Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

dmw.exe error help

This is a discussion on dmw.exe error help within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, I'm hoping you all can help me out. What is happening is my computer is booting to the log


 
 
Thread Tools Search this Thread
Old 03-31-2012, 02:01 PM   #1
Registered Member
 
Join Date: Mar 2012
Posts: 11
OS: Windows7, home premium edition



Hi, I'm hoping you all can help me out. What is happening is my computer is booting to the log in screen, then stops on the welcome screen. It's not frozen because the little wheel is spinning. Sometimes it makes it to the desktop but it stays a black screen and the cursor spins. It'll pop up a window saying that dwm.exe processes needs to be terminated, click ok, and then it either just does it again or restarts on it's own. Works completely fine in safe mode with networking.

I've run multiple anti-virus/malware/scans and nothing ever detects anything. I've disabled Desktop Windows Manager, as suggested on a few different blogs/articles that I found on the topic, and that hasn't done anything. So here we are. Below are the logs, except I ran the gamr scan and it said that it couldn't find anything and didn't give me a log to save. I also have a hijackthis log available if that help at all.

I do not have the boot disk for Windows 7.

Thank you in advance!


DDS log


.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Danielle at 14:26:47 on 2012-03-31
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1771.739 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [AdobeBridge]
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Google Update] "C:\Users\Danielle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{1ACA89FC-E4F1-4210-84FD-49EE2F2FF873} : DhcpNameServer = 192.168.1.250
TCP: Interfaces\{B5A91D02-FD02-4232-8F27-26E412089ED9} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B5A91D02-FD02-4232-8F27-26E412089ED9}\C696E6B6379737 : DhcpNameServer = 166.102.165.13 207.91.5.20
TCP: Interfaces\{B5A91D02-FD02-4232-8F27-26E412089ED9}\F6572777F627B69637 : DhcpNameServer = 192.168.11.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-3-29 500568]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-18 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-30 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-1-17 310864]
S2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-27 172912]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-1-17 868224]
S2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-26 249936]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-11 257344]
S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-1-17 243232]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\system32\DRIVERS\btblan.sys --> C:\Windows\system32\DRIVERS\btblan.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-31 01:37:48 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-31 01:37:48 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-31 01:37:45 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-31 01:37:35 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-31 01:37:22 -------- d-----w- C:\ProgramData\AVAST Software
2012-03-31 01:37:22 -------- d-----w- C:\Program Files\AVAST Software
2012-03-30 03:25:20 -------- d-----w- C:\ProgramData\SecTaskMan
2012-03-30 03:25:14 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2012-03-30 02:39:11 19352 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\tmpidcrl.dll
2012-03-30 01:46:36 -------- d-----w- C:\ProgramData\IObit
2012-03-30 01:46:26 -------- d-----w- C:\Users\Danielle\AppData\Roaming\IObit
2012-03-30 01:46:19 -------- d-----w- C:\Program Files (x86)\IObit
2012-03-30 01:26:11 -------- d-----w- C:\ProgramData\Uniblue
2012-03-29 23:53:21 -------- d-----w- C:\Users\Danielle\AppData\Local\ATI
2012-03-29 22:57:42 -------- d-----w- C:\Users\Danielle\AppData\Roaming\Malwarebytes
2012-03-29 22:57:33 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2012-03-29 22:57:32 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-29 22:57:29 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-29 22:57:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-29 22:34:49 -------- d-----w- C:\Users\Danielle\AppData\Local\EgisTec
2012-03-26 06:00:00 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-03-26 05:58:37 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-03-26 05:58:34 -------- d-----w- C:\Program Files\McAfee.com
2012-03-26 05:58:34 -------- d-----w- C:\Program Files\McAfee
2012-03-26 05:50:23 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-03-26 05:45:39 161168 ----a-w- C:\Windows\System32\mfevtps.exe
.
==================== Find3M ====================
.
2012-03-26 22:33:14 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-07-24 2015 594432 ----a-w- C:\Program Files\zsnesw.exe
.
============= FINISH: 14:28:58.58 ===============
Attached Files
File Type: txt Attach.txt (23.5 KB, 9 views)

__________________
ddavies07 is offline  
Old 04-02-2012, 07:08 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,007
OS: XP SP3; Win7 32/64-bit



Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download aswMBR.exe to your desktop.
  • Double-click aswMBR.exe to run it.
  • Click the Scan button to start scan.
  • Wait until it says, 'Scan finished successfully'. ( Note - do not select any Fix at this time)
  • Click Save log, and save it to your desktop.
  • Click Exit.
  • Please post the contents of that log, aswMBR.txt, in your next reply.
There shall also be a file on your desktop named MBR.dat. Right-click that file and select Send To > Compressed (zipped) folder. Please attach that zipped file in your next reply.

------------------------------------------------------

When you run this tool, remember to choose 'Skip' not 'Cure' if it finds something. We just want a scan, not a fix.

Download tdsskiller.exe and Save it to your Desktop.

Double-click tdsskiller.exe and click 'Run'

Click 'Change parameters' then under 'Additional options' tick both boxes > OK.

Click 'Start scan'.

If no infection is found, click 'Close' and let me know.

If an infection is found, select 'Skip' from the dropdown menu under 'Cure' then click 'Continue' > 'Close' > 'Close'.

It will produce a log here > C:\TDSSKiller.2.7.23.0_date_time_log.txt

Please navigate to the file, double-click to open it, and copy/paste the contents in your next reply.

------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 04-02-2012, 08:16 AM   #3
Registered Member
 
Join Date: Mar 2012
Posts: 11
OS: Windows7, home premium edition



swMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-02 10:07:05
-----------------------------
10:07:05.164 OS Version: Windows x64 6.1.7600
10:07:05.164 Number of processors: 2 586 0x100
10:07:05.167 ComputerName: SEVERUS UserName:
10:07:06.488 Initialize success
10:07:18.529 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:07:18.535 Disk 0 Vendor: TOSHIBA_MK2565GSX GJ002J Size: 238475MB BusType: 11
10:07:18.555 Disk 0 MBR read successfully
10:07:18.577 Disk 0 MBR scan
10:07:18.584 Disk 0 Windows 7 default MBR code
10:07:18.593 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
10:07:18.643 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
10:07:18.671 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223013 MB offset 31664128
10:07:18.707 Disk 0 scanning C:\Windows\system32\drivers
10:07:25.077 Service scanning
10:07:49.132 Modules scanning
10:07:49.134 Disk 0 trace - called modules:
10:07:49.135
10:07:49.136 Scan finished successfully
10:08:25.918 Disk 0 MBR has been saved successfully to "C:\Users\Danielle\Desktop\MBR.dat"
10:08:25.931 The log file has been saved successfully to "C:\Users\Danielle\Desktop\aswMBR.txt"












10:10:30.0360 2284 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
10:10:31.0085 2284 ============================================================
10:10:31.0085 2284 Current date / time: 2012/04/02 10:10:31.0085
10:10:31.0085 2284 SystemInfo:
10:10:31.0085 2284
10:10:31.0086 2284 OS Version: 6.1.7600 ServicePack: 0.0
10:10:31.0086 2284 Product type: Workstation
10:10:31.0086 2284 ComputerName: SEVERUS
10:10:31.0086 2284 UserName: Danielle
10:10:31.0086 2284 Windows directory: C:\Windows
10:10:31.0086 2284 System windows directory: C:\Windows
10:10:31.0087 2284 Running under WOW64
10:10:31.0087 2284 Processor architecture: Intel x64
10:10:31.0087 2284 Number of processors: 2
10:10:31.0087 2284 Page size: 0x1000
10:10:31.0087 2284 Boot type: Safe boot with network
10:10:31.0087 2284 ============================================================
10:10:32.0653 2284 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:10:32.0659 2284 \Device\Harddisk0\DR0:
10:10:32.0660 2284 MBR used
10:10:32.0660 2284 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
10:10:32.0660 2284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x1B392800
10:10:32.0682 2284 Initialize success
10:10:32.0682 2284 ============================================================
10:11:00.0727 2340 ============================================================
10:11:00.0727 2340 Scan started
10:11:00.0727 2340 Mode: Manual; SigCheck; TDLFS;
10:11:00.0727 2340 ============================================================
10:11:01.0889 2340 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
10:11:02.0018 2340 1394ohci - ok
10:11:02.0153 2340 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
10:11:02.0185 2340 ACPI - ok
10:11:02.0294 2340 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
10:11:02.0341 2340 AcpiPmi - ok
10:11:02.0467 2340 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:11:02.0505 2340 adp94xx - ok
10:11:02.0596 2340 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:11:02.0624 2340 adpahci - ok
10:11:02.0713 2340 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:11:02.0736 2340 adpu320 - ok
10:11:02.0982 2340 AdvancedSystemCareService5 (3d672573ef8f317f10c2aabbb2586262) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
10:11:03.0019 2340 AdvancedSystemCareService5 - ok
10:11:03.0104 2340 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:11:03.0182 2340 AeLookupSvc - ok
10:11:03.0324 2340 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
10:11:03.0373 2340 AFD - ok
10:11:03.0481 2340 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
10:11:03.0500 2340 agp440 - ok
10:11:03.0588 2340 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:11:03.0634 2340 ALG - ok
10:11:03.0747 2340 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
10:11:03.0766 2340 aliide - ok
10:11:03.0876 2340 AMD External Events Utility (cf4d1ebe8fec994a0df69149ed27e417) C:\Windows\system32\atiesrxx.exe
10:11:03.0931 2340 AMD External Events Utility - ok
10:11:04.0001 2340 AMD FUEL Service - ok
10:11:04.0078 2340 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
10:11:04.0099 2340 AMD Reservation Manager - ok
10:11:04.0181 2340 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
10:11:04.0201 2340 amdide - ok
10:11:04.0271 2340 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
10:11:04.0310 2340 amdiox64 - ok
10:11:04.0406 2340 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:11:04.0447 2340 AmdK8 - ok
10:11:04.0723 2340 amdkmdag (375ac85e1130eaa1eaeb62ddd22b0efb) C:\Windows\system32\DRIVERS\atikmdag.sys
10:11:05.0099 2340 amdkmdag - ok
10:11:05.0197 2340 amdkmdap (daeb3f2bb2095b95b98be6cec99d02e7) C:\Windows\system32\DRIVERS\atikmpag.sys
10:11:05.0255 2340 amdkmdap - ok
10:11:05.0361 2340 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:11:05.0398 2340 AmdPPM - ok
10:11:05.0529 2340 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\DRIVERS\amdsata.sys
10:11:05.0549 2340 amdsata - ok
10:11:05.0668 2340 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:11:05.0703 2340 amdsbs - ok
10:11:05.0836 2340 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\DRIVERS\amdxata.sys
10:11:05.0854 2340 amdxata - ok
10:11:05.0978 2340 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
10:11:06.0026 2340 AppID - ok
10:11:06.0058 2340 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:11:06.0154 2340 AppIDSvc - ok
10:11:06.0265 2340 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
10:11:06.0333 2340 Appinfo - ok
10:11:06.0470 2340 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:11:06.0490 2340 Apple Mobile Device - ok
10:11:06.0603 2340 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:11:06.0623 2340 arc - ok
10:11:06.0646 2340 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:11:06.0667 2340 arcsas - ok
10:11:06.0817 2340 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:11:06.0940 2340 AsyncMac - ok
10:11:07.0027 2340 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
10:11:07.0045 2340 atapi - ok
10:11:07.0204 2340 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
10:11:07.0291 2340 athr - ok
10:11:07.0456 2340 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
10:11:07.0476 2340 AtiHDAudioService - ok
10:11:07.0585 2340 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
10:11:07.0698 2340 AudioEndpointBuilder - ok
10:11:07.0715 2340 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
10:11:07.0795 2340 AudioSrv - ok
10:11:07.0871 2340 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
10:11:07.0925 2340 AxInstSV - ok
10:11:08.0051 2340 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:11:08.0097 2340 b06bdrv - ok
10:11:08.0222 2340 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:11:08.0261 2340 b57nd60a - ok
10:11:08.0364 2340 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:11:08.0412 2340 BDESVC - ok
10:11:08.0482 2340 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:11:08.0578 2340 Beep - ok
10:11:08.0713 2340 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
10:11:08.0871 2340 BFE - ok
10:11:08.0984 2340 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
10:11:09.0146 2340 BITS - ok
10:11:09.0270 2340 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:11:09.0330 2340 blbdrive - ok
10:11:09.0467 2340 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:11:09.0500 2340 Bonjour Service - ok
10:11:09.0652 2340 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
10:11:09.0708 2340 bowser - ok
10:11:09.0800 2340 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:11:09.0862 2340 BrFiltLo - ok
10:11:09.0961 2340 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:11:10.0020 2340 BrFiltUp - ok
10:11:10.0074 2340 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
10:11:10.0169 2340 Browser - ok
10:11:10.0276 2340 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:11:10.0353 2340 Brserid - ok
10:11:10.0448 2340 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:11:10.0489 2340 BrSerWdm - ok
10:11:10.0522 2340 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:11:10.0585 2340 BrUsbMdm - ok
10:11:10.0687 2340 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:11:10.0736 2340 BrUsbSer - ok
10:11:10.0845 2340 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:11:10.0967 2340 BTHMODEM - ok
10:11:11.0090 2340 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:11:11.0181 2340 bthserv - ok
10:11:11.0284 2340 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:11:11.0395 2340 cdfs - ok
10:11:11.0542 2340 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
10:11:11.0674 2340 cdrom - ok
10:11:11.0801 2340 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
10:11:11.0903 2340 CertPropSvc - ok
10:11:12.0004 2340 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:11:12.0064 2340 circlass - ok
10:11:12.0112 2340 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:11:12.0154 2340 CLFS - ok
10:11:12.0260 2340 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:11:12.0283 2340 clr_optimization_v2.0.50727_32 - ok
10:11:12.0359 2340 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:11:12.0392 2340 clr_optimization_v2.0.50727_64 - ok
10:11:12.0566 2340 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:11:12.0600 2340 clr_optimization_v4.0.30319_32 - ok
10:11:12.0748 2340 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:11:12.0778 2340 clr_optimization_v4.0.30319_64 - ok
10:11:12.0880 2340 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:11:12.0969 2340 CmBatt - ok
10:11:13.0031 2340 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
10:11:13.0049 2340 cmdide - ok
10:11:13.0136 2340 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
10:11:13.0204 2340 CNG - ok
10:11:13.0334 2340 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:11:13.0360 2340 Compbatt - ok
10:11:13.0444 2340 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:11:13.0541 2340 CompositeBus - ok
10:11:13.0607 2340 COMSysApp - ok
10:11:13.0694 2340 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:11:13.0712 2340 crcdisk - ok
10:11:13.0846 2340 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
10:11:13.0953 2340 CryptSvc - ok
10:11:14.0088 2340 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
10:11:14.0201 2340 DcomLaunch - ok
10:11:14.0334 2340 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:11:14.0489 2340 defragsvc - ok
10:11:14.0650 2340 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
10:11:14.0699 2340 DfsC - ok
10:11:14.0834 2340 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
10:11:14.0902 2340 Dhcp - ok
10:11:15.0010 2340 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:11:15.0142 2340 discache - ok
10:11:15.0279 2340 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:11:15.0299 2340 Disk - ok
10:11:15.0355 2340 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
10:11:15.0402 2340 Dnscache - ok
10:11:15.0515 2340 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
10:11:15.0666 2340 dot3svc - ok
10:11:15.0715 2340 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
10:11:15.0830 2340 DPS - ok
10:11:15.0950 2340 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:11:15.0991 2340 drmkaud - ok
10:11:16.0111 2340 DsiWMIService (53e4843e1cd3653e665daa32241f8f8b) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
10:11:16.0143 2340 DsiWMIService - ok
10:11:16.0266 2340 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
10:11:16.0315 2340 DXGKrnl - ok
10:11:16.0428 2340 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:11:16.0526 2340 EapHost - ok
10:11:16.0659 2340 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:11:16.0839 2340 ebdrv - ok
10:11:16.0936 2340 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
10:11:16.0965 2340 EFS - ok
10:11:17.0119 2340 EgisTec Ticket Service (03e6888da1a85acf14ac2a3c328a9e62) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
10:11:17.0142 2340 EgisTec Ticket Service - ok
10:11:17.0239 2340 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
10:11:17.0293 2340 ehRecvr - ok
10:11:17.0309 2340 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:11:17.0349 2340 ehSched - ok
10:11:17.0540 2340 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:11:17.0575 2340 elxstor - ok
10:11:17.0689 2340 ePowerSvc (8e12d885d17ec5fa4f52d2c6e953e285) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
10:11:17.0736 2340 ePowerSvc - ok
10:11:17.0825 2340 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
10:11:17.0870 2340 ErrDev - ok
10:11:18.0003 2340 ETD (9d8739a2a2173c9d27c499a3fc6eda3f) C:\Windows\system32\DRIVERS\ETD.sys
10:11:18.0025 2340 ETD - ok
10:11:18.0070 2340 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:11:18.0212 2340 EventSystem - ok
10:11:18.0313 2340 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:11:18.0412 2340 exfat - ok
10:11:18.0512 2340 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:11:18.0604 2340 fastfat - ok
10:11:18.0720 2340 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
10:11:18.0828 2340 Fax - ok
10:11:18.0920 2340 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:11:18.0957 2340 fdc - ok
10:11:18.0983 2340 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:11:19.0070 2340 fdPHost - ok
10:11:19.0135 2340 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:11:19.0216 2340 FDResPub - ok
10:11:19.0261 2340 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:11:19.0282 2340 FileInfo - ok
10:11:19.0305 2340 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:11:19.0462 2340 Filetrace - ok
10:11:19.0711 2340 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:11:19.0747 2340 FLEXnet Licensing Service - ok
10:11:19.0846 2340 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:11:19.0899 2340 flpydisk - ok
10:11:20.0001 2340 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
10:11:20.0031 2340 FltMgr - ok
10:11:20.0117 2340 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
10:11:20.0206 2340 FontCache - ok
10:11:20.0321 2340 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:11:20.0341 2340 FontCache3.0.0.0 - ok
10:11:20.0425 2340 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:11:20.0445 2340 FsDepends - ok
10:11:20.0481 2340 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:11:20.0504 2340 Fs_Rec - ok
10:11:20.0609 2340 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:11:20.0641 2340 fvevol - ok
10:11:20.0749 2340 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:11:20.0768 2340 gagp30kx - ok
10:11:20.0883 2340 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
10:11:20.0906 2340 GameConsoleService - ok
10:11:21.0042 2340 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:11:21.0058 2340 GEARAspiWDM - ok
10:11:21.0100 2340 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
10:11:21.0164 2340 gpsvc - ok
10:11:21.0250 2340 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
10:11:21.0267 2340 GREGService - ok
10:11:21.0385 2340 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:11:21.0458 2340 hcw85cir - ok
10:11:21.0495 2340 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
10:11:21.0542 2340 HdAudAddService - ok
10:11:21.0671 2340 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:11:21.0720 2340 HDAudBus - ok
10:11:21.0811 2340 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:11:21.0852 2340 HidBatt - ok
10:11:21.0920 2340 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:11:22.0057 2340 HidBth - ok
10:11:22.0085 2340 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:11:22.0130 2340 HidIr - ok
10:11:22.0218 2340 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:11:22.0303 2340 hidserv - ok
10:11:22.0432 2340 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
10:11:22.0473 2340 HidUsb - ok
10:11:22.0508 2340 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
10:11:22.0587 2340 hkmsvc - ok
10:11:22.0662 2340 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
10:11:22.0724 2340 HomeGroupListener - ok
10:11:22.0772 2340 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
10:11:22.0813 2340 HomeGroupProvider - ok
10:11:22.0956 2340 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
10:11:22.0980 2340 HpSAMD - ok
10:11:23.0110 2340 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
10:11:23.0212 2340 HTTP - ok
10:11:23.0353 2340 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
10:11:23.0379 2340 hwpolicy - ok
10:11:23.0425 2340 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:11:23.0452 2340 i8042prt - ok
10:11:23.0560 2340 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\DRIVERS\iaStorV.sys
10:11:23.0600 2340 iaStorV - ok
10:11:23.0715 2340 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:11:23.0770 2340 idsvc - ok
10:11:23.0908 2340 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:11:23.0929 2340 iirsp - ok
10:11:23.0983 2340 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
10:11:24.0111 2340 IKEEXT - ok
10:11:24.0209 2340 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
10:11:24.0228 2340 intelide - ok
10:11:24.0240 2340 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:11:24.0282 2340 intelppm - ok
10:11:24.0352 2340 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:11:24.0443 2340 IPBusEnum - ok
10:11:24.0490 2340 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:11:24.0615 2340 IpFilterDriver - ok
10:11:24.0654 2340 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
10:11:24.0764 2340 iphlpsvc - ok
10:11:24.0859 2340 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:11:24.0899 2340 IPMIDRV - ok
10:11:24.0994 2340 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:11:25.0089 2340 IPNAT - ok
10:11:25.0205 2340 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
10:11:25.0258 2340 iPod Service - ok
10:11:25.0372 2340 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:11:25.0419 2340 IRENUM - ok
10:11:25.0507 2340 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
10:11:25.0525 2340 isapnp - ok
10:11:25.0562 2340 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
10:11:25.0588 2340 iScsiPrt - ok
10:11:25.0697 2340 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:11:25.0728 2340 kbdclass - ok
10:11:25.0822 2340 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
10:11:25.0870 2340 kbdhid - ok
10:11:25.0959 2340 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:11:25.0988 2340 KeyIso - ok
10:11:26.0015 2340 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
10:11:26.0036 2340 KSecDD - ok
10:11:26.0061 2340 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
10:11:26.0086 2340 KSecPkg - ok
10:11:26.0179 2340 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:11:26.0261 2340 ksthunk - ok
10:11:26.0299 2340 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:11:26.0421 2340 KtmRm - ok
10:11:26.0564 2340 L1C (0e154da6ca9105354a07d0c576804037) C:\Windows\system32\DRIVERS\L1C62x64.sys
10:11:26.0587 2340 L1C - ok
10:11:26.0748 2340 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
10:11:26.0802 2340 LanmanServer - ok
10:11:27.0316 2340 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
10:11:27.0437 2340 LanmanWorkstation - ok
10:11:27.0737 2340 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
10:11:28.0075 2340 LeapFrog Connect Device Service - ok
10:11:28.0227 2340 Leapfrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\Windows\system32\DRIVERS\btblan.sys
10:11:28.0267 2340 Leapfrog-USBLAN - ok
10:11:28.0388 2340 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:11:28.0478 2340 lltdio - ok
10:11:28.0552 2340 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:11:28.0652 2340 lltdsvc - ok
10:11:28.0667 2340 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:11:28.0755 2340 lmhosts - ok
10:11:28.0876 2340 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:11:28.0901 2340 LSI_FC - ok
10:11:28.0916 2340 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:11:28.0943 2340 LSI_SAS - ok
10:11:29.0071 2340 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:11:29.0093 2340 LSI_SAS2 - ok
10:11:29.0219 2340 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:11:29.0240 2340 LSI_SCSI - ok
10:11:29.0293 2340 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:11:29.0379 2340 luafv - ok
10:11:29.0516 2340 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
10:11:29.0546 2340 McNASvc - ok
10:11:29.0572 2340 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
10:11:29.0612 2340 McProxy - ok
10:11:29.0695 2340 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
10:11:29.0727 2340 Mcx2Svc - ok
10:11:29.0778 2340 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:11:29.0797 2340 megasas - ok
10:11:29.0867 2340 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:11:29.0894 2340 MegaSR - ok
10:11:29.0969 2340 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
10:11:29.0989 2340 mfeapfk - ok
10:11:30.0150 2340 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
10:11:30.0204 2340 mfehidk - ok
10:11:30.0317 2340 mfevtp (3ed58a36f7f7d60f0ef44d29810b0b80) C:\Windows\system32\mfevtps.exe
10:11:30.0338 2340 mfevtp - ok
10:11:30.0401 2340 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:11:30.0496 2340 MMCSS - ok
10:11:30.0588 2340 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:11:30.0673 2340 Modem - ok
10:11:30.0794 2340 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:11:30.0858 2340 monitor - ok
10:11:30.0971 2340 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:11:30.0995 2340 mouclass - ok
10:11:31.0036 2340 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:11:31.0070 2340 mouhid - ok
10:11:31.0171 2340 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
10:11:31.0192 2340 mountmgr - ok
10:11:31.0223 2340 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
10:11:31.0246 2340 mpio - ok
10:11:31.0353 2340 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:11:31.0450 2340 mpsdrv - ok
10:11:31.0516 2340 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
10:11:31.0621 2340 MpsSvc - ok
10:11:31.0716 2340 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
10:11:31.0766 2340 MRxDAV - ok
10:11:31.0816 2340 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:11:31.0859 2340 mrxsmb - ok
10:11:31.0981 2340 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:11:32.0025 2340 mrxsmb10 - ok
10:11:32.0130 2340 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:11:32.0174 2340 mrxsmb20 - ok
10:11:32.0209 2340 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
10:11:32.0228 2340 msahci - ok
10:11:32.0331 2340 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
10:11:32.0353 2340 msdsm - ok
10:11:32.0384 2340 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:11:32.0439 2340 MSDTC - ok
10:11:32.0542 2340 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:11:32.0641 2340 Msfs - ok
10:11:32.0669 2340 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:11:32.0752 2340 mshidkmdf - ok
10:11:32.0842 2340 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
10:11:32.0863 2340 msisadrv - ok
10:11:32.0930 2340 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:11:33.0017 2340 MSiSCSI - ok
10:11:33.0070 2340 msiserver - ok
10:11:33.0151 2340 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:11:33.0245 2340 MSKSSRV - ok
10:11:33.0293 2340 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:11:33.0377 2340 MSPCLOCK - ok
10:11:33.0451 2340 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:11:33.0560 2340 MSPQM - ok
10:11:33.0634 2340 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
10:11:33.0667 2340 MsRPC - ok
10:11:33.0719 2340 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:11:33.0738 2340 mssmbios - ok
10:11:33.0842 2340 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:11:33.0929 2340 MSTEE - ok
10:11:33.0967 2340 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:11:34.0008 2340 MTConfig - ok
10:11:34.0094 2340 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:11:34.0114 2340 Mup - ok
10:11:34.0152 2340 mwlPSDFilter (9b1eac6faf6f37305e822f5588dc8056) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
10:11:34.0167 2340 mwlPSDFilter - ok
10:11:34.0230 2340 mwlPSDNServ (ad55c1524b296280ed9c6e0d730d35da) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
10:11:34.0245 2340 mwlPSDNServ - ok
10:11:34.0293 2340 mwlPSDVDisk (2b599e6ec8843637bdd62e7f8f3ba201) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
10:11:34.0311 2340 mwlPSDVDisk - ok
10:11:34.0369 2340 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
10:11:34.0474 2340 napagent - ok
10:11:34.0580 2340 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:11:34.0637 2340 NativeWifiP - ok
10:11:34.0784 2340 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
10:11:34.0837 2340 NDIS - ok
10:11:34.0971 2340 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:11:35.0065 2340 NdisCap - ok
10:11:35.0181 2340 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:11:35.0278 2340 NdisTapi - ok
10:11:35.0394 2340 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
10:11:35.0562 2340 Ndisuio - ok
10:11:35.0656 2340 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:11:35.0739 2340 NdisWan - ok
10:11:35.0769 2340 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
10:11:35.0864 2340 NDProxy - ok
10:11:35.0980 2340 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:11:36.0110 2340 NetBIOS - ok
10:11:36.0220 2340 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
10:11:36.0316 2340 NetBT - ok
10:11:36.0405 2340 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:11:36.0434 2340 Netlogon - ok
10:11:36.0497 2340 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:11:36.0599 2340 Netman - ok
10:11:36.0760 2340 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:11:36.0882 2340 netprofm - ok
10:11:36.0960 2340 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:11:36.0981 2340 NetTcpPortSharing - ok
10:11:37.0105 2340 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:11:37.0129 2340 nfrd960 - ok
10:11:37.0197 2340 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
10:11:37.0365 2340 NlaSvc - ok
10:11:37.0540 2340 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
10:11:37.0656 2340 NOBU - ok
10:11:37.0782 2340 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:11:37.0907 2340 Npfs - ok
10:11:37.0984 2340 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:11:38.0084 2340 nsi - ok
10:11:38.0155 2340 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:11:38.0248 2340 nsiproxy - ok
10:11:38.0414 2340 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
10:11:38.0565 2340 Ntfs - ok
10:11:38.0646 2340 NTI IScheduleSvc (8f59a2506af43f96f5397b3c79938ae9) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
10:11:38.0671 2340 NTI IScheduleSvc - ok
10:11:38.0769 2340 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
10:11:38.0787 2340 NTIDrvr - ok
10:11:38.0814 2340 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:11:38.0905 2340 Null - ok
10:11:39.0008 2340 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\DRIVERS\nvraid.sys
10:11:39.0033 2340 nvraid - ok
10:11:39.0166 2340 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\DRIVERS\nvstor.sys
10:11:39.0194 2340 nvstor - ok
10:11:39.0327 2340 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
10:11:39.0353 2340 nv_agp - ok
10:11:39.0375 2340 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
10:11:39.0417 2340 ohci1394 - ok
10:11:39.0515 2340 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:11:39.0575 2340 p2pimsvc - ok
10:11:39.0618 2340 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:11:39.0689 2340 p2psvc - ok
10:11:39.0785 2340 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:11:39.0827 2340 Parport - ok
10:11:39.0865 2340 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
10:11:39.0890 2340 partmgr - ok
10:11:39.0932 2340 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:11:39.0988 2340 PcaSvc - ok
10:11:40.0102 2340 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
10:11:40.0135 2340 pci - ok
10:11:40.0160 2340 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
10:11:40.0179 2340 pciide - ok
10:11:40.0288 2340 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:11:40.0328 2340 pcmcia - ok
10:11:40.0357 2340 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:11:40.0386 2340 pcw - ok
10:11:40.0450 2340 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:11:40.0543 2340 PEAUTH - ok
10:11:40.0653 2340 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:11:40.0742 2340 PerfHost - ok
10:11:40.0912 2340 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
10:11:41.0060 2340 pla - ok
10:11:41.0336 2340 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
10:11:41.0372 2340 PlugPlay - ok
10:11:41.0412 2340 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:11:41.0447 2340 PNRPAutoReg - ok
10:11:41.0526 2340 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:11:41.0579 2340 PNRPsvc - ok
10:11:41.0639 2340 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
10:11:41.0742 2340 PolicyAgent - ok
10:11:41.0854 2340 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:11:41.0946 2340 Power - ok
10:11:42.0051 2340 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
10:11:42.0141 2340 PptpMiniport - ok
10:11:42.0166 2340 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:11:42.0233 2340 Processor - ok
10:11:42.0355 2340 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
10:11:42.0464 2340 ProfSvc - ok
10:11:42.0527 2340 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:11:42.0568 2340 ProtectedStorage - ok
10:11:42.0705 2340 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
10:11:42.0773 2340 Psched - ok
10:11:42.0846 2340 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:11:42.0913 2340 ql2300 - ok
10:11:43.0009 2340 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:11:43.0030 2340 ql40xx - ok
10:11:43.0086 2340 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:11:43.0154 2340 QWAVE - ok
10:11:43.0255 2340 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:11:43.0294 2340 QWAVEdrv - ok
10:11:43.0339 2340 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:11:43.0439 2340 RasAcd - ok
10:11:43.0595 2340 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:11:43.0726 2340 RasAgileVpn - ok
10:11:43.0833 2340 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:11:43.0924 2340 RasAuto - ok
10:11:44.0068 2340 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:11:44.0148 2340 Rasl2tp - ok
10:11:44.0208 2340 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
10:11:44.0376 2340 RasMan - ok
10:11:44.0502 2340 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:11:44.0609 2340 RasPppoe - ok
10:11:44.0724 2340 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:11:44.0815 2340 RasSstp - ok
10:11:44.0846 2340 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
10:11:44.0965 2340 rdbss - ok
10:11:45.0195 2340 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:11:45.0224 2340 rdpbus - ok
10:11:45.0284 2340 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:11:45.0368 2340 RDPCDD - ok
10:11:45.0508 2340 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:11:45.0585 2340 RDPENCDD - ok
10:11:45.0675 2340 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:11:45.0776 2340 RDPREFMP - ok
10:11:45.0828 2340 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
10:11:45.0911 2340 RDPWD - ok
10:11:46.0032 2340 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
10:11:46.0064 2340 rdyboost - ok
10:11:46.0103 2340 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:11:46.0195 2340 RemoteAccess - ok
10:11:46.0277 2340 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:11:46.0369 2340 RemoteRegistry - ok
10:11:46.0455 2340 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:11:46.0534 2340 RpcEptMapper - ok
10:11:46.0564 2340 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:11:46.0599 2340 RpcLocator - ok
10:11:46.0703 2340 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
10:11:46.0786 2340 RpcSs - ok
10:11:46.0906 2340 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:11:46.0991 2340 rspndr - ok
10:11:47.0129 2340 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
10:11:47.0151 2340 RSUSBSTOR - ok
10:11:47.0206 2340 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:11:47.0251 2340 SamSs - ok
10:11:47.0345 2340 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
10:11:47.0370 2340 sbp2port - ok
10:11:47.0412 2340 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:11:47.0500 2340 SCardSvr - ok
10:11:47.0596 2340 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
10:11:47.0672 2340 scfilter - ok
10:11:47.0752 2340 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
10:11:47.0806 2340 Schedule - ok
10:11:47.0892 2340 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
10:11:47.0970 2340 SCPolicySvc - ok
10:11:48.0018 2340 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
10:11:48.0061 2340 SDRSVC - ok
10:11:48.0179 2340 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:11:48.0265 2340 secdrv - ok
10:11:48.0297 2340 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
10:11:48.0388 2340 seclogon - ok
10:11:48.0469 2340 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:11:48.0572 2340 SENS - ok
10:11:48.0629 2340 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:11:48.0664 2340 SensrSvc - ok
10:11:48.0764 2340 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:11:48.0796 2340 Serenum - ok
10:11:48.0889 2340 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:11:48.0915 2340 Serial - ok
10:11:48.0936 2340 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:11:48.0987 2340 sermouse - ok
10:11:49.0110 2340 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
10:11:49.0209 2340 SessionEnv - ok
10:11:49.0246 2340 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
10:11:49.0268 2340 sffdisk - ok
10:11:49.0328 2340 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:11:49.0360 2340 sffp_mmc - ok
10:11:49.0424 2340 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:11:49.0458 2340 sffp_sd - ok
10:11:49.0519 2340 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:11:49.0549 2340 sfloppy - ok
10:11:49.0597 2340 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:11:49.0695 2340 SharedAccess - ok
10:11:49.0753 2340 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
10:11:49.0811 2340 ShellHWDetection - ok
10:11:49.0926 2340 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:11:49.0946 2340 SiSRaid2 - ok
10:11:49.0964 2340 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:11:49.0985 2340 SiSRaid4 - ok
10:11:50.0063 2340 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:11:50.0156 2340 Smb - ok
10:11:50.0248 2340 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:11:50.0306 2340 SNMPTRAP - ok
10:11:50.0404 2340 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:11:50.0431 2340 spldr - ok
10:11:50.0482 2340 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
10:11:50.0537 2340 Spooler - ok
10:11:50.0701 2340 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
10:11:50.0825 2340 sppsvc - ok
10:11:50.0899 2340 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:11:50.0987 2340 sppuinotify - ok
10:11:51.0091 2340 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
10:11:51.0143 2340 srv - ok
10:11:51.0243 2340 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
10:11:51.0302 2340 srv2 - ok
10:11:51.0349 2340 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
10:11:51.0389 2340 srvnet - ok
10:11:51.0504 2340 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:11:51.0585 2340 SSDPSRV - ok
10:11:51.0610 2340 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:11:51.0691 2340 SstpSvc - ok
10:11:51.0797 2340 Steam Client Service - ok
10:11:51.0906 2340 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:11:51.0927 2340 stexstor - ok
10:11:51.0981 2340 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
10:11:52.0047 2340 stisvc - ok
10:11:52.0134 2340 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:11:52.0152 2340 swenum - ok
10:11:52.0270 2340 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:11:52.0306 2340 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
10:11:52.0306 2340 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
10:11:52.0406 2340 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:11:52.0513 2340 swprv - ok
10:11:52.0584 2340 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
10:11:52.0685 2340 SysMain - ok
10:11:52.0755 2340 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
10:11:52.0796 2340 TabletInputService - ok
10:11:52.0842 2340 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
10:11:52.0945 2340 TapiSrv - ok
10:11:52.0979 2340 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:11:53.0071 2340 TBS - ok
10:11:53.0255 2340 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
10:11:53.0337 2340 Tcpip - ok
10:11:53.0522 2340 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
10:11:53.0608 2340 TCPIP6 - ok
10:11:53.0711 2340 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
10:11:53.0785 2340 tcpipreg - ok
10:11:53.0815 2340 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:11:53.0857 2340 TDPIPE - ok
10:11:53.0960 2340 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:11:54.0035 2340 TDTCP - ok
10:11:54.0084 2340 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
10:11:54.0245 2340 tdx - ok
10:11:54.0334 2340 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
10:11:54.0354 2340 TermDD - ok
10:11:54.0414 2340 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
10:11:54.0525 2340 TermService - ok
10:11:54.0608 2340 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:11:54.0642 2340 Themes - ok
10:11:54.0681 2340 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:11:54.0809 2340 THREADORDER - ok
10:11:54.0911 2340 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:11:55.0008 2340 TrkWks - ok
10:11:55.0052 2340 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
10:11:55.0097 2340 TrustedInstaller - ok
10:11:55.0181 2340 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:11:55.0258 2340 tssecsrv - ok
10:11:55.0419 2340 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
10:11:55.0513 2340 tunnel - ok
10:11:55.0605 2340 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:11:55.0628 2340 uagp35 - ok
10:11:55.0652 2340 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
10:11:55.0667 2340 UBHelper - ok
10:11:55.0703 2340 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
10:11:55.0794 2340 udfs - ok
10:11:55.0887 2340 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:11:55.0923 2340 UI0Detect - ok
10:11:55.0995 2340 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
10:11:56.0016 2340 uliagpkx - ok
10:11:56.0224 2340 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
10:11:56.0251 2340 umbus - ok
10:11:56.0273 2340 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:11:56.0302 2340 UmPass - ok
10:11:56.0376 2340 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
10:11:56.0402 2340 Updater Service - ok
10:11:56.0650 2340 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:11:56.0752 2340 upnphost - ok
10:11:56.0873 2340 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:11:56.0910 2340 USBAAPL64 - ok
10:11:56.0948 2340 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
10:11:56.0984 2340 usbccgp - ok
10:11:57.0105 2340 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
10:11:57.0148 2340 usbcir - ok
10:11:57.0211 2340 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
10:11:57.0251 2340 usbehci - ok
10:11:57.0346 2340 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
10:11:57.0367 2340 usbfilter - ok
10:11:57.0488 2340 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
10:11:57.0528 2340 usbhub - ok
10:11:57.0563 2340 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys
10:11:57.0595 2340 usbohci - ok
10:11:57.0677 2340 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:11:57.0722 2340 usbprint - ok
10:11:57.0779 2340 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:11:57.0802 2340 USBSTOR - ok
10:11:57.0896 2340 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
10:11:57.0932 2340 usbuhci - ok
10:11:57.0997 2340 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
10:11:58.0040 2340 usbvideo - ok
10:11:58.0124 2340 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:11:58.0243 2340 UxSms - ok
10:11:58.0318 2340 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:11:58.0345 2340 VaultSvc - ok
10:11:58.0445 2340 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
10:11:58.0464 2340 vdrvroot - ok
10:11:58.0504 2340 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
10:11:58.0560 2340 vds - ok
10:11:58.0668 2340 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:11:58.0697 2340 vga - ok
10:11:58.0720 2340 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:11:58.0833 2340 VgaSave - ok
10:11:58.0869 2340 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
10:11:58.0896 2340 vhdmp - ok
10:11:58.0910 2340 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
10:11:58.0929 2340 viaide - ok
10:11:58.0958 2340 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
10:11:58.0978 2340 volmgr - ok
10:11:59.0072 2340 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
10:11:59.0101 2340 volmgrx - ok
10:11:59.0163 2340 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
10:11:59.0196 2340 volsnap - ok
10:11:59.0307 2340 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:11:59.0330 2340 vsmraid - ok
10:11:59.0438 2340 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
10:11:59.0530 2340 VSS - ok
10:11:59.0611 2340 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:11:59.0648 2340 vwifibus - ok
10:11:59.0695 2340 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:11:59.0732 2340 vwififlt - ok
10:11:59.0816 2340 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:11:59.0908 2340 W32Time - ok
10:11:59.0952 2340 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:12:00.0006 2340 WacomPen - ok
10:12:00.0127 2340 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:12:00.0214 2340 WANARP - ok
10:12:00.0235 2340 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:12:00.0310 2340 Wanarpv6 - ok
10:12:00.0470 2340 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:12:00.0535 2340 WatAdminSvc - ok
10:12:00.0610 2340 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
10:12:00.0707 2340 wbengine - ok
10:12:00.0788 2340 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:12:00.0831 2340 WbioSrvc - ok
10:12:00.0887 2340 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
10:12:00.0936 2340 wcncsvc - ok
10:12:01.0021 2340 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:12:01.0054 2340 WcsPlugInService - ok
10:12:01.0092 2340 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:12:01.0111 2340 Wd - ok
10:12:01.0185 2340 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:12:01.0224 2340 Wdf01000 - ok
10:12:01.0296 2340 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:12:01.0349 2340 WdiServiceHost - ok
10:12:01.0355 2340 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:12:01.0398 2340 WdiSystemHost - ok
10:12:01.0493 2340 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
10:12:01.0533 2340 WebClient - ok
10:12:01.0597 2340 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:12:01.0680 2340 Wecsvc - ok
10:12:01.0735 2340 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:12:01.0833 2340 wercplsupport - ok
10:12:01.0919 2340 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:12:01.0998 2340 WerSvc - ok
10:12:02.0095 2340 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:12:02.0178 2340 WfpLwf - ok
10:12:02.0224 2340 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:12:02.0243 2340 WIMMount - ok
10:12:02.0279 2340 WinDefend - ok
10:12:02.0292 2340 WinHttpAutoProxySvc - ok
10:12:02.0411 2340 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:12:02.0521 2340 Winmgmt - ok
10:12:02.0609 2340 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
10:12:02.0739 2340 WinRM - ok
10:12:02.0889 2340 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
10:12:02.0921 2340 WinUsb - ok
10:12:02.0972 2340 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:12:03.0061 2340 Wlansvc - ok
10:12:03.0129 2340 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:12:03.0147 2340 wlcrasvc - ok
10:12:03.0288 2340 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:12:03.0385 2340 wlidsvc - ok
10:12:03.0503 2340 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:12:03.0544 2340 WmiAcpi - ok
10:12:03.0631 2340 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:12:03.0682 2340 wmiApSrv - ok
10:12:03.0757 2340 WMPNetworkSvc - ok
10:12:03.0842 2340 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:12:03.0876 2340 WPCSvc - ok
10:12:03.0904 2340 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
10:12:03.0949 2340 WPDBusEnum - ok
10:12:04.0045 2340 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:12:04.0135 2340 ws2ifsl - ok
10:12:04.0189 2340 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
10:12:04.0259 2340 wscsvc - ok
10:12:04.0318 2340 WSearch - ok
10:12:04.0421 2340 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
10:12:04.0565 2340 wuauserv - ok
10:12:04.0644 2340 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
10:12:04.0713 2340 WudfPf - ok
10:12:04.0768 2340 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:12:04.0863 2340 WUDFRd - ok
10:12:04.0937 2340 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
10:12:05.0023 2340 wudfsvc - ok
10:12:05.0056 2340 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:12:05.0104 2340 WwanSvc - ok
10:12:05.0301 2340 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:12:05.0335 2340 YahooAUService - ok
10:12:05.0386 2340 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:12:06.0263 2340 \Device\Harddisk0\DR0 - ok
10:12:06.0296 2340 Boot (0x1200) (3fa956bfdc00353a0f8ddc1d0378edbc) \Device\Harddisk0\DR0\Partition0
10:12:06.0298 2340 \Device\Harddisk0\DR0\Partition0 - ok
10:12:06.0313 2340 Boot (0x1200) (5476c2e41b2af0ca7aff949d34266900) \Device\Harddisk0\DR0\Partition1
10:12:06.0315 2340 \Device\Harddisk0\DR0\Partition1 - ok
10:12:06.0316 2340 ============================================================
10:12:06.0316 2340 Scan finished
10:12:06.0316 2340 ============================================================
10:12:06.0354 2332 Detected object count: 1
10:12:06.0354 2332 Actual detected object count: 1
10:12:48.0567 2332 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
10:12:48.0567 2332 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
Attached Files
File Type: zip MBR.zip (565 Bytes, 2 views)
__________________
ddavies07 is offline  
Old 04-02-2012, 08:27 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,007
OS: XP SP3; Win7 32/64-bit



Hello ddavies07.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please reboot your machine.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 04-02-2012, 08:57 AM   #5
Registered Member
 
Join Date: Mar 2012
Posts: 11
OS: Windows7, home premium edition



ComboFix 12-04-01.02 - Danielle 04/02/2012 10:37:50.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1771.970 [GMT -5:00]
Running from: c:\users\Danielle\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 15:46 . 2012-04-02 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-31 01:37 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-31 01:37 . 2012-03-31 23:25 -------- d-----w- c:\programdata\AVAST Software
2012-03-31 01:37 . 2012-03-31 01:37 -------- d-----w- c:\program files\AVAST Software
2012-03-30 03:25 . 2012-03-30 03:29 -------- d-----w- c:\programdata\SecTaskMan
2012-03-30 03:25 . 2012-03-30 03:25 -------- d-----w- c:\program files (x86)\Security Task Manager
2012-03-30 02:39 . 2012-03-30 02:39 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\tmpidcrl.dll
2012-03-30 01:46 . 2012-03-30 01:46 -------- d-----w- c:\programdata\IObit
2012-03-30 01:46 . 2012-03-30 01:46 -------- d-----w- c:\users\Danielle\AppData\Roaming\IObit
2012-03-30 01:46 . 2012-03-30 01:46 -------- d-----w- c:\program files (x86)\IObit
2012-03-30 01:26 . 2012-03-30 01:26 -------- d-----w- c:\programdata\Uniblue
2012-03-29 23:53 . 2012-03-29 23:53 -------- d-----w- c:\users\Danielle\AppData\Roaming\ATI
2012-03-29 23:53 . 2012-03-29 23:53 -------- d-----w- c:\users\Danielle\AppData\Local\ATI
2012-03-29 23:53 . 2012-03-29 23:53 -------- d-----w- c:\programdata\ATI
2012-03-29 22:57 . 2012-03-29 22:57 -------- d-----w- c:\users\Danielle\AppData\Roaming\Malwarebytes
2012-03-29 22:57 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-03-29 22:57 . 2012-03-29 22:57 -------- d-----w- c:\programdata\Malwarebytes
2012-03-29 22:57 . 2012-03-29 22:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-29 22:57 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 22:34 . 2012-03-29 22:34 -------- d-----w- c:\users\Danielle\AppData\Local\EgisTec
2012-03-26 22:33 . 2012-03-26 23:20 -------- d-----w- c:\users\Danielle\AppData\Roaming\Yahoo!
2012-03-26 22:33 . 2012-03-26 22:33 -------- d-----w- c:\programdata\Yahoo! Companion
2012-03-26 06:00 . 2012-03-26 06:05 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-03-26 05:58 . 2012-03-26 05:58 -------- d-----w- c:\program files\Common Files\McAfee
2012-03-26 05:58 . 2012-03-26 05:58 -------- d-----w- c:\program files\McAfee
2012-03-26 05:50 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-03-26 05:45 . 2011-11-18 21:36 161168 ----a-w- c:\windows\system32\mfevtps.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-26 22:33 . 2011-07-29 19:39 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 09:05 . 2012-03-01 09:05 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-01 09:05 . 2012-03-01 09:05 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-01 09:05 . 2012-03-01 09:05 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-01 09:05 . 2012-03-01 09:05 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-01 09:05 . 2012-03-01 09:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-01 09:05 . 2012-03-01 09:05 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-01 09:05 . 2012-03-01 09:05 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-03-01 09:05 . 2012-03-01 09:05 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-01 09:05 . 2012-03-01 09:05 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-03-01 09:05 . 2012-03-01 09:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-01 09:05 . 2012-03-01 09:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-01 09:05 . 2012-03-01 09:05 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-01 09:05 . 2012-03-01 09:05 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-03-01 09:05 . 2012-03-01 09:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-01 09:05 . 2012-03-01 09:05 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-01 09:05 . 2012-03-01 09:05 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-01 09:05 . 2012-03-01 09:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-01 09:05 . 2012-03-01 09:05 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-01 09:05 . 2012-03-01 09:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-01 09:05 . 2012-03-01 09:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-01 09:05 . 2012-03-01 09:05 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-03-01 09:05 . 2012-03-01 09:05 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 09:05 . 2012-03-01 09:05 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-01 09:05 . 2012-03-01 09:05 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-01 09:05 . 2012-03-01 09:05 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-01 09:05 . 2012-03-01 09:05 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-01 09:05 . 2012-03-01 09:05 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-01 09:05 . 2012-03-01 09:05 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-01 09:05 . 2012-03-01 09:05 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-01 09:05 . 2012-03-01 09:05 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-01 09:05 . 2012-03-01 09:05 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-01 09:05 . 2012-03-01 09:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-01 09:05 . 2012-03-01 09:05 448512 ----a-w- c:\windows\system32\html.iec
2012-03-01 09:05 . 2012-03-01 09:05 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 09:05 . 2012-03-01 09:05 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-03-01 09:05 . 2012-03-01 09:05 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-01 09:05 . 2012-03-01 09:05 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-01 09:05 . 2012-03-01 09:05 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 09:05 . 2012-03-01 09:05 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-01 09:05 . 2012-03-01 09:05 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-14 04:02 . 2012-02-16 05:45 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-01-04 09:58 . 2012-02-16 05:46 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-16 05:46 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-07-24 20:06 . 2011-07-24 20:53 594432 ----a-w- c:\program files\zsnesw.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-14 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-12-31 1029200]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 336384]
"MDS_Menu"="c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2010-11-12 296768]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2010-12-10 177448]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2009-07-14 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-02-01 500568]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-19 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-12-31 310864]
R2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-29 868224]
R2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2674887581-2145794846-2955645282-1002Core.job
- c:\users\Danielle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 03:42]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2674887581-2145794846-2955645282-1002UA.job
- c:\users\Danielle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 03:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-29 860040]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-02 10:55:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 15:55
.
Pre-Run: 145,724,518,400 bytes free
Post-Run: 145,625,124,864 bytes free
.
- - End Of File - - 66F1254B2F20A91DEB17171DD77D984D
__________________
ddavies07 is offline  
Old 04-02-2012, 09:13 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,007
OS: XP SP3; Win7 32/64-bit



Hello ddavies07. Any change in behavior since running ComboFix? Still the same message on reboot?

------------------------------------------------------

Advanced SystemCare

We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling them via Programs and Features in your Control Panel.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • Under the Update tab, click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Your Java is out of date.

Java(TM) 6 Update 29 can be updated from the Java Control Panel. Go Start > Control Panel > Programs > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel > Programs and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 04-02-2012, 12:51 PM   #7
Registered Member
 
Join Date: Mar 2012
Posts: 11
OS: Windows7, home premium edition



Behavior is pretty much the same. It is progressing from the welcome screen to the desktop much faster, but the desktop is still coming up blacked out with the wheel spinning. Also, for some reason Java is not letting me do anything to it. It's only giving me the option to uninstall it. Sorry, the ESET scan took FOREVER.


Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2012.04.02.06

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Danielle :: SEVERUS [administrator]

4/2/2012 11:30:44 AM
mbam-log-2012-04-02 (11-30-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207434
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



ESET log

C:\Users\Danielle\Downloads\TRON-_Legacy_Reconfigured_(320kbps).exe Win32/Adware.1ClickDownload application
__________________
ddavies07 is offline  
Old 04-02-2012, 01:19 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,007
OS: XP SP3; Win7 32/64-bit



Hello again, ddavies07. It looks as though your problem is not malware related. You may have to seek help in one of our hardware forums once we are done.

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c del /a/f/q "C:\Users\Danielle\Downloads\TRON-_Legacy_Reconfigured_(320kbps).exe"

A DOS window will open and close again, this is normal.

------------------------------------------------------

See if you can install the latest Java this way:

Go here and follow the prompts to install the latest Java > java.com: Java + You
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 04-02-2012, 01:36 PM   #9
Registered Member
 
Join Date: Mar 2012
Posts: 11
OS: Windows7, home premium edition



Yah, it won't let me install anything while I'm working in safe mode. Thank you for the help.
__________________
ddavies07 is offline  
Old 04-02-2012, 03:24 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,007
OS: XP SP3; Win7 32/64-bit



Hello again, ddavies07. You're welcome. Not much else I can do for you here.

I suggest you seek help in our Windows Vista/Windows 7 Support Forum

Let them know you were cleared of malware here first.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable avast! before uninstalling ComboFix and then re-enable it after doing so.

Press the Windows "logo" key and "R" key and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Also, support is ending for some versions of Windows > Windows End of Support Information - Windows Help & How-to

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites in Internet Explorer. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISO help with burning dvds with windows 7
I need help asap burning pictures to a dvd-r. I am using Windows 7 on a hp laptop. I keep getting the error message that the dvd-r that I am trying to use is not supported by my system. Can someone please help me fix this so I can burn my pictures? Thank you...Wrenie
Wrenie Windows 7 Support, Windows Vista Support 4 04-01-2012 06:07 AM
Unhandled exception error has occurred in your application
Hi Everyone First post so will really try to brief and clear. I'm trying to use a prog to update some game saves and my xbox profile. The process is quite simple but each time I run it I get the above error. I've googled and much of the responses are mumbo jumbo to me but I can confirm that I...
Simon Sudbury Windows XP Support 4 04-01-2012 01:55 AM
PLEASE HELP ME!!!
MY VIZZIO FLAT SCREEN COMES ON WHEN TURNED ON, THEN GOES BLACK... ANYONE HELP ME????
sherylgresh Electronics 5 03-31-2012 03:50 PM
Random Crashes high loads please help!
HI, PC SPECS: Motherboard:Asus M4A77td rev 1.0, CPU: AMD Phenom II X3 720, Memory:2GB PC3-14400 Mushkin 991602, PSU: Rosewill RD450-2SB 450W, Video:XFX Nvidia 7950GT I get random crashes where the computer completely just shuts itself down. This happens if i play almost any game pretty...
bshipper Motherboards, Bios & CPU 12 03-31-2012 01:24 PM
error "class not registered"
I am trying to use a program called AVSVIDEOREMAKER, and when I try to start it I get the above error message. From what I have read it has something to do with a dll file. How I determine which file is causing the problem? How can I correct this?
sgrad Windows XP Support 4 03-31-2012 12:45 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 11:03 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts