0  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:56:44.0512 0x14f0  IPNAT - ok
10:56:44.0528 0x14f0  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:56:44.0528 0x14f0  IRENUM - ok
10:56:44.0575 0x14f0  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
10:56:44.0575 0x14f0  isapnp - ok
10:56:44.0621 0x14f0  [ ED46C223AE46C6866AB77CDC41C404B7, 1B2A4A3FF0E5F8F02717F20983D57612D62DFF809064A7E524700E7254BB7DB3 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
10:56:44.0637 0x14f0  iScsiPrt - ok
10:56:44.0653 0x14f0  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:56:44.0668 0x14f0  kbdclass - ok
10:56:44.0699 0x14f0  [ 3D9F0EBF350EDCFD6498057301455964, B3CB5F0C045B06C86E683F3C67DC0D4E37AF16E20B189B05C926A5A7011438FB ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:56:44.0699 0x14f0  kbdhid - ok
10:56:44.0715 0x14f0  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] KeyIso          C:\Windows\system32\lsass.exe
10:56:44.0731 0x14f0  KeyIso - ok
10:56:44.0762 0x14f0  [ 52FC17C8589F11747D01D3CF592673D0, 0D432F14DF6A0964947FADF4AFBCC195946A68230DC17FA610CC000BB0C921A7 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:56:44.0777 0x14f0  KSecDD - ok
10:56:44.0809 0x14f0  [ 3E5474B03568CFAB834DA3C38E8C9EFA, 1223B99AD86905C34BC95C61DA894F36567F4A23EA7E32E955133C5B2FD558DB ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:56:44.0824 0x14f0  KSecPkg - ok
10:56:44.0871 0x14f0  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:56:44.0902 0x14f0  KtmRm - ok
10:56:44.0965 0x14f0  [ 8F6BF790D3168224C16F2AF68A84438C, CEEA0E38B746163A4110E157DAB50CC35A689A5BBC9B3691F2B9D3AE49B0D95E ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:56:44.0980 0x14f0  LanmanServer - ok
10:56:45.0011 0x14f0  [ B9891F885DCF1F0513A51CB58493CB1F, C883D243E1E7B7AEA031FB90FE4FCEED631F835DC95F9D9D60BC554E6EC358C2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:56:45.0027 0x14f0  LanmanWorkstation - ok
10:56:45.0074 0x14f0  [ 6BCEE9C766815BFFF89DE7D81AF34CE1, E10B9EFAF5D1E6596CFC7E3C9D5C3904EC8E82B16133B59BBC636F5E4D0AEB7F ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
10:56:45.0105 0x14f0  Live Updater Service - ok
10:56:45.0152 0x14f0  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:56:45.0152 0x14f0  lltdio - ok
10:56:45.0183 0x14f0  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:56:45.0214 0x14f0  lltdsvc - ok
10:56:45.0230 0x14f0  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:56:45.0245 0x14f0  lmhosts - ok
10:56:45.0292 0x14f0  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:56:45.0292 0x14f0  LSI_FC - ok
10:56:45.0323 0x14f0  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:56:45.0339 0x14f0  LSI_SAS - ok
10:56:45.0370 0x14f0  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:56:45.0386 0x14f0  LSI_SAS2 - ok
10:56:45.0433 0x14f0  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:56:45.0433 0x14f0  LSI_SCSI - ok
10:56:45.0479 0x14f0  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
10:56:45.0479 0x14f0  luafv - ok
10:56:45.0526 0x14f0  [ E2B0887816ED336685954E3D8FDAA51D, 4DCB08ADC6A89DCA68D1285734B283B567888EF72249F6BBA73A63D1BD462466 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:56:45.0542 0x14f0  Mcx2Svc - ok
10:56:45.0573 0x14f0  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:56:45.0573 0x14f0  megasas - ok
10:56:45.0620 0x14f0  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:56:45.0635 0x14f0  MegaSR - ok
10:56:45.0667 0x14f0  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
10:56:45.0682 0x14f0  MMCSS - ok
10:56:45.0698 0x14f0  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
10:56:45.0713 0x14f0  Modem - ok
10:56:45.0745 0x14f0  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:56:45.0760 0x14f0  monitor - ok
10:56:45.0776 0x14f0  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:56:45.0791 0x14f0  mouclass - ok
10:56:45.0807 0x14f0  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:56:45.0823 0x14f0  mouhid - ok
10:56:45.0838 0x14f0  [ 921C18727C5920D6C0300736646931C2, 19ACE502982E9C5B0134676102EAEE96675C9CA237E410DB36C389D6B4078301 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:56:45.0854 0x14f0  mountmgr - ok
10:56:45.0901 0x14f0  [ 24406D75B40F0F6B3C1AC7031D734565, B58AA80E9C3738CFD826D7C8129D5467166A4397CCFEEEF7F14542DEBB659A51 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
10:56:45.0916 0x14f0  MpFilter - ok
10:56:45.0947 0x14f0  [ 2AF5997438C55FB79D33D015C30E1974, E8F048A02FEB400C133D0BFC1659921E73B59549E3F7D2A13929901B87A1901F ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
10:56:45.0963 0x14f0  mpio - ok
10:56:45.0994 0x14f0  [ 65C34426C83EFA32D48380A97717997B, CD7EB6BFBB0BE382BA21055460D9A72323F09AF3194A22D8EDB28D5DB3BAE8E7 ] MpKsl01dd329a   c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{137C231D-1A67-4CA3-BFFE-BD44CA88BB04}\MpKsl01dd329a.sys
10:56:45.0994 0x14f0  MpKsl01dd329a - ok
10:56:46.0025 0x14f0  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:56:46.0025 0x14f0  mpsdrv - ok
10:56:46.0103 0x14f0  [ 5CD996CECF45CBC3E8D109C86B82D69E, ABE40DA4DA555D3D5054BE28BF82E775D90DCB9E31409DC95FABF2F016B17700 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:56:46.0166 0x14f0  MpsSvc - ok
10:56:46.0197 0x14f0  [ B1BE47008D20E43DA3ADC37C24CDB89D, 6E8555E84B42E5098227B35EA5ABADF2CD3AC247B37CB9E9304FF67064EBE59B ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:56:46.0244 0x14f0  MRxDAV - ok
10:56:46.0275 0x14f0  [ CA7570E42522E24324A12161DB14EC02, E4DA5EDC7CBCC9E601543071A49347A0AA3EB4EAC205E342A1F2768FD785D08F ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:56:46.0275 0x14f0  mrxsmb - ok
10:56:46.0322 0x14f0  [ F965C3AB2B2AE5C378F4562486E35051, 5FFDD5531B98FF0EA19A901C4EE1CE6043C245A4BE5533A495E331B5834D696B ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:56:46.0353 0x14f0  mrxsmb10 - ok
10:56:46.0369 0x14f0  [ 25C38264A3C72594DD21D355D70D7A5D, DCEF2DEBB1859FED6FC7A19D13A841B6B6CA10577E12F116D0EB2D2B8C72A4A1 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:56:46.0384 0x14f0  mrxsmb20 - ok
10:56:46.0400 0x14f0  [ 4326D168944123F38DD3B2D9C37A0B12, 322AE93418BE3BA6B3E11C86431EC3F4B23CADC3B968B92978A08A7C0D0D8902 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
10:56:46.0415 0x14f0  msahci - ok
10:56:46.0447 0x14f0  [ 455029C7174A2DBB03DBA8A0D8BDDD9A, 614D71978B024109ADD9A7A74F74ABD5FAA1C36A2E859AF288398EAE7CD76DF2 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
10:56:46.0462 0x14f0  msdsm - ok
10:56:46.0478 0x14f0  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
10:56:46.0509 0x14f0  MSDTC - ok
10:56:46.0556 0x14f0  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:56:46.0556 0x14f0  Msfs - ok
10:56:46.0587 0x14f0  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:56:46.0587 0x14f0  mshidkmdf - ok
10:56:46.0603 0x14f0  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
10:56:46.0603 0x14f0  msisadrv - ok
10:56:46.0634 0x14f0  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:56:46.0649 0x14f0  MSiSCSI - ok
10:56:46.0681 0x14f0  msiserver - ok
10:56:46.0696 0x14f0  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:56:46.0696 0x14f0  MSKSSRV - ok
10:56:46.0727 0x14f0  [ 3EA6A1A744D79328AE7E2C6FAE4C4420, CB4F8F744B454FCC16D4C0D28126BC31B1B5C9F9FB5DAE3152D9B3B7F4165523 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:56:46.0727 0x14f0  MsMpSvc - ok
10:56:46.0743 0x14f0  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:56:46.0759 0x14f0  MSPCLOCK - ok
10:56:46.0805 0x14f0  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:56:46.0805 0x14f0  MSPQM - ok
10:56:46.0837 0x14f0  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:56:46.0852 0x14f0  MsRPC - ok
10:56:46.0899 0x14f0  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
10:56:46.0899 0x14f0  mssmbios - ok
10:56:46.0946 0x14f0  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:56:46.0946 0x14f0  MSTEE - ok
10:56:46.0977 0x14f0  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:56:46.0977 0x14f0  MTConfig - ok
10:56:47.0039 0x14f0  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:56:47.0055 0x14f0  Mup - ok
10:56:47.0102 0x14f0  [ 80284F1985C70C86F0B5F86DA2DFE1DF, 424A5BBC28C72DA0DBABEB9E423B8C409754CD1BA3DFC9E174BF22D8BCE1BE63 ] napagent        C:\Windows\system32\qagentRT.dll
10:56:47.0133 0x14f0  napagent - ok
10:56:47.0211 0x14f0  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:56:47.0227 0x14f0  NativeWifiP - ok
10:56:47.0336 0x14f0  [ 23759D175A0A9BAAF04D05047BC135A8, 2C8C553B4E1ED3A644F619F16BCEDD5A3C6D74A17E6E75A3E740E06B1D636348 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:56:47.0398 0x14f0  NDIS - ok
10:56:47.0429 0x14f0  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:56:47.0429 0x14f0  NdisCap - ok
10:56:47.0445 0x14f0  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:56:47.0461 0x14f0  NdisTapi - ok
10:56:47.0476 0x14f0  [ B30AE7F2B6D7E343B0DF32E6C08FCE75, 39BBBF7AF886732CB9ED3E6C06DA4318554089F3BEA74C74328FE1C6EF68E70B ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:56:47.0492 0x14f0  Ndisuio - ok
10:56:47.0523 0x14f0  [ 267C415EADCBE53C9CA873DEE39CF3A4, BAA8626BDA7B68176B19A99FBBD40FB2A774C8F44B56F9FFB99A1F5C16A1C555 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:56:47.0523 0x14f0  NdisWan - ok
10:56:47.0554 0x14f0  [ AF7E7C63DCEF3F8772726F86039D6EB4, 1CFDED48E8844138864786DBF9D5519162A6DB28F885A781934E8AFBD52EAC50 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:56:47.0570 0x14f0  NDProxy - ok
10:56:47.0585 0x14f0  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:56:47.0601 0x14f0  NetBIOS - ok
10:56:47.0632 0x14f0  [ DD52A733BF4CA5AF84562A5E2F963B91, 5CEB9664CED3D120F5408A12035748728710D41090A289CF66023CED4C838A1F ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:56:47.0648 0x14f0  NetBT - ok
10:56:47.0679 0x14f0  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] Netlogon        C:\Windows\system32\lsass.exe
10:56:47.0695 0x14f0  Netlogon - ok
10:56:47.0741 0x14f0  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
10:56:47.0773 0x14f0  Netman - ok
10:56:47.0819 0x14f0  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
10:56:47.0866 0x14f0  netprofm - ok
10:56:47.0897 0x14f0  [ FE2AA5A684B0DD9B1FAE57B7817C198B, 59137B15AD038C31BEB909EC11019E08C072DD7EE611B9618B7523880453BD4F ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:56:47.0913 0x14f0  NetTcpPortSharing - ok
10:56:47.0929 0x14f0  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:56:47.0944 0x14f0  nfrd960 - ok
10:56:47.0960 0x14f0  [ C58DB40E4C95BE8EE727BE872BE6383F, D64AFF36EAA058880E7144E9BB122C01302DB6783DB725CD3810DDDA47336C0F ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:56:47.0991 0x14f0  NisDrv - ok
10:56:48.0022 0x14f0  [ C5BC0144F8FF164425B197CB78620B5F, FC016ED16F9C1F52B6E6961FBE552126D4EDC48F62DC8DA9D3AE7F05808400D5 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
10:56:48.0053 0x14f0  NisSrv - ok
10:56:48.0100 0x14f0  [ 2226496E34BD40734946A054B1CD657F, 98392D98C9213822268971432BB55047ABD8B4EBD42483FA69BF50FB8FAD64A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:56:48.0131 0x14f0  NlaSvc - ok
10:56:48.0163 0x14f0  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:56:48.0163 0x14f0  Npfs - ok
10:56:48.0194 0x14f0  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
10:56:48.0194 0x14f0  nsi - ok
10:56:48.0209 0x14f0  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:56:48.0225 0x14f0  nsiproxy - ok
10:56:48.0365 0x14f0  [ 5126C5402C730C2A953275D8497A4715, 9F841655271ED2ACCA62C966C02CF1BFD957656264358598A113BF8900D84411 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:56:48.0490 0x14f0  Ntfs - ok
10:56:48.0537 0x14f0  [ E6E8446402ACABDAADCB08A60BF5E280, 740DD34B72177B0682FCBAD7223977B7FBEE3E3A99DCC3DBCD293C86DF2F93DF ] NTI IScheduleSvc C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe
10:56:48.0553 0x14f0  NTI IScheduleSvc - ok
10:56:48.0584 0x14f0  [ 6DCAA65F49EF3B97A5CFFC0CB5DE1C2F, 97CE08B0797A6A13567B49A2AD9BE95C019E3F199857823005F68702CD6A5B08 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
10:56:48.0584 0x14f0  NTIDrvr - ok
10:56:48.0599 0x14f0  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
10:56:48.0599 0x14f0  Null - ok
10:56:48.0631 0x14f0  [ 3F3D04B1D08D43C16EA7963954EC768D, BA82C1D3D9F4AA5F1C9729D61D4E06DB961FDF2B1E9B483D29DB308204DF0754 ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
10:56:48.0646 0x14f0  nvraid - ok
10:56:48.0677 0x14f0  [ C99F251A5DE63C6F129CF71933ACED0F, 24D48A5F5D699AB0DD4D4435F8F7C6B73A924AEF8F9D1170FD644E26499546A2 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
10:56:48.0693 0x14f0  nvstor - ok
10:56:48.0724 0x14f0  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
10:56:48.0740 0x14f0  nv_agp - ok
10:56:48.0771 0x14f0  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
10:56:48.0771 0x14f0  ohci1394 - ok
10:56:48.0802 0x14f0  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:56:48.0802 0x14f0  ose - ok
10:56:48.0849 0x14f0  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:56:48.0880 0x14f0  p2pimsvc - ok
10:56:48.0943 0x14f0  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:56:48.0974 0x14f0  p2psvc - ok
10:56:48.0989 0x14f0  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:56:49.0052 0x14f0  Parport - ok
10:56:49.0083 0x14f0  [ 66D3415C159741ADE7038A277EFFF99F, D9853845FE495A546328986718074373EAB0F59538CFE7E604B1A94C8CBE7140 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:56:49.0083 0x14f0  partmgr - ok
10:56:49.0114 0x14f0  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
10:56:49.0114 0x14f0  Parvdm - ok
10:56:49.0161 0x14f0  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:56:49.0177 0x14f0  PcaSvc - ok
10:56:49.0208 0x14f0  [ C858CB77C577780ECC456A892E7E7D0F, 21AE545B736739DE5A7B02CF227516BA6D02B1AAAECD8CC516CCF9F1FD710BCF ] pci             C:\Windows\system32\DRIVERS\pci.sys
10:56:49.0223 0x14f0  pci - ok
10:56:49.0239 0x14f0  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
10:56:49.0255 0x14f0  pciide - ok
10:56:49.0301 0x14f0  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:56:49.0317 0x14f0  pcmcia - ok
10:56:49.0348 0x14f0  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:56:49.0348 0x14f0  pcw - ok
10:56:49.0426 0x14f0  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:56:49.0473 0x14f0  PEAUTH - ok
10:56:49.0707 0x14f0  [ 9C1BFF7910C89A1D12E57343475840CB, 62E00E1278BD263B2AC8CB803C31F2818C54DB143C49470FAD07731E04BD2DE3 ] pla             C:\Windows\system32\pla.dll
10:56:49.0832 0x14f0  pla - ok
10:56:49.0894 0x14f0  [ 71DEF5EC79774C798342D0EA16E41780, 5B5A365E57A7ACE3C4EDA1D891BD613879B284831E8253FDE498E40B2091E3B6 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:56:49.0925 0x14f0  PlugPlay - ok
10:56:49.0941 0x14f0  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:56:49.0957 0x14f0  PNRPAutoReg - ok
10:56:50.0003 0x14f0  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:56:50.0035 0x14f0  PNRPsvc - ok
10:56:50.0097 0x14f0  [ 48E1B75C6DC0232FD92BAAE4BD344721, 5BA4EB5A60725836D8085EABF87F51160BA57E318A0C4378410217911A393CE7 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:56:50.0128 0x14f0  PolicyAgent - ok
10:56:50.0175 0x14f0  [ DBFF83F709A91049621C1D35DD45C92C, 0A722A44F431CAB5EA77FF5F25EB6975C2111B605564FF9FB59751067E7CD3A7 ] Power           C:\Windows\system32\umpo.dll
10:56:50.0206 0x14f0  Power - ok
10:56:50.0222 0x14f0  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:56:50.0237 0x14f0  PptpMiniport - ok
10:56:50.0284 0x14f0  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:56:50.0284 0x14f0  Processor - ok
10:56:50.0331 0x14f0  [ AEA3BDBDBA667AA6F678CB38907E4F5E, AB698DCA117F8D5F22F9CD8D7884147BAB4E0C055B8A487BC035C18ED1634752 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:56:50.0362 0x14f0  ProfSvc - ok
10:56:50.0378 0x14f0  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] ProtectedStorage C:\Windows\system32\lsass.exe
10:56:50.0378 0x14f0  ProtectedStorage - ok
10:56:50.0425 0x14f0  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:56:50.0440 0x14f0  Psched - ok
10:56:50.0596 0x14f0  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:56:50.0705 0x14f0  ql2300 - ok
10:56:50.0752 0x14f0  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:56:50.0768 0x14f0  ql40xx - ok
10:56:50.0799 0x14f0  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
10:56:50.0830 0x14f0  QWAVE - ok
10:56:50.0877 0x14f0  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:56:50.0877 0x14f0  QWAVEdrv - ok
10:56:50.0893 0x14f0  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:56:50.0908 0x14f0  RasAcd - ok
10:56:50.0924 0x14f0  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:56:50.0939 0x14f0  RasAgileVpn - ok
10:56:50.0955 0x14f0  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
10:56:50.0986 0x14f0  RasAuto - ok
10:56:51.0002 0x14f0  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:56:51.0017 0x14f0  Rasl2tp - ok
10:56:51.0064 0x14f0  [ 0CE66EC736B7FC526D78F7624C7D2A94, D70B45AA413691CF84B24E966EBA1689955E54BDDA206380CAB7CD50F56D5CEB ] RasMan          C:\Windows\System32\rasmans.dll
10:56:51.0095 0x14f0  RasMan - ok
10:56:51.0158 0x14f0  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:56:51.0173 0x14f0  RasPppoe - ok
10:56:51.0205 0x14f0  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:56:51.0220 0x14f0  RasSstp - ok
10:56:51.0251 0x14f0  [ 835D7E81BF517A3B72384BDCC85E1CE6, DC855AF17150C1B27926293115C01B5E1FD00FABCE18AFAEAB3DC68BDE4C908B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:56:51.0283 0x14f0  rdbss - ok
10:56:51.0298 0x14f0  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:56:51.0298 0x14f0  rdpbus - ok
10:56:51.0314 0x14f0  [ 1E016846895B15A99F9A176A05029075, 78AE674B6E7D3A69099B24AC07E06563A4C867F9DCD8548E4DAAE6FC5ACA4E29 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:56:51.0329 0x14f0  RDPCDD - ok
10:56:51.0361 0x14f0  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:56:51.0361 0x14f0  RDPENCDD - ok
10:56:51.0392 0x14f0  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:56:51.0392 0x14f0  RDPREFMP - ok
10:56:51.0439 0x14f0  [ C5B8D47A4688DE9D335204EA757C2240, 2F646466120911B0CA0E331B4959A470E18DFD51C8FAAB69BE0461C31D52DBBE ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:56:51.0454 0x14f0  RDPWD - ok
10:56:51.0485 0x14f0  [ 65DB288F7372B1F632891FC32BF908B7, 00D41C9E1BC62313EDD4DAAB5EA07570E5652E2394236703A037A6F4F2A74926 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:56:51.0501 0x14f0  rdyboost - ok
10:56:51.0532 0x14f0  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:56:51.0548 0x14f0  RemoteAccess - ok
10:56:51.0579 0x14f0  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:56:51.0595 0x14f0  RemoteRegistry - ok
10:56:51.0626 0x14f0  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
10:56:51.0641 0x14f0  RFCOMM - ok
10:56:51.0673 0x14f0  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:56:51.0688 0x14f0  RpcEptMapper - ok
10:56:51.0704 0x14f0  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
10:56:51.0704 0x14f0  RpcLocator - ok
10:56:51.0766 0x14f0  [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] RpcSs           C:\Windows\system32\rpcss.dll
10:56:51.0797 0x14f0  RpcSs - ok
10:56:51.0829 0x14f0  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:56:51.0829 0x14f0  rspndr - ok
10:56:51.0875 0x14f0  [ 247B0A8164069CD4FE6F3094C581B13B, D1B91FBBFCF51B60E8515F12C611EE86DB6D016F445E91A74DD25F3E1BBD5ADA ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
10:56:51.0891 0x14f0  RSUSBSTOR - ok
10:56:51.0938 0x14f0  [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A, A6810A901620119E1809297A568DC903729471F4F4F813F1C60378E122D2358E ] RS_Service      C:\Program Files\Acer\Acer VCM\RS_Service.exe
10:56:51.0953 0x14f0  RS_Service - ok
10:56:51.0985 0x14f0  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] SamSs           C:\Windows\system32\lsass.exe
10:56:51.0985 0x14f0  SamSs - ok
10:56:52.0016 0x14f0  [ 34EE0C44B724E3E4CE2EFF29126DE5B5, D27AAF77CB8830893558A600E19CDBF9A6AA7D69DE4B34F317ED4AFD38E8CAFB ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
10:56:52.0016 0x14f0  sbp2port - ok
10:56:52.0047 0x14f0  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:56:52.0078 0x14f0  SCardSvr - ok
10:56:52.0094 0x14f0  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51, 8C0189A6AF9AEC46CBA4DA422C52B2D3E4858B2F2658DB6CA7996B5F368D2503 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:56:52.0109 0x14f0  scfilter - ok
10:56:52.0203 0x14f0  [ DF1E5C82E4D09CF8105CC644980C4803, 36BB8402B29466CF1AE5BD56ED6CF6FE47DE162ADF04D44E2BCEA168CB0BD4D4 ] Schedule        C:\Windows\system32\schedsvc.dll
10:56:52.0281 0x14f0  Schedule - ok
10:56:52.0312 0x14f0  [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:56:52.0312 0x14f0  SCPolicySvc - ok
10:56:52.0359 0x14f0  [ 5FD90ABDBFAEE85986802622CBB03446, 0A8D9DC09C2ACA9EAABED04737E9EBF6EFB92BB2B9E5F37F10BFDF47CBF7DEDB ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:56:52.0375 0x14f0  SDRSVC - ok
10:56:52.0406 0x14f0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:56:52.0406 0x14f0  secdrv - ok
10:56:52.0437 0x14f0  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
10:56:52.0437 0x14f0  seclogon - ok
10:56:52.0484 0x14f0  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
10:56:52.0499 0x14f0  SENS - ok
10:56:52.0531 0x14f0  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:56:52.0546 0x14f0  SensrSvc - ok
10:56:52.0562 0x14f0  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:56:52.0577 0x14f0  Serenum - ok
10:56:52.0593 0x14f0  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:56:52.0609 0x14f0  Serial - ok
10:56:52.0640 0x14f0  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:56:52.0655 0x14f0  sermouse - ok
10:56:52.0733 0x14f0  [ 8F55CE568C543D5ADF45C409D16718FC, 64D45854A91B656C1AF36EB272FDC54E9B5FB0200CB93E20F7D997DDA109EF7F ] SessionEnv      C:\Windows\system32\sessenv.dll
10:56:52.0749 0x14f0  SessionEnv - ok
10:56:52.0780 0x14f0  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
10:56:52.0796 0x14f0  sffdisk - ok
10:56:52.0827 0x14f0  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:56:52.0827 0x14f0  sffp_mmc - ok
10:56:52.0858 0x14f0  [ A0708BBD07D245C06FF9DE549CA47185, 6A95ACD63A3E7CE6065D0A8B5C182C5B3F4540B8345AB5DCCBD3AC77E9D6CEAC ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
10:56:52.0858 0x14f0  sffp_sd - ok
10:56:52.0874 0x14f0  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:56:52.0889 0x14f0  sfloppy - ok
10:56:52.0936 0x14f0  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:56:52.0967 0x14f0  SharedAccess - ok
10:56:53.0030 0x14f0  [ CD2E48FA5B29EE2B3B5858056D246EF2, B743F92D0121CF3D827753C85F1F5A14C2DAA1CAFD42C7810C3BECB853DB6175 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:56:53.0061 0x14f0  ShellHWDetection - ok
10:56:53.0077 0x14f0  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
10:56:53.0092 0x14f0  sisagp - ok
10:56:53.0108 0x14f0  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:56:53.0123 0x14f0  SiSRaid2 - ok
10:56:53.0186 0x14f0  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:56:53.0186 0x14f0  SiSRaid4 - ok
10:56:53.0217 0x14f0  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:56:53.0233 0x14f0  Smb - ok
10:56:53.0264 0x14f0  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:56:53.0279 0x14f0  SNMPTRAP - ok
10:56:53.0311 0x14f0  [ BEC896D3C6BB1FA7626D87B46B8394DF, AD06F3947590B50CE3DA79E0BB9512C5F17C1CDA58F0252992BD1BEC7E42A369 ] SnxUsbDockingKB2267Srv C:\Program Files\USBKBTool\SnxUsbDockingKB2267Srv.exe
10:56:53.0311 0x14f0  SnxUsbDockingKB2267Srv - ok
10:56:53.0357 0x14f0  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:56:53.0357 0x14f0  spldr - ok
10:56:53.0420 0x14f0  [ E17323B0AA9FB3FF9945731D736EDA2F, 65837FC6329A4B2B042B0CDB04F139CA14C2BD1EE0CDB2C7705431E9D97D0597 ] Spooler         C:\Windows\System32\spoolsv.exe
10:56:53.0451 0x14f0  Spooler - ok
10:56:53.0779 0x14f0  [ 4C287F9069FEDBD791178876EE9DE536, 6099E76FF6FBA002EBA2BA7BE4E3238D91332E077524D1DD402E0C9ADA22E852 ] sppsvc          C:\Windows\system32\sppsvc.exe
10:56:54.0044 0x14f0  sppsvc - ok
10:56:54.0106 0x14f0  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7, E7A8A5774C62DC12B56DC3E0A385ACA9069F3A5E6AC664AD0C383EF44DCF81B3 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:56:54.0122 0x14f0  sppuinotify - ok
10:56:54.0184 0x14f0  [ C4A027B8C0BD3FC0699F41FA5E9E0C87, A709BD7DDF0ACA5CF65B5A541FC6013FF86181138B86D1BF631E4BF5F4F2E266 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:56:54.0215 0x14f0  srv - ok
10:56:54.0262 0x14f0  [ 414BB592CAD8A79649D01F9D94318FB3, 093F52568B48E94B6C53F2E7F229416B8643DD9CEBB3E41601C64E932E3098F3 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:56:54.0278 0x14f0  srv2 - ok
10:56:54.0325 0x14f0  [ FF207D67700AA18242AAF985D3E7D8F4, CFB36B6AA3D6915D23654FB11E848EC47DA8346F47151BE66967E51101FD4222 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:56:54.0340 0x14f0  srvnet - ok
10:56:54.0371 0x14f0  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:56:54.0403 0x14f0  SSDPSRV - ok
10:56:54.0434 0x14f0  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:56:54.0465 0x14f0  SstpSvc - ok
10:56:54.0481 0x14f0  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:56:54.0496 0x14f0  stexstor - ok
10:56:54.0559 0x14f0  [ A22825E7BB7018E8AF3E229A5AF17221, 5C97557F8BC6ABBB5BE624AE41AAC22C3D845F76C3E930337A4C07B2381086D7 ] StiSvc          C:\Windows\System32\wiaservc.dll
10:56:54.0590 0x14f0  StiSvc - ok
10:56:54.0621 0x14f0  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
10:56:54.0621 0x14f0  swenum - ok
10:56:54.0668 0x14f0  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
10:56:54.0699 0x14f0  swprv - ok
10:56:54.0839 0x14f0  [ 04105C8DA62353589C29BDAEB8D88BD8, CC7A3A779A143E09FE5C0AA6795A7B13496C4E121347949CB23F7946EE5E2DED ] SysMain         C:\Windows\system32\sysmain.dll
10:56:54.0949 0x14f0  SysMain - ok
10:56:54.0980 0x14f0  [ B587159FF60F4AB1579DF0CEDFD0BC87, 34663D6768F138851A3A0EA9ECC65E55C52B19641D54BD9AAA06E0829BFC2455 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:56:54.0995 0x14f0  TabletInputService - ok
10:56:55.0042 0x14f0  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF, FF66CBA014F3F8B721088F5AB3D004C1711E7F587CC8D4AC3DCFB45CDB746800 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:56:55.0073 0x14f0  TapiSrv - ok
10:56:55.0089 0x14f0  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
10:56:55.0105 0x14f0  TBS - ok
10:56:55.0245 0x14f0  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD, D06B2B340BFF9AB71E2EC1B808079A43A09358495CB583840D79454D4BB1654E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:56:55.0370 0x14f0  Tcpip - ok
10:56:55.0541 0x14f0  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD, D06B2B340BFF9AB71E2EC1B808079A43A09358495CB583840D79454D4BB1654E ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:56:55.0651 0x14f0  TCPIP6 - ok
10:56:55.0697 0x14f0  [ E64444523ADD154F86567C469BC0B17F, FBE8A1DC28C102068183754F6BF0D03F5D18FD24BEB7E4B57D1CFCEBB13B381F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:56:55.0697 0x14f0  tcpipreg - ok
10:56:55.0744 0x14f0  [ 1875C1490D99E70E449E3AFAE9FCBADF, FFDF03826DAB748D51B53B648B632E79B3CD6238F684FDEA749B4D0F93BE5A77 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:56:55.0760 0x14f0  TDPIPE - ok
10:56:55.0791 0x14f0  [ 7156308896D34EA75A582F9A09E50C17, B5663B4035EE4D7957D2EDB4F9D3342806CB0E094D9661C6BD6AFC031160F176 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:56:55.0791 0x14f0  TDTCP - ok
10:56:55.0838 0x14f0  [ CB39E896A2A83702D1737BFD402B3542, FA77D98EA3606CA2FCEF0E0949FDE2C32A080B47CAFDE46CE903CA3CBFC5DF35 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:56:55.0853 0x14f0  tdx - ok
10:56:55.0900 0x14f0  [ C36F41EE20E6999DBF4B0425963268A5, 9DB789A17DF2C283D6E803EEA15F2BDFC56EE3BE342A5606DD5C179C3550ECA6 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
10:56:55.0900 0x14f0  TermDD - ok
10:56:55.0978 0x14f0  [ A01E50A04D7B1960B33E92B9080E6A94, 0512BF11F2FD62BDBD2B1AA34D509BE82AC374C37B925C8C0ED119C6331930FD ] TermService     C:\Windows\System32\termsrv.dll
10:56:56.0041 0x14f0  TermService - ok
10:56:56.0087 0x14f0  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
10:56:56.0103 0x14f0  Themes - ok
10:56:56.0134 0x14f0  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
10:56:56.0134 0x14f0  THREADORDER - ok
10:56:56.0165 0x14f0  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
10:56:56.0181 0x14f0  TrkWks - ok
10:56:56.0212 0x14f0  [ 41A4C781D2286208D397D72099304133, 447CAAD5589AA499EEE49FBA2CB53210359DB76AFF1DF2F0BD4D92A397037C1D ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:56:56.0243 0x14f0  TrustedInstaller - ok
10:56:56.0306 0x14f0  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242, 9606DACB8CBDAF520282BE8C8F064535767405F138D9E9A215D2C59183E93CC1 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:56:56.0321 0x14f0  tssecsrv - ok
10:56:56.0353 0x14f0  [ 3E461D890A97F9D4C168F5FDA36E1D00, 82A8778F404F7AC5102802CF46F279F1E58AC74244665D06FD0C68A8BD887536 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:56:56.0368 0x14f0  tunnel - ok
10:56:56.0384 0x14f0  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:56:56.0384 0x14f0  uagp35 - ok
10:56:56.0415 0x14f0  [ D79C0B9BB011218B93705CBF77FA3E5E, 9205A736E110740AD63A2EBB94676BEE2C89A1EF8168E35FBB9CE82EE32D45EB ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
10:56:56.0415 0x14f0  UBHelper - ok
10:56:56.0462 0x14f0  [ 09CC3E16F8E5EE7168E01CF8FCBE061A, 81EEAC72A7C4D72666C743DEFF8096FDB465AA1FA8076C60D19CC192846F01CA ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:56:56.0477 0x14f0  udfs - ok
10:56:56.0540 0x14f0  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:56:56.0540 0x14f0  UI0Detect - ok
10:56:56.0587 0x14f0  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
10:56:56.0587 0x14f0  uliagpkx - ok
10:56:56.0633 0x14f0  [ 049B3A50B3D646BAEEEE9EEC9B0668DC, 5774438BBD0976424C20559E14BA2AC158D9FF5D4E1FDC1C9C9F4D7A5CE8C377 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:56:56.0633 0x14f0  umbus - ok
10:56:56.0665 0x14f0  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:56:56.0665 0x14f0  UmPass - ok
10:56:56.0711 0x14f0  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
10:56:56.0743 0x14f0  upnphost - ok
10:56:56.0774 0x14f0  [ 5C233AEFB566EE78C1EFBC0493FB066A, FD01489DB549446EFB4F280D295F46DAB582C9C2782C4A898A5D4A5FD90A764B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:56:56.0805 0x14f0  usbccgp - ok
10:56:56.0821 0x14f0  [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
10:56:56.0836 0x14f0  usbcir - ok
10:56:56.0867 0x14f0  [ 5B71019A6ACA0116FD21B368F19C0B91, 14065DBE356A05DC45F7A0A1D38BC506B5665EB311F88566D4B067D2EEF7788A ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:56:56.0867 0x14f0  usbehci - ok
10:56:56.0883 0x14f0  [ 56E89C8E05A987A49FFA595428FB9767, 9435512985C60E6D3DEC50902CB4FD936852C3BBFCCADA68D3DBB13EDE99D5C9 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
10:56:56.0899 0x14f0  usbfilter - ok
10:56:56.0945 0x14f0  [ 5823D3965C2A4F6F785ED1A3B403F3B8, 2F22E30B233391F87453899951AC16DBF861D9237C34ADB56D8263F9C5470D73 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:56:56.0977 0x14f0  usbhub - ok
10:56:56.0992 0x14f0  [ E753ED6C49DA13967EBABF9EA616454A, 1CE63A9BE5E9A951AE11930DA2CEFBF9B2A0E349A5F0BAF26DE859F523EB968A ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
10:56:56.0992 0x14f0  usbohci - ok
10:56:57.0023 0x14f0  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:56:57.0023 0x14f0  usbprint - ok
10:56:57.0055 0x14f0  [ D8889D56E0D27E57ED4591837FE71D27, DB1B65EEBFB036086EC3347C1181D9D01FF65870EAEC4A1BA08AF43C35075647 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:56:57.0070 0x14f0  USBSTOR - ok
10:56:57.0086 0x14f0  [ 6A30928A469CE802600E1EA8C0F2F53F, 4A299489C7233526A51CBB247C7316204C56F654118B35E355A5C8DD790A9629 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:56:57.0086 0x14f0  usbuhci - ok
10:56:57.0133 0x14f0  [ B5F6A992D996282B7FAE7048E50AF83A, CE8A3096DB78BD7E660A7B544AD3EE25AE747B3A63359D55B480B7FF1B6BEE8B ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
10:56:57.0148 0x14f0  usbvideo - ok
10:56:57.0164 0x14f0  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
10:56:57.0179 0x14f0  UxSms - ok
10:56:57.0195 0x14f0  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] VaultSvc        C:\Windows\system32\lsass.exe
10:56:57.0211 0x14f0  VaultSvc - ok
10:56:57.0226 0x14f0  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
10:56:57.0242 0x14f0  vdrvroot - ok
10:56:57.0304 0x14f0  [ 8C4E7C49D3641BC9E299E466A7F8867D, 4F2E742EFE2DE47EE187B3BCDFDCB525FE484B74700A226D7894F9633F957AFA ] vds             C:\Windows\System32\vds.exe
10:56:57.0351 0x14f0  vds - ok
10:56:57.0382 0x14f0  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:56:57.0382 0x14f0  vga - ok
10:56:57.0429 0x14f0  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:56:57.0429 0x14f0  VgaSave - ok
10:56:57.0538 0x14f0  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583, 33DF8F7C9A3176175113CA10D69FAF17A5412C055943F14DDC9923531FADB82D ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
10:56:57.0554 0x14f0  vhdmp - ok
10:56:57.0585 0x14f0  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
10:56:57.0585 0x14f0  viaagp - ok
10:56:57.0616 0x14f0  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
10:56:57.0616 0x14f0  ViaC7 - ok
10:56:57.0647 0x14f0  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
10:56:57.0647 0x14f0  viaide - ok
10:56:57.0679 0x14f0  [ 384E5A2AA49934295171E499F86BA6F3, C79271F98506392422325C075144F45436F9979FE1E002B57F9426F3DA96CEF0 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
10:56:57.0679 0x14f0  volmgr - ok
10:56:57.0725 0x14f0  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:56:57.0757 0x14f0  volmgrx - ok
10:56:57.0788 0x14f0  [ 59F06B4968E58BC83DFC56CA4517960E, F0ACE8D5F30B8C81E4FDE0CEBDBA71A212A3198ED09D92B2B40C48FBB243D3F5 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:56:57.0819 0x14f0  volsnap - ok
10:56:57.0850 0x14f0  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:56:57.0866 0x14f0  vsmraid - ok
10:56:57.0975 0x14f0  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C, 7CD6637BE0A08E3B0F9991D79751DCA8AEC9224B83301821DAA29C9F42B7A9E3 ] VSS             C:\Windows\system32\vssvc.exe
10:56:58.0069 0x14f0  VSS - ok
10:56:58.0100 0x14f0  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:56:58.0115 0x14f0  vwifibus - ok
10:56:58.0147 0x14f0  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:56:58.0147 0x14f0  vwififlt - ok
10:56:58.0193 0x14f0  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
10:56:58.0225 0x14f0  W32Time - ok
10:56:58.0256 0x14f0  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:56:58.0271 0x14f0  WacomPen - ok
10:56:58.0287 0x14f0  [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:56:58.0303 0x14f0  WANARP - ok
10:56:58.0318 0x14f0  [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:56:58.0318 0x14f0  Wanarpv6 - ok
10:56:58.0474 0x14f0  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:56:58.0583 0x14f0  WatAdminSvc - ok
10:56:58.0708 0x14f0  [ 7790B77FE1E5EE47DCC66247095BB4C9, FFB541F83CDE32E65007D41217C2F46CDDF68121E2846B638EAB620ACA940B05 ] wbengine        C:\Windows\system32\wbengine.exe
10:56:58.0817 0x14f0  wbengine - ok
10:56:58.0864 0x14f0  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:56:58.0880 0x14f0  WbioSrvc - ok
10:56:58.0927 0x14f0  [ 6D9B75275C3E3A5F51AEF81AFFADB2B6, 0805471A57DDF1974F3F7B36B0DD843731C608D10A1C00B01E6E9D0460098E1A ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:56:58.0958 0x14f0  wcncsvc - ok
10:56:58.0989 0x14f0  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:56:58.0989 0x14f0  WcsPlugInService - ok
10:56:59.0020 0x14f0  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:56:59.0020 0x14f0  Wd - ok
10:56:59.0098 0x14f0  [ A840213F1ACDCC175B4D1D5AAEAC0D7A, B20F7CAEEA790290072BC170EBEEADB4C19E1C40DB0B3FE0D4A640D0D82300D6 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:56:59.0145 0x14f0  Wdf01000 - ok
10:56:59.0176 0x14f0  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:56:59.0192 0x14f0  WdiServiceHost - ok
10:56:59.0207 0x14f0  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:56:59.0223 0x14f0  WdiSystemHost - ok
10:56:59.0270 0x14f0  [ BB5EC38F8D4600119B4720BC5D4211F1, F04F823A9FE77704F38D773C7350C71727C5E3309CD1EC754519C826A4599476 ] WebClient       C:\Windows\System32\webclnt.dll
10:56:59.0301 0x14f0  WebClient - ok
10:56:59.0332 0x14f0  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:56:59.0348 0x14f0  Wecsvc - ok
10:56:59.0379 0x14f0  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:56:59.0395 0x14f0  wercplsupport - ok
10:56:59.0426 0x14f0  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
10:56:59.0441 0x14f0  WerSvc - ok
10:56:59.0457 0x14f0  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:56:59.0457 0x14f0  WfpLwf - ok
10:56:59.0488 0x14f0  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:56:59.0488 0x14f0  WIMMount - ok
10:56:59.0597 0x14f0  [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
10:56:59.0660 0x14f0  WinDefend - ok
10:56:59.0675 0x14f0  WinHttpAutoProxySvc - ok
10:56:59.0738 0x14f0  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:56:59.0753 0x14f0  Winmgmt - ok
10:56:59.0878 0x14f0  [ C4F5D3901D1B41D602DDC196E0B95B51, 20FF2A9DEE3ECBFB163DFA62A407E30ED49F609EF46936F286C2A08A24EA3E7C ] WinRM           C:\Windows\system32\WsmSvc.dll
10:56:59.0987 0x14f0  WinRM - ok
10:57:00.0143 0x14f0  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:57:00.0237 0x14f0  Wlansvc - ok
10:57:00.0268 0x14f0  [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:57:00.0268 0x14f0  wlcrasvc - ok
10:57:00.0471 0x14f0  [ 0A70F4022EC2E14C159EFC4F69AA2477, FF248136576F9803762C54DE5439D3411B52DCBC95B93176A5DAB857967D9AC4 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:57:00.0814 0x14f0  wlidsvc - ok
10:57:00.0986 0x14f0  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
10:57:00.0986 0x14f0  WmiAcpi - ok
10:57:01.0033 0x14f0  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:57:01.0048 0x14f0  wmiApSrv - ok
10:57:01.0157 0x14f0  [ 77FBD400984CF72BA0FC4B3489D65F74, 9AA404F17177FEB43A9EA1A86061B452E7C4A93C873E61B68269047519CD433E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
10:57:01.0267 0x14f0  WMPNetworkSvc - ok
10:57:01.0329 0x14f0  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:57:01.0345 0x14f0  WPCSvc - ok
10:57:01.0376 0x14f0  [ B7F658A2EBC07129538AD9AB35212637, 86774A760189E4B126C972A778F890C00C1C30EDD28044DD43B40644A8778B4D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:57:01.0391 0x14f0  WPDBusEnum - ok
10:57:01.0438 0x14f0  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:57:01.0438 0x14f0  ws2ifsl - ok
10:57:01.0501 0x14f0  [ A661A76333057B383A06E65F0073222F, B25AEC2B668C61F2E1C6F7AD27706EE10F8B04F09B5D069784131A6B8B5DF570 ] wscsvc          C:\Windows\System32\wscsvc.dll
10:57:01.0516 0x14f0  wscsvc - ok
10:57:01.0532 0x14f0  WSearch - ok
10:57:01.0766 0x14f0  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:57:01.0969 0x14f0  wuauserv - ok
10:57:02.0047 0x14f0  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:57:02.0047 0x14f0  WudfPf - ok
10:57:02.0078 0x14f0  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:57:02.0093 0x14f0  WUDFRd - ok
10:57:02.0140 0x14f0  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:57:02.0156 0x14f0  wudfsvc - ok
10:57:02.0203 0x14f0  [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:57:02.0234 0x14f0  WwanSvc - ok
10:57:02.0281 0x14f0  ================ Scan global ===============================
10:57:02.0296 0x14f0  [ 9A595DF601070DA78C40481120DD2C06, 4C2D6216F212DE9346339ED29152962A39E4435E70F18DD655156727E70818F6 ] C:\Windows\system32\basesrv.dll
10:57:02.0343 0x14f0  [ 8531AAF69394EFB93BC653916C46D245, 0DD9319AB0E4A714EB51989B2458E46D77F4776DBAD9F65CFA55662BAFB82CD9 ] C:\Windows\system32\winsrv.dll
10:57:02.0390 0x14f0  [ 8531AAF69394EFB93BC653916C46D245, 0DD9319AB0E4A714EB51989B2458E46D77F4776DBAD9F65CFA55662BAFB82CD9 ] C:\Windows\system32\winsrv.dll
10:57:02.0421 0x14f0  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
10:57:02.0483 0x14f0  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
10:57:02.0499 0x14f0  [ Global ] - ok
10:57:02.0499 0x14f0  ================ Scan MBR ==================================
10:57:02.0515 0x14f0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:57:02.0858 0x14f0  \Device\Harddisk0\DR0 - ok
10:57:02.0889 0x14f0  ================ Scan VBR ==================================
10:57:02.0998 0x14f0  [ 4DC7D265A9A0038D1B70C31733BAE85E ] \Device\Harddisk0\DR0\Partition1
10:57:03.0014 0x14f0  \Device\Harddisk0\DR0\Partition1 - ok
10:57:03.0029 0x14f0  [ 43524428908D0B28A34B299767B06C34 ] \Device\Harddisk0\DR0\Partition2
10:57:03.0045 0x14f0  \Device\Harddisk0\DR0\Partition2 - ok
10:57:03.0045 0x14f0  Waiting for KSN requests completion. In queue: 319
10:57:04.0059 0x14f0  Waiting for KSN requests completion. In queue: 319
10:57:05.0073 0x14f0  Waiting for KSN requests completion. In queue: 319
10:57:06.0134 0x14f0  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.3.216.0 ), 0x61000 ( enabled : updated )
10:57:06.0149 0x14f0  Win FW state via NFP2: enabled
10:57:12.0327 0x14f0  ============================================================
10:57:12.0327 0x14f0  Scan finished
10:57:12.0327 0x14f0  ============================================================
10:57:12.0358 0x0990  Detected object count: 0
10:57:12.0374 0x0990  Actual detected object count: 0
 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 01 April 2014 - 11:15 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 i.hate.open.cloud

i.hate.open.cloud
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 01 April 2014 - 11:51 AM

When I try to run ComboFix, it tells me that ComboFix is expired and gives me the option to run it in Reduced Functionality Mode or to Exit. What should I do?



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 01 April 2014 - 01:43 PM

Please delete your existing copy and wonload a new one.

If it displays the message again, boot into safe mode with networking and try again.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 i.hate.open.cloud

i.hate.open.cloud
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 02 April 2014 - 08:43 AM

I redownloaded ComboFix and tried to run it, but it got to the screen saying that it was scanning and would take 10 minutes or more and didn't seem to do anything after that point, and when any other imput was preformed (like hitting the Start button), it froze the computer, requiring a manual shut down. I tried it again in Safe Mode with Networking and the same thing happened (I let it "scan" for an hour before trying to exit the program, which froze the machine).

I won't do anything unless you instruct me to do so, but you may want to know that I never tried to run DDS in Safe Mode, so I can't be sure that won't work, but it seems unlikely since ComboFix didn't run.



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 03 April 2014 - 03:13 AM

OK, please create new logs with FRST and post them


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 i.hate.open.cloud

i.hate.open.cloud
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 03 April 2014 - 11:30 AM

I ran FRST again a few times before I realized that it only generated the Addition.txt log if that box was checked on scans after the first, so I hope that checking that box wasn't harmful. Here are the most recent FRST.txt and Addition.txt logs:

 

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01

 

Ran by GWNet (administrator) on GWNET-PC on 03-04-2014 09:46:38

 

Running from C:\Users\GWNet\Desktop

 

Microsoft Windows 7 Home Premium  (X86) OS Language: English(US)

 

Internet Explorer Version 8

 

Boot Mode: Normal

 

 

The only official download link for FRST:

 

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

 

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Processes (Whitelisted) =================

 

 

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

 

(AMD) C:\Windows\system32\atiesrxx.exe

 

(AMD) C:\Windows\system32\atieclxx.exe

 

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

 

() C:\Program Files\USBKBTool\SnxUsbDockingKB2267Srv.exe

 

(Dritek System Inc.) C:\Program Files\Acer\Device Control\DeviceCtrlSvc.exe

 

(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe

 

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

 

(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe

 

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

 

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe

 

() C:\Program Files\Acer\Device Control\ADevCtrl.exe

 

(NTI Corporation) C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe

 

(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe

 

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

 

() C:\Program Files\HIDMon\HIDMON.exe

 

(Dritek System Inc.) C:\Program Files\Acer\Auto Screen Rotation Blocker\AutoScreenRotationBlocker.exe

 

(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

 

(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe

 

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

 

() C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe

 

(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe

 

(Microsoft Corporation) C:\Windows\system32\cmd.exe

 

(Acer) C:\Program Files\Acer\TouchApplicationSuite\Acer Ring\Acer Ring.exe

 

(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

 

(NTI Corporation) C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe

 

(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe

 

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

 

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

 

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

 

(Dritek System Inc.) C:\Program Files\Acer\Device Control\AdWmiSvc.exe

 

(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe

 

(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe

 

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

 

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

 

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe

 

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

 

 

==================== Registry (Whitelisted) ==================

 

 

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-13] (Advanced Micro Devices, Inc.)

 

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-01-26] (Realtek Semiconductor)

 

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1530472 2011-01-18] (Realtek Semiconductor)

 

HKLM\...\Run: [ADevCtrl] - C:\Program Files\Acer\Device Control\ADevCtrl.exe [239696 2011-02-21] ()

 

HKLM\...\Run: [AcerRingLauncher] - C:\Program Files\Acer\TouchApplicationSuite\Acer Ring\AcerRingLauncher.exe [15248 2011-03-04] (Acer)

 

HKLM\...\Run: [BackupManagerTray] - C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe [377664 2011-03-03] (NTI Corporation)

 

HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [1070160 2011-02-11] (Dritek System Inc.)

 

HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368 2011-02-22] (Acer Incorporated)

 

HKLM\...\Run: [xLaunchHIDMon] - C:\Program Files\HIDMon\HIDMon.exe [114688 2011-02-11] ()

 

HKLM\...\Run: [AutoScreenRotationBlocker] - C:\Program Files\Acer\Auto Screen Rotation Blocker\AutoScreenRotationBlocker.exe [114768 2011-02-21] (Dritek System Inc.)

 

HKLM\...\Run: [MICSetting] - C:\OEM\MIC_BF_Setting\RunCMD.exe [236064 2009-09-21] ()

 

HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)

 

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995184 2013-07-18] (Microsoft Corporation)

 

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

 

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)

 

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

 

HKLM\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2014-01-31] ()

 

 

==================== Internet (Whitelisted) ====================

 

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

 

URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.

 

SearchScopes: HKLM - DefaultScope value is missing.

 

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

 

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

 

SearchScopes: HKCU - {5E57C69F-7B86-4D6A-886E-F202DAD1F96E} URL = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}

 

SearchScopes: HKCU - {5EAD76BB-64B7-45AA-A74E-D84035BD2E06} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8

 

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

 

BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

 

BHO: Speckie - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\GWNet\AppData\Roaming\Speckie\bin32\Speckie32.dll (Versoworks Pty Ltd)

 

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

 

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

 

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)

 

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

 

Tcpip\Parameters: [DhcpNameServer] 192.168.15.1

 

 

========================== Services (Whitelisted) =================

 

 

S2 0111591378393439mcinstcleanup; C:\Users\GWNet\AppData\Local\Temp\011159~1.EXE [833616 2013-01-30] (McAfee, Inc.)

 

R2 DsiDeviceControlService; C:\Program Files\Acer\Device Control\DeviceCtrlSvc.exe [66128 2011-02-21] (Dritek System Inc.)

 

R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-02-22] (Acer Incorporated)

 

R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)

 

S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-01-31] ()

 

R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)

 

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2013-07-18] (Microsoft Corporation)

 

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-07-18] (Microsoft Corporation)

 

R2 NTI IScheduleSvc; C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-03-03] (NTI Corporation)

 

S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-30] (SteelWerX)

 

R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)

 

R2 SnxUsbDockingKB2267Srv; C:\Program Files\USBKBTool\SnxUsbDockingKB2267Srv.exe [86016 2011-02-04] ()

 

 

==================== Drivers (Whitelisted) ====================

 

 

R3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-13] (Microsoft Corporation)

 

S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [81408 2010-12-31] (ASIX Electronics Corp.)

 

R1 BST; C:\Windows\System32\DRIVERS\bma150.sys [15936 2011-01-10] (Bosch Sensortec GmbH)

 

R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-10-17] (GFI Software)

 

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

 

S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]

 

S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]

 

S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]

 

S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]

 

S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]

 

S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]

 

S3 BtFilter; system32\DRIVERS\btfilter.sys [X]

 

S3 catchme; \??\C:\Users\GWNet\AppData\Local\Temp\catchme.sys [X]

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

 

==================== One Month Created Files and Folders ========

 

 

2014-04-03 09:38 - 2014-04-03 09:38 - 00039457 _____ () C:\Users\GWNet\Desktop\frst_txt.txt

 

2014-04-03 09:34 - 2014-04-03 09:47 - 00010523 _____ () C:\Users\GWNet\Desktop\FRST.txt

 

2014-04-03 09:34 - 2014-04-03 09:34 - 01145856 _____ (Farbar) C:\Users\GWNet\Desktop\FRST.exe

 

2014-04-02 03:26 - 2014-04-02 03:28 - 00000000 ___SD () C:\ComboFix

 

2014-04-02 02:52 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe

 

2014-04-02 02:52 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe

 

2014-04-02 02:52 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

 

2014-04-02 02:52 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

 

2014-04-02 02:52 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

 

2014-04-02 02:52 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe

 

2014-04-02 02:52 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe

 

2014-04-02 02:52 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe

 

2014-04-02 02:51 - 2014-04-02 02:51 - 05192353 ____R (Swearware) C:\Users\GWNet\Desktop\ComboFix.exe

 

2014-04-01 11:32 - 2014-04-01 11:39 - 00000000 ____D () C:\Qoobox

 

2014-04-01 11:32 - 2014-04-01 11:32 - 00000000 ____D () C:\Windows\erdnt

 

2014-04-01 10:34 - 2014-04-03 09:46 - 00000000 ____D () C:\FRST

 

2014-03-31 11:19 - 2014-03-31 11:19 - 00688992 ____R (Swearware) C:\Users\GWNet\Desktop\dds.com

 

2014-03-31 02:51 - 2014-03-31 03:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

 

2014-03-31 02:49 - 2014-03-31 03:23 - 00000000 ____D () C:\Users\GWNet\Desktop\mbar

 

2014-03-31 02:18 - 2014-03-31 02:51 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

 

2014-03-31 02:17 - 2014-03-31 02:49 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

 

2014-03-31 02:17 - 2014-03-31 02:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

 

2014-03-31 02:17 - 2014-03-05 09:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

 

2014-03-31 02:05 - 2014-03-31 02:05 - 12589848 _____ (Malwarebytes Corp.) C:\Users\GWNet\Desktop\mbar-1.07.0.1009.exe

 

2014-03-31 02:04 - 2014-03-31 02:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\GWNet\Desktop\rkill.exe

 

2014-03-31 01:56 - 2014-03-31 01:56 - 00982016 _____ (Farbar) C:\Users\GWNet\Desktop\MiniToolBox.exe

 

2014-03-31 01:52 - 2014-03-31 01:52 - 00409600 _____ (Farbar) C:\Users\GWNet\Desktop\FSS.exe

 

2014-03-31 01:51 - 2014-03-31 01:51 - 00987448 _____ () C:\Users\GWNet\Desktop\SecurityCheck.exe

 

2014-03-24 07:30 - 2014-04-01 10:52 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\GWNet\Desktop\TDSSKiller.exe

 

2014-03-06 07:51 - 2014-03-06 07:51 - 00000000 ____D () C:\Users\GWNet\AppData\Local\Macromedia

 

2014-03-06 07:39 - 2014-03-06 07:39 - 02682880 _____ () C:\Users\GWNet\Downloads\AdbeRdrSecUpd11005.msp

 

 

==================== One Month Modified Files and Folders =======

 

 

2014-04-03 09:47 - 2014-04-03 09:34 - 00010523 _____ () C:\Users\GWNet\Desktop\FRST.txt

 

2014-04-03 09:46 - 2014-04-01 10:34 - 00000000 ____D () C:\FRST

 

2014-04-03 09:46 - 2013-02-22 00:32 - 00000000 ____D () C:\Users\GWNet\AppData\Local\CrashDumps

 

2014-04-03 09:44 - 2011-05-06 06:28 - 01185551 _____ () C:\Windows\WindowsUpdate.log

 

2014-04-03 09:38 - 2014-04-03 09:38 - 00039457 _____ () C:\Users\GWNet\Desktop\frst_txt.txt

 

2014-04-03 09:34 - 2014-04-03 09:34 - 01145856 _____ (Farbar) C:\Users\GWNet\Desktop\FRST.exe

 

2014-04-03 09:29 - 2009-07-13 23:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

 

2014-04-03 09:29 - 2009-07-13 23:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

 

2014-04-03 09:27 - 2011-03-08 05:34 - 00743352 _____ () C:\Windows\system32\PerfStringBackup.INI

 

2014-04-03 09:23 - 2014-01-31 09:23 - 00000000 ____D () C:\ProgramData\boost_interprocess

 

2014-04-02 05:05 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

 

2014-04-02 05:05 - 2009-07-13 23:39 - 00034620 _____ () C:\Windows\setupact.log

 

2014-04-02 05:04 - 2013-02-15 21:16 - 00042618 _____ () C:\Windows\PFRO.log

 

2014-04-02 03:28 - 2014-04-02 03:26 - 00000000 ___SD () C:\ComboFix

 

2014-04-02 02:51 - 2014-04-02 02:51 - 05192353 ____R (Swearware) C:\Users\GWNet\Desktop\ComboFix.exe

 

2014-04-01 11:39 - 2014-04-01 11:32 - 00000000 ____D () C:\Qoobox

 

2014-04-01 11:32 - 2014-04-01 11:32 - 00000000 ____D () C:\Windows\erdnt

 

2014-04-01 10:52 - 2014-03-24 07:30 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\GWNet\Desktop\TDSSKiller.exe

 

2014-03-31 11:19 - 2014-03-31 11:19 - 00688992 ____R (Swearware) C:\Users\GWNet\Desktop\dds.com

 

2014-03-31 03:23 - 2014-03-31 02:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

 

2014-03-31 03:23 - 2014-03-31 02:49 - 00000000 ____D () C:\Users\GWNet\Desktop\mbar

 

2014-03-31 02:51 - 2014-03-31 02:18 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

 

2014-03-31 02:49 - 2014-03-31 02:17 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

 

2014-03-31 02:18 - 2013-02-18 03:52 - 00000000 ____D () C:\Users\GWNet\AppData\Roaming\Malwarebytes

 

2014-03-31 02:18 - 2013-02-18 03:52 - 00000000 ____D () C:\ProgramData\Malwarebytes

 

2014-03-31 02:17 - 2014-03-31 02:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

 

2014-03-31 02:05 - 2014-03-31 02:05 - 12589848 _____ (Malwarebytes Corp.) C:\Users\GWNet\Desktop\mbar-1.07.0.1009.exe

 

2014-03-31 02:04 - 2014-03-31 02:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\GWNet\Desktop\rkill.exe

 

2014-03-31 01:56 - 2014-03-31 01:56 - 00982016 _____ (Farbar) C:\Users\GWNet\Desktop\MiniToolBox.exe

 

2014-03-31 01:52 - 2014-03-31 01:52 - 00409600 _____ (Farbar) C:\Users\GWNet\Desktop\FSS.exe

 

2014-03-31 01:51 - 2014-03-31 01:51 - 00987448 _____ () C:\Users\GWNet\Desktop\SecurityCheck.exe

 

2014-03-29 19:31 - 2013-03-29 01:58 - 00332314 _____ () C:\Users\GWNet\AppData\Local\census.cache

 

2014-03-29 19:31 - 2013-03-29 01:57 - 00105325 _____ () C:\Users\GWNet\AppData\Local\ars.cache

 

2014-03-29 05:09 - 2013-12-25 09:41 - 00000000 ____D () C:\Users\GWNet\Documents\Ex3

 

2014-03-27 05:55 - 2013-02-24 00:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

 

2014-03-27 05:55 - 2013-02-24 00:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

 

2014-03-12 15:41 - 2014-02-06 14:25 - 00001822 _____ () C:\Users\GWNet\Documents\FB Friends.txt

 

2014-03-06 07:51 - 2014-03-06 07:51 - 00000000 ____D () C:\Users\GWNet\AppData\Local\Macromedia

 

2014-03-06 07:49 - 2013-02-15 20:13 - 00000000 ____D () C:\Users\GWNet\AppData\Local\Adobe

 

2014-03-06 07:39 - 2014-03-06 07:39 - 02682880 _____ () C:\Users\GWNet\Downloads\AdbeRdrSecUpd11005.msp

 

2014-03-06 07:33 - 2013-12-22 09:12 - 00000000 ____D () C:\Program Files\Avant Browser

 

2014-03-05 09:26 - 2014-03-31 02:17 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

 

2014-03-05 09:26 - 2013-02-18 03:52 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

 

 

Some content of TEMP:

 

====================

 

C:\Users\GWNet\AppData\Local\Temp\0111591378393439mcinst.exe

 

C:\Users\GWNet\AppData\Local\Temp\0c731f1a-bfe1-4713-84d8-76c1dcdcbf81.exe

 

C:\Users\GWNet\AppData\Local\Temp\3193f7f7-5578-418b-9b93-682877d5f5f6.exe

 

C:\Users\GWNet\AppData\Local\Temp\33e8b74f-b88a-4f78-a2aa-77aedc9ea401.exe

 

C:\Users\GWNet\AppData\Local\Temp\3bebb15d-bed6-4e40-b437-df4cdedb9263.exe

 

C:\Users\GWNet\AppData\Local\Temp\3ce27175-c876-405e-9061-dcd910421e12.exe

 

C:\Users\GWNet\AppData\Local\Temp\6066e9b0-2741-4998-87e9-3916b0d4e3cc.exe

 

C:\Users\GWNet\AppData\Local\Temp\71aa48f8-a00b-41cc-ba21-825206a200f0.exe

 

C:\Users\GWNet\AppData\Local\Temp\8abd2d85-4302-4673-abd0-43ab60b726b6.exe

 

C:\Users\GWNet\AppData\Local\Temp\9f4a476e-8c11-40f1-bd5f-efb9fd961c1a.exe

 

C:\Users\GWNet\AppData\Local\Temp\catchme.dll

 

C:\Users\GWNet\AppData\Local\Temp\e09c3edc-f641-45d3-8ce5-05438bc0eb3a.exe

 

C:\Users\GWNet\AppData\Local\Temp\e3a3d2d8-a6ed-45b3-a0ee-4ac4baf41e09.exe

 

C:\Users\GWNet\AppData\Local\Temp\e8c7eb21-87a4-4508-89fa-3d4188ddcc94.exe

 

C:\Users\GWNet\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe

 

C:\Users\GWNet\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe

 

C:\Users\GWNet\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

 

C:\Users\GWNet\AppData\Local\Temp\MSN58FA.exe

 

C:\Users\GWNet\AppData\Local\Temp\Quarantine.exe

 

 

 

==================== Bamital & volsnap Check =================

 

 

C:\Windows\explorer.exe => MD5 is legit

 

C:\Windows\system32\winlogon.exe => MD5 is legit

 

C:\Windows\system32\wininit.exe => MD5 is legit

 

C:\Windows\system32\svchost.exe => MD5 is legit

 

C:\Windows\system32\services.exe => MD5 is legit

 

C:\Windows\system32\User32.dll => MD5 is legit

 

C:\Windows\system32\userinit.exe => MD5 is legit

 

C:\Windows\system32\rpcss.dll => MD5 is legit

 

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

 

 

 

LastRegBack: 2014-03-29 20:02

 

 

==================== End Of Log ============================

 

 

 

 

Addition.txt:
 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by GWNet at 2014-04-03 09:48:39
Running from C:\Users\GWNet\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Acer Auto Screen Rotation Blocker (HKLM\...\AutoScreenRotationBlocker) (Version: 1.02.1103 - Acer Inc.)
Acer Backup Manager (HKLM\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.3.89 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.1.1421 - CyberLink Corp.)
Acer Crystal Eye Webcam (Version: 1.1.1421 - CyberLink Corp.) Hidden
Acer Device Control (HKLM\...\ADevCtrl) (Version: 1.01.3002 - Acer Inc.)
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Acer Incorporated)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)
Acer Touch Application Suite (HKLM\...\{1C572D82-7E38-4A13-932A-D651AA95E1E9}) (Version: 1.00.3002 - Acer Incorporated)
Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3100 - Acer Incorporated)
Ad-Aware Browsing Protection (HKLM\...\Ad-Aware Browsing Protection) (Version: 1.0.1.110 - Lavasoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe AIR (Version: 2.0.2.12610 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AIM for Windows (HKCU\...\AIM) (Version:  - AOL Inc.)
ATI Catalyst Install Manager (HKLM\...\{93DED073-01CE-E238-919E-2ADF059ACE30}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Avant Browser (remove only) (HKLM\...\AvantBrowser) (Version: 12.5.0.0 - Avant Force)
AX88772B Windows 7 Drivers (HKLM\...\InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}) (Version: 1.0.1.1 - ASIX Electronics Corporation)
AX88772B Windows 7 Drivers (Version: 1.0.1.1 - ASIX Electronics Corporation) Hidden
Backup Manager V3 (Version: 3.0.3.89 - NTI Corporation) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2011.0112.2151.39168 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2011.0112.2151.39168 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2011.0112.2151.39168 - ATI) Hidden
CCC Help Chinese Standard (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Czech (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Danish (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Dutch (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help English (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Finnish (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help French (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help German (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Greek (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Hungarian (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Italian (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Japanese (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Korean (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Norwegian (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Polish (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Portuguese (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Russian (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Spanish (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Swedish (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Thai (Version: 2011.0112.2150.39168 - ATI) Hidden
CCC Help Turkish (Version: 2011.0112.2150.39168 - ATI) Hidden
ccc-core-static (Version: 2011.0112.2151.39168 - ATI) Hidden
ccc-utility (Version: 2011.0112.2151.39168 - ATI) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
HIDMon (HKLM\...\{7166D240-F1EE-4044-B0F3-F6AB1AF8AE72}) (Version: 1.4.0.0211 - eGalax_eMPIA Technology Inc.)
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 5.1.2 - Acer Inc.)
Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Security Client (Version: 4.3.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6302 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Speckie (HKLM\...\{C1A4F1E2-46E6-4EEE-B183-B10908BEF30F}) (Version: 5.9.1 - Versoworks)
USBKBTool 1.0.3.6  (HKLM\...\USBKBTool) (Version: 1.0.3.6 - )
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WMV9/VC-1 Video Playback (Version: 1.0.60112.2202 - ATI Technologies Inc.) Hidden

==================== Restore Points  =========================

01-04-2014 12:44:09 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:04 - 2014-01-31 09:20 - 00040113 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.egdating.net # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.realken.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups

There are 641 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {805F203D-E48E-42CE-AA7D-391CF77DAFC4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {829FF169-3EF0-4BF3-9792-36AA3CC1461B} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {92F49AEE-F1DE-4A29-B38F-AA6934F31DF8} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe

==================== Loaded Modules (whitelisted) =============

2011-02-04 04:12 - 2011-02-04 04:12 - 00086016 _____ () C:\Program Files\USBKBTool\SnxUsbDockingKB2267Srv.exe
2011-03-08 05:21 - 2011-02-21 22:01 - 00239696 _____ () C:\Program Files\Acer\Device Control\ADevCtrl.exe
2011-03-08 05:21 - 2011-02-21 22:01 - 00057424 _____ () C:\Program Files\Acer\Device Control\BrandDetection.dll
2011-03-03 17:00 - 2011-03-03 17:00 - 01081664 _____ () C:\Program Files\NTI\Acer Backup Manager\ACE.dll
2011-03-03 17:00 - 2011-03-03 17:00 - 00465640 _____ () C:\Program Files\NTI\Acer Backup Manager\sqlite3.dll
2011-05-06 07:18 - 2011-02-11 04:53 - 00114688 _____ () C:\Program Files\HIDMon\HIDMON.exe
2014-01-31 09:16 - 2014-01-31 09:16 - 00302961 _____ () C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
2011-03-08 06:24 - 2011-03-04 17:50 - 00008592 _____ () C:\Program Files\Acer\TouchApplicationSuite\TouchBrowser\TouchBrowserMui.dll
2011-03-03 17:00 - 2011-03-03 17:00 - 00125760 _____ () C:\Program Files\NTI\Acer Backup Manager\MailConverter32.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2014 09:46:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.17197, time stamp: 0x50d2f67d
Faulting module name: mshtml.dll, version: 8.0.7600.17209, time stamp: 0x50eba496
Exception code: 0xc0000005
Fault offset: 0x001da424
Faulting process id: 0x1470
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (04/02/2014 05:05:26 AM) (Source: Application Error) (User: )
Description: Faulting application name: 011159~1.EXE, version: 7.1.107.0, time stamp: 0x51098160
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x4c455645
Faulting process id: 0x6fc
Faulting application start time: 0x011159~1.EXE0
Faulting application path: 011159~1.EXE1
Faulting module path: 011159~1.EXE2
Report Id: 011159~1.EXE3

Error: (04/02/2014 03:26:53 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (04/02/2014 03:26:53 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.

Operation:
   Instantiating VSS server

Error: (04/02/2014 03:26:53 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]

Operation:
   Instantiating VSS server

Error: (04/01/2014 11:14:43 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.17197, time stamp: 0x50d2f67d
Faulting module name: mshtml.dll, version: 8.0.7600.17209, time stamp: 0x50eba496
Exception code: 0xc0000005
Fault offset: 0x0039c23c
Faulting process id: 0xaa4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (04/01/2014 11:12:33 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7600.17197 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 168c

Start Time: 01cf4d0319280728

Termination Time: 671

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (04/01/2014 11:09:17 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.17197, time stamp: 0x50d2f67d
Faulting module name: mshtml.dll, version: 8.0.7600.17209, time stamp: 0x50eba496
Exception code: 0xc0000005
Fault offset: 0x0039c23c
Faulting process id: 0x16d4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (03/31/2014 00:01:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: 011159~1.EXE, version: 7.1.107.0, time stamp: 0x51098160
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x4556454c
Faulting process id: 0x6bc
Faulting application start time: 0x011159~1.EXE0
Faulting application path: 011159~1.EXE1
Faulting module path: 011159~1.EXE2
Report Id: 011159~1.EXE3

Error: (03/31/2014 11:46:37 AM) (Source: Application Error) (User: )
Description: Faulting application name: 011159~1.EXE, version: 7.1.107.0, time stamp: 0x51098160
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x4556454c
Faulting process id: 0x6b4
Faulting application start time: 0x011159~1.EXE0
Faulting application path: 011159~1.EXE1
Faulting module path: 011159~1.EXE2
Report Id: 011159~1.EXE3

System errors:
=============
Error: (04/02/2014 05:05:44 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/02/2014 05:05:44 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Application Installer Cleanup (0111591378393439) service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/02/2014 05:05:41 AM) (Source: Service Control Manager) (User: )
Description: The HOSTS Anti-PUPs service failed to start due to the following error:
%%1053

Error: (04/02/2014 05:05:41 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HOSTS Anti-PUPs service to connect.

Error: (04/02/2014 05:05:04 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:27:56 AM on ‎4/‎2/‎2014 was unexpected.

Error: (04/02/2014 03:27:17 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/02/2014 03:27:17 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/02/2014 03:27:17 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/02/2014 03:26:53 AM) (Source: DCOM) (User: )
Description: 1084VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (04/02/2014 03:23:41 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (04/03/2014 09:46:07 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7600.1719750d2f67dmshtml.dll8.0.7600.1720950eba496c0000005001da424147001cf4f4859b8e12aC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\System32\mshtml.dllb02da314-bb3e-11e3-a9e3-9a088a15c105

Error: (04/02/2014 05:05:26 AM) (Source: Application Error)(User: )
Description: 011159~1.EXE7.1.107.051098160unknown0.0.0.000000000c00000054c4556456fc01cf4e5b08afa7b0C:\Users\GWNet\AppData\Local\Temp\011159~1.EXEunknown4f6c0b0f-ba4e-11e3-a9e3-c0f8da5c3f37

Error: (04/02/2014 03:26:53 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (04/02/2014 03:26:53 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode

Operation:
   Instantiating VSS server

Error: (04/02/2014 03:26:53 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode

Operation:
   Instantiating VSS server

Error: (04/01/2014 11:14:43 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7600.1719750d2f67dmshtml.dll8.0.7600.1720950eba496c00000050039c23caa401cf4dc563ac49a2C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\System32\mshtml.dllbbd34a44-b9b8-11e3-afd2-e069958b4f1c

Error: (04/01/2014 11:12:33 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.7600.17197168c01cf4d0319280728671C:\Program Files\Internet Explorer\iexplore.exe

Error: (04/01/2014 11:09:17 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7600.1719750d2f67dmshtml.dll8.0.7600.1720950eba496c00000050039c23c16d401cf4d031997e7d4C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\System32\mshtml.dllf92afbaa-b9b7-11e3-afd2-e069958b4f1c

Error: (03/31/2014 00:01:49 PM) (Source: Application Error)(User: )
Description: 011159~1.EXE7.1.107.051098160unknown0.0.0.000000000c00000054556454c6bc01cf4d02dec4185eC:\Users\GWNet\AppData\Local\Temp\011159~1.EXEunknown25d315f1-b8f6-11e3-afd2-e069958b4f1c

Error: (03/31/2014 11:46:37 AM) (Source: Application Error)(User: )
Description: 011159~1.EXE7.1.107.051098160unknown0.0.0.000000000c00000054556454c6b401cf4d00bf3f6747C:\Users\GWNet\AppData\Local\Temp\011159~1.EXEunknown061da5b7-b8f4-11e3-b4bc-e069958b4f1c

CodeIntegrity Errors:
===================================
  Date: 2013-10-10 13:01:39.008
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-10 13:01:38.520
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-10 13:01:28.568
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-10 13:01:27.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-30 08:48:02.165
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-30 08:48:01.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-12 23:49:46.645
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\SET4077.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-12 23:49:46.625
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\SET4077.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-18 01:57:37.885
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-18 01:57:37.403
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 1641.9 MB
Available physical RAM: 916.24 MB
Total Pagefile: 2141.9 MB
Available Pagefile: 1141.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.53 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:29.72 GB) (Free:7.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 30 GB) (Disk ID: AD8AA5A3)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 04 April 2014 - 02:51 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 i.hate.open.cloud

i.hate.open.cloud
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 04 April 2014 - 06:57 AM

MBAM log:

Malwarebytes Anti-Malware

 

www.malwarebytes.org

 

 

Scan Date: 4/4/2014

 

Scan Time: 4:49:18 AM

 

Logfile:

 

Administrator: Yes

 

 

Version: 2.00.0.1000

 

Malware Database: v2014.04.04.02

 

Rootkit Database: v2014.03.27.01

 

License: Free

 

Malware Protection: Disabled

 

Malicious Website Protection: Disabled

 

Chameleon: Disabled

 

 

OS: Windows 7

 

CPU: x86

 

File System: NTFS

 

User: GWNet

 

 

Scan Type: Threat Scan

 

Result: Completed

 

Objects Scanned: 220519

 

Time Elapsed: 31 min, 35 sec

 

b

 

Memory: Enabled

 

Startup: Enabled

 

Filesystem: Enabled

 

Archives: Enabled

 

Rootkits: Disabled

 

Shuriken: Enabled

 

PUP: Warn

 

PUM: Enabled

 

 

Processes: 0

 

(No malicious items detected)

 

 

Modules: 0

 

(No malicious items detected)

 

 

Registry Keys: 0

 

(No malicious items detected)

 

 

Registry Values: 0

 

(No malicious items detected)

 

 

Registry Data: 0

 

(No malicious items detected)

 

 

Folders: 0

 

(No malicious items detected)

 

 

Files: 1

 

Backdoor.Bot, C:\Users\GWNet\AppData\Local\Temp\Low\Ms_Cleaner.exe, Quarantined, [0c46e1453b404cea0a8a95d0e41dde22],

 

 

Physical Sectors: 0

 

(No malicious items detected)

 

 

 

(end)

 

 

 

 

ESET log:

 

 

C:\Users\GWNet\AppData\Local\Temp\6066e9b0-2741-4998-87e9-3916b0d4e3cc.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\GWNet\AppData\Local\Temp\e09c3edc-f641-45d3-8ce5-05438bc0eb3a.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\GWNet\AppData\Local\Temp\e8c7eb21-87a4-4508-89fa-3d4188ddcc94.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
 



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 07 April 2014 - 01:39 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 i.hate.open.cloud

i.hate.open.cloud
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 07 April 2014 - 08:23 AM

AdwCleaner log:

 

 

# AdwCleaner v3.023 - Report created 07/04/2014 at 08:12:46

 

# Updated 01/04/2014 by Xplode

 

# Operating System : Windows 7 Home Premium  (32 bits)

 

# Username : GWNet - GWNET-PC

 

# Running from : C:\Users\GWNet\Desktop\adwcleaner2.exe

 

# Option : Clean

 

 

***** [ Services ] *****

 

 

 

***** [ Files / Folders ] *****

 

 

 

SecurityCheck:

 

 

 Results of screen317's Security Check version 0.99.81 
 Windows 7  x86 (UAC is enabled) 
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 Java 7 Update 51 
 Adobe Flash Player  12.0.0.70 
 Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials msseces.exe
 Windows Defender MSMpEng.exe
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
 

 

 

Folder Deleted : C:\ProgramData\boost_interprocess

 

Folder Deleted : C:\Windows\system32\AI_RecycleBin

 

 

***** [ Shortcuts ] *****

 

 

 

***** [ Registry ] *****

 

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

 

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

 

 

***** [ Browsers ] *****

 

 

-\\ Internet Explorer v8.0.7600.17197

 

 

 

*************************

 

 

AdwCleaner[R0].txt - [2608 octets] - [31/01/2014 09:02:12]

 

AdwCleaner[R1].txt - [789 octets] - [31/01/2014 09:16:10]

 

AdwCleaner[R2].txt - [848 octets] - [31/01/2014 09:17:28]

 

AdwCleaner[R3].txt - [1357 octets] - [07/04/2014 08:09:57]

 

AdwCleaner[S0].txt - [2739 octets] - [31/01/2014 09:04:05]

 

AdwCleaner[S1].txt - [912 octets] - [31/01/2014 09:22:26]

 

AdwCleaner[S2].txt - [1294 octets] - [07/04/2014 08:12:46]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1354 octets] ##########

 



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 07 April 2014 - 09:07 AM

Your system is clean now! :)

 

 

Windows 7 out of date

Your Microsoft Windows installation is out of date. Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure. Out-of-date Windows installations represent a risk to your system and are also a conduit for the spread of malware. You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here.

 

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 i.hate.open.cloud

i.hate.open.cloud
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 08 April 2014 - 12:49 AM

Thanks for your time and help. There are still a few things that might be problems though:

 

 

Today I ran a full scan with Microsoft Security Essentials (it was clean) and found that a scheduled scan on 4/4/14 had detected and quarantined a Trojan called Win32/Kovter.C saying it was located at

 

file:C:\Users\GWNet\AppData\Local\Temp\Low\Ms_Cleaner.exe. I selected to remove it, and ran a quick scan, and when that was complete (a clean scan), the Trojan was no longer in the list of quarantined files, but still was listed in the section displaying all found items (it was listed as quarantined). Again, I selected “remove” and ran another quick scan, and checked for found items again, but it was gone from both lists. Not sure if this has been actually removed or not.

 

 

Anyway, I then tried to update the system. Windows Update usually doesn’t work, but I tried it and after 5 hours it found and downloaded several updates. Most were installed without problems, but Service Pack 1 failed to install. When the desktop came up after the restart to install the updates, there was a blank box open with the name Win32/Cmd.exe in the title bar. No text, but I could scroll down a bit. The box disappeared after about 30 seconds. I don’t remember that being a normal part of Windows Update.

 

 

I ran Windows Update again to try to install Service Pack 1, but I ran Microsoft FixIt first. Service Pack 1 installed correctly this time, and there wasn’t a blank Cmd box after restarting.

 

 

I tried to update Adobe, and when I run the installer, the icon vanishes from the desktop and nothing happens, but the installer is still displayed as a running process.

 

 

A couple other questions: with the new MalwareBytes, when you clean something that came up in a scan, it is deleted or just quarantined? I checked the MBAM quarantine folder, and it was empty, but I just wanted to be sure the backdoor it found earlier is completely removed. Also, should I be worried about the results of the ESET scan? They still come up when the computer is scanned with ESET.

 

 

Sorry that I keep coming up with problems. I hope that these issues are really nothing, but I do appreciate your help and advice.

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users