Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows did not start to prevent damage


  • Please log in to reply

#16
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
OTL logfile created on: 8/7/2012 7:27:36 PM - Run 4
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\James\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 28.80% Memory free
3.49 Gb Paging File | 1.61 Gb Available in Paging File | 46.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.45 Gb Total Space | 0.74 Gb Free Space | 1.12% Space Free | Partition Type: NTFS
Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/04 01:56:59 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/01 16:09:10 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/04 01:56:59 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2012/08/04 01:56:59 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/02 08:30:06 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 20:39:43 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2011/06/20 22:35:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/03 17:53:52 | 000,030,016 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2010/03/30 19:52:34 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/15 17:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/11/17 18:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/15 20:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/05/12 22:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe -- (ASLSvc)
SRV - [2009/02/17 20:01:04 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\zntport.sys -- (zntport)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\tvicport.sys -- (tvicport)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{569FB9F9-09DE-4F66-81DA-190A8CF72318}\MpKsl56be1c68.sys -- (MpKsl56be1c68)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\James\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/01/16 17:38:52 | 000,857,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2011/11/23 16:35:40 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 08:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/15 23:35:44 | 000,237,840 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/03/11 19:31:54 | 000,022,560 | ---- | M] (Acer, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eLock2burnerlockdriver.sys -- (eLock2BurnerLockDriver)
DRV - [2008/03/11 18:03:02 | 000,087,072 | ---- | M] (Acer, Inc.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...45u235z47m4r49s
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_enUS436
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\James\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\James\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/04 01:56:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/15 15:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2012/05/04 19:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ty45rzpa.default\extensions
[2012/04/29 21:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/04 01:56:59 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/01 23:05:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/01 23:05:11 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

O1 HOSTS File: ([2012/08/07 19:14:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Acer PowerSaver] C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acer SmartBoot] C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AutoLockProcess] C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\AutoLockProcess.exe (Acer Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Installation Diagnostics] C:\Program Files\Brother\Brmfl06a\Brinstck.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..\Run: [Spotify Web Helper] C:\Users\James\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A095F0A-4B3D-4C5F-BD3B-2816076F39DA}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C6125A7-3A82-4EF4-A9B9-E9D37D20B66A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59672D88-A6CA-44B9-BC9C-EDE9CFC02C79}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BD05BD6-FDAA-49AC-BAF3-5A5757893E76}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F1322A6-6BC9-4297-B549-47EBFD794A4C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC98882A-ABF7-44B4-987E-F1ECD0A37409}: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5EF6364-F8E9-40C0-ACDD-5C4548634571}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (C:\Windows\System32\wxvault.dll) - C:\Windows\System32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/25 00:56:52 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/07 19:16:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/07 19:16:22 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\temp
[2012/08/07 19:05:29 | 004,728,030 | R--- | C] (Swearware) -- C:\Users\James\Desktop\ComboFix.exe
[2012/08/07 18:45:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/06 18:10:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/05 18:35:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/05 18:35:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/05 18:34:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/05 18:19:22 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/08/05 18:18:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/31 18:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2012/07/31 18:05:37 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\ElevatedDiagnostics
[2012/07/24 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Diagnostics

========== Files - Modified Within 30 Days ==========

[2012/08/07 19:14:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/07 18:58:05 | 004,728,030 | R--- | M] (Swearware) -- C:\Users\James\Desktop\ComboFix.exe
[2012/08/07 17:58:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/07 17:58:21 | 2388,582,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/07 08:14:20 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/07 08:13:20 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/08/06 18:17:42 | 000,000,512 | ---- | M] () -- C:\Users\James\Desktop\MBR.dat
[2012/08/04 01:17:29 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/02 08:30:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/01 08:40:59 | 000,718,352 | ---- | M] () -- C:\Users\James\Desktop\lease.pdf
[2012/07/31 01:08:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/31 00:38:01 | 000,000,908 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
[2012/07/30 22:56:39 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 22:56:39 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 22:49:42 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2012/07/28 22:38:00 | 000,000,856 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
[2012/07/12 15:35:56 | 000,002,367 | ---- | M] () -- C:\Users\James\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/08/05 18:35:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/05 18:35:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/05 18:35:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/05 18:35:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/05 18:35:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/04 01:52:32 | 000,000,512 | ---- | C] () -- C:\Users\James\Desktop\MBR.dat
[2012/08/02 08:30:06 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/01 08:40:59 | 000,718,352 | ---- | C] () -- C:\Users\James\Desktop\lease.pdf
[2012/07/31 07:00:12 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/05/20 19:32:31 | 000,001,533 | ---- | C] () -- C:\Users\James\.recently-used.xbel
[2012/03/01 17:51:41 | 000,189,352 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/11/13 15:54:23 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/07/28 15:09:15 | 000,000,419 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2011/07/28 15:09:15 | 000,000,027 | -H-- | C] () -- C:\Windows\BRPP2KA.INI
[2011/07/28 15:08:49 | 000,000,248 | -H-- | C] () -- C:\Windows\Brpfx04a.ini
[2011/07/28 15:08:49 | 000,000,093 | -H-- | C] () -- C:\Windows\brpcfx.ini
[2011/07/28 15:08:49 | 000,000,050 | -H-- | C] () -- C:\Windows\System32\bridf06a.dat
[2011/07/28 15:06:50 | 000,000,000 | -H-- | C] () -- C:\Windows\brdfxspd.dat
[2011/07/28 15:06:49 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/06/20 15:50:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/15 15:49:13 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2011/06/15 15:44:58 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/09/14 13:40:39 | 000,031,232 | -H-- | C] () -- C:\Windows\System32\TSP1.dll
[2010/09/14 13:40:08 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\bioapi100.dll.bak
[2010/09/14 13:40:08 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\bioapi100.dll
[2010/09/14 13:40:07 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\bioapi_mds300.dll.bak
[2010/09/14 13:40:07 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2010/09/14 13:32:36 | 000,140,288 | -H-- | C] () -- C:\Windows\System32\igfxtvcx.dll

========== LOP Check ==========

[2012/03/22 19:14:54 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/20 19:32:58 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\gtk-2.0
[2012/07/31 18:08:03 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Spotify
[2012/08/07 08:13:58 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: SERVICES >
[2009/06/10 17:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 17:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.EXE >
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/13 22:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.EXE.VIR >
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=A302BBFF2A7278C0E239EE5D471D86A9 -- C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir

< MD5 for: SERVICES.LNK >
[2009/07/14 00:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 17:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 17:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 16:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< End of report >
  • 0

Advertisements


#17
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Normal mode was not working last time i checked. I dont have a memory stick on hand
  • 0

#18
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
I told it to delete what it found and then report.

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User: James [Admin rights]
Mode: Remove -- Date: 08/07/2012 19:47:43

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160318AS ATA Device +++++
--- User ---
[MBR] 132b484610137fe2b85cf9a40b9bfead
[BSP] 245fdd7c21128f33baf2476b88c3aea4 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 33556480 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33761280 | Size: 68046 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 173119488 | Size: 68095 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 92efafea0ec6cca0ba8ea6c8d0024da3
[BSP] 245fdd7c21128f33baf2476b88c3aea4 : Windows 7 MBR Code
Partition table:
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 33556480 | Size: 100 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33761280 | Size: 68046 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#19
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for the logs, we are making progress. Can you now run TDSSKiller and a custom OTL scan for me please. We'll try and get the machine booting into Normal Mode soon.



1)
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.




2)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Copy and Paste the following into the Custom Scans/Fixes box at the bottom.

    /md5start
    ataport.sys
    services.exe
    explorer.exe
    /md5stop
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log



In your next reply
Please post the contents of...
TDSSKiller log
OTL log

  • 0

#20
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
OTL logfile created on: 8/8/2012 3:59:40 PM - Run 5
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\James\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 84.55% Memory free
5.93 Gb Paging File | 5.50 Gb Available in Paging File | 92.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.45 Gb Total Space | 0.67 Gb Free Space | 1.01% Space Free | Partition Type: NTFS
Drive D: | 66.50 Gb Total Space | 63.44 Gb Free Space | 95.40% Space Free | Partition Type: NTFS
Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/04 01:56:59 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/01 16:09:10 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/04 01:56:59 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2012/08/04 01:56:59 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/02 08:30:06 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 20:39:43 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2011/06/20 22:35:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/03 17:53:52 | 000,030,016 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2010/03/30 19:52:34 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/15 17:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/11/17 18:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/15 20:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/05/12 22:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe -- (ASLSvc)
SRV - [2009/02/17 20:01:04 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\zntport.sys -- (zntport)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\tvicport.sys -- (tvicport)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{569FB9F9-09DE-4F66-81DA-190A8CF72318}\MpKsl56be1c68.sys -- (MpKsl56be1c68)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\James\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/01/16 17:38:52 | 000,857,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 08:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/15 23:35:44 | 000,237,840 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/03/11 19:31:54 | 000,022,560 | ---- | M] (Acer, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eLock2burnerlockdriver.sys -- (eLock2BurnerLockDriver)
DRV - [2008/03/11 18:03:02 | 000,087,072 | ---- | M] (Acer, Inc.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...45u235z47m4r49s
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_enUS436
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\James\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\James\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/04 01:56:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/15 15:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2012/05/04 19:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ty45rzpa.default\extensions
[2012/04/29 21:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/04 01:56:59 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/01 23:05:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/01 23:05:11 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

O1 HOSTS File: ([2012/08/07 19:14:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Acer PowerSaver] C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acer SmartBoot] C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AutoLockProcess] C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\AutoLockProcess.exe (Acer Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Installation Diagnostics] C:\Program Files\Brother\Brmfl06a\Brinstck.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..\Run: [Spotify Web Helper] C:\Users\James\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A095F0A-4B3D-4C5F-BD3B-2816076F39DA}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C6125A7-3A82-4EF4-A9B9-E9D37D20B66A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59672D88-A6CA-44B9-BC9C-EDE9CFC02C79}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BD05BD6-FDAA-49AC-BAF3-5A5757893E76}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F1322A6-6BC9-4297-B549-47EBFD794A4C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC98882A-ABF7-44B4-987E-F1ECD0A37409}: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5EF6364-F8E9-40C0-ACDD-5C4548634571}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (C:\Windows\System32\wxvault.dll) - C:\Windows\System32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/25 00:56:52 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/08 15:52:29 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/08 15:48:20 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\James\Desktop\tdsskiller(1).exe
[2012/08/07 19:44:16 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\RK_Quarantine
[2012/08/07 19:16:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/07 19:16:22 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\temp
[2012/08/07 19:05:29 | 004,728,030 | R--- | C] (Swearware) -- C:\Users\James\Desktop\ComboFix.exe
[2012/08/07 18:45:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/06 18:10:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/05 18:35:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/05 18:35:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/05 18:34:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/05 18:19:22 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/08/05 18:18:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/31 18:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2012/07/31 18:05:37 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\ElevatedDiagnostics
[2012/07/24 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Diagnostics

========== Files - Modified Within 30 Days ==========

[2012/08/08 15:53:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/08 15:53:39 | 2388,582,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/08 15:48:22 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\James\Desktop\tdsskiller(1).exe
[2012/08/08 15:41:41 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/08/07 19:43:43 | 001,552,896 | ---- | M] () -- C:\Users\James\Desktop\RogueKiller(1).exe
[2012/08/07 19:14:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/07 18:58:05 | 004,728,030 | R--- | M] (Swearware) -- C:\Users\James\Desktop\ComboFix.exe
[2012/08/07 08:14:20 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/06 18:17:42 | 000,000,512 | ---- | M] () -- C:\Users\James\Desktop\MBR.dat
[2012/08/04 01:17:29 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/02 08:30:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/01 08:40:59 | 000,718,352 | ---- | M] () -- C:\Users\James\Desktop\lease.pdf
[2012/07/31 01:08:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/31 00:38:01 | 000,000,908 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
[2012/07/30 22:56:39 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 22:56:39 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 22:49:42 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2012/07/28 22:38:00 | 000,000,856 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
[2012/07/12 15:35:56 | 000,002,367 | ---- | M] () -- C:\Users\James\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/08/07 19:43:43 | 001,552,896 | ---- | C] () -- C:\Users\James\Desktop\RogueKiller(1).exe
[2012/08/05 18:35:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/05 18:35:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/05 18:35:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/05 18:35:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/05 18:35:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/04 01:52:32 | 000,000,512 | ---- | C] () -- C:\Users\James\Desktop\MBR.dat
[2012/08/02 08:30:06 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/01 08:40:59 | 000,718,352 | ---- | C] () -- C:\Users\James\Desktop\lease.pdf
[2012/07/31 07:00:12 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/05/20 19:32:31 | 000,001,533 | ---- | C] () -- C:\Users\James\.recently-used.xbel
[2012/03/01 17:51:41 | 000,189,352 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/07/28 15:09:15 | 000,000,419 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2011/07/28 15:09:15 | 000,000,027 | -H-- | C] () -- C:\Windows\BRPP2KA.INI
[2011/07/28 15:08:49 | 000,000,248 | -H-- | C] () -- C:\Windows\Brpfx04a.ini
[2011/07/28 15:08:49 | 000,000,093 | -H-- | C] () -- C:\Windows\brpcfx.ini
[2011/07/28 15:08:49 | 000,000,050 | -H-- | C] () -- C:\Windows\System32\bridf06a.dat
[2011/07/28 15:06:50 | 000,000,000 | -H-- | C] () -- C:\Windows\brdfxspd.dat
[2011/07/28 15:06:49 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/06/20 15:50:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/15 15:49:13 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2011/06/15 15:44:58 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/09/14 13:40:39 | 000,031,232 | -H-- | C] () -- C:\Windows\System32\TSP1.dll
[2010/09/14 13:40:08 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\bioapi100.dll.bak
[2010/09/14 13:40:08 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\bioapi100.dll
[2010/09/14 13:40:07 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\bioapi_mds300.dll.bak
[2010/09/14 13:40:07 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2010/09/14 13:32:36 | 000,140,288 | -H-- | C] () -- C:\Windows\System32\igfxtvcx.dll

========== LOP Check ==========

[2012/03/22 19:14:54 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/20 19:32:58 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\gtk-2.0
[2012/07/31 18:08:03 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Spotify
[2012/08/07 08:13:58 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: ATAPORT.SYS >
[2010/11/20 08:29:12 | 000,132,992 | ---- | M] (Microsoft Corporation) MD5=4B55C9F9A93B3BFD01ED7366EB0B9D2E -- C:\Windows\System32\drivers\ataport.sys
[2010/11/20 08:29:12 | 000,132,992 | ---- | M] (Microsoft Corporation) MD5=4B55C9F9A93B3BFD01ED7366EB0B9D2E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\ataport.sys
[2010/11/20 08:29:12 | 000,132,992 | ---- | M] (Microsoft Corporation) MD5=4B55C9F9A93B3BFD01ED7366EB0B9D2E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\ataport.sys
[2009/07/13 21:26:15 | 000,133,200 | ---- | M] (Microsoft Corporation) MD5=BCA15585EFDDE7EBA8568BDFB75983A3 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\ataport.sys

< MD5 for: EXPLORER.EXE >
[2009/10/06 02:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/02/04 06:20:17 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/02/04 06:20:17 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009/10/06 01:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< End of report >
  • 0

#21
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
For the other thing all i found was this

[InfectedObject]
Verdict: Rootkit.Boot.Pihar.c
  • 0

#22
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
I'll need to see the full TDSSKiller log to check the status of some other files. Can you copy and paste the entire log please. The text file can be found on the root of C: drive beginning with 'TDSSKiller'.

Can you try booting into Normal Mode again as well. Is it still coming up with the Blue Screen error? If so, is the error the same as before?
  • 0

#23
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
It took a long time but i found them. Also, I am in normal mode now.

16:20:02.0577 1800 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
16:20:02.0812 1800 ============================================================
16:20:02.0812 1800 Current date / time: 2012/08/08 16:20:02.0812
16:20:02.0812 1800 SystemInfo:
16:20:02.0812 1800
16:20:02.0812 1800 OS Version: 6.1.7601 ServicePack: 1.0
16:20:02.0812 1800 Product type: Workstation
16:20:02.0812 1800 ComputerName: JAMES-PC
16:20:02.0812 1800 UserName: James
16:20:02.0812 1800 Windows directory: C:\Windows
16:20:02.0812 1800 System windows directory: C:\Windows
16:20:02.0812 1800 Processor architecture: Intel x86
16:20:02.0812 1800 Number of processors: 2
16:20:02.0812 1800 Page size: 0x1000
16:20:02.0812 1800 Boot type: Safe boot with network
16:20:02.0812 1800 ============================================================
16:20:03.0845 1800 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:20:03.0846 1800 ============================================================
16:20:03.0846 1800 \Device\Harddisk0\DR0:
16:20:03.0846 1800 MBR partitions:
16:20:03.0847 1800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
16:20:03.0847 1800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x84E7000
16:20:03.0847 1800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA519800, BlocksNum 0x84FF800
16:20:03.0847 1800 ============================================================
16:20:03.0888 1800 C: <-> \Device\Harddisk0\DR0\Partition1
16:20:03.0925 1800 D: <-> \Device\Harddisk0\DR0\Partition2
16:20:03.0926 1800 ============================================================
16:20:03.0926 1800 Initialize success
16:20:03.0926 1800 ============================================================
16:20:08.0416 0156 Deinitialize success
  • 0

#24
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Heres another one



15:48:47.0595 0512 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:48:47.0845 0512 ============================================================
15:48:47.0845 0512 Current date / time: 2012/08/08 15:48:47.0845
15:48:47.0845 0512 SystemInfo:
15:48:47.0845 0512
15:48:47.0845 0512 OS Version: 6.1.7601 ServicePack: 1.0
15:48:47.0845 0512 Product type: Workstation
15:48:47.0845 0512 ComputerName: JAMES-PC
15:48:47.0845 0512 UserName: James
15:48:47.0845 0512 Windows directory: C:\Windows
15:48:47.0845 0512 System windows directory: C:\Windows
15:48:47.0845 0512 Processor architecture: Intel x86
15:48:47.0845 0512 Number of processors: 2
15:48:47.0845 0512 Page size: 0x1000
15:48:47.0845 0512 Boot type: Safe boot with network
15:48:47.0845 0512 ============================================================
15:48:49.0607 0512 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:48:49.0607 0512 ============================================================
15:48:49.0607 0512 \Device\Harddisk0\DR0:
15:48:49.0607 0512 MBR partitions:
15:48:49.0607 0512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
15:48:49.0607 0512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x84E7000
15:48:49.0607 0512 ============================================================
15:48:49.0639 0512 C: <-> \Device\Harddisk0\DR0\Partition1
15:48:49.0639 0512 ============================================================
15:48:49.0639 0512 Initialize success
15:48:49.0639 0512 ============================================================
15:49:06.0892 1328 ============================================================
15:49:06.0892 1328 Scan started
15:49:06.0892 1328 Mode: Manual; SigCheck; TDLFS;
15:49:06.0892 1328 ============================================================
15:49:20.0402 1328 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
15:49:20.0698 1328 1394ohci - ok
15:49:20.0807 1328 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:49:20.0823 1328 ACPI - ok
15:49:20.0979 1328 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
15:49:21.0104 1328 AcpiPmi - ok
15:49:21.0587 1328 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:49:21.0603 1328 AdobeFlashPlayerUpdateSvc - ok
15:49:22.0477 1328 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:49:22.0570 1328 adp94xx - ok
15:49:23.0179 1328 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:49:23.0257 1328 adpahci - ok
15:49:23.0865 1328 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:49:23.0896 1328 adpu320 - ok
15:49:24.0021 1328 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
15:49:24.0083 1328 AeLookupSvc - ok
15:49:24.0583 1328 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
15:49:24.0676 1328 AFD - ok
15:49:24.0801 1328 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
15:49:24.0801 1328 agp440 - ok
15:49:25.0019 1328 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:49:25.0175 1328 aic78xx - ok
15:49:26.0002 1328 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
15:49:26.0158 1328 ALG - ok
15:49:26.0330 1328 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
15:49:26.0423 1328 aliide - ok
15:49:26.0533 1328 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
15:49:26.0533 1328 amdagp - ok
15:49:26.0657 1328 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
15:49:26.0689 1328 amdide - ok
15:49:27.0001 1328 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:49:27.0266 1328 AmdK8 - ok
15:49:27.0828 1328 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:49:27.0890 1328 AmdPPM - ok
15:49:28.0358 1328 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
15:49:28.0405 1328 amdsata - ok
15:49:29.0169 1328 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:49:29.0216 1328 amdsbs - ok
15:49:29.0434 1328 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
15:49:29.0466 1328 amdxata - ok
15:49:29.0965 1328 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
15:49:31.0322 1328 AppID - ok
15:49:31.0462 1328 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
15:49:31.0618 1328 AppIDSvc - ok
15:49:32.0040 1328 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
15:49:32.0149 1328 Appinfo - ok
15:49:33.0319 1328 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:49:33.0428 1328 Apple Mobile Device - ok
15:49:33.0802 1328 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
15:49:33.0880 1328 AppMgmt - ok
15:49:34.0068 1328 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:49:34.0114 1328 arc - ok
15:49:34.0192 1328 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:49:34.0224 1328 arcsas - ok
15:49:34.0723 1328 ASLSvc (1738eac9c95ae14e471f51778940c111) C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
15:49:34.0863 1328 ASLSvc ( UnsignedFile.Multi.Generic ) - warning
15:49:34.0863 1328 ASLSvc - detected UnsignedFile.Multi.Generic (1)
15:49:34.0972 1328 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:49:36.0766 1328 AsyncMac - ok
15:49:37.0047 1328 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:49:37.0047 1328 atapi - ok
15:49:38.0763 1328 athrusb (cd90739cb064f5a234a41d190f25a822) C:\Windows\system32\DRIVERS\athrusb.sys
15:49:38.0857 1328 athrusb - ok
15:49:41.0150 1328 ATService (f6e8ccf14b84507497d3108518dbb4cc) C:\Program Files\Fingerprint Sensor\AtService.exe
15:49:41.0244 1328 ATService - ok
15:49:42.0788 1328 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:49:42.0850 1328 AudioEndpointBuilder - ok
15:49:42.0850 1328 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:49:42.0882 1328 Audiosrv - ok
15:49:43.0240 1328 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
15:49:43.0287 1328 AxInstSV - ok
15:49:43.0911 1328 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:49:43.0989 1328 b06bdrv - ok
15:49:44.0067 1328 b57nd60x (43d0b19cf9ad22f9c14516f66dcc2d9f) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:49:44.0083 1328 b57nd60x - ok
15:49:44.0348 1328 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
15:49:44.0395 1328 BDESVC - ok
15:49:44.0473 1328 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:49:44.0504 1328 Beep - ok
15:49:44.0878 1328 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
15:49:45.0019 1328 BFE - ok
15:49:45.0159 1328 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:49:45.0190 1328 blbdrive - ok
15:49:46.0579 1328 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:49:46.0626 1328 Bonjour Service - ok
15:49:46.0969 1328 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
15:49:47.0031 1328 bowser - ok
15:49:47.0094 1328 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:49:47.0328 1328 BrFiltLo - ok
15:49:47.0343 1328 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:49:47.0421 1328 BrFiltUp - ok
15:49:47.0546 1328 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
15:49:47.0593 1328 BridgeMP - ok
15:49:47.0733 1328 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
15:49:47.0811 1328 Browser - ok
15:49:48.0030 1328 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:49:48.0061 1328 Brserid - ok
15:49:48.0123 1328 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:49:48.0186 1328 BrSerWdm - ok
15:49:48.0217 1328 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:49:48.0248 1328 BrUsbMdm - ok
15:49:48.0264 1328 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:49:48.0326 1328 BrUsbSer - ok
15:49:48.0357 1328 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:49:48.0404 1328 BTHMODEM - ok
15:49:48.0513 1328 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
15:49:48.0560 1328 bthserv - ok
15:49:48.0700 1328 catchme - ok
15:49:48.0794 1328 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:49:48.0825 1328 cdfs - ok
15:49:49.0434 1328 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
15:49:49.0543 1328 cdrom - ok
15:49:49.0980 1328 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
15:49:50.0026 1328 CertPropSvc - ok
15:49:50.0370 1328 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:49:50.0432 1328 circlass - ok
15:49:51.0150 1328 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:49:51.0196 1328 CLFS - ok
15:49:51.0789 1328 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:49:52.0210 1328 clr_optimization_v2.0.50727_32 - ok
15:49:53.0334 1328 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:49:53.0692 1328 clr_optimization_v4.0.30319_32 - ok
15:49:53.0786 1328 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:49:53.0926 1328 CmBatt - ok
15:49:54.0098 1328 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
15:49:54.0129 1328 cmdide - ok
15:49:54.0909 1328 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
15:49:54.0987 1328 CNG - ok
15:49:55.0018 1328 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:49:55.0018 1328 Compbatt - ok
15:49:55.0268 1328 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
15:49:55.0455 1328 CompositeBus - ok
15:49:55.0611 1328 COMSysApp - ok
15:49:55.0861 1328 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:49:55.0939 1328 crcdisk - ok
15:49:56.0578 1328 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
15:49:56.0766 1328 CryptSvc - ok
15:49:57.0826 1328 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
15:49:57.0951 1328 CSC - ok
15:50:00.0213 1328 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
15:50:00.0322 1328 CscService - ok
15:50:01.0664 1328 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
15:50:02.0959 1328 DcomLaunch - ok
15:50:03.0614 1328 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
15:50:03.0661 1328 defragsvc - ok
15:50:04.0160 1328 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
15:50:04.0222 1328 DfsC - ok
15:50:06.0328 1328 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
15:50:06.0500 1328 Dhcp - ok
15:50:06.0828 1328 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:50:06.0937 1328 discache - ok
15:50:07.0498 1328 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:50:07.0561 1328 Disk - ok
15:50:08.0325 1328 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
15:50:08.0434 1328 Dnscache - ok
15:50:10.0041 1328 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
15:50:10.0260 1328 dot3svc - ok
15:50:10.0868 1328 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
15:50:10.0946 1328 DPS - ok
15:50:11.0180 1328 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:50:11.0196 1328 drmkaud - ok
15:50:14.0144 1328 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
15:50:14.0269 1328 DXGKrnl - ok
15:50:15.0298 1328 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
15:50:15.0439 1328 EapHost - ok
15:50:28.0792 1328 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:50:28.0902 1328 ebdrv - ok
15:50:29.0401 1328 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
15:50:29.0416 1328 EFS - ok
15:50:30.0009 1328 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
15:50:30.0150 1328 ehRecvr - ok
15:50:30.0867 1328 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
15:50:30.0945 1328 ehSched - ok
15:50:31.0242 1328 eLock2BurnerLockDriver (1815153e6ac1edd08e4f2f367345ae5d) C:\Windows\system32\DRIVERS\eLock2BurnerLockDriver.sys
15:50:31.0273 1328 eLock2BurnerLockDriver - ok
15:50:31.0429 1328 eLock2FSCTLDriver (c93b7caa8c8734baf34682a4df24f945) C:\Windows\system32\DRIVERS\eLock2FSCTLDriver.sys
15:50:31.0491 1328 eLock2FSCTLDriver - ok
15:50:31.0990 1328 eLockService (fdeda16324b24c9c0a6567c0dd9643f3) C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
15:50:32.0100 1328 eLockService - ok
15:50:32.0646 1328 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:50:32.0677 1328 elxstor - ok
15:50:32.0755 1328 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
15:50:32.0770 1328 ErrDev - ok
15:50:32.0895 1328 ETService (2360c025fba88951dab9149191033128) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
15:50:32.0926 1328 ETService ( UnsignedFile.Multi.Generic ) - warning
15:50:32.0926 1328 ETService - detected UnsignedFile.Multi.Generic (1)
15:50:33.0020 1328 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
15:50:33.0067 1328 EventSystem - ok
15:50:33.0207 1328 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:50:33.0223 1328 exfat - ok
15:50:33.0270 1328 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:50:33.0348 1328 fastfat - ok
15:50:33.0660 1328 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
15:50:33.0706 1328 Fax - ok
15:50:33.0722 1328 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:50:33.0753 1328 fdc - ok
15:50:33.0800 1328 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
15:50:33.0847 1328 fdPHost - ok
15:50:33.0847 1328 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
15:50:33.0894 1328 FDResPub - ok
15:50:33.0987 1328 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:50:34.0003 1328 FileInfo - ok
15:50:34.0018 1328 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:50:34.0034 1328 Filetrace - ok
15:50:34.0206 1328 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:50:34.0237 1328 flpydisk - ok
15:50:34.0315 1328 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:50:34.0315 1328 FltMgr - ok
15:50:34.0377 1328 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
15:50:34.0408 1328 FontCache - ok
15:50:34.0674 1328 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:50:34.0689 1328 FontCache3.0.0.0 - ok
15:50:34.0705 1328 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:50:34.0720 1328 FsDepends - ok
15:50:34.0736 1328 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:50:34.0752 1328 Fs_Rec - ok
15:50:34.0830 1328 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
15:50:34.0845 1328 fvevol - ok
15:50:34.0908 1328 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:50:34.0923 1328 gagp30kx - ok
15:50:35.0017 1328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:50:35.0017 1328 GEARAspiWDM - ok
15:50:35.0095 1328 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
15:50:35.0157 1328 gpsvc - ok
15:50:35.0578 1328 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files\Acer\Registration\GREGsvc.exe
15:50:35.0625 1328 GREGService - ok
15:50:36.0280 1328 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:50:36.0280 1328 gupdate - ok
15:50:36.0546 1328 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:50:36.0546 1328 gupdatem - ok
15:50:37.0045 1328 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:50:37.0076 1328 gusvc - ok
15:50:37.0138 1328 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:50:37.0154 1328 hcw85cir - ok
15:50:37.0341 1328 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
15:50:37.0404 1328 HdAudAddService - ok
15:50:38.0667 1328 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
15:50:38.0808 1328 HDAudBus - ok
15:50:39.0120 1328 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:50:39.0322 1328 HidBatt - ok
15:50:39.0510 1328 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:50:39.0525 1328 HidBth - ok
15:50:39.0619 1328 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:50:39.0697 1328 HidIr - ok
15:50:39.0822 1328 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
15:50:39.0884 1328 hidserv - ok
15:50:40.0040 1328 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
15:50:40.0071 1328 HidUsb - ok
15:50:40.0180 1328 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
15:50:40.0243 1328 hkmsvc - ok
15:50:40.0305 1328 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
15:50:40.0336 1328 HomeGroupListener - ok
15:50:40.0383 1328 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
15:50:40.0414 1328 HomeGroupProvider - ok
15:50:40.0461 1328 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
15:50:40.0492 1328 HpSAMD - ok
15:50:40.0555 1328 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
15:50:40.0586 1328 HTTP - ok
15:50:40.0617 1328 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
15:50:40.0633 1328 hwpolicy - ok
15:50:40.0711 1328 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
15:50:40.0742 1328 i8042prt - ok
15:50:40.0820 1328 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
15:50:40.0820 1328 iaStorV - ok
15:50:40.0914 1328 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:50:40.0945 1328 idsvc - ok
15:50:42.0910 1328 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:50:43.0191 1328 igfx - ok
15:50:43.0534 1328 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:50:43.0550 1328 iirsp - ok
15:50:43.0753 1328 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
15:50:43.0784 1328 IKEEXT - ok
15:50:43.0940 1328 IntcAzAudAddService (7cb41a5e5c24f9f50e6533693e2bb74d) C:\Windows\system32\drivers\RTKVHDA.sys
15:50:44.0018 1328 IntcAzAudAddService - ok
15:50:44.0127 1328 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
15:50:44.0143 1328 intelide - ok
15:50:44.0252 1328 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:50:44.0283 1328 intelppm - ok
15:50:44.0361 1328 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
15:50:44.0392 1328 IPBusEnum - ok
15:50:44.0517 1328 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:50:44.0533 1328 IpFilterDriver - ok
15:50:44.0814 1328 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
15:50:44.0876 1328 iphlpsvc - ok
15:50:44.0907 1328 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
15:50:44.0923 1328 IPMIDRV - ok
15:50:45.0001 1328 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:50:45.0048 1328 IPNAT - ok
15:50:46.0093 1328 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
15:50:46.0108 1328 iPod Service - ok
15:50:46.0202 1328 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:50:46.0545 1328 IRENUM - ok
15:50:46.0686 1328 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
15:50:46.0701 1328 isapnp - ok
15:50:46.0779 1328 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
15:50:46.0795 1328 iScsiPrt - ok
15:50:46.0982 1328 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:50:46.0998 1328 kbdclass - ok
15:50:47.0060 1328 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
15:50:47.0107 1328 kbdhid - ok
15:50:47.0232 1328 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
15:50:47.0247 1328 KeyIso - ok
15:50:47.0637 1328 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
15:50:47.0637 1328 KSecDD - ok
15:50:47.0793 1328 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
15:50:47.0809 1328 KSecPkg - ok
15:50:47.0887 1328 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
15:50:47.0949 1328 KtmRm - ok
15:50:48.0090 1328 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
15:50:48.0152 1328 LanmanServer - ok
15:50:48.0199 1328 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
15:50:48.0261 1328 LanmanWorkstation - ok
15:50:48.0370 1328 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:50:48.0402 1328 lltdio - ok
15:50:48.0433 1328 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
15:50:48.0480 1328 lltdsvc - ok
15:50:48.0558 1328 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
15:50:48.0589 1328 lmhosts - ok
15:50:48.0698 1328 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:50:48.0714 1328 LSI_FC - ok
15:50:48.0745 1328 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:50:48.0760 1328 LSI_SAS - ok
15:50:48.0760 1328 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:50:48.0776 1328 LSI_SAS2 - ok
15:50:48.0792 1328 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:50:48.0792 1328 LSI_SCSI - ok
15:50:48.0854 1328 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:50:48.0885 1328 luafv - ok
15:50:48.0948 1328 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
15:50:48.0963 1328 Mcx2Svc - ok
15:50:49.0057 1328 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:50:49.0057 1328 megasas - ok
15:50:49.0104 1328 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:50:49.0119 1328 MegaSR - ok
15:50:49.0322 1328 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:50:49.0338 1328 Microsoft Office Groove Audit Service - ok
15:50:49.0384 1328 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:50:49.0431 1328 MMCSS - ok
15:50:49.0462 1328 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:50:49.0478 1328 Modem - ok
15:50:49.0494 1328 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:50:49.0525 1328 monitor - ok
15:50:49.0603 1328 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:50:49.0603 1328 mouclass - ok
15:50:49.0696 1328 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:50:49.0728 1328 mouhid - ok
15:50:49.0806 1328 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
15:50:49.0806 1328 mountmgr - ok
15:50:49.0993 1328 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:50:49.0993 1328 MozillaMaintenance - ok
15:50:50.0071 1328 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
15:50:50.0086 1328 MpFilter - ok
15:50:50.0102 1328 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
15:50:50.0118 1328 mpio - ok
15:50:50.0258 1328 MpKsl56be1c68 - ok
15:50:50.0320 1328 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:50:50.0352 1328 mpsdrv - ok
15:50:50.0492 1328 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
15:50:50.0523 1328 MRxDAV - ok
15:50:50.0664 1328 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:50:50.0726 1328 mrxsmb - ok
15:50:50.0866 1328 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:50:50.0882 1328 mrxsmb10 - ok
15:50:50.0929 1328 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:50:50.0960 1328 mrxsmb20 - ok
15:50:51.0085 1328 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
15:50:51.0085 1328 msahci - ok
15:50:51.0256 1328 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
15:50:51.0272 1328 msdsm - ok
15:50:51.0553 1328 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
15:50:51.0615 1328 MSDTC - ok
15:50:51.0724 1328 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:50:51.0740 1328 Msfs - ok
15:50:51.0771 1328 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:50:51.0896 1328 mshidkmdf - ok
15:50:51.0990 1328 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
15:50:52.0052 1328 msisadrv - ok
15:50:52.0489 1328 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
15:50:52.0614 1328 MSiSCSI - ok
15:50:52.0629 1328 msiserver - ok
15:50:52.0832 1328 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:50:52.0879 1328 MSKSSRV - ok
15:50:52.0957 1328 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:50:53.0004 1328 MSPCLOCK - ok
15:50:53.0066 1328 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:50:53.0160 1328 MSPQM - ok
15:50:53.0394 1328 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:50:53.0409 1328 MsRPC - ok
15:50:53.0503 1328 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
15:50:53.0503 1328 mssmbios - ok
15:50:53.0643 1328 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:50:53.0659 1328 MSTEE - ok
15:50:53.0721 1328 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:50:53.0799 1328 MTConfig - ok
15:50:54.0002 1328 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:50:54.0049 1328 Mup - ok
15:50:54.0408 1328 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
15:50:54.0470 1328 napagent - ok
15:50:54.0657 1328 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:50:54.0720 1328 NativeWifiP - ok
15:50:54.0876 1328 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
15:50:54.0907 1328 NDIS - ok
15:50:54.0985 1328 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:50:55.0016 1328 NdisCap - ok
15:50:55.0188 1328 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:50:55.0219 1328 NdisTapi - ok
15:50:55.0250 1328 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
15:50:55.0281 1328 Ndisuio - ok
15:50:55.0297 1328 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
15:50:55.0312 1328 NdisWan - ok
15:50:55.0328 1328 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
15:50:55.0359 1328 NDProxy - ok
15:50:55.0546 1328 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
15:50:55.0578 1328 Nero BackItUp Scheduler 4.0 - ok
15:50:55.0624 1328 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:50:55.0671 1328 NetBIOS - ok
15:50:55.0718 1328 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
15:50:55.0765 1328 NetBT - ok
15:50:55.0796 1328 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
15:50:55.0812 1328 Netlogon - ok
15:50:55.0890 1328 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
15:50:55.0921 1328 Netman - ok
15:50:55.0968 1328 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
15:50:55.0999 1328 netprofm - ok
15:50:56.0092 1328 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:50:56.0108 1328 NetTcpPortSharing - ok
15:50:56.0155 1328 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:50:56.0186 1328 nfrd960 - ok
15:50:56.0248 1328 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:50:56.0264 1328 NisDrv - ok
15:50:56.0358 1328 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
15:50:56.0373 1328 NisSrv - ok
15:50:56.0420 1328 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
15:50:56.0451 1328 NlaSvc - ok
15:50:56.0498 1328 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:50:56.0529 1328 Npfs - ok
15:50:56.0592 1328 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
15:50:56.0623 1328 nsi - ok
15:50:56.0670 1328 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:50:56.0701 1328 nsiproxy - ok
15:50:56.0763 1328 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
15:50:56.0810 1328 Ntfs - ok
15:50:56.0966 1328 NTI IScheduleSvc (070ec05d5b1447e9bbf4167980ad7518) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
15:50:56.0982 1328 NTI IScheduleSvc - ok
15:50:57.0091 1328 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
15:50:57.0106 1328 NTIDrvr - ok
15:50:57.0138 1328 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:50:57.0184 1328 Null - ok
15:50:57.0294 1328 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
15:50:57.0294 1328 nvraid - ok
15:50:57.0325 1328 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
15:50:57.0340 1328 nvstor - ok
15:50:57.0418 1328 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
15:50:57.0418 1328 nv_agp - ok
15:50:57.0621 1328 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:50:57.0637 1328 odserv - ok
15:50:57.0715 1328 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
15:50:57.0730 1328 ohci1394 - ok
15:50:57.0824 1328 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:50:57.0824 1328 ose - ok
15:50:57.0886 1328 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:50:57.0933 1328 p2pimsvc - ok
15:50:57.0980 1328 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
15:50:57.0996 1328 p2psvc - ok
15:50:58.0074 1328 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:50:58.0074 1328 Parport - ok
15:50:58.0105 1328 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
15:50:58.0105 1328 partmgr - ok
15:50:58.0136 1328 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:50:58.0167 1328 Parvdm - ok
15:50:58.0214 1328 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
15:50:58.0230 1328 PcaSvc - ok
15:50:58.0261 1328 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
15:50:58.0276 1328 pci - ok
15:50:58.0308 1328 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
15:50:58.0323 1328 pciide - ok
15:50:58.0354 1328 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:50:58.0370 1328 pcmcia - ok
15:50:58.0386 1328 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:50:58.0401 1328 pcw - ok
15:50:58.0417 1328 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:50:58.0479 1328 PEAUTH - ok
15:50:58.0542 1328 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
15:50:58.0604 1328 PeerDistSvc - ok
15:50:58.0994 1328 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
15:50:59.0072 1328 pla - ok
15:50:59.0212 1328 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
15:50:59.0259 1328 PlugPlay - ok
15:50:59.0275 1328 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
15:50:59.0290 1328 PNRPAutoReg - ok
15:50:59.0384 1328 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:50:59.0400 1328 PNRPsvc - ok
15:50:59.0493 1328 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
15:50:59.0524 1328 PolicyAgent - ok
15:50:59.0587 1328 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
15:50:59.0602 1328 Power - ok
15:50:59.0680 1328 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:50:59.0712 1328 PptpMiniport - ok
15:50:59.0743 1328 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:50:59.0774 1328 Processor - ok
15:50:59.0821 1328 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
15:50:59.0836 1328 ProfSvc - ok
15:50:59.0914 1328 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
15:50:59.0914 1328 ProtectedStorage - ok
15:51:00.0070 1328 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:51:00.0117 1328 Psched - ok
15:51:00.0289 1328 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:51:00.0367 1328 ql2300 - ok
15:51:00.0585 1328 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:51:00.0585 1328 ql40xx - ok
15:51:00.0616 1328 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
15:51:00.0632 1328 QWAVE - ok
15:51:00.0632 1328 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:51:00.0648 1328 QWAVEdrv - ok
15:51:00.0663 1328 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:51:00.0710 1328 RasAcd - ok
15:51:00.0772 1328 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:51:00.0804 1328 RasAgileVpn - ok
15:51:00.0850 1328 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
15:51:00.0866 1328 RasAuto - ok
15:51:00.0913 1328 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:51:00.0944 1328 Rasl2tp - ok
15:51:01.0178 1328 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
15:51:01.0225 1328 RasMan - ok
15:51:01.0287 1328 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:51:01.0318 1328 RasPppoe - ok
15:51:01.0381 1328 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:51:01.0412 1328 RasSstp - ok
15:51:01.0490 1328 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
15:51:01.0521 1328 rdbss - ok
15:51:01.0584 1328 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:51:01.0584 1328 rdpbus - ok
15:51:01.0615 1328 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:51:01.0646 1328 RDPCDD - ok
15:51:01.0724 1328 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
15:51:01.0740 1328 RDPDR - ok
15:51:01.0802 1328 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:51:01.0833 1328 RDPENCDD - ok
15:51:01.0864 1328 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:51:01.0911 1328 RDPREFMP - ok
15:51:02.0052 1328 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
15:51:02.0114 1328 RDPWD - ok
15:51:02.0286 1328 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
15:51:02.0301 1328 rdyboost - ok
15:51:02.0410 1328 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
15:51:02.0442 1328 RemoteAccess - ok
15:51:02.0520 1328 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
15:51:02.0551 1328 RemoteRegistry - ok
15:51:02.0660 1328 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
15:51:02.0676 1328 RpcEptMapper - ok
15:51:02.0707 1328 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
15:51:02.0722 1328 RpcLocator - ok
15:51:02.0769 1328 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\System32\rpcss.dll
15:51:02.0785 1328 RpcSs - ok
15:51:02.0816 1328 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:51:02.0832 1328 rspndr - ok
15:51:02.0847 1328 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
15:51:02.0878 1328 s3cap - ok
15:51:02.0894 1328 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
15:51:02.0910 1328 SamSs - ok
15:51:02.0956 1328 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
15:51:02.0972 1328 sbp2port - ok
15:51:03.0050 1328 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
15:51:03.0081 1328 SCardSvr - ok
15:51:03.0190 1328 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
15:51:03.0222 1328 scfilter - ok
15:51:03.0268 1328 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
15:51:03.0315 1328 Schedule - ok
15:51:03.0346 1328 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
15:51:03.0378 1328 SCPolicySvc - ok
15:51:03.0424 1328 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
15:51:03.0440 1328 SDRSVC - ok
15:51:03.0534 1328 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:51:03.0565 1328 secdrv - ok
15:51:03.0612 1328 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
15:51:03.0658 1328 seclogon - ok
15:51:03.0861 1328 SecureStorageService (9ea693d8f147402a1ae3c3a050fa3dc7) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
15:51:03.0924 1328 SecureStorageService ( UnsignedFile.Multi.Generic ) - warning
15:51:03.0924 1328 SecureStorageService - detected UnsignedFile.Multi.Generic (1)
15:51:04.0048 1328 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
15:51:04.0142 1328 SENS - ok
15:51:04.0392 1328 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
15:51:04.0423 1328 SensrSvc - ok
15:51:04.0532 1328 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:51:04.0563 1328 Serenum - ok
15:51:04.0766 1328 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:51:04.0766 1328 Serial - ok
15:51:04.0813 1328 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:51:04.0828 1328 sermouse - ok
15:51:04.0891 1328 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
15:51:04.0922 1328 SessionEnv - ok
15:51:04.0953 1328 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
15:51:04.0953 1328 sffdisk - ok
15:51:04.0969 1328 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
15:51:05.0000 1328 sffp_mmc - ok
15:51:05.0031 1328 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
15:51:05.0062 1328 sffp_sd - ok
15:51:05.0094 1328 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:51:05.0125 1328 sfloppy - ok
15:51:05.0172 1328 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
15:51:05.0203 1328 SharedAccess - ok
15:51:05.0265 1328 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
15:51:05.0312 1328 ShellHWDetection - ok
15:51:05.0421 1328 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
15:51:05.0421 1328 sisagp - ok
15:51:05.0530 1328 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:51:05.0546 1328 SiSRaid2 - ok
15:51:05.0577 1328 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:51:05.0577 1328 SiSRaid4 - ok
15:51:05.0640 1328 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:51:05.0671 1328 Smb - ok
15:51:05.0764 1328 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
15:51:05.0780 1328 SNMPTRAP - ok
15:51:05.0842 1328 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:51:05.0858 1328 spldr - ok
15:51:05.0889 1328 Spooler - ok
15:51:06.0186 1328 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
15:51:06.0295 1328 sppsvc - ok
15:51:06.0420 1328 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
15:51:06.0435 1328 sppuinotify - ok
15:51:06.0513 1328 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
15:51:06.0560 1328 srv - ok
15:51:06.0576 1328 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
15:51:06.0607 1328 srv2 - ok
15:51:06.0638 1328 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
15:51:06.0654 1328 srvnet - ok
15:51:06.0685 1328 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
15:51:06.0716 1328 SSDPSRV - ok
15:51:06.0747 1328 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
15:51:06.0763 1328 SstpSvc - ok
15:51:06.0888 1328 Steam Client Service - ok
15:51:06.0919 1328 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:51:06.0919 1328 stexstor - ok
15:51:06.0950 1328 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
15:51:06.0950 1328 StillCam - ok
15:51:06.0997 1328 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
15:51:07.0028 1328 StiSvc - ok
15:51:07.0106 1328 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
15:51:07.0106 1328 storflt - ok
15:51:07.0137 1328 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
15:51:07.0153 1328 StorSvc - ok
15:51:07.0215 1328 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
15:51:07.0215 1328 storvsc - ok
15:51:07.0246 1328 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
15:51:07.0246 1328 swenum - ok
15:51:07.0278 1328 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
15:51:07.0324 1328 swprv - ok
15:51:07.0449 1328 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
15:51:07.0480 1328 SysMain - ok
15:51:07.0527 1328 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
15:51:07.0543 1328 TabletInputService - ok
15:51:07.0574 1328 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
15:51:07.0605 1328 TapiSrv - ok
15:51:07.0668 1328 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
15:51:07.0699 1328 TBS - ok
15:51:08.0011 1328 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
15:51:08.0073 1328 Tcpip - ok
15:51:08.0479 1328 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
15:51:08.0494 1328 TCPIP6 - ok
15:51:08.0760 1328 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
15:51:08.0791 1328 tcpipreg - ok
15:51:08.0931 1328 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
15:51:09.0025 1328 TDPIPE - ok
15:51:09.0040 1328 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
15:51:09.0056 1328 TDTCP - ok
15:51:09.0196 1328 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
15:51:09.0259 1328 tdx - ok
15:51:09.0274 1328 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
15:51:09.0290 1328 TermDD - ok
15:51:09.0321 1328 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
15:51:09.0368 1328 TermService - ok
15:51:09.0571 1328 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
15:51:09.0586 1328 Themes - ok
15:51:09.0618 1328 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:51:09.0633 1328 THREADORDER - ok
15:51:09.0664 1328 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
15:51:09.0711 1328 TrkWks - ok
15:51:09.0805 1328 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
15:51:09.0852 1328 TrustedInstaller - ok
15:51:09.0883 1328 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:51:09.0914 1328 tssecsrv - ok
15:51:10.0101 1328 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
15:51:10.0164 1328 TsUsbFlt - ok
15:51:10.0257 1328 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
15:51:10.0304 1328 tunnel - ok
15:51:10.0320 1328 tvicport - ok
15:51:10.0366 1328 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:51:10.0382 1328 uagp35 - ok
15:51:10.0444 1328 UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
15:51:10.0444 1328 UBHelper - ok
15:51:10.0522 1328 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
15:51:10.0585 1328 udfs - ok
15:51:10.0616 1328 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
15:51:10.0647 1328 UI0Detect - ok
15:51:10.0710 1328 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
15:51:10.0710 1328 uliagpkx - ok
15:51:10.0741 1328 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
15:51:10.0756 1328 umbus - ok
15:51:10.0819 1328 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:51:10.0850 1328 UmPass - ok
15:51:10.0944 1328 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
15:51:10.0975 1328 UmRdpService - ok
15:51:11.0100 1328 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:51:11.0115 1328 Updater Service - ok
15:51:11.0193 1328 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
15:51:11.0256 1328 upnphost - ok
15:51:11.0661 1328 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
15:51:11.0724 1328 usbaudio - ok
15:51:11.0833 1328 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
15:51:11.0880 1328 usbccgp - ok
15:51:11.0973 1328 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
15:51:11.0989 1328 usbcir - ok
15:51:12.0098 1328 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
15:51:12.0114 1328 usbehci - ok
15:51:12.0316 1328 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
15:51:12.0379 1328 usbhub - ok
15:51:12.0660 1328 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
15:51:12.0769 1328 usbohci - ok
15:51:12.0878 1328 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:51:12.0909 1328 usbprint - ok
15:51:13.0003 1328 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:51:13.0050 1328 USBSTOR - ok
15:51:13.0081 1328 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
15:51:13.0096 1328 usbuhci - ok
15:51:13.0143 1328 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
15:51:13.0159 1328 UxSms - ok
15:51:13.0237 1328 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
15:51:13.0252 1328 VaultSvc - ok
15:51:13.0315 1328 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
15:51:13.0330 1328 vdrvroot - ok
15:51:13.0830 1328 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
15:51:14.0001 1328 vds - ok
15:51:14.0079 1328 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:51:14.0126 1328 vga - ok
15:51:14.0157 1328 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:51:14.0173 1328 VgaSave - ok
15:51:14.0220 1328 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
15:51:14.0235 1328 vhdmp - ok
15:51:14.0500 1328 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
15:51:14.0516 1328 viaagp - ok
15:51:14.0547 1328 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:51:14.0563 1328 ViaC7 - ok
15:51:14.0610 1328 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
15:51:14.0625 1328 viaide - ok
15:51:14.0781 1328 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
15:51:14.0828 1328 vmbus - ok
15:51:14.0937 1328 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
15:51:15.0000 1328 VMBusHID - ok
15:51:15.0078 1328 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
15:51:15.0109 1328 volmgr - ok
15:51:15.0156 1328 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:51:15.0171 1328 volmgrx - ok
15:51:15.0436 1328 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
15:51:15.0530 1328 volsnap - ok
15:51:16.0092 1328 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
15:51:16.0107 1328 vpcbus - ok
15:51:16.0138 1328 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
15:51:16.0170 1328 vpcnfltr - ok
15:51:16.0591 1328 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
15:51:16.0653 1328 vpcusb - ok
15:51:16.0950 1328 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
15:51:16.0965 1328 vpcvmm - ok
15:51:17.0059 1328 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:51:17.0074 1328 vsmraid - ok
15:51:17.0121 1328 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
15:51:17.0199 1328 VSS - ok
15:51:17.0215 1328 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
15:51:17.0230 1328 vwifibus - ok
15:51:17.0308 1328 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
15:51:17.0340 1328 W32Time - ok
15:51:17.0402 1328 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:51:17.0449 1328 WacomPen - ok
15:51:17.0464 1328 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:51:17.0511 1328 WANARP - ok
15:51:17.0511 1328 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:51:17.0542 1328 Wanarpv6 - ok
15:51:17.0730 1328 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
15:51:17.0761 1328 WatAdminSvc - ok
15:51:18.0088 1328 WavxDMgr (e5d696b25acc9aa66dc8e6555b21c962) C:\Windows\system32\DRIVERS\WavxDMgr.sys
15:51:18.0104 1328 WavxDMgr - ok
15:51:18.0432 1328 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
15:51:18.0525 1328 wbengine - ok
15:51:18.0603 1328 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
15:51:18.0634 1328 WbioSrvc - ok
15:51:18.0697 1328 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
15:51:18.0712 1328 wcncsvc - ok
15:51:18.0759 1328 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
15:51:18.0790 1328 WcsPlugInService - ok
15:51:18.0868 1328 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:51:18.0884 1328 Wd - ok
15:51:18.0915 1328 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:51:18.0931 1328 Wdf01000 - ok
15:51:18.0978 1328 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:51:19.0009 1328 WdiServiceHost - ok
15:51:19.0009 1328 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:51:19.0024 1328 WdiSystemHost - ok
15:51:19.0056 1328 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
15:51:19.0087 1328 WebClient - ok
15:51:19.0274 1328 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
15:51:19.0290 1328 Wecsvc - ok
15:51:19.0461 1328 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
15:51:19.0524 1328 wercplsupport - ok
15:51:19.0804 1328 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
15:51:19.0836 1328 WerSvc - ok
15:51:19.0867 1328 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:51:19.0898 1328 WfpLwf - ok
15:51:19.0945 1328 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:51:19.0945 1328 WIMMount - ok
15:51:20.0241 1328 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:51:20.0288 1328 WinDefend - ok
15:51:20.0288 1328 WinHttpAutoProxySvc - ok
15:51:20.0350 1328 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
15:51:20.0382 1328 Winmgmt - ok
15:51:20.0896 1328 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
15:51:20.0959 1328 WinRM - ok
15:51:21.0209 1328 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
15:51:21.0240 1328 Wlansvc - ok
15:51:21.0318 1328 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
15:51:21.0333 1328 WmiAcpi - ok
15:51:21.0708 1328 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
15:51:21.0708 1328 wmiApSrv - ok
15:51:27.0854 1328 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:51:28.0088 1328 WMPNetworkSvc - ok
15:51:32.0308 1328 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
15:51:32.0333 1328 WPCSvc - ok
15:51:32.0404 1328 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
15:51:32.0444 1328 WPDBusEnum - ok
15:51:32.0582 1328 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:51:32.0618 1328 ws2ifsl - ok
15:51:32.0755 1328 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
15:51:32.0838 1328 wscsvc - ok
15:51:32.0843 1328 WSearch - ok
15:51:35.0838 1328 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
15:51:35.0934 1328 wuauserv - ok
15:51:37.0231 1328 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
15:51:37.0257 1328 WudfPf - ok
15:51:37.0745 1328 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:51:37.0884 1328 WUDFRd - ok
15:51:38.0177 1328 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
15:51:38.0269 1328 wudfsvc - ok
15:51:38.0349 1328 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
15:51:38.0363 1328 WwanSvc - ok
15:51:38.0380 1328 zntport - ok
15:51:38.0520 1328 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:51:38.0611 1328 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
15:51:38.0611 1328 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
15:51:38.0802 1328 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:51:38.0802 1328 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:51:38.0829 1328 Boot (0x1200) (b44e4d667fc9fca384ad3782d34a6f8a) \Device\Harddisk0\DR0\Partition0
15:51:38.0847 1328 \Device\Harddisk0\DR0\Partition0 - ok
15:51:38.0878 1328 Boot (0x1200) (de484ab20249b9c2c8f08232b854fd0d) \Device\Harddisk0\DR0\Partition1
15:51:38.0886 1328 \Device\Harddisk0\DR0\Partition1 - ok
15:51:38.0889 1328 ============================================================
15:51:38.0889 1328 Scan finished
15:51:38.0889 1328 ============================================================
15:51:38.0899 1048 Detected object count: 5
15:51:38.0899 1048 Actual detected object count: 5
15:52:29.0850 1048 ASLSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:29.0852 1048 ASLSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:29.0862 1048 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:29.0862 1048 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:29.0865 1048 SecureStorageService ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:29.0865 1048 SecureStorageService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:30.0630 1048 \Device\Harddisk0\DR0\# - copied to quarantine
15:52:30.0630 1048 \Device\Harddisk0\DR0 - copied to quarantine
15:52:30.0704 1048 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
15:52:30.0723 1048 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:52:30.0725 1048 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:52:30.0777 1048 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
15:52:30.0782 1048 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
15:52:30.0797 1048 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:52:30.0807 1048 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:52:30.0808 1048 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
15:52:30.0809 1048 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
15:52:30.0811 1048 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:52:30.0813 1048 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:52:30.0815 1048 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:52:30.0816 1048 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
15:52:30.0817 1048 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
15:52:30.0873 1048 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
15:52:30.0899 1048 \Device\Harddisk0\DR0 - ok
15:52:32.0826 1048 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
15:52:32.0829 1048 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:52:32.0829 1048 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:52:56.0351 0764 Deinitialize success
  • 0

#25
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for grabbing the logs. Looking much better now :)

Good to hear you're now in Normal Mode. Lets just scan for any leftovers now and see what we get. Please perform the following scans in Normal Mode now if possible.



1)
Run a Quick Scan with Malwarebytes Anti-Malware (MBAM) after updating...
  • Open MBAM
  • Click the Update tab, then click Check for Updates and let it install any updates if they are available
  • Click the Scanner tab, then make sure Quick Scan is selected and click Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • Post the log that it produces in your next reply




2)
Kaspersky Virus Removal Tool

Click here to download the Kaspersky Virus Removal Tool.
  • Save it to your desktop.
  • Double click the setup file to run it.
  • Follow the onscreen prompts until it is installed
  • Click the Options button (the 'cog' icon), then make sure only the following are ticked:

  • System Memory
  • Hidden startup objects
  • Disk boot sectors
  • Local Disk (C:)
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Automatic Scan
  • Now click the Start Scanning button, to run the scan
  • If a message appears asking how to handle an infection, tick the Apply to all objects box, then click Disinfection
  • If it says it cannot be Disinfected, then chooose the Delete option when prompted.
  • After the scan is complete, click the reports button ('Paper icon', next to the 'cog' icon) on the right hand side
  • Click Detected threats on the left
  • Now click the Save button, and save it as kaslog.txt to your Desktop
  • Please copy and paste the contents of kaslog.txt in your next reply.


3)
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.




In your next reply
Please post the contents of...
MBAM log
Kaspersky log
Security Check log

  • 0

Advertisements


#26
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.09.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
James :: JAMES-PC [administrator]

8/9/2012 6:12:35 PM
mbam-log-2012-08-09 (18-12-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199630
Time elapsed: 7 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\$RECYCLE.BIN\S-1-5-21-2517414903-4262703431-2207850217-1000\$RHLAGU5.exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\temp\90CB.tmp (Trojan.Agent.BRVGen) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\temp\services.exe.mui (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)
  • 0

#27
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Status: Disinfected (events: 1)
8/9/2012 7:32:36 PM Disinfected virus Virus.Win32.ZAccess.m C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir High
Status: Deleted (events: 5)
8/9/2012 7:34:23 PM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\08.08.2012_15.48.47\mbr0000\mbr0000\tsk0000.dta High
8/9/2012 7:34:23 PM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\08.08.2012_15.48.47\mbr0000\mbr0000\tsk0000.dta//HDDImage High
8/9/2012 7:34:21 PM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\08.08.2012_15.48.47\mbr0000\mbr0000\tsk0001.dta High
8/9/2012 7:34:21 PM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\08.08.2012_15.48.47\mbr0000\mbr0000\tsk0001.dta//vbr0 High
8/9/2012 7:34:46 PM Deleted Trojan program Rootkit.Win32.TDSS.gq C:\TDSSKiller_Quarantine\08.08.2012_15.48.47\mbr0000\tdlfs0000\tsk0010.dta High
Status: Quarantined (events: 4)
8/9/2012 7:34:40 PM Quarantined Trojan program HEUR:Trojan.Win32.Generic C:\TDSSKiller_Quarantine\08.08.2012_15.48.47\mbr0000\tdlfs0000\tsk0001.dta High
8/9/2012 7:39:03 PM Quarantined unknown threat UDS:DangerousObject.Multi.Generic C:\TDSSKiller_Quarantine\08.08.2012_15.48.47\mbr0000\tdlfs0000\tsk0003.dta High
8/9/2012 7:39:11 PM Quarantined unknown threat UDS:DangerousObject.Multi.Generic C:\TDSSKiller_Quarantine\08.08.2012_15.48.47\mbr0000\tdlfs0000\tsk0006.dta High
8/9/2012 7:39:20 PM Quarantined unknown threat UDS:DangerousObject.Multi.Generic C:\TDSSKiller_Quarantine\08.08.2012_15.48.47\mbr0000\tdlfs0000\tsk0011.dta High
  • 0

#28
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.1.102.63
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````
  • 0

#29
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Logs are now looking good. Can you get back to me with an update as to how the PC is running now? Does everything appear back to normal?

Can you just double check your Microsoft Security Essentials is running and check to see if it updates without any problems.

The last log is indicating your Adobe Reader and Java aren't the latest versions, so they can be updated by following the steps below. Running Windows Updates should install Internet Explorer 9, if you wish to.


Java updates
  • Click the Start button
  • Click Control Panel
  • Double Click Java
    (If you don't see the Java icon - In XP, click Switch to Category View. In Vista, click Classic View. In Windows 7, click View By: in the top right and change it to Large Icons)
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
Adobe Reader updates
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed

  • 0

#30
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Well the computer is working great now. Microsoft Security Essentials is saying the service does not exist as an installed service. Im updating those two now.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP