Solved Have Trojan.zeroAccess!inf5/6 virus

FSS.txt cont.
-------------

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2010-07-17 01:37] - [2008-01-19 03:34] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\system32\Drivers\afd.sys
[2011-06-16 19:30] - [2011-04-21 09:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys
[2010-07-17 01:37] - [2008-01-19 01:55] - 0071680 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Windows\system32\Drivers\tdx.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\system32\Drivers\tcpip.sys
[2010-12-02 15:00] - [2010-06-16 11:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2011-04-16 13:33] - [2011-03-02 10:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2010-07-17 01:39] - [2008-01-19 03:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2010-07-17 01:38] - [2008-01-19 03:33] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2010-07-17 01:39] - [2008-01-19 03:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2010-07-17 01:38] - [2008-01-19 03:37] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2010-07-17 01:37] - [2008-01-19 03:36] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2010-07-17 01:39] - [2008-01-19 03:36] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2010-07-15 21:01] - [2010-07-15 21:01] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2010-07-17 01:37] - [2008-01-19 03:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2010-07-09 06:21] - [2010-07-09 06:21] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

 

Broni,

here are the latest results:

SystemLook.txt
----------------

SystemLook 30.07.11 by jpshortstuff
Log created at 19:04 on 18/09/2012 by BG
Administrator - Elevation successful

========== filefind ==========

Searching for "tdx.sys "
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys --a---- 72192 bytes [19:24 02/12/2010] [04:45 11/04/2009] 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\drivers\tdx.sys --a---- 71680 bytes [05:37 17/07/2010] [05:55 19/01/2008] 4219F015CEC1DB8C98B90693061829AB
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6000.16386_none_e807064fdf2a97e3\tdx.sys --a---- 68096 bytes [08:57 02/11/2006] [08:57 02/11/2006] AB4FDE8AF4A0270A46A001C08CBCE1C2

-= EOF =-

 

Broni,

after following your directions and attempting to run FRST from System Recovery mode it was unable to find the file. So I attempted to run FRST fix mode directly on main system from the actual desktop instead and it was then able to find the file. Also the fix brought my internet access back, and I am now sending this reply from my actual laptop. Check out the two log files below, Fixlog & Fixlog2:

Fixlog.txt
------------
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-09-2012 01
Ran by SYSTEM at 2012-09-20 04:14:40 Run:1
Running from G:\

==============================================

Could not find >>C:\Windows\System32\drivers\tdx.sys.
Could not find >>C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys.

==== End of Fixlog ====

Fixlog2.txt
------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-09-2012 01
Ran by BG at 2012-09-20 04:31:35 Run:2
Running from G:\

ATTENTION: THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==============================================

C:\Windows\System32\drivers\tdx.sys moved successfully.
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys copied successfully to C:\Windows\System32\drivers\tdx.sys

==== End of Fixlog ====

 

*Correction FRST was ran from my USB drive on main system.

 

Broni,

here is new FSS log:

Farbar Service Scanner Version: 06-08-2012
Ran by BG (administrator) on 21-09-2012 at 06:52:42
Running from "C:\Users\BG\Desktop "
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2010-07-17 01:37] - [2008-01-19 03:34] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\system32\Drivers\afd.sys
[2011-06-16 19:30] - [2011-04-21 09:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-12-02 15:00] - [2010-06-16 11:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2011-04-16 13:33] - [2011-03-02 10:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2010-07-17 01:39] - [2008-01-19 03:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2010-07-17 01:38] - [2008-01-19 03:33] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2010-07-17 01:39] - [2008-01-19 03:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2010-07-17 01:38] - [2008-01-19 03:37] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2010-07-17 01:37] - [2008-01-19 03:36] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2010-07-17 01:39] - [2008-01-19 03:36] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2010-07-15 21:01] - [2010-07-15 21:01] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2010-07-17 01:37] - [2008-01-19 03:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2010-07-09 06:21] - [2010-07-09 06:21] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

 

Broni,

I'm happy about having internet access back now I'm just hoping to get rid of any additional traces of the Trojan that may still be on my computer. The next few posts will contain my the TDSkiller & Roguekiller results.

 

TDSkiller
-----------
07:57:42.0653 3508 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
07:57:43.0027 3508 ============================================================
07:57:43.0027 3508 Current date / time: 2012/09/22 07:57:43.0027
07:57:43.0027 3508 SystemInfo:
07:57:43.0027 3508
07:57:43.0027 3508 OS Version: 6.0.6001 ServicePack: 1.0
07:57:43.0027 3508 Product type: Workstation
07:57:43.0027 3508 ComputerName: BG-PC
07:57:43.0027 3508 UserName: BG
07:57:43.0027 3508 Windows directory: C:\Windows
07:57:43.0027 3508 System windows directory: C:\Windows
07:57:43.0027 3508 Processor architecture: Intel x86
07:57:43.0027 3508 Number of processors: 2
07:57:43.0027 3508 Page size: 0x1000
07:57:43.0027 3508 Boot type: Normal boot
07:57:43.0027 3508 ============================================================
07:57:44.0119 3508 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:57:44.0415 3508 Drive \Device\Harddisk1\DR1 - Size: 0x1DE97FE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:57:44.0415 3508 ============================================================
07:57:44.0415 3508 \Device\Harddisk0\DR0:
07:57:44.0415 3508 MBR partitions:
07:57:44.0415 3508 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xE, StartLBA 0x176D000, BlocksNum 0x898C000
07:57:44.0415 3508 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA0F9038, BlocksNum 0x49B215D
07:57:44.0431 3508 \Device\Harddisk1\DR1:
07:57:44.0431 3508 MBR partitions:
07:57:44.0431 3508 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
07:57:44.0431 3508 ============================================================
07:57:44.0478 3508 C: <-> \Device\Harddisk0\DR0\Partition1
07:57:44.0571 3508 D: <-> \Device\Harddisk0\DR0\Partition2
07:57:44.0571 3508 ============================================================
07:57:44.0571 3508 Initialize success
07:57:44.0571 3508 ============================================================
08:09:00.0129 4772 ============================================================
08:09:00.0129 4772 Scan started
08:09:00.0129 4772 Mode: Manual;
08:09:00.0129 4772 ============================================================
08:09:02.0905 4772 ================ Scan system memory ========================
08:09:02.0905 4772 System memory - ok
08:09:02.0905 4772 ================ Scan services =============================
08:09:03.0685 4772 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
08:09:03.0717 4772 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
08:09:04.0029 4772 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
08:09:04.0029 4772 ACPI - ok
08:09:04.0153 4772 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:09:04.0153 4772 AdobeFlashPlayerUpdateSvc - ok
08:09:04.0231 4772 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:09:04.0263 4772 adp94xx - ok
08:09:04.0309 4772 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:09:04.0356 4772 adpahci - ok
08:09:04.0387 4772 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
08:09:04.0403 4772 adpu160m - ok
08:09:04.0419 4772 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:09:04.0465 4772 adpu320 - ok
08:09:04.0590 4772 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:09:04.0590 4772 AeLookupSvc - ok
08:09:04.0653 4772 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
08:09:04.0668 4772 AFD - ok
08:09:04.0715 4772 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
08:09:04.0715 4772 AgereModemAudio - ok
08:09:04.0793 4772 [ D31D1A92479BD8C0D050A6FFBDD410D9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
08:09:04.0918 4772 AgereSoftModem - ok
08:09:04.0949 4772 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:09:04.0965 4772 agp440 - ok
08:09:05.0027 4772 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
08:09:05.0058 4772 aic78xx - ok
08:09:05.0121 4772 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
08:09:05.0136 4772 ALG - ok
08:09:05.0167 4772 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
08:09:05.0183 4772 aliide - ok
08:09:05.0214 4772 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
08:09:05.0261 4772 amdagp - ok
08:09:05.0292 4772 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
08:09:05.0308 4772 amdide - ok
08:09:05.0370 4772 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
08:09:05.0401 4772 AmdK7 - ok
08:09:05.0433 4772 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:09:05.0448 4772 AmdK8 - ok
08:09:05.0511 4772 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
08:09:05.0526 4772 Appinfo - ok
08:09:05.0604 4772 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:09:05.0667 4772 Apple Mobile Device - ok
08:09:05.0698 4772 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
08:09:05.0729 4772 arc - ok
08:09:05.0776 4772 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:09:05.0823 4772 arcsas - ok
08:09:05.0916 4772 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:09:05.0932 4772 AsyncMac - ok
08:09:05.0979 4772 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
08:09:06.0010 4772 atapi - ok
08:09:06.0135 4772 [ 91E15B0A1D6F7B99ACE55D04C6D1544A ] athr C:\Windows\system32\DRIVERS\athr.sys
08:09:06.0181 4772 athr - ok
08:09:06.0259 4772 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:09:06.0259 4772 AudioEndpointBuilder - ok
08:09:06.0291 4772 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
08:09:06.0291 4772 Audiosrv - ok
08:09:06.0337 4772 [ AA6B367CA7DA571DFC3374EC137D87A5 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
08:09:06.0369 4772 b57nd60x - ok
08:09:06.0415 4772 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
08:09:06.0431 4772 Beep - ok
08:09:06.0478 4772 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
08:09:06.0493 4772 BFE - ok
08:09:06.0571 4772 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
08:09:06.0603 4772 BITS - ok
08:09:06.0618 4772 blbdrive - ok
08:09:06.0712 4772 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:09:06.0790 4772 Bonjour Service - ok
08:09:06.0868 4772 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:09:06.0883 4772 bowser - ok
08:09:06.0930 4772 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
08:09:06.0946 4772 BrFiltLo - ok
08:09:06.0977 4772 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
08:09:07.0039 4772 BrFiltUp - ok
08:09:07.0086 4772 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
08:09:07.0086 4772 Browser - ok
08:09:07.0117 4772 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
08:09:07.0133 4772 Brserid - ok
08:09:07.0149 4772 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
08:09:07.0164 4772 BrSerWdm - ok
08:09:07.0195 4772 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
08:09:07.0195 4772 BrUsbMdm - ok
08:09:07.0227 4772 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
08:09:07.0227 4772 BrUsbSer - ok
08:09:07.0305 4772 [ ECDC40CC54603C711E1A7A1C9255184A ] btaudio C:\Windows\system32\drivers\btaudio.sys
08:09:07.0336 4772 btaudio - ok
08:09:07.0398 4772 [ 58A49BD10E08D3D4333A60DEDCB1CED8 ] BTDriver C:\Windows\system32\DRIVERS\btport.sys
08:09:07.0414 4772 BTDriver - ok
08:09:07.0429 4772 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:09:07.0445 4772 BTHMODEM - ok
08:09:07.0507 4772 [ 885B6D0F826A216EEE4C3AD883809012 ] BTKRNL C:\Windows\system32\DRIVERS\btkrnl.sys
08:09:07.0585 4772 BTKRNL - ok
08:09:07.0648 4772 [ 49E9ED37FAEC5E8C03E81FD73D3884D6 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
08:09:07.0648 4772 btwdins - ok
08:09:07.0679 4772 [ B1D350F3F13CF340FCE93912D2BA1EBF ] BTWDNDIS C:\Windows\system32\DRIVERS\btwdndis.sys
08:09:07.0695 4772 BTWDNDIS - ok
08:09:07.0710 4772 [ E48668B4A6A5CF68B33AECAD18EE8E1E ] btwhid C:\Windows\system32\DRIVERS\btwhid.sys
08:09:07.0741 4772 btwhid - ok
08:09:07.0835 4772 [ 47312A6AF7D84F99EA9EB7B0DE5440BC ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
08:09:07.0835 4772 ccEvtMgr - ok
08:09:07.0835 4772 [ 47312A6AF7D84F99EA9EB7B0DE5440BC ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
08:09:07.0851 4772 ccSetMgr - ok
08:09:07.0882 4772 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:09:07.0897 4772 cdfs - ok
08:09:07.0944 4772 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:09:07.0960 4772 cdrom - ok
08:09:08.0038 4772 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
08:09:08.0053 4772 CertPropSvc - ok
08:09:08.0100 4772 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:09:08.0131 4772 circlass - ok
08:09:08.0178 4772 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
08:09:08.0225 4772 CLFS - ok
08:09:08.0319 4772 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:09:08.0365 4772 clr_optimization_v2.0.50727_32 - ok
08:09:08.0459 4772 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:09:08.0506 4772 clr_optimization_v4.0.30319_32 - ok
08:09:08.0521 4772 [ 47312A6AF7D84F99EA9EB7B0DE5440BC ] CLTNetCnService C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
08:09:08.0537 4772 CLTNetCnService - ok
08:09:08.0584 4772 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:09:08.0599 4772 CmBatt - ok
08:09:08.0631 4772 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:09:08.0662 4772 cmdide - ok
08:09:08.0724 4772 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:09:08.0771 4772 Compbatt - ok
08:09:08.0787 4772 COMSysApp - ok
08:09:08.0802 4772 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:09:08.0818 4772 crcdisk - ok
08:09:08.0849 4772 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
08:09:08.0865 4772 Crusoe - ok
08:09:08.0911 4772 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:09:08.0911 4772 CryptSvc - ok
08:09:09.0021 4772 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:09:09.0052 4772 DcomLaunch - ok
08:09:09.0083 4772 [ FB937277E87F8468603F4E2D8CF9DB4A ] DefWatch C:\Program Files\Symantec AntiVirus\DefWatch.exe
08:09:09.0083 4772 DefWatch - ok
08:09:09.0114 4772 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:09:09.0130 4772 DfsC - ok
08:09:09.0255 4772 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
08:09:09.0364 4772 DFSR - ok
08:09:09.0426 4772 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
08:09:09.0426 4772 Dhcp - ok
08:09:09.0489 4772 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
08:09:09.0535 4772 disk - ok
08:09:09.0567 4772 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
08:09:09.0598 4772 DKbFltr - ok
08:09:09.0645 4772 dlcc_device - ok
08:09:09.0691 4772 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:09:09.0691 4772 Dnscache - ok
08:09:09.0738 4772 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
08:09:09.0754 4772 dot3svc - ok
08:09:09.0832 4772 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
08:09:09.0832 4772 DPS - ok
08:09:09.0894 4772 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:09:09.0925 4772 drmkaud - ok
08:09:09.0972 4772 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:09:10.0003 4772 DXGKrnl - ok
08:09:10.0050 4772 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
08:09:10.0066 4772 E1G60 - ok
08:09:10.0159 4772 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
08:09:10.0159 4772 EapHost - ok
08:09:10.0284 4772 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
08:09:10.0315 4772 Ecache - ok
08:09:10.0425 4772 [ F54907AA07F60AFF81E1E09E97AF98B0 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
08:09:10.0440 4772 eDataSecurity Service - ok
08:09:10.0487 4772 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
08:09:10.0549 4772 eeCtrl - ok
08:09:10.0596 4772 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:09:10.0674 4772 ehRecvr - ok
08:09:10.0705 4772 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
08:09:10.0783 4772 ehSched - ok
08:09:10.0799 4772 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
08:09:10.0815 4772 ehstart - ok
08:09:10.0846 4772 [ A7B5F3B9363F9AB1D4FE459BAF3B15D6 ] eLockService C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
08:09:10.0846 4772 eLockService - ok
08:09:10.0893 4772 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:09:10.0924 4772 elxstor - ok
08:09:10.0971 4772 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
08:09:10.0986 4772 EMDMgmt - ok
08:09:11.0017 4772 [ 207E2DDA01AAC6AD64F0368CA59FC179 ] eNet Service C:\Acer\Empowering Technology\eNet\eNet Service.exe
08:09:11.0017 4772 eNet Service - ok
08:09:11.0095 4772 [ B78436CA173FF723A1EACE5CD4900375 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
08:09:11.0111 4772 EpsonCustomerParticipation - ok
08:09:11.0158 4772 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:09:11.0189 4772 EraserUtilRebootDrv - ok
08:09:11.0267 4772 [ A7B084BFBBD582A843D2F5C35220F962 ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
08:09:11.0283 4772 eRecoveryService - ok
08:09:11.0329 4772 [ 06484E97D22F06DE8DE0F8E2BEC6FA9E ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
08:09:11.0329 4772 eSettingsService - ok
08:09:11.0376 4772 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
08:09:11.0392 4772 EventSystem - ok
08:09:11.0501 4772 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
08:09:11.0517 4772 exfat - ok
08:09:11.0595 4772 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:09:11.0610 4772 fastfat - ok
08:09:11.0657 4772 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:09:11.0673 4772 fdc - ok
08:09:11.0704 4772 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
08:09:11.0719 4772 fdPHost - ok
08:09:11.0751 4772 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
08:09:11.0751 4772 FDResPub - ok
08:09:11.0782 4772 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:09:11.0797 4772 FileInfo - ok
08:09:11.0829 4772 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:09:11.0844 4772 Filetrace - ok
08:09:11.0860 4772 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:09:11.0875 4772 flpydisk - ok
08:09:11.0907 4772 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:09:11.0953 4772 FltMgr - ok
08:09:12.0031 4772 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:09:12.0078 4772 FontCache3.0.0.0 - ok
08:09:12.0109 4772 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:09:12.0109 4772 Fs_Rec - ok
08:09:12.0141 4772 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:09:12.0172 4772 gagp30kx - ok
08:09:12.0203 4772 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:09:12.0250 4772 GEARAspiWDM - ok
08:09:12.0312 4772 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
08:09:12.0328 4772 gpsvc - ok
08:09:12.0406 4772 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
08:09:12.0421 4772 gupdate - ok
08:09:12.0437 4772 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
08:09:12.0437 4772 gupdatem - ok
08:09:12.0515 4772 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:09:12.0531 4772 HdAudAddService - ok
08:09:12.0577 4772 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:09:12.0577 4772 HDAudBus - ok
08:09:12.0609 4772 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:09:12.0749 4772 HidBth - ok
08:09:12.0796 4772 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:09:12.0796 4772 HidIr - ok
08:09:12.0827 4772 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
08:09:12.0843 4772 hidserv - ok
08:09:12.0874 4772 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:09:12.0889 4772 HidUsb - ok
08:09:12.0936 4772 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:09:12.0952 4772 hkmsvc - ok
08:09:12.0983 4772 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
08:09:12.0999 4772 HpCISSs - ok
08:09:13.0061 4772 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:09:13.0077 4772 HTTP - ok
08:09:13.0108 4772 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
08:09:13.0123 4772 i2omp - ok
08:09:13.0170 4772 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:09:13.0201 4772 i8042prt - ok
08:09:13.0279 4772 [ 271A5CA508B8172C050D726B217E9B99 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
08:09:13.0295 4772 IAANTMON - ok
08:09:13.0342 4772 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
08:09:13.0342 4772 iaStor - ok
08:09:13.0373 4772 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
08:09:13.0389 4772 iaStorV - ok
08:09:13.0451 4772 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:09:13.0576 4772 idsvc - ok
08:09:13.0669 4772 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
08:09:13.0747 4772 igfx - ok
08:09:13.0779 4772 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:09:13.0810 4772 iirsp - ok
08:09:13.0872 4772 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
08:09:13.0872 4772 IKEEXT - ok
08:09:13.0935 4772 [ 9D64201C9E5AC8D1F088762BA00FF3AB ] int15 C:\Acer\Empowering Technology\eRecovery\int15.sys
08:09:13.0950 4772 int15 - ok
08:09:14.0059 4772 [ 9438FE15DA89C6AACE8A79DB2C6F60C1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
08:09:14.0169 4772 IntcAzAudAddService - ok
08:09:14.0215 4772 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
08:09:14.0247 4772 intelide - ok
08:09:14.0309 4772 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:09:14.0309 4772 intelppm - ok
08:09:14.0356 4772 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:09:14.0371 4772 IPBusEnum - ok
08:09:14.0418 4772 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:09:14.0434 4772 IpFilterDriver - ok
08:09:14.0465 4772 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:09:14.0496 4772 iphlpsvc - ok
08:09:14.0496 4772 IpInIp - ok
08:09:14.0543 4772 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
08:09:14.0559 4772 IPMIDRV - ok
08:09:14.0605 4772 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
08:09:14.0621 4772 IPNAT - ok
08:09:14.0746 4772 [ 630D74599070824AF3DC63A894ADCDFC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:09:14.0777 4772 iPod Service - ok
08:09:14.0808 4772 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:09:14.0824 4772 IRENUM - ok
08:09:14.0855 4772 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:09:14.0886 4772 isapnp - ok
08:09:14.0949 4772 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
08:09:14.0949 4772 iScsiPrt - ok
08:09:14.0964 4772 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
08:09:15.0042 4772 iteatapi - ok
08:09:15.0136 4772 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
08:09:15.0167 4772 iteraid - ok
08:09:15.0292 4772 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:09:15.0307 4772 kbdclass - ok
08:09:15.0479 4772 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:09:15.0495 4772 kbdhid - ok
08:09:15.0682 4772 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
08:09:15.0682 4772 KeyIso - ok
08:09:15.0853 4772 [ 1223A8B567FFDB4B8BB5F59E5F033FDB ] KeyScrambler C:\Windows\system32\drivers\keyscrambler.sys
08:09:16.0041 4772 KeyScrambler - ok
08:09:16.0181 4772 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:09:16.0228 4772 KSecDD - ok
08:09:16.0306 4772 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
08:09:16.0337 4772 KtmRm - ok
08:09:16.0368 4772 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:09:16.0368 4772 LanmanServer - ok
08:09:16.0462 4772 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:09:16.0462 4772 LanmanWorkstation - ok
08:09:16.0477 4772 Lbd - ok
08:09:16.0571 4772 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
08:09:16.0571 4772 LightScribeService - ok
08:09:16.0696 4772 [ 3C7FCBBC35E0A52CE9B12E9CC4F5B991 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
08:09:16.0930 4772 LiveUpdate - ok
08:09:16.0992 4772 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:09:17.0008 4772 lltdio - ok
08:09:17.0055 4772 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:09:17.0070 4772 lltdsvc - ok
08:09:17.0101 4772 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:09:17.0117 4772 lmhosts - ok
08:09:17.0148 4772 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:09:17.0164 4772 LSI_FC - ok
08:09:17.0211 4772 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:09:17.0242 4772 LSI_SAS - ok
08:09:17.0289 4772 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:09:17.0304 4772 LSI_SCSI - ok
08:09:17.0351 4772 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
08:09:17.0367 4772 luafv - ok
08:09:17.0398 4772 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:09:17.0413 4772 Mcx2Svc - ok
08:09:17.0445 4772 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
08:09:17.0476 4772 megasas - ok
08:09:17.0523 4772 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
08:09:17.0523 4772 MMCSS - ok
08:09:17.0554 4772 MobilityService - ok
08:09:17.0601 4772 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
08:09:17.0601 4772 Modem - ok
08:09:17.0647 4772 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:09:17.0647 4772 monitor - ok
08:09:17.0679 4772 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:09:17.0694 4772 mouclass - ok
08:09:17.0710 4772 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:09:17.0725 4772 mouhid - ok
08:09:17.0772 4772 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
08:09:17.0788 4772 MountMgr - ok
08:09:17.0866 4772 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:09:17.0928 4772 MozillaMaintenance - ok
08:09:17.0959 4772 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
08:09:18.0006 4772 mpio - ok
08:09:18.0053 4772 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:09:18.0069 4772 mpsdrv - ok
08:09:18.0115 4772 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
08:09:18.0131 4772 MpsSvc - ok
08:09:18.0147 4772 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
08:09:18.0162 4772 Mraid35x - ok
08:09:18.0209 4772 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:09:18.0225 4772 MRxDAV - ok
08:09:18.0271 4772 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:09:18.0287 4772 mrxsmb - ok
08:09:18.0334 4772 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:09:18.0365 4772 mrxsmb10 - ok
08:09:18.0396 4772 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:09:18.0412 4772 mrxsmb20 - ok
08:09:18.0427 4772 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
08:09:18.0443 4772 msahci - ok
08:09:18.0459 4772 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:09:18.0505 4772 msdsm - ok
08:09:18.0583 4772 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
08:09:18.0630 4772 MSDTC - ok
08:09:18.0677 4772 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:09:18.0693 4772 Msfs - ok
08:09:18.0739 4772 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:09:18.0771 4772 msisadrv - ok
08:09:18.0817 4772 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:09:18.0833 4772 MSiSCSI - ok
08:09:18.0849 4772 msiserver - ok
08:09:18.0895 4772 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:09:18.0895 4772 MSKSSRV - ok
08:09:18.0942 4772 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:09:18.0958 4772 MSPCLOCK - ok
08:09:19.0005 4772 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:09:19.0020 4772 MSPQM - ok
08:09:19.0067 4772 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:09:19.0098 4772 MsRPC - ok
08:09:19.0129 4772 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:09:19.0129 4772 mssmbios - ok
08:09:19.0145 4772 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:09:19.0161 4772 MSTEE - ok
08:09:19.0176 4772 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
08:09:19.0223 4772 Mup - ok
08:09:19.0270 4772 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
08:09:19.0285 4772 napagent - ok
08:09:19.0348 4772 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:09:19.0379 4772 NativeWifiP - ok
08:09:19.0504 4772 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120921.002\NAVENG.SYS
08:09:19.0504 4772 NAVENG - ok
08:09:19.0582 4772 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120921.002\NAVEX15.SYS
08:09:19.0597 4772 NAVEX15 - ok

 

TDSkiller cont.
--------------
08:09:19.0660 4772 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:09:19.0675 4772 NDIS - ok
08:09:19.0722 4772 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:09:19.0738 4772 NdisTapi - ok
08:09:19.0785 4772 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:09:19.0785 4772 Ndisuio - ok
08:09:19.0847 4772 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:09:19.0863 4772 NdisWan - ok
08:09:19.0925 4772 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:09:19.0956 4772 NDProxy - ok
08:09:20.0003 4772 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:09:20.0019 4772 NetBIOS - ok
08:09:20.0065 4772 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
08:09:20.0112 4772 netbt - ok
08:09:20.0143 4772 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
08:09:20.0143 4772 Netlogon - ok
08:09:20.0206 4772 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
08:09:20.0206 4772 Netman - ok
08:09:20.0268 4772 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
08:09:20.0268 4772 netprofm - ok
08:09:20.0315 4772 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:09:20.0346 4772 NetTcpPortSharing - ok
08:09:20.0471 4772 [ 25ACCCFC33DD448B9D3037C5E439E830 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
08:09:20.0627 4772 NETw4v32 - ok
08:09:20.0643 4772 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:09:20.0674 4772 nfrd960 - ok
08:09:20.0736 4772 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:09:20.0736 4772 NlaSvc - ok
08:09:20.0783 4772 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:09:20.0799 4772 Npfs - ok
08:09:20.0845 4772 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
08:09:20.0845 4772 nsi - ok
08:09:20.0892 4772 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:09:20.0908 4772 nsiproxy - ok
08:09:21.0001 4772 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:09:21.0142 4772 Ntfs - ok
08:09:21.0173 4772 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
08:09:21.0204 4772 NTIDrvr - ok
08:09:21.0251 4772 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
08:09:21.0251 4772 ntrigdigi - ok
08:09:21.0282 4772 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
08:09:21.0298 4772 Null - ok
08:09:21.0547 4772 [ E3E9E8CCE32FF51C3928F71A0D4DAD81 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:09:21.0875 4772 nvlddmkm - ok
08:09:21.0906 4772 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:09:21.0922 4772 nvraid - ok
08:09:21.0937 4772 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:09:21.0969 4772 nvstor - ok
08:09:22.0000 4772 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:09:22.0015 4772 nv_agp - ok
08:09:22.0031 4772 NwlnkFlt - ok
08:09:22.0047 4772 NwlnkFwd - ok
08:09:22.0218 4772 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:09:22.0374 4772 odserv - ok
08:09:22.0405 4772 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
08:09:22.0405 4772 ohci1394 - ok
08:09:22.0483 4772 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:09:22.0593 4772 ose - ok
08:09:22.0655 4772 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
08:09:22.0702 4772 p2pimsvc - ok
08:09:22.0717 4772 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
08:09:22.0733 4772 p2psvc - ok
08:09:22.0873 4772 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
08:09:22.0983 4772 Parport - ok
08:09:23.0061 4772 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:09:23.0107 4772 partmgr - ok
08:09:23.0139 4772 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
08:09:23.0139 4772 Parvdm - ok
08:09:23.0185 4772 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
08:09:23.0201 4772 PcaSvc - ok
08:09:23.0217 4772 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
08:09:23.0217 4772 pci - ok
08:09:23.0232 4772 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
08:09:23.0279 4772 pciide - ok
08:09:23.0310 4772 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:09:23.0357 4772 pcmcia - ok
08:09:23.0435 4772 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:09:23.0482 4772 PEAUTH - ok
08:09:23.0591 4772 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
08:09:23.0669 4772 pla - ok
08:09:23.0731 4772 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:09:23.0747 4772 PlugPlay - ok
08:09:23.0778 4772 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
08:09:23.0794 4772 PNRPAutoReg - ok
08:09:23.0825 4772 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
08:09:23.0841 4772 PNRPsvc - ok
08:09:23.0919 4772 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:09:23.0934 4772 PolicyAgent - ok
08:09:23.0981 4772 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:09:23.0997 4772 PptpMiniport - ok
08:09:24.0028 4772 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
08:09:24.0059 4772 Processor - ok
08:09:24.0090 4772 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
08:09:24.0106 4772 ProfSvc - ok
08:09:24.0121 4772 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:09:24.0121 4772 ProtectedStorage - ok
08:09:24.0153 4772 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
08:09:24.0168 4772 PSched - ok
08:09:24.0184 4772 [ E801D5CC24E1CF18FA87D24D7074B876 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
08:09:24.0199 4772 PSDFilter - ok
08:09:24.0215 4772 [ 24B5E3429F7F0E779FC2E6E36A0A5F73 ] PSDNServ C:\Windows\system32\drivers\PSDNServ.sys
08:09:24.0246 4772 PSDNServ - ok
08:09:24.0277 4772 [ 01CBFD08C0E8A6106BB26FCDA297154E ] psdvdisk C:\Windows\system32\drivers\psdvdisk.sys
08:09:24.0309 4772 psdvdisk - ok
08:09:24.0371 4772 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
08:09:24.0418 4772 PxHelp20 - ok
08:09:24.0558 4772 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:09:24.0605 4772 ql2300 - ok
08:09:24.0636 4772 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:09:24.0652 4772 ql40xx - ok
08:09:24.0699 4772 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
08:09:24.0730 4772 QWAVE - ok
08:09:24.0761 4772 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:09:24.0777 4772 QWAVEdrv - ok
08:09:24.0823 4772 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:09:24.0823 4772 RasAcd - ok
08:09:24.0870 4772 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
08:09:24.0886 4772 RasAuto - ok
08:09:24.0933 4772 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:09:24.0964 4772 Rasl2tp - ok
08:09:25.0011 4772 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
08:09:25.0073 4772 RasMan - ok
08:09:25.0120 4772 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:09:25.0135 4772 RasPppoe - ok
08:09:25.0182 4772 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:09:25.0198 4772 RasSstp - ok
08:09:25.0245 4772 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:09:25.0291 4772 rdbss - ok
08:09:25.0307 4772 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:09:25.0323 4772 RDPCDD - ok
08:09:25.0369 4772 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
08:09:25.0385 4772 rdpdr - ok
08:09:25.0401 4772 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:09:25.0432 4772 RDPENCDD - ok
08:09:25.0463 4772 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:09:25.0494 4772 RDPWD - ok
08:09:25.0557 4772 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:09:25.0572 4772 RemoteAccess - ok
08:09:25.0619 4772 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:09:25.0635 4772 RemoteRegistry - ok
08:09:25.0697 4772 [ 0A468612A19FEB657D127E7C4810F6FC ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
08:09:25.0697 4772 RichVideo - ok
08:09:25.0728 4772 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
08:09:25.0728 4772 rimmptsk - ok
08:09:25.0900 4772 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
08:09:25.0915 4772 rimsptsk - ok
08:09:25.0962 4772 [ D231B577024AA324AF13A42F3A807D10 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
08:09:25.0978 4772 rismxdp - ok
08:09:26.0025 4772 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
08:09:26.0040 4772 RpcLocator - ok
08:09:26.0103 4772 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
08:09:26.0118 4772 RpcSs - ok
08:09:26.0165 4772 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:09:26.0181 4772 rspndr - ok
08:09:26.0181 4772 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
08:09:26.0181 4772 SamSs - ok
08:09:26.0212 4772 [ 3D6AB454353A7834A0919E4CDC77B566 ] SavRoam C:\Program Files\Symantec AntiVirus\SavRoam.exe
08:09:26.0227 4772 SavRoam - ok
08:09:26.0243 4772 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:09:26.0259 4772 sbp2port - ok
08:09:26.0290 4772 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:09:26.0305 4772 SCardSvr - ok
08:09:26.0368 4772 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
08:09:26.0415 4772 Schedule - ok
08:09:26.0461 4772 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
08:09:26.0461 4772 SCPolicySvc - ok
08:09:26.0508 4772 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
08:09:26.0524 4772 sdbus - ok
08:09:26.0555 4772 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:09:26.0571 4772 SDRSVC - ok
08:09:26.0602 4772 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:09:26.0617 4772 secdrv - ok
08:09:26.0664 4772 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
08:09:26.0664 4772 seclogon - ok
08:09:26.0680 4772 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
08:09:26.0695 4772 SENS - ok
08:09:26.0711 4772 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
08:09:26.0711 4772 Serenum - ok
08:09:26.0742 4772 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
08:09:26.0742 4772 Serial - ok
08:09:26.0789 4772 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:09:26.0805 4772 sermouse - ok
08:09:26.0867 4772 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
08:09:26.0883 4772 SessionEnv - ok
08:09:26.0898 4772 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:09:26.0914 4772 sffdisk - ok
08:09:26.0929 4772 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:09:26.0945 4772 sffp_mmc - ok
08:09:26.0961 4772 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:09:26.0961 4772 sffp_sd - ok
08:09:26.0976 4772 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:09:27.0007 4772 sfloppy - ok
08:09:27.0054 4772 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:09:27.0070 4772 SharedAccess - ok
08:09:27.0117 4772 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:09:27.0132 4772 ShellHWDetection - ok
08:09:27.0148 4772 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
08:09:27.0163 4772 sisagp - ok
08:09:27.0179 4772 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
08:09:27.0195 4772 SiSRaid2 - ok
08:09:27.0210 4772 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:09:27.0257 4772 SiSRaid4 - ok
08:09:27.0366 4772 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
08:09:27.0460 4772 slsvc - ok
08:09:27.0522 4772 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
08:09:27.0538 4772 SLUINotify - ok
08:09:27.0553 4772 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:09:27.0647 4772 Smb - ok
08:09:27.0678 4772 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:09:27.0709 4772 SNMPTRAP - ok
08:09:27.0819 4772 [ 1C550748F896E53B7B0FE7717845132B ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
08:09:27.0865 4772 SNP2UVC - ok
08:09:27.0943 4772 [ 905782BCF15B6E5AF9905B77923C7FA2 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
08:09:27.0959 4772 SPBBCDrv - ok
08:09:28.0006 4772 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
08:09:28.0021 4772 spldr - ok
08:09:28.0068 4772 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
08:09:28.0068 4772 Spooler - ok
08:09:28.0099 4772 [ 1B2A1C6BC76E1EBE8BC2F4A4F3D43E23 ] SRTSP C:\Windows\system32\Drivers\SRTSP.SYS
08:09:28.0115 4772 SRTSP - ok
08:09:28.0146 4772 [ F01A7F6E60E95FE83345CF92728A32D4 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL.SYS
08:09:28.0162 4772 SRTSPL - ok
08:09:28.0177 4772 [ D02812F89E18C6FB32F901BE1E10BC17 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX.SYS
08:09:28.0193 4772 SRTSPX - ok
08:09:28.0240 4772 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:09:28.0255 4772 srv - ok
08:09:28.0302 4772 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:09:28.0318 4772 srv2 - ok
08:09:28.0349 4772 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:09:28.0380 4772 srvnet - ok
08:09:28.0411 4772 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:09:28.0411 4772 SSDPSRV - ok
08:09:28.0474 4772 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:09:28.0489 4772 SstpSvc - ok
08:09:28.0552 4772 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
08:09:28.0567 4772 stisvc - ok
08:09:28.0614 4772 [ E476C66713C842F58E61A95826ED1D57 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
08:09:28.0645 4772 stllssvr - ok
08:09:28.0677 4772 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:09:28.0677 4772 swenum - ok
08:09:28.0739 4772 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
08:09:28.0770 4772 swprv - ok
08:09:28.0864 4772 [ A548ACF535D81A96E1B38F76A2DE658F ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
08:09:28.0942 4772 Symantec AntiVirus - ok
08:09:28.0973 4772 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
08:09:29.0004 4772 Symc8xx - ok
08:09:29.0051 4772 [ 9D98270B5F10A4C84E8DA417C30756E1 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
08:09:29.0098 4772 SymEvent - ok
08:09:29.0129 4772 [ 7F4011A719BF30E3DBD84D3A0A45C91C ] SYMREDRV C:\Windows\System32\Drivers\SYMREDRV.SYS
08:09:29.0176 4772 SYMREDRV - ok
08:09:29.0207 4772 [ 2F03CBDB0F22278D05D5D616C993AB58 ] SYMTDI C:\Windows\System32\Drivers\SYMTDI.SYS
08:09:29.0223 4772 SYMTDI - ok
08:09:29.0254 4772 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
08:09:29.0285 4772 Sym_hi - ok
08:09:29.0316 4772 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
08:09:29.0347 4772 Sym_u3 - ok
08:09:29.0379 4772 [ 978ACC15501E62D4B26C1567CE42FBAD ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
08:09:29.0410 4772 SynTP - ok
08:09:29.0472 4772 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
08:09:29.0503 4772 SysMain - ok
08:09:29.0519 4772 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:09:29.0535 4772 TabletInputService - ok
08:09:29.0581 4772 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
08:09:29.0597 4772 TapiSrv - ok
08:09:29.0644 4772 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
08:09:29.0659 4772 TBS - ok
08:09:29.0737 4772 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:09:29.0800 4772 Tcpip - ok
08:09:29.0831 4772 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
08:09:29.0847 4772 Tcpip6 - ok
08:09:29.0862 4772 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:09:29.0878 4772 tcpipreg - ok
08:09:29.0925 4772 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:09:29.0925 4772 TDPIPE - ok
08:09:29.0971 4772 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:09:29.0987 4772 TDTCP - ok
08:09:30.0034 4772 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:09:30.0049 4772 tdx - ok
08:09:30.0408 4772 [ 8A9828975A857E477EFEF5A61BA45AC0 ] TeamViewer6 C:\Users\BG\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Service.exe
08:09:30.0517 4772 TeamViewer6 - ok
08:09:30.0549 4772 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:09:30.0580 4772 TermDD - ok
08:09:30.0658 4772 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
08:09:30.0689 4772 TermService - ok
08:09:30.0720 4772 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
08:09:30.0736 4772 Themes - ok
08:09:30.0751 4772 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
08:09:30.0751 4772 THREADORDER - ok
08:09:30.0798 4772 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
08:09:30.0814 4772 TrkWks - ok
08:09:30.0892 4772 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:09:30.0954 4772 TrustedInstaller - ok
08:09:31.0001 4772 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:09:31.0001 4772 tssecsrv - ok
08:09:31.0095 4772 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
08:09:31.0126 4772 tunmp - ok
08:09:31.0173 4772 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:09:31.0188 4772 tunnel - ok
08:09:31.0204 4772 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:09:31.0219 4772 uagp35 - ok
08:09:31.0266 4772 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:09:31.0282 4772 udfs - ok
08:09:31.0329 4772 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:09:31.0360 4772 UI0Detect - ok
08:09:31.0391 4772 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:09:31.0407 4772 uliagpkx - ok
08:09:31.0438 4772 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
08:09:31.0485 4772 uliahci - ok
08:09:31.0516 4772 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
08:09:31.0531 4772 UlSata - ok
08:09:31.0563 4772 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
08:09:31.0563 4772 ulsata2 - ok
08:09:31.0609 4772 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:09:31.0625 4772 umbus - ok
08:09:31.0672 4772 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
08:09:31.0672 4772 upnphost - ok
08:09:31.0734 4772 [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
08:09:31.0750 4772 USBAAPL - ok
08:09:31.0812 4772 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:09:31.0828 4772 usbccgp - ok
08:09:31.0859 4772 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:09:31.0875 4772 usbcir - ok
08:09:31.0921 4772 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:09:31.0921 4772 usbehci - ok
08:09:31.0953 4772 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:09:31.0968 4772 usbhub - ok
08:09:31.0984 4772 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:09:31.0999 4772 usbohci - ok
08:09:32.0031 4772 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:09:32.0046 4772 usbprint - ok
08:09:32.0124 4772 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:09:32.0140 4772 usbscan - ok
08:09:32.0171 4772 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:09:32.0233 4772 USBSTOR - ok
08:09:32.0265 4772 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:09:32.0265 4772 usbuhci - ok
08:09:32.0296 4772 [ 0A6B81F01BC86399482E27E6FDA7B33B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
08:09:32.0343 4772 usbvideo - ok
08:09:32.0374 4772 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
08:09:32.0389 4772 UxSms - ok
08:09:32.0467 4772 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
08:09:32.0530 4772 vds - ok
08:09:32.0577 4772 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:09:32.0592 4772 vga - ok
08:09:32.0623 4772 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
08:09:32.0639 4772 VgaSave - ok
08:09:32.0686 4772 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
08:09:32.0717 4772 viaagp - ok
08:09:32.0733 4772 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
08:09:32.0748 4772 ViaC7 - ok
08:09:32.0764 4772 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
08:09:32.0795 4772 viaide - ok
08:09:32.0826 4772 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:09:32.0842 4772 volmgr - ok
08:09:32.0889 4772 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:09:32.0935 4772 volmgrx - ok
08:09:32.0982 4772 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:09:33.0013 4772 volsnap - ok
08:09:33.0045 4772 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:09:33.0060 4772 vsmraid - ok
08:09:33.0154 4772 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
08:09:33.0279 4772 VSS - ok
08:09:33.0341 4772 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
08:09:33.0341 4772 W32Time - ok
08:09:33.0388 4772 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:09:33.0388 4772 WacomPen - ok
08:09:33.0435 4772 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
08:09:33.0450 4772 Wanarp - ok
08:09:33.0450 4772 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:09:33.0450 4772 Wanarpv6 - ok
08:09:33.0528 4772 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:09:33.0559 4772 wcncsvc - ok
08:09:33.0606 4772 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:09:33.0622 4772 WcsPlugInService - ok
08:09:33.0637 4772 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
08:09:33.0669 4772 Wd - ok
08:09:33.0715 4772 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:09:33.0762 4772 Wdf01000 - ok
08:09:33.0809 4772 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:09:33.0825 4772 WdiServiceHost - ok
08:09:33.0825 4772 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:09:33.0840 4772 WdiSystemHost - ok
08:09:33.0871 4772 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
08:09:33.0887 4772 WebClient - ok
08:09:33.0934 4772 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:09:33.0949 4772 Wecsvc - ok
08:09:33.0996 4772 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:09:34.0027 4772 wercplsupport - ok
08:09:34.0059 4772 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
08:09:34.0059 4772 WerSvc - ok
08:09:34.0105 4772 [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir C:\Windows\system32\DRIVERS\winbondcir.sys
08:09:34.0105 4772 winbondcir - ok
08:09:34.0183 4772 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
08:09:34.0183 4772 WinDefend - ok
08:09:34.0199 4772 WinHttpAutoProxySvc - ok
08:09:34.0277 4772 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:09:34.0293 4772 Winmgmt - ok
08:09:34.0371 4772 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
08:09:34.0433 4772 WinRM - ok
08:09:34.0480 4772 [ F03110711B17AD31271CB2BAF0DBB2B1 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
08:09:34.0495 4772 WinUSB - ok
08:09:34.0558 4772 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:09:34.0573 4772 Wlansvc - ok
08:09:34.0605 4772 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
08:09:34.0620 4772 WmiAcpi - ok
08:09:34.0651 4772 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:09:34.0714 4772 wmiApSrv - ok
08:09:34.0807 4772 [ E8781CF1A4262881897444D22921A3A6 ] WMIService C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
08:09:34.0807 4772 WMIService - ok
08:09:34.0901 4772 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
08:09:34.0963 4772 WMPNetworkSvc - ok
08:09:35.0010 4772 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:09:35.0026 4772 WPCSvc - ok
08:09:35.0073 4772 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:09:35.0073 4772 WPDBusEnum - ok
08:09:35.0197 4772 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:09:35.0275 4772 WPFFontCache_v0400 - ok
08:09:35.0338 4772 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:09:35.0353 4772 ws2ifsl - ok
08:09:35.0400 4772 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll
08:09:35.0400 4772 wscsvc - ok
08:09:35.0416 4772 WSearch - ok
08:09:35.0525 4772 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
08:09:35.0603 4772 wuauserv - ok
08:09:35.0650 4772 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:09:35.0681 4772 WUDFRd - ok
08:09:35.0712 4772 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:09:35.0712 4772 wudfsvc - ok
08:09:35.0775 4772 [ 8098180B3F6C430A4E60333BC036F936 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
08:09:35.0790 4772 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
08:09:35.0790 4772 ================ Scan global ===============================
08:09:35.0821 4772 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
08:09:35.0884 4772 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
08:09:35.0931 4772 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
08:09:35.0977 4772 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
08:09:35.0977 4772 [Global] - ok
08:09:35.0977 4772 ================ Scan MBR ==================================
08:09:35.0993 4772 [ C7D58F7B347CFAB70A03CDD759DCE908 ] \Device\Harddisk0\DR0
08:09:36.0664 4772 \Device\Harddisk0\DR0 - ok
08:09:36.0679 4772 ================ Scan VBR ==================================
08:09:36.0679 4772 [ CEA0ECDB8FB3E9CB5511B54C4938B954 ] \Device\Harddisk0\DR0\Partition1
08:09:36.0679 4772 \Device\Harddisk0\DR0\Partition1 - ok
08:09:36.0726 4772 [ 7D8F7E7538BCA17CD38692554E3425B4 ] \Device\Harddisk0\DR0\Partition2
08:09:36.0726 4772 \Device\Harddisk0\DR0\Partition2 - ok
08:09:36.0742 4772 ============================================================
08:09:36.0742 4772 Scan finished
08:09:36.0742 4772 ============================================================
08:09:36.0757 5868 Detected object count: 0
08:09:36.0757 5868 Actual detected object count: 0

 

RKreport
---------
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : BG [Admin rights]
Mode : Scan -- Date : 09/22/2012 13:13:52

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamext.dll -> UNLOADED
[SUSP PATH] TeamViewer_Service.exe -- C:\Users\BG\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Service.exe -> KILLED [TermProc]
[RESIDUE] TeamViewer_Service.exe -- C:\Users\BG\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Service.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (\??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (\??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x822E1EE9 -> HOOKED (Unknown @ 0x8D709A60)
SSDT[14] : NtAlertThread @ 0x82247305 -> HOOKED (Unknown @ 0x8D709B40)
SSDT[18] : NtAllocateVirtualMemory @ 0x8227EE68 -> HOOKED (Unknown @ 0x8D70D6A0)
SSDT[54] : NtConnectPort @ 0x8221884D -> HOOKED (Unknown @ 0x8D5F1EB8)
SSDT[67] : NtCreateMutant @ 0x82282F77 -> HOOKED (Unknown @ 0x8D709740)
SSDT[78] : NtCreateThread @ 0x822E0560 -> HOOKED (Unknown @ 0x8D70D988)
SSDT[147] : NtFreeVirtualMemory @ 0x820DDCE7 -> HOOKED (Unknown @ 0x8D70D4D0)
SSDT[156] : NtImpersonateAnonymousToken @ 0x82207257 -> HOOKED (Unknown @ 0x8D709820)
SSDT[158] : NtImpersonateThread @ 0x82219980 -> HOOKED (Unknown @ 0x8D709900)
SSDT[177] : NtMapViewOfSection @ 0x82270AFE -> HOOKED (Unknown @ 0x8D70D318)
SSDT[184] : NtOpenEvent @ 0x82232451 -> HOOKED (Unknown @ 0x8D709660)
SSDT[195] : NtOpenProcessToken @ 0x8225967B -> HOOKED (Unknown @ 0x8D70D8A8)
SSDT[202] : NtOpenThreadToken @ 0x82259E51 -> HOOKED (Unknown @ 0x8D709008)
SSDT[282] : NtResumeThread @ 0x8224D924 -> HOOKED (Unknown @ 0x8D71ABE0)
SSDT[289] : NtSetContextThread @ 0x822E1233 -> HOOKED (Unknown @ 0x8D709F28)
SSDT[305] : NtSetInformationProcess @ 0x82280A24 -> HOOKED (Unknown @ 0x8D70D158)
SSDT[306] : NtSetInformationThread @ 0x8224EEB4 -> HOOKED (Unknown @ 0x8D709E48)
SSDT[330] : NtSuspendProcess @ 0x822E1E23 -> HOOKED (Unknown @ 0x8D709580)
SSDT[331] : NtSuspendThread @ 0x8229ECEA -> HOOKED (Unknown @ 0x8D709C88)
SSDT[334] : NtTerminateProcess @ 0x8222F2F0 -> HOOKED (Unknown @ 0x8D70DA78)
SSDT[335] : NtTerminateThread @ 0x8225BAF3 -> HOOKED (Unknown @ 0x8D709D68)
SSDT[348] : NtUnmapViewOfSection @ 0x82271155 -> HOOKED (Unknown @ 0x8D70D238)
SSDT[358] : NtWriteVirtualMemory @ 0x8225A033 -> HOOKED (Unknown @ 0x8D70D5B0)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600BEVS-22RST0 +++++
--- User ---
[MBR] f7b50517290d3e39ef3ba76ae949f203
[BSP] 040071a0eda5464706e69e147757b3a3 : MBR Code unknown
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 11993 Mo
1 - [ACTIVE] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 24563712 | Size: 70424 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 168792120 | Size: 37732 Mo
3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 246067605 | Size: 32475 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SanDisk Cruzer USB Device +++++
--- User ---
[MBR] 4a296257b22c19f9bfb72764b330eeb0
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 44 | Size: 7655 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

 

Broni,

here are my Combofix results:

ComboFix 12-09-24.03 - BG 09/25/2012 23:03:58.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1526.622 [GMT -4:00]
Running from: c:\users\BG\Desktop\GriffFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\windows\$NtUninstallKB56110$
c:\windows\$NtUninstallKB56110$\2149145399\Desktop.ini
c:\windows\$NtUninstallKB56110$\2771160471
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-26 to 2012-09-26 )))))))))))))))))))))))))))))))
.
.
2012-09-26 03:17 . 2012-09-26 07:25 -------- d-----w- c:\users\BG\AppData\Local\temp
2012-09-22 17:10 . 2012-09-22 17:10 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-09-22 11:02 . 2012-09-22 11:02 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-21 11:01 . 2012-09-21 11:01 -------- d-----w- c:\windows\system32\EventProviders
2012-09-21 10:29 . 2012-09-19 04:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{149DA476-373A-4804-BDAA-8AF47F28603E}\mpengine.dll
2012-09-21 10:29 . 2012-05-31 16:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-09-15 12:53 . 2012-09-15 12:53 -------- dc----w- C:\FRST
2012-09-08 12:42 . 2012-09-08 12:42 -------- d-----w- c:\program files\Atheros
2012-09-08 12:42 . 2007-09-13 19:17 755712 ----a-w- c:\windows\system32\drivers\athr.sys
2012-09-08 12:42 . 2007-09-13 19:17 755712 ----a-w- c:\windows\system32\athr.sys
2012-09-08 12:42 . 2007-05-16 14:29 24576 ----a-w- c:\windows\system32\PressCancel.exe
2012-09-08 12:38 . 2012-09-08 12:38 -------- d-----w- c:\programdata\Atheros
2012-09-08 11:42 . 2012-09-16 02:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-08 11:42 . 2012-09-16 02:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-08 11:05 . 2012-09-22 17:13 -------- d-----w- c:\users\BG\AppData\Local\CrashDumps
2012-09-07 08:27 . 2012-09-07 09:00 -------- d-----w- c:\users\BG\AppData\Local\NPE
2012-09-07 08:27 . 2012-09-07 08:27 -------- d-----w- c:\programdata\Norton
2012-09-07 00:54 . 2012-09-07 00:54 -------- d-----w- c:\users\BG\AppData\Roaming\FixZeroAccess
2012-09-07 00:54 . 2012-09-07 00:54 35752 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 10:58 . 2012-04-12 02:12 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 10:58 . 2011-07-17 00:07 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 21:04 . 2010-07-08 09:02 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-26 16:38 . 2012-08-26 16:39 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-26 16:38 . 2012-07-06 09:17 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-26 16:38 . 2010-07-16 05:17 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-22 11:02 . 2012-03-14 22:48 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc "= "c:\windows\system32\nvsvc.dll" [2007-05-23 86016]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-05-23 8433664]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-13 174872]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-05-28 4472832]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 857648]
"LManager "= "c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-06-29 707080]
"eAudio "= "c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"eDataSecurity Loader "= "c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PlayMovie "= "c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"PLFSet "= "c:\windows\PLFSet.dll" [2007-04-25 45056]
"Acer Product Registration "= "c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-23 107112]
"vptray "= "c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"FUFAXRCV "= "c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM "= "c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder "= "c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-6 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2 "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-02-02 18:05 1261568 ----a-w- c:\program files\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-05-22 22:49 151552 -c--a-w- c:\acer\AcerTour\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-05-23 05:35 81920 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride "=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
.
.

 

Combofix.txt (cont)

Contents of the 'Scheduled Tasks' folder
.
2012-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 10:58]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 08:00]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 08:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.acer.com/worldwide/selection.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: army.mil\athd
Trusted Zone: facebook.com\www
FF - ProfilePath - c:\users\BG\AppData\Roaming\Mozilla\Firefox\Profiles\4r29rzuw.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath "= "\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5544)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\dlcccoms.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Symantec AntiVirus\SavRoam.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\program files\Symantec AntiVirus\VPTray.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\windows\system32\igfxext.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-09-26 03:28:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-26 07:28
.
Pre-Run: 21,097,373,696 bytes free
Post-Run: 21,603,418,112 bytes free
.
- - End Of File - - CF34CC62473ECD5575C09E005351FCEA

 

I had to run Combofix in safemode initially...

 

Broni,

yes my current issues are that I now get errors preventing me from restarting both my Firewall and Antivirus services. I believe the error codes are given in the "Extras.txt" file for you to see.

Here are the OTL and Extras results.

 

OTL.txt
---------
OTL logfile created on: 9/29/2012 12:53:35 AM - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\BG\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 44.81% Memory free
3.23 Gb Paging File | 1.90 Gb Available in Paging File | 58.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 19.53 Gb Free Space | 28.40% Space Free | Partition Type: NTFS
Drive D: | 36.85 Gb Total Space | 36.76 Gb Free Space | 99.75% Space Free | Partition Type: NTFS
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.46 Gb Total Space | 6.02 Gb Free Space | 80.66% Space Free | Partition Type: FAT32

Computer Name: BG-PC | User Name: BG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/26 19:22:36 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\BG\Desktop\OTL.exe
PRC - [2012/09/26 04:18:00 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\BG\AppData\Local\temp\RtkBtMnt.exe
PRC - [2011/06/09 13:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
PRC - [2010/07/09 06:31:50 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2007/08/29 13:35:38 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007/07/24 14:21:26 | 000,450,560 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/07/03 13:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/06/28 23:16:58 | 000,707,080 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2007/06/28 21:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/06/13 19:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/06/13 14:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/06/12 21:50:30 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/06/12 21:50:28 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/06/11 18:00:36 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007/05/28 04:29:00 | 004,472,832 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/05/24 16:38:22 | 000,206,952 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
PRC - [2007/04/25 19:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/04/25 19:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007/04/23 12:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/04/01 09:02:38 | 000,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/14 16:23:18 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlcccoms.exe
PRC - [2007/02/09 09:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006/11/28 09:34:38 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/11/28 09:34:26 | 000,122,008 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2006/11/28 09:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/11/24 15:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/20 23:42:59 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011/06/20 23:40:47 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2011/06/20 23:40:39 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/06/20 23:40:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/06/20 23:40:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/06/20 23:38:32 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/06/20 23:37:55 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/06/20 23:37:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/06/20 23:35:51 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/06/20 23:35:24 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/08/29 13:35:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2007/08/29 13:34:34 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2007/07/24 13:39:40 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2007/06/28 21:50:56 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007/06/28 21:50:36 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007/06/28 21:50:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007/06/28 21:50:20 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007/06/13 19:56:36 | 000,249,856 | R--- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2007/06/11 18:00:00 | 000,106,496 | ---- | M] () -- C:\Acer\Empowering Technology\eAudio\eAudioUI.dll
MOD - [2007/05/24 12:53:32 | 000,679,936 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2007/04/25 19:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007/04/25 19:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2007/04/11 19:42:40 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2007/04/01 09:00:46 | 026,259,456 | ---- | M] () -- C:\Windows\System32\btwicons.dll
MOD - [2007/04/01 08:57:16 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/02/13 09:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Users\BG\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2012/09/22 07:02:28 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/21 06:58:26 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/06/09 13:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/03 13:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/06/28 21:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/06/13 19:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/06/13 14:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/06/12 21:50:30 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/04/25 19:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/04/23 12:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/02/14 16:23:18 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2006/11/28 09:34:26 | 000,122,008 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/11/28 09:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/11/28 09:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/11/24 15:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/11/22 20:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006/11/22 20:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/22 20:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/10/31 13:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\GriffFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/09/22 13:10:49 | 000,014,080 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2012/09/17 04:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120924.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/09/17 04:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120924.002\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/07 02:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/15 04:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/14 20:41:38 | 000,173,880 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2010/07/05 11:33:58 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/01/19 01:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007/09/13 15:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/06/20 16:51:28 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/06/12 13:38:26 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007/05/23 01:35:00 | 007,117,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/03/31 13:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/03/31 13:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/03/28 10:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007/03/23 10:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/23 10:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btport.sys -- (BTDriver)
DRV - [2007/03/23 10:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/09 17:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/07 21:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/22 19:17:06 | 000,274,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/22 19:17:06 | 000,247,144 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/11/22 19:17:06 | 000,025,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/11/02 19:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2006/10/26 15:01:34 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2006/10/26 15:01:34 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2006/10/06 17:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3071160137-4058747331-1607584797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3071160137-4058747331-1607584797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-3071160137-4058747331-1607584797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.acer.com/worldwide/selection.html
IE - HKU\S-1-5-21-3071160137-4058747331-1607584797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3071160137-4058747331-1607584797-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-3071160137-4058747331-1607584797-1000\..\SearchScopes,DefaultScope = {5AB23BA1-2826-4A05-A0F6-51B915EED182}
IE - HKU\S-1-5-21-3071160137-4058747331-1607584797-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3071160137-4058747331-1607584797-1000\..\SearchScopes\{5AB23BA1-2826-4A05-A0F6-51B915EED182}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-3071160137-4058747331-1607584797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3071160137-4058747331-1607584797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: keyscrambler@qfx.software.corporation:2.9.3.0
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.7.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/31 04:43:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/22 07:02:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/19 15:46:58 | 000,000,000 | ---D | M]

[2010/07/11 06:07:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BG\AppData\Roaming\Mozilla\Extensions
[2012/09/21 06:41:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profiles\4r29rzuw.default\extensions
[2010/07/31 09:12:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profiles\4r29rzuw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/09/21 06:41:03 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\BG\AppData\Roaming\Mozilla\Firefox\Profiles\4r29rzuw.default\extensions\keyscrambler@qfx.software.corporation
[2012/08/26 12:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/22 07:02:29 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/22 07:02:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/22 07:02:24 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml