PDA

View Full Version : Please help with Chinese ad at lower right corner



darbi101
2012-10-25, 13:56
Hello,

Please see logs I just ran below. Please note that prior to running these logs today I ran some other stuff on Oct 21 here:
http://forums.spybot.info/showthread.php?t=66939

Sorry for any complications caused. I appreciate your help very much!

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_33
Run by Caroline at 18:41:03 on 2012-10-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1028.18.3767.2178 [GMT 8:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5745g&r=27360311a516l0413z1m5v47i1348n
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5745g&r=27360311a516l0413z1m5v47i1348n
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5745g&r=27360311a516l0413z1m5v47i1348n
mSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: {776B71E2-B4CC-4C94-BC7C-09103AA690B6} - <orphaned>
BHO: Windows Live ID ??????: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google ????... - <no file>
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: ????? Bluetooth ??(&B)... - <no file>
IE: ????? Bluetooth ??(&B)... - <no file>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: C:\Windows\System32\ASProxy.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1A5A52B6-E385-48D0-97E7-D8B16808964F} : DHCPNameServer = 5.5.0.1
TCP: Interfaces\{55665180-9FA2-4524-AD96-AA2B44A2B501} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F624C962-EE0B-4142-8B3F-7A98B3646F48} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F624C962-EE0B-4142-8B3F-7A98B3646F48}\2656C6B696E6534376 : DHCPNameServer = 172.16.212.254
TCP: Interfaces\{F624C962-EE0B-4142-8B3F-7A98B3646F48}\3454942435D2149627 : DHCPNameServer = 172.16.0.14 172.16.0.11
TCP: Interfaces\{F624C962-EE0B-4142-8B3F-7A98B3646F48}\47B63336 : DHCPNameServer = 202.145.138.200 168.95.1.1
TCP: Interfaces\{F624C962-EE0B-4142-8B3F-7A98B3646F48}\5413230353 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5745g&r=27360311a516l0413z1m5v47i1348n
x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5745g&r=27360311a516l0413z1m5v47i1348n
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [ODDPwr] "C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe"
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\kfox4hvu.default\
FF - prefs.js: browser.startup.homepage - www.google.com (http://www.google.com)
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\kfox4hvu.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-4-2 27760]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-4-2 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-4-2 110032]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-4-2 98848]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-26 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-2-27 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-26 13336]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-29 255744]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-4-17 144640]
R2 ODDPwrSvc;Acer ODD Power Service;C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-7-26 171040]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-2-27 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-7-26 243232]
R3 asvpndrv;Astrill SSL VPN Adapter;C:\Windows\System32\drivers\asvpndrv.sys [2012-10-20 31744]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-2-27 342056]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-2-27 39464]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-26 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-26 158976]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-7-26 76400]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-6-17 154752]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250808]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-6-10 40448]
S3 ASOVPNHelper;Astrill OpenVPN Service;C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [2011-7-21 434928]
S3 ASProxy;ASProxy;C:\Program Files (x86)\Astrill\ASProxy.exe [2011-7-21 1897384]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-3-26 1038088]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-20 129976]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-4-17 50432]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .txt: Applications\iexplore.exe="C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-10-22 03:47:03 -------- d-----w- C:\ProgramData\boost_interprocess
2012-10-21 02:30:14 -------- d-----w- C:\Windows\pss
2012-10-20 04:47:45 -------- d-----w- C:\Users\Caroline\AppData\Local\Macromedia
2012-10-20 04:35:00 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-20 04:34:55 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-10-20 04:34:55 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-10-20 04:34:55 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-10-20 04:34:55 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-10-20 04:34:55 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-10-20 04:34:55 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-10-20 04:34:55 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-10-20 04:31:13 31744 ----a-w- C:\Windows\System32\drivers\asvpndrv.sys
.
==================== Find3M ====================
.
2012-10-18 06:18:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-18 06:18:35 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-18 06:18:31 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-08-27 12:40:28 462760 ----a-w- C:\Windows\System32\ASProxy64.dll
2012-08-27 12:40:26 350632 ----a-w- C:\Windows\SysWow64\ASProxy.dll
.
============= FINISH: 18:41:38.18 ===============

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-25 18:54:12
-----------------------------
18:54:12.535 OS Version: Windows x64 6.1.7600
18:54:12.535 Number of processors: 4 586 0x2505
18:54:12.535 ComputerName: CAROLINE-PC UserName: Caroline
18:54:14.797 Initialize success
18:54:59.367 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:54:59.367 Disk 0 Vendor: TOSHIBA_ GN00 Size: 715404MB BusType: 3
18:54:59.383 Disk 0 MBR read successfully
18:54:59.398 Disk 0 MBR scan
18:54:59.398 Disk 0 Windows 7 default MBR code
18:54:59.398 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
18:54:59.414 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
18:54:59.414 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 345600 MB offset 27469824
18:54:59.445 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 356390 MB offset 735258624
18:54:59.461 Disk 0 scanning C:\Windows\system32\drivers
18:55:05.857 Service scanning
18:55:33.625 Modules scanning
18:55:33.625 Disk 0 trace - called modules:
18:55:33.656 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:55:34.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005267060]
18:55:34.171 3 CLASSPNP.SYS[fffff88001acd43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fc9050]
18:55:34.171 Scan finished successfully
18:56:02.313 Disk 0 MBR has been saved successfully to "C:\Users\Caroline\Desktop\Malware\MBR.dat"
18:56:02.313 The log file has been saved successfully to "C:\Users\Caroline\Desktop\Malware\aswMBR.txt"

shelf life
2012-11-04, 16:53
hi darbi101,

We will get a download to use, its called combofix. Please read through the directions page then apply the directions on your own machine. Post the combofix log in your reply:

Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

darbi101
2012-11-05, 17:35
Please see combofix log below. Firefox stopped working after combofix, it says server not found, but IE is working. Thanks!


ComboFix 12-11-05.01 - Caroline 11/05/2012 23:18:48.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1028.18.3767.2414 [GMT 8:00]
Running from: c:\users\Caroline\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-05 to 2012-11-05 )))))))))))))))))))))))))))))))
.
.
2012-11-05 15:23 . 2012-11-05 15:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-25 10:53 . 2012-10-25 10:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-25 10:38 . 2012-10-25 10:38 -------- d-----w- c:\program files (x86)\ERUNT
2012-10-22 03:47 . 2012-11-01 13:48 -------- d-----w- c:\programdata\boost_interprocess
2012-10-20 04:47 . 2012-10-20 04:47 -------- d-----w- c:\users\Caroline\AppData\Local\Macromedia
2012-10-20 04:35 . 2012-10-20 04:35 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-20 04:34 . 2012-10-20 04:34 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-10-20 04:34 . 2012-10-20 04:34 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-10-20 04:34 . 2012-10-20 04:34 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-10-20 04:34 . 2012-10-20 04:34 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-10-20 04:34 . 2012-10-20 04:34 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-10-20 04:34 . 2012-10-20 04:34 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-10-20 04:34 . 2012-10-20 04:34 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-10-20 04:31 . 2012-02-29 14:46 31744 ----a-w- c:\windows\system32\drivers\asvpndrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-18 06:18 . 2012-04-02 04:57 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-18 06:18 . 2011-08-25 13:31 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-18 06:18 . 2012-04-02 05:40 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-09-24 07:32 . 2012-06-17 01:44 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 07:32 . 2011-05-30 06:34 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-27 12:40 . 2011-07-21 08:47 462760 ----a-w- c:\windows\system32\ASProxy64.dll
2012-08-27 12:40 . 2011-07-21 08:47 350632 ----a-w- c:\windows\SysWow64\ASProxy.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-10-18 348664]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
R1 ProtectorA;ProtectorA;syswow64\drivers\ProtectorA.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-02-03 2320920]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-10 40448]
R3 ASOVPNHelper;Astrill OpenVPN Service;c:\program files (x86)\Astrill\ASOvpnSvc.exe [2012-05-25 434928]
R3 ASProxy;ASProxy;c:\program files (x86)\Astrill\ASProxy.exe [2012-08-27 1897384]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-25 342056]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-25 39464]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-26 1038088]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows ??????;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-26 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-06-17 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 asvpndrv;Astrill SSL VPN Adapter;c:\windows\system32\DRIVERS\asvpndrv.sys [2012-02-29 31744]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) ?????;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-05-20 76400]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-06-22 2098792]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 413208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5745g&r=27360311a516l0413z1m5v47i1348n
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5745g&r=27360311a516l0413z1m5v47i1348n
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google ????... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: ????? Bluetooth ??(&B)... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ????? Bluetooth ??(&B)... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\kfox4hvu.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-25 18:53; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2744286438-2921205913-321846194-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-2744286438-2921205913-321846194-1001)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-2744286438-2921205913-321846194-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\wQjd|剉 *4*x*6* *:\鳾!q姁Fh]
"FormKeyword"=hex:48,50,5f,42,4f,52,44,45,52,4c,45,53,53,5f,50,48,4f,54,4f,5f,
34,5f,58,5f,36,5f,49,4e,5f,57,54,3a,48,50,00
"ResourceNameID"="@hpzstwn7.dll,3396"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Launch Manager\LMworker.exe
.
**************************************************************************
.
Completion time: 2012-11-05 23:28:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-05 15:28
.
Pre-Run: 293,636,284,416 bytes free
Post-Run: 293,695,229,952 bytes free
.
- - End Of File - - DB9865A7CD1BBE0011749CCFCF8E1A6C

shelf life
2012-11-06, 00:24
Firefox stopped working after combofix

did you have FF set up to use a proxy? (Astrill\ASProxy.exe)
Do you see ads in both FireFox and IE, or just one of them?

One more download to get. Its called Tdsskiller:

Download
TDSSkiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) to your desktop

Click the icon, then on Change Parameters. Check the option: Detect TDLFS file system, then click ok and Start Scan

Once the scan is done you will find a .txt file in your root drive Local Disk (C) labeled as: TDSSKILLER.2.8.13.0_15.10.2012_17.34.06_log.txt (version,date time)

Please copy/paste the log file in your reply.

darbi101
2012-11-09, 18:24
Please see the following for TDSSkiller log. I also attached images of an error that popped up when I started windows, and another image of an error when I started steam.

I do have astrill set up on my computer. While I use only FF as my browser, I don't know if IE has the same ad popping up because the ads don't always pop up in FF, only occassionally. Since my FF isn't working and I have been using IE for the past 5 min, no ads had popped up yet.



00:14:31.0228 0920 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:14:31.0228 0920 ============================================================
00:14:31.0228 0920 Current date / time: 2012/11/10 00:14:31.0228
00:14:31.0228 0920 SystemInfo:
00:14:31.0228 0920
00:14:31.0228 0920 OS Version: 6.1.7600 ServicePack: 0.0
00:14:31.0228 0920 Product type: Workstation
00:14:31.0228 0920 ComputerName: CAROLINE-PC
00:14:31.0228 0920 UserName: Caroline
00:14:31.0228 0920 Windows directory: C:\Windows
00:14:31.0228 0920 System windows directory: C:\Windows
00:14:31.0228 0920 Running under WOW64
00:14:31.0228 0920 Processor architecture: Intel x64
00:14:31.0228 0920 Number of processors: 4
00:14:31.0228 0920 Page size: 0x1000
00:14:31.0228 0920 Boot type: Normal boot
00:14:31.0228 0920 ============================================================
00:14:31.0821 0920 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:14:31.0821 0920 ============================================================
00:14:31.0821 0920 \Device\Harddisk0\DR0:
00:14:31.0821 0920 MBR partitions:
00:14:31.0821 0920 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
00:14:31.0821 0920 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x2A300000
00:14:31.0821 0920 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2BD32800, BlocksNum 0x2B813000
00:14:31.0821 0920 ============================================================
00:14:31.0837 0920 C: <-> \Device\Harddisk0\DR0\Partition2
00:14:31.0930 0920 D: <-> \Device\Harddisk0\DR0\Partition3
00:14:31.0946 0920 ============================================================
00:14:31.0946 0920 Initialize success
00:14:31.0946 0920 ============================================================
00:14:50.0993 5376 ============================================================
00:14:50.0993 5376 Scan started
00:14:50.0993 5376 Mode: Manual; TDLFS;
00:14:50.0993 5376 ============================================================
00:14:51.0212 5376 ================ Scan system memory ========================
00:14:51.0212 5376 System memory - ok
00:14:51.0212 5376 ================ Scan services =============================
00:14:51.0399 5376 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
00:14:51.0415 5376 1394ohci - ok
00:14:51.0430 5376 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
00:14:51.0446 5376 ACPI - ok
00:14:51.0461 5376 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
00:14:51.0477 5376 AcpiPmi - ok
00:14:51.0524 5376 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
00:14:51.0539 5376 adfs - ok
00:14:51.0695 5376 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:14:51.0695 5376 AdobeFlashPlayerUpdateSvc - ok
00:14:51.0742 5376 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:14:51.0758 5376 adp94xx - ok
00:14:51.0789 5376 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:14:51.0789 5376 adpahci - ok
00:14:51.0820 5376 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:14:51.0836 5376 adpu320 - ok
00:14:51.0867 5376 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:14:51.0867 5376 AeLookupSvc - ok
00:14:51.0914 5376 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
00:14:51.0929 5376 AFD - ok
00:14:51.0961 5376 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
00:14:51.0961 5376 agp440 - ok
00:14:51.0992 5376 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:14:51.0992 5376 ALG - ok
00:14:52.0023 5376 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
00:14:52.0039 5376 aliide - ok
00:14:52.0039 5376 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
00:14:52.0039 5376 amdide - ok
00:14:52.0085 5376 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:14:52.0085 5376 AmdK8 - ok
00:14:52.0101 5376 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:14:52.0117 5376 AmdPPM - ok
00:14:52.0163 5376 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:14:52.0163 5376 amdsata - ok
00:14:52.0179 5376 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:14:52.0195 5376 amdsbs - ok
00:14:52.0210 5376 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:14:52.0210 5376 amdxata - ok
00:14:52.0226 5376 [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
00:14:52.0241 5376 AmUStor - ok
00:14:52.0351 5376 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:14:52.0351 5376 AntiVirSchedulerService - ok
00:14:52.0397 5376 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:14:52.0397 5376 AntiVirService - ok
00:14:52.0444 5376 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
00:14:52.0444 5376 AppID - ok
00:14:52.0475 5376 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:14:52.0475 5376 AppIDSvc - ok
00:14:52.0491 5376 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
00:14:52.0507 5376 Appinfo - ok
00:14:52.0585 5376 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:14:52.0585 5376 Apple Mobile Device - ok
00:14:52.0631 5376 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:14:52.0631 5376 arc - ok
00:14:52.0647 5376 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:14:52.0663 5376 arcsas - ok
00:14:52.0725 5376 [ 54AB80D7F53E0C228A3F0FDB167DC83E ] ASOVPNHelper C:\Program Files (x86)\Astrill\ASOvpnSvc.exe
00:14:52.0741 5376 ASOVPNHelper - ok
00:14:52.0803 5376 [ B999348422E23247119D08B2E7DF6179 ] ASProxy C:\Program Files (x86)\Astrill\ASProxy.exe
00:14:52.0834 5376 ASProxy - ok
00:14:52.0881 5376 [ 28ACE90CB457888AB4C664E4B0AA950D ] asvpndrv C:\Windows\system32\DRIVERS\asvpndrv.sys
00:14:52.0881 5376 asvpndrv - ok
00:14:52.0912 5376 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:14:52.0912 5376 AsyncMac - ok
00:14:52.0959 5376 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
00:14:52.0959 5376 atapi - ok
00:14:53.0006 5376 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:14:53.0006 5376 AudioEndpointBuilder - ok
00:14:53.0006 5376 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:14:53.0021 5376 AudioSrv - ok
00:14:53.0068 5376 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
00:14:53.0084 5376 avgntflt - ok
00:14:53.0115 5376 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
00:14:53.0115 5376 avipbb - ok
00:14:53.0131 5376 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
00:14:53.0146 5376 avkmgr - ok
00:14:53.0177 5376 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:14:53.0177 5376 AxInstSV - ok
00:14:53.0224 5376 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:14:53.0240 5376 b06bdrv - ok
00:14:53.0255 5376 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:14:53.0271 5376 b57nd60a - ok
00:14:53.0365 5376 [ 2D659B569A76CDB83B815675A80D7096 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
00:14:53.0380 5376 BCM43XX - ok
00:14:53.0411 5376 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:14:53.0427 5376 BDESVC - ok
00:14:53.0458 5376 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:14:53.0458 5376 Beep - ok
00:14:53.0505 5376 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
00:14:53.0521 5376 BFE - ok
00:14:53.0567 5376 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
00:14:53.0567 5376 BITS - ok
00:14:53.0599 5376 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:14:53.0599 5376 blbdrive - ok
00:14:53.0661 5376 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
00:14:53.0661 5376 Bonjour Service - ok
00:14:53.0723 5376 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:14:53.0723 5376 bowser - ok
00:14:53.0755 5376 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:14:53.0755 5376 BrFiltLo - ok
00:14:53.0770 5376 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:14:53.0770 5376 BrFiltUp - ok
00:14:53.0817 5376 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
00:14:53.0817 5376 BridgeMP - ok
00:14:53.0848 5376 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
00:14:53.0864 5376 Browser - ok
00:14:53.0879 5376 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:14:53.0895 5376 Brserid - ok
00:14:53.0911 5376 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:14:53.0911 5376 BrSerWdm - ok
00:14:53.0926 5376 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:14:53.0926 5376 BrUsbMdm - ok
00:14:53.0926 5376 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:14:53.0926 5376 BrUsbSer - ok
00:14:53.0973 5376 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
00:14:53.0973 5376 BthEnum - ok
00:14:54.0004 5376 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:14:54.0004 5376 BTHMODEM - ok
00:14:54.0035 5376 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
00:14:54.0051 5376 BthPan - ok
00:14:54.0082 5376 [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
00:14:54.0098 5376 BTHPORT - ok
00:14:54.0129 5376 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:14:54.0129 5376 bthserv - ok
00:14:54.0176 5376 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
00:14:54.0176 5376 BTHUSB - ok
00:14:54.0223 5376 [ 73A1C54749FE4F0019241E36C796AB86 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
00:14:54.0223 5376 btwampfl - ok
00:14:54.0254 5376 [ 1872074ED0A3FB22E3F1E3197B984BFA ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
00:14:54.0254 5376 btwaudio - ok
00:14:54.0301 5376 [ 691CF076C33AB1C3A5B2FD5450300733 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
00:14:54.0301 5376 btwavdt - ok
00:14:54.0379 5376 [ 4E6AC6475EF653BDFFDA67A74B9591D8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
00:14:54.0379 5376 btwdins - ok
00:14:54.0410 5376 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
00:14:54.0410 5376 btwl2cap - ok
00:14:54.0441 5376 [ C9273B20DEC8CE38DBCE5D29DE63C907 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
00:14:54.0441 5376 btwrchid - ok
00:14:54.0472 5376 catchme - ok
00:14:54.0503 5376 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:14:54.0503 5376 cdfs - ok
00:14:54.0550 5376 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:14:54.0566 5376 cdrom - ok
00:14:54.0597 5376 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
00:14:54.0597 5376 CertPropSvc - ok
00:14:54.0613 5376 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:14:54.0628 5376 circlass - ok
00:14:54.0659 5376 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:14:54.0675 5376 CLFS - ok
00:14:54.0753 5376 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:14:54.0753 5376 clr_optimization_v2.0.50727_32 - ok
00:14:54.0800 5376 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:14:54.0800 5376 clr_optimization_v2.0.50727_64 - ok
00:14:54.0862 5376 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:14:54.0893 5376 clr_optimization_v4.0.30319_32 - ok
00:14:54.0925 5376 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:14:54.0925 5376 clr_optimization_v4.0.30319_64 - ok
00:14:54.0956 5376 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:14:54.0956 5376 CmBatt - ok
00:14:54.0971 5376 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
00:14:54.0971 5376 cmdide - ok
00:14:55.0018 5376 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
00:14:55.0034 5376 CNG - ok
00:14:55.0065 5376 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:14:55.0081 5376 Compbatt - ok
00:14:55.0112 5376 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
00:14:55.0112 5376 CompositeBus - ok
00:14:55.0127 5376 COMSysApp - ok
00:14:55.0143 5376 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:14:55.0143 5376 crcdisk - ok
00:14:55.0174 5376 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:14:55.0190 5376 CryptSvc - ok
00:14:55.0283 5376 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:14:55.0283 5376 cvhsvc - ok
00:14:55.0330 5376 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:14:55.0346 5376 DcomLaunch - ok
00:14:55.0377 5376 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:14:55.0393 5376 defragsvc - ok
00:14:55.0408 5376 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:14:55.0424 5376 DfsC - ok
00:14:55.0455 5376 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
00:14:55.0455 5376 Dhcp - ok
00:14:55.0486 5376 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:14:55.0502 5376 discache - ok
00:14:55.0533 5376 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:14:55.0533 5376 Disk - ok
00:14:55.0564 5376 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:14:55.0564 5376 Dnscache - ok
00:14:55.0580 5376 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
00:14:55.0595 5376 dot3svc - ok
00:14:55.0611 5376 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
00:14:55.0611 5376 DPS - ok
00:14:55.0642 5376 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:14:55.0642 5376 drmkaud - ok
00:14:55.0720 5376 [ 1FCA854CEDFC2CCD0C22E46EA4EA18F1 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
00:14:55.0720 5376 DsiWMIService - ok
00:14:55.0751 5376 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:14:55.0767 5376 DXGKrnl - ok
00:14:55.0798 5376 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:14:55.0798 5376 EapHost - ok
00:14:55.0876 5376 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:14:55.0907 5376 ebdrv - ok
00:14:55.0954 5376 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
00:14:55.0954 5376 EFS - ok
00:14:56.0017 5376 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:14:56.0032 5376 ehRecvr - ok
00:14:56.0063 5376 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:14:56.0063 5376 ehSched - ok
00:14:56.0110 5376 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
00:14:56.0110 5376 ElbyCDIO - ok
00:14:56.0157 5376 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:14:56.0173 5376 elxstor - ok
00:14:56.0235 5376 [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
00:14:56.0235 5376 ePowerSvc - ok
00:14:56.0251 5376 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
00:14:56.0266 5376 ErrDev - ok
00:14:56.0297 5376 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:14:56.0313 5376 EventSystem - ok
00:14:56.0344 5376 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:14:56.0344 5376 exfat - ok
00:14:56.0360 5376 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:14:56.0375 5376 fastfat - ok
00:14:56.0422 5376 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
00:14:56.0422 5376 Fax - ok
00:14:56.0469 5376 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:14:56.0469 5376 fdc - ok
00:14:56.0485 5376 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:14:56.0485 5376 fdPHost - ok
00:14:56.0500 5376 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:14:56.0500 5376 FDResPub - ok
00:14:56.0531 5376 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:14:56.0531 5376 FileInfo - ok
00:14:56.0547 5376 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:14:56.0563 5376 Filetrace - ok
00:14:56.0609 5376 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
00:14:56.0625 5376 FLEXnet Licensing Service 64 - ok
00:14:56.0672 5376 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:14:56.0672 5376 flpydisk - ok
00:14:56.0687 5376 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:14:56.0687 5376 FltMgr - ok
00:14:56.0734 5376 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
00:14:56.0734 5376 FontCache - ok
00:14:56.0781 5376 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:14:56.0797 5376 FontCache3.0.0.0 - ok
00:14:56.0812 5376 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:14:56.0828 5376 FsDepends - ok
00:14:56.0828 5376 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:14:56.0843 5376 Fs_Rec - ok
00:14:56.0875 5376 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:14:56.0890 5376 fvevol - ok
00:14:56.0921 5376 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:14:56.0921 5376 gagp30kx - ok
00:14:56.0953 5376 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:14:56.0953 5376 GEARAspiWDM - ok
00:14:56.0984 5376 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
00:14:56.0999 5376 gpsvc - ok
00:14:57.0062 5376 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
00:14:57.0062 5376 GREGService - ok
00:14:57.0093 5376 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:14:57.0093 5376 hcw85cir - ok
00:14:57.0140 5376 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:14:57.0140 5376 HdAudAddService - ok
00:14:57.0171 5376 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:14:57.0171 5376 HDAudBus - ok
00:14:57.0202 5376 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
00:14:57.0218 5376 HECIx64 - ok
00:14:57.0233 5376 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:14:57.0233 5376 HidBatt - ok
00:14:57.0249 5376 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:14:57.0249 5376 HidBth - ok
00:14:57.0280 5376 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:14:57.0280 5376 HidIr - ok
00:14:57.0311 5376 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
00:14:57.0311 5376 hidserv - ok
00:14:57.0358 5376 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:14:57.0358 5376 HidUsb - ok
00:14:57.0374 5376 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:14:57.0374 5376 hkmsvc - ok
00:14:57.0389 5376 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:14:57.0405 5376 HomeGroupListener - ok
00:14:57.0421 5376 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:14:57.0436 5376 HomeGroupProvider - ok
00:14:57.0483 5376 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
00:14:57.0483 5376 HpSAMD - ok
00:14:57.0514 5376 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:14:57.0530 5376 HTTP - ok
00:14:57.0545 5376 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:14:57.0545 5376 hwpolicy - ok
00:14:57.0577 5376 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:14:57.0592 5376 i8042prt - ok
00:14:57.0623 5376 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
00:14:57.0623 5376 iaStor - ok
00:14:57.0670 5376 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
00:14:57.0670 5376 IAStorDataMgrSvc - ok
00:14:57.0701 5376 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:14:57.0717 5376 iaStorV - ok
00:14:57.0764 5376 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:14:57.0795 5376 idsvc - ok
00:14:57.0967 5376 [ 2A22AB054F4630D2EF4BAB2853F6D5F6 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
00:14:58.0138 5376 igfx - ok
00:14:58.0185 5376 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:14:58.0201 5376 iirsp - ok
00:14:58.0232 5376 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
00:14:58.0232 5376 IKEEXT - ok
00:14:58.0263 5376 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
00:14:58.0279 5376 Impcd - ok
00:14:58.0341 5376 [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:14:58.0357 5376 IntcAzAudAddService - ok
00:14:58.0388 5376 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
00:14:58.0403 5376 IntcDAud - ok
00:14:58.0419 5376 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
00:14:58.0435 5376 intelide - ok
00:14:58.0450 5376 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:14:58.0450 5376 intelppm - ok
00:14:58.0481 5376 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:14:58.0481 5376 IPBusEnum - ok
00:14:58.0497 5376 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:14:58.0513 5376 IpFilterDriver - ok
00:14:58.0528 5376 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:14:58.0544 5376 iphlpsvc - ok
00:14:58.0544 5376 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:14:58.0544 5376 IPMIDRV - ok
00:14:58.0559 5376 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:14:58.0559 5376 IPNAT - ok
00:14:58.0606 5376 [ D38469601B72D2DA4F847FC642174E21 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:14:58.0622 5376 iPod Service - ok
00:14:58.0653 5376 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:14:58.0653 5376 IRENUM - ok
00:14:58.0684 5376 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
00:14:58.0684 5376 isapnp - ok
00:14:58.0700 5376 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
00:14:58.0715 5376 iScsiPrt - ok
00:14:58.0731 5376 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:14:58.0747 5376 kbdclass - ok
00:14:58.0778 5376 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:14:58.0778 5376 kbdhid - ok
00:14:58.0809 5376 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
00:14:58.0809 5376 KeyIso - ok
00:14:58.0809 5376 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:14:58.0825 5376 KSecDD - ok
00:14:58.0856 5376 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:14:58.0856 5376 KSecPkg - ok
00:14:58.0871 5376 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:14:58.0871 5376 ksthunk - ok
00:14:58.0903 5376 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:14:58.0918 5376 KtmRm - ok
00:14:58.0965 5376 [ 0EB28A5F9BD82F0357A77FF11722763F ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
00:14:58.0965 5376 L1C - ok
00:14:58.0996 5376 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
00:14:59.0012 5376 LanmanServer - ok
00:14:59.0043 5376 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:14:59.0043 5376 LanmanWorkstation - ok
00:14:59.0090 5376 [ 1074C77A47835E03C15BF92452F9A750 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:14:59.0090 5376 LHidFilt - ok
00:14:59.0137 5376 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:14:59.0137 5376 lltdio - ok
00:14:59.0183 5376 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:14:59.0183 5376 lltdsvc - ok
00:14:59.0215 5376 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:14:59.0215 5376 lmhosts - ok
00:14:59.0246 5376 [ 96999C364C649E2866A268F7420A304A ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:14:59.0246 5376 LMouFilt - ok
00:14:59.0308 5376 [ 85C7497997BA8B7C1728B12199616747 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
00:14:59.0308 5376 LMS - ok
00:14:59.0339 5376 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:14:59.0339 5376 LSI_FC - ok
00:14:59.0355 5376 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:14:59.0355 5376 LSI_SAS - ok
00:14:59.0371 5376 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:14:59.0371 5376 LSI_SAS2 - ok
00:14:59.0386 5376 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:14:59.0402 5376 LSI_SCSI - ok
00:14:59.0433 5376 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:14:59.0433 5376 luafv - ok
00:14:59.0449 5376 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:14:59.0464 5376 Mcx2Svc - ok
00:14:59.0480 5376 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:14:59.0495 5376 megasas - ok

darbi101
2012-11-09, 18:24
00:14:59.0511 5376 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:14:59.0511 5376 MegaSR - ok
00:14:59.0542 5376 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:14:59.0542 5376 MMCSS - ok
00:14:59.0542 5376 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:14:59.0558 5376 Modem - ok
00:14:59.0573 5376 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:14:59.0573 5376 monitor - ok
00:14:59.0605 5376 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:14:59.0605 5376 mouclass - ok
00:14:59.0620 5376 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:14:59.0620 5376 mouhid - ok
00:14:59.0667 5376 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:14:59.0667 5376 mountmgr - ok
00:14:59.0729 5376 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:14:59.0729 5376 MozillaMaintenance - ok
00:14:59.0745 5376 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
00:14:59.0761 5376 mpio - ok
00:14:59.0776 5376 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:14:59.0776 5376 mpsdrv - ok
00:14:59.0823 5376 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:14:59.0839 5376 MpsSvc - ok
00:14:59.0839 5376 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:14:59.0854 5376 MRxDAV - ok
00:14:59.0885 5376 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:14:59.0885 5376 mrxsmb - ok
00:14:59.0917 5376 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:14:59.0917 5376 mrxsmb10 - ok
00:14:59.0948 5376 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:14:59.0948 5376 mrxsmb20 - ok
00:14:59.0963 5376 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
00:14:59.0979 5376 msahci - ok
00:14:59.0995 5376 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
00:14:59.0995 5376 msdsm - ok
00:15:00.0010 5376 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:15:00.0026 5376 MSDTC - ok
00:15:00.0041 5376 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:15:00.0041 5376 Msfs - ok
00:15:00.0073 5376 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:15:00.0073 5376 mshidkmdf - ok
00:15:00.0088 5376 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
00:15:00.0088 5376 msisadrv - ok
00:15:00.0119 5376 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:15:00.0119 5376 MSiSCSI - ok
00:15:00.0135 5376 msiserver - ok
00:15:00.0166 5376 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:15:00.0166 5376 MSKSSRV - ok
00:15:00.0182 5376 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:15:00.0182 5376 MSPCLOCK - ok
00:15:00.0197 5376 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:15:00.0197 5376 MSPQM - ok
00:15:00.0229 5376 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:15:00.0229 5376 MsRPC - ok
00:15:00.0260 5376 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:15:00.0260 5376 mssmbios - ok
00:15:00.0275 5376 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:15:00.0275 5376 MSTEE - ok
00:15:00.0307 5376 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:15:00.0307 5376 MTConfig - ok
00:15:00.0322 5376 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:15:00.0322 5376 Mup - ok
00:15:00.0353 5376 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
00:15:00.0353 5376 mwlPSDFilter - ok
00:15:00.0353 5376 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
00:15:00.0369 5376 mwlPSDNServ - ok
00:15:00.0369 5376 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
00:15:00.0385 5376 mwlPSDVDisk - ok
00:15:00.0431 5376 [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
00:15:00.0431 5376 MWLService - ok
00:15:00.0463 5376 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
00:15:00.0463 5376 napagent - ok
00:15:00.0494 5376 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:15:00.0509 5376 NativeWifiP - ok
00:15:00.0541 5376 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
00:15:00.0541 5376 NDIS - ok
00:15:00.0556 5376 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:15:00.0556 5376 NdisCap - ok
00:15:00.0572 5376 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:15:00.0587 5376 NdisTapi - ok
00:15:00.0619 5376 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:15:00.0619 5376 Ndisuio - ok
00:15:00.0634 5376 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:15:00.0650 5376 NdisWan - ok
00:15:00.0650 5376 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:15:00.0665 5376 NDProxy - ok
00:15:00.0712 5376 [ 2C723E42FC8D7B0209492828F921FB50 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
00:15:00.0712 5376 Net Driver HPZ12 - ok
00:15:00.0743 5376 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:15:00.0743 5376 NetBIOS - ok
00:15:00.0775 5376 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:15:00.0775 5376 NetBT - ok
00:15:00.0806 5376 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
00:15:00.0806 5376 Netlogon - ok
00:15:00.0853 5376 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:15:00.0853 5376 Netman - ok
00:15:00.0884 5376 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:15:00.0884 5376 netprofm - ok
00:15:00.0915 5376 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:15:00.0915 5376 NetTcpPortSharing - ok
00:15:00.0946 5376 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:15:00.0962 5376 nfrd960 - ok
00:15:00.0993 5376 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:15:00.0993 5376 NlaSvc - ok
00:15:01.0087 5376 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
00:15:01.0102 5376 NOBU - ok
00:15:01.0118 5376 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:15:01.0133 5376 Npfs - ok
00:15:01.0149 5376 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:15:01.0149 5376 nsi - ok
00:15:01.0180 5376 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:15:01.0180 5376 nsiproxy - ok
00:15:01.0243 5376 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:15:01.0258 5376 Ntfs - ok
00:15:01.0305 5376 [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
00:15:01.0321 5376 NTI IScheduleSvc - ok
00:15:01.0352 5376 [ 28C59F594044CBF8598B18C927097091 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
00:15:01.0367 5376 NTIBackupSvc - ok
00:15:01.0399 5376 [ 710263B44C1D1AEE07525A53401FBE48 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
00:15:01.0399 5376 NTIDrvr - ok
00:15:01.0414 5376 [ B8D903B2894FF9AFBD99CA51C35590D7 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
00:15:01.0445 5376 NTISchedulerSvc - ok
00:15:01.0461 5376 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:15:01.0461 5376 Null - ok
00:15:01.0492 5376 nvlddmkm - ok
00:15:01.0492 5376 nvpciflt - ok
00:15:01.0523 5376 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:15:01.0523 5376 nvraid - ok
00:15:01.0555 5376 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:15:01.0555 5376 nvstor - ok
00:15:01.0570 5376 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
00:15:01.0586 5376 nv_agp - ok
00:15:01.0664 5376 [ BA7DAC1B8A86D9402C3E04E1FCAA600D ] ODDPwrSvc C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
00:15:01.0664 5376 ODDPwrSvc - ok
00:15:01.0679 5376 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
00:15:01.0695 5376 ohci1394 - ok
00:15:01.0726 5376 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:15:01.0742 5376 ose - ok
00:15:01.0898 5376 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:15:02.0069 5376 osppsvc - ok
00:15:02.0101 5376 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:15:02.0101 5376 p2pimsvc - ok
00:15:02.0116 5376 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:15:02.0132 5376 p2psvc - ok
00:15:02.0163 5376 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:15:02.0163 5376 Parport - ok
00:15:02.0179 5376 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:15:02.0179 5376 partmgr - ok
00:15:02.0210 5376 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:15:02.0210 5376 PcaSvc - ok
00:15:02.0225 5376 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
00:15:02.0241 5376 pci - ok
00:15:02.0257 5376 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
00:15:02.0257 5376 pciide - ok
00:15:02.0288 5376 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:15:02.0303 5376 pcmcia - ok
00:15:02.0319 5376 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:15:02.0319 5376 pcw - ok
00:15:02.0335 5376 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:15:02.0350 5376 PEAUTH - ok
00:15:02.0413 5376 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:15:02.0413 5376 PerfHost - ok
00:15:02.0459 5376 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
00:15:02.0491 5376 pla - ok
00:15:02.0537 5376 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:15:02.0537 5376 PlugPlay - ok
00:15:02.0584 5376 [ 171E6D91A20AAC8D02172A64E82CE90B ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
00:15:02.0584 5376 Pml Driver HPZ12 - ok
00:15:02.0600 5376 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:15:02.0615 5376 PNRPAutoReg - ok
00:15:02.0631 5376 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:15:02.0631 5376 PNRPsvc - ok
00:15:02.0662 5376 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:15:02.0678 5376 PolicyAgent - ok
00:15:02.0709 5376 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:15:02.0709 5376 Power - ok
00:15:02.0740 5376 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:15:02.0740 5376 PptpMiniport - ok
00:15:02.0756 5376 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:15:02.0756 5376 Processor - ok
00:15:02.0787 5376 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
00:15:02.0787 5376 ProfSvc - ok
00:15:02.0803 5376 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:15:02.0803 5376 ProtectedStorage - ok
00:15:02.0881 5376 [ F4DD1A2904FC616E2CC603B4DBCD1B29 ] ProtectorA C:\Windows\syswow64\drivers\ProtectorA.sys
00:15:02.0881 5376 ProtectorA - ok
00:15:02.0912 5376 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:15:02.0912 5376 Psched - ok
00:15:02.0959 5376 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:15:02.0974 5376 ql2300 - ok
00:15:02.0990 5376 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:15:03.0005 5376 ql40xx - ok
00:15:03.0037 5376 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:15:03.0037 5376 QWAVE - ok
00:15:03.0052 5376 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:15:03.0052 5376 QWAVEdrv - ok
00:15:03.0083 5376 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:15:03.0083 5376 RasAcd - ok
00:15:03.0115 5376 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:15:03.0130 5376 RasAgileVpn - ok
00:15:03.0161 5376 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:15:03.0161 5376 RasAuto - ok
00:15:03.0177 5376 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:15:03.0193 5376 Rasl2tp - ok
00:15:03.0208 5376 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
00:15:03.0208 5376 RasMan - ok
00:15:03.0239 5376 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:15:03.0239 5376 RasPppoe - ok
00:15:03.0271 5376 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:15:03.0271 5376 RasSstp - ok
00:15:03.0286 5376 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:15:03.0302 5376 rdbss - ok
00:15:03.0317 5376 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:15:03.0317 5376 rdpbus - ok
00:15:03.0349 5376 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:15:03.0349 5376 RDPCDD - ok
00:15:03.0364 5376 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:15:03.0364 5376 RDPENCDD - ok
00:15:03.0364 5376 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:15:03.0364 5376 RDPREFMP - ok
00:15:03.0411 5376 [ 074AC702D8B8B660B0E1371555995386 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:15:03.0411 5376 RDPWD - ok
00:15:03.0458 5376 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:15:03.0458 5376 rdyboost - ok
00:15:03.0489 5376 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:15:03.0505 5376 RemoteAccess - ok
00:15:03.0520 5376 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:15:03.0536 5376 RemoteRegistry - ok
00:15:03.0551 5376 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
00:15:03.0567 5376 RFCOMM - ok
00:15:03.0567 5376 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:15:03.0583 5376 RpcEptMapper - ok
00:15:03.0598 5376 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:15:03.0598 5376 RpcLocator - ok
00:15:03.0629 5376 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\System32\rpcss.dll
00:15:03.0629 5376 RpcSs - ok
00:15:03.0661 5376 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:15:03.0661 5376 rspndr - ok
00:15:03.0676 5376 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
00:15:03.0676 5376 SamSs - ok
00:15:03.0754 5376 [ E6C0EA194B4A98F6645502A52359E0AC ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
00:15:03.0754 5376 SbieDrv - ok
00:15:03.0770 5376 [ B435855D3A6B221574000792B615B8EA ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
00:15:03.0770 5376 SbieSvc - ok
00:15:03.0801 5376 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
00:15:03.0817 5376 sbp2port - ok
00:15:03.0848 5376 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:15:03.0863 5376 SCardSvr - ok
00:15:03.0863 5376 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:15:03.0879 5376 scfilter - ok
00:15:03.0910 5376 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
00:15:03.0926 5376 Schedule - ok
00:15:03.0957 5376 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:15:03.0957 5376 SCPolicySvc - ok
00:15:03.0973 5376 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:15:03.0988 5376 SDRSVC - ok
00:15:04.0004 5376 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:15:04.0004 5376 secdrv - ok
00:15:04.0019 5376 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
00:15:04.0035 5376 seclogon - ok
00:15:04.0051 5376 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
00:15:04.0051 5376 SENS - ok
00:15:04.0082 5376 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:15:04.0097 5376 SensrSvc - ok
00:15:04.0129 5376 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:15:04.0144 5376 Serenum - ok
00:15:04.0160 5376 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:15:04.0175 5376 Serial - ok
00:15:04.0191 5376 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:15:04.0191 5376 sermouse - ok
00:15:04.0238 5376 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
00:15:04.0238 5376 SessionEnv - ok
00:15:04.0253 5376 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
00:15:04.0253 5376 sffdisk - ok
00:15:04.0285 5376 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:15:04.0285 5376 sffp_mmc - ok
00:15:04.0300 5376 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
00:15:04.0300 5376 sffp_sd - ok
00:15:04.0331 5376 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:15:04.0331 5376 sfloppy - ok
00:15:04.0378 5376 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
00:15:04.0394 5376 Sftfs - ok
00:15:04.0441 5376 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
00:15:04.0456 5376 sftlist - ok
00:15:04.0487 5376 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
00:15:04.0487 5376 Sftplay - ok
00:15:04.0503 5376 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
00:15:04.0503 5376 Sftredir - ok
00:15:04.0534 5376 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
00:15:04.0534 5376 Sftvol - ok
00:15:04.0550 5376 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
00:15:04.0550 5376 sftvsa - ok
00:15:04.0597 5376 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:15:04.0612 5376 SharedAccess - ok
00:15:04.0643 5376 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:15:04.0659 5376 ShellHWDetection - ok
00:15:04.0675 5376 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:15:04.0690 5376 SiSRaid2 - ok
00:15:04.0721 5376 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:15:04.0721 5376 SiSRaid4 - ok
00:15:04.0737 5376 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:15:04.0753 5376 Smb - ok
00:15:04.0784 5376 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:15:04.0784 5376 SNMPTRAP - ok
00:15:04.0799 5376 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:15:04.0815 5376 spldr - ok
00:15:04.0846 5376 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
00:15:04.0862 5376 Spooler - ok
00:15:04.0924 5376 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
00:15:04.0955 5376 sppsvc - ok
00:15:04.0987 5376 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:15:04.0987 5376 sppuinotify - ok
00:15:05.0018 5376 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
00:15:05.0033 5376 srv - ok
00:15:05.0049 5376 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:15:05.0065 5376 srv2 - ok
00:15:05.0080 5376 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:15:05.0080 5376 srvnet - ok
00:15:05.0127 5376 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:15:05.0127 5376 SSDPSRV - ok
00:15:05.0143 5376 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:15:05.0143 5376 SstpSvc - ok
00:15:05.0174 5376 Steam Client Service - ok
00:15:05.0189 5376 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:15:05.0205 5376 stexstor - ok
00:15:05.0221 5376 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
00:15:05.0236 5376 stisvc - ok
00:15:05.0252 5376 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:15:05.0252 5376 swenum - ok
00:15:05.0283 5376 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:15:05.0299 5376 swprv - ok
00:15:05.0345 5376 [ 868DFB220A18312A12CEF01BA9AC069B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
00:15:05.0345 5376 SynTP - ok
00:15:05.0377 5376 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
00:15:05.0392 5376 SysMain - ok
00:15:05.0423 5376 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:15:05.0423 5376 TabletInputService - ok
00:15:05.0470 5376 [ 3B73C849B41FB20D77B0E553214061A5 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
00:15:05.0470 5376 tap0901 - ok
00:15:05.0486 5376 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
00:15:05.0486 5376 TapiSrv - ok
00:15:05.0501 5376 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:15:05.0501 5376 TBS - ok
00:15:05.0548 5376 [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:15:05.0579 5376 Tcpip - ok
00:15:05.0626 5376 [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:15:05.0626 5376 TCPIP6 - ok
00:15:05.0642 5376 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:15:05.0642 5376 tcpipreg - ok
00:15:05.0657 5376 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:15:05.0673 5376 TDPIPE - ok
00:15:05.0689 5376 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:15:05.0689 5376 TDTCP - ok
00:15:05.0720 5376 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:15:05.0720 5376 tdx - ok
00:15:05.0735 5376 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:15:05.0735 5376 TermDD - ok
00:15:05.0767 5376 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
00:15:05.0782 5376 TermService - ok
00:15:05.0813 5376 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:15:05.0813 5376 Themes - ok
00:15:05.0845 5376 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:15:05.0845 5376 THREADORDER - ok
00:15:05.0876 5376 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:15:05.0876 5376 TrkWks - ok
00:15:05.0923 5376 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:15:05.0923 5376 TrustedInstaller - ok
00:15:05.0954 5376 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:15:05.0954 5376 tssecsrv - ok
00:15:06.0001 5376 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:15:06.0001 5376 tunnel - ok
00:15:06.0047 5376 [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
00:15:06.0047 5376 TurboB - ok
00:15:06.0110 5376 [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
00:15:06.0110 5376 TurboBoost - ok
00:15:06.0125 5376 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:15:06.0125 5376 uagp35 - ok
00:15:06.0157 5376 [ 40079B0B801C5432BA435B5AD61CE6E3 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
00:15:06.0157 5376 UBHelper - ok
00:15:06.0188 5376 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:15:06.0203 5376 udfs - ok
00:15:06.0219 5376 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:15:06.0219 5376 UI0Detect - ok
00:15:06.0250 5376 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
00:15:06.0250 5376 uliagpkx - ok
00:15:06.0281 5376 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:15:06.0281 5376 umbus - ok
00:15:06.0297 5376 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:15:06.0297 5376 UmPass - ok
00:15:06.0437 5376 [ 4735B3050C0D6F9DC571451298C54FA0 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
00:15:06.0453 5376 UNS - ok
00:15:06.0500 5376 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
00:15:06.0500 5376 Updater Service - ok
00:15:06.0531 5376 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:15:06.0531 5376 upnphost - ok
00:15:06.0562 5376 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
00:15:06.0562 5376 USBAAPL64 - ok
00:15:06.0593 5376 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:15:06.0593 5376 usbccgp - ok
00:15:06.0640 5376 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
00:15:06.0640 5376 usbcir - ok
00:15:06.0656 5376 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
00:15:06.0671 5376 usbehci - ok
00:15:06.0687 5376 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:15:06.0703 5376 usbhub - ok
00:15:06.0718 5376 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:15:06.0718 5376 usbohci - ok
00:15:06.0765 5376 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:15:06.0765 5376 usbprint - ok
00:15:06.0781 5376 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:15:06.0781 5376 usbscan - ok
00:15:06.0796 5376 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:15:06.0812 5376 USBSTOR - ok
00:15:06.0827 5376 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
00:15:06.0843 5376 usbuhci - ok
00:15:06.0890 5376 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
00:15:06.0890 5376 usbvideo - ok
00:15:06.0921 5376 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:15:06.0921 5376 UxSms - ok
00:15:06.0937 5376 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
00:15:06.0937 5376 VaultSvc - ok
00:15:06.0952 5376 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
00:15:06.0952 5376 VClone - ok
00:15:06.0983 5376 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
00:15:06.0983 5376 vdrvroot - ok
00:15:07.0015 5376 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
00:15:07.0015 5376 vds - ok
00:15:07.0030 5376 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:15:07.0030 5376 vga - ok
00:15:07.0046 5376 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:15:07.0046 5376 VgaSave - ok
00:15:07.0077 5376 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
00:15:07.0077 5376 vhdmp - ok
00:15:07.0093 5376 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
00:15:07.0108 5376 viaide - ok
00:15:07.0124 5376 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
00:15:07.0139 5376 volmgr - ok
00:15:07.0155 5376 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:15:07.0171 5376 volmgrx - ok
00:15:07.0171 5376 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
00:15:07.0186 5376 volsnap - ok
00:15:07.0202 5376 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:15:07.0217 5376 vsmraid - ok
00:15:07.0249 5376 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
00:15:07.0264 5376 VSS - ok
00:15:07.0295 5376 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
00:15:07.0295 5376 vwifibus - ok
00:15:07.0311 5376 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
00:15:07.0311 5376 vwififlt - ok
00:15:07.0327 5376 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
00:15:07.0327 5376 vwifimp - ok
00:15:07.0342 5376 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:15:07.0358 5376 W32Time - ok
00:15:07.0373 5376 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:15:07.0389 5376 WacomPen - ok
00:15:07.0405 5376 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:15:07.0420 5376 WANARP - ok
00:15:07.0420 5376 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:15:07.0420 5376 Wanarpv6 - ok
00:15:07.0467 5376 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:15:07.0498 5376 WatAdminSvc - ok
00:15:07.0529 5376 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
00:15:07.0545 5376 wbengine - ok
00:15:07.0561 5376 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:15:07.0576 5376 WbioSrvc - ok
00:15:07.0607 5376 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:15:07.0623 5376 wcncsvc - ok
00:15:07.0639 5376 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:15:07.0639 5376 WcsPlugInService - ok
00:15:07.0670 5376 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:15:07.0670 5376 Wd - ok
00:15:07.0685 5376 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:15:07.0701 5376 Wdf01000 - ok
00:15:07.0732 5376 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:15:07.0732 5376 WdiServiceHost - ok
00:15:07.0732 5376 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:15:07.0732 5376 WdiSystemHost - ok
00:15:07.0763 5376 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
00:15:07.0779 5376 WebClient - ok
00:15:07.0810 5376 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:15:07.0810 5376 Wecsvc - ok
00:15:07.0826 5376 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:15:07.0841 5376 wercplsupport - ok
00:15:07.0873 5376 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:15:07.0873 5376 WerSvc - ok
00:15:07.0904 5376 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:15:07.0904 5376 WfpLwf - ok
00:15:07.0935 5376 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:15:07.0935 5376 WIMMount - ok
00:15:07.0966 5376 WinDefend - ok
00:15:07.0966 5376 WinHttpAutoProxySvc - ok
00:15:08.0013 5376 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:15:08.0013 5376 Winmgmt - ok
00:15:08.0060 5376 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
00:15:08.0091 5376 WinRM - ok
00:15:08.0138 5376 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:15:08.0138 5376 Wlansvc - ok
00:15:08.0231 5376 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:15:08.0247 5376 wlidsvc - ok
00:15:08.0278 5376 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
00:15:08.0278 5376 WmiAcpi - ok
00:15:08.0294 5376 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:15:08.0309 5376 wmiApSrv - ok
00:15:08.0325 5376 WMPNetworkSvc - ok
00:15:08.0341 5376 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:15:08.0356 5376 WPCSvc - ok
00:15:08.0372 5376 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:15:08.0387 5376 WPDBusEnum - ok
00:15:08.0403 5376 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:15:08.0403 5376 ws2ifsl - ok
00:15:08.0434 5376 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
00:15:08.0434 5376 wscsvc - ok
00:15:08.0450 5376 WSearch - ok
00:15:08.0497 5376 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll
00:15:08.0512 5376 wuauserv - ok
00:15:08.0528 5376 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:15:08.0528 5376 WudfPf - ok
00:15:08.0559 5376 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:15:08.0575 5376 WUDFRd - ok
00:15:08.0606 5376 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:15:08.0606 5376 wudfsvc - ok
00:15:08.0621 5376 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:15:08.0637 5376 WwanSvc - ok
00:15:08.0653 5376 ================ Scan global ===============================
00:15:08.0668 5376 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:15:08.0699 5376 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
00:15:08.0699 5376 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
00:15:08.0715 5376 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:15:08.0746 5376 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:15:08.0746 5376 [Global] - ok
00:15:08.0762 5376 ================ Scan MBR ==================================
00:15:08.0777 5376 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:15:09.0760 5376 \Device\Harddisk0\DR0 - ok
00:15:09.0760 5376 ================ Scan VBR ==================================
00:15:09.0791 5376 [ DE888190F4BCC567777A1722CFF12B37 ] \Device\Harddisk0\DR0\Partition1
00:15:09.0791 5376 \Device\Harddisk0\DR0\Partition1 - ok
00:15:09.0791 5376 [ 058B7BE8E4105C66AAD4C0B28FF6FD96 ] \Device\Harddisk0\DR0\Partition2
00:15:09.0807 5376 \Device\Harddisk0\DR0\Partition2 - ok
00:15:09.0901 5376 [ 707411B8EDEFDCA9CDF8085DC8E535CD ] \Device\Harddisk0\DR0\Partition3
00:15:09.0901 5376 \Device\Harddisk0\DR0\Partition3 - ok
00:15:09.0901 5376 ============================================================
00:15:09.0901 5376 Scan finished
00:15:09.0901 5376 ============================================================
00:15:09.0901 5148 Detected object count: 0
00:15:09.0901 5148 Actual detected object count: 0
00:16:41.0735 0236 Deinitialize success

shelf life
2012-11-10, 23:18
Those screen shots you posted just look like software errors. One obviously related to the Steam application. Do you get the errors a lot of time?

The reason i asked about the proxy is because combofix may have removed the proxy setting in Firefox that Asproxy set up when you installed it. If you reinstall the software or make any changes manually then Firefox will work again if its related to the proxy. We could also restore the changes combofix made.
The tdsskiller log looks ok. We will get another download which you can keep and use as a antimalware app. Its called Malwarebytes:

Please download the free version of Malwarebytes (http://www.malwarebytes.org/products/malwarebytes_free/) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
NOTE: The free version must be updated manually.

darbi101
2012-11-11, 15:08
I have never seen those errors before. I have uninstalled and reinstalled Firefox but it still does not work. I also realized that my antivirus (Avira) would not update, it feels like all my softwares can't update at the moment. Astrill also would not launch.

I downloaded the Malwarebytes software, but the software failed to update. I attached an image of the error when I tried to update. The version I have now is v2012.09.29.05. I ran the scan anyway, please see below.

Thanks for the help.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.09.29.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Caroline :: CAROLINE-PC [administrator]

11/11/2012 8:12:42 PM
mbam-log-2012-11-11 (20-12-42).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 343568
Time elapsed: 52 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

shelf life
2012-11-11, 23:33
We will get two more downloads to use:

Please download aswmbr.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.

Right click the icon and run as admin
For the question: Would you like to download latest Avast! virus definitions?" Click YES to download the additional files, next
Click the "Scan" button to start scan.
Once the scan is done click the"Save log", save it to your desktop and post it in your next reply.

If the additional files don't download just go to the scan step.

Download minitoolbox (http://www.bleepingcomputer.com/download/minitoolbox/dl/65/) to your desktop. Right click and run as admin


Check the following boxes:

Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs

Click Go and post the result. Will create a text file on your desktop

darbi101
2012-11-12, 12:50
aswMBR did not update.

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-12 18:46:06
-----------------------------
18:46:06.085 OS Version: Windows x64 6.1.7600
18:46:06.085 Number of processors: 4 586 0x2505
18:46:06.085 ComputerName: CAROLINE-PC UserName: Caroline
18:46:07.021 Initialize success
18:46:11.258 AVAST engine download error: 0
18:46:11.258 AVAST engine error: 10107
18:46:32.599 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:46:32.599 Disk 0 Vendor: TOSHIBA_ GN00 Size: 715404MB BusType: 3
18:46:32.630 Disk 0 MBR read successfully
18:46:32.630 Disk 0 MBR scan
18:46:32.630 Disk 0 Windows 7 default MBR code
18:46:32.646 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
18:46:32.661 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
18:46:32.677 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 345600 MB offset 27469824
18:46:32.692 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 356390 MB offset 735258624
18:46:32.724 Disk 0 scanning C:\Windows\system32\drivers
18:46:40.446 Service scanning
18:47:09.306 Modules scanning
18:47:09.306 Disk 0 trace - called modules:
18:47:09.321 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:47:09.337 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005268060]
18:47:09.337 3 CLASSPNP.SYS[fffff88001aee43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f90050]
18:47:09.337 Scan finished successfully
18:47:32.456 Disk 0 MBR has been saved successfully to "C:\Users\Caroline\Desktop\MBR.dat"
18:47:32.472 The log file has been saved successfully to "C:\Users\Caroline\Desktop\aswMBR.txt"






MiniToolBox by Farbar Version: 10-11-2012 02
Ran by Caroline (administrator) on 12-11-2012 at 18:48:46
Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 802.11n ??? = ?????? (Connected)
Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = ???? (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = ?????? 2 (Media disconnected)
?? NSHHTTP.DLL ??????? InitHelperDll ??,???? 10107


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set subinterface interface=?0) subinterface=ethernet_13 mtu=1477


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Caroline-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter ????* 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Astrill SSL VPN Adapter
Physical Address. . . . . . . . . : 00-FF-09-80-59-E3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter ?????? 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 4C-0F-6E-61-D7-5E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter ??????:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11n ???
Physical Address. . . . . . . . . : 4C-0F-6E-61-D7-5E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a833:d834:5f9a:e3c0%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.111(Preferred)
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Lease Obtained. . . . . . . . . . : Monday, November 12, 2012 6:42:14 PM
Lease Expires . . . . . . . . . . : Tuesday, November 13, 2012 6:42:16 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 390860654
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-FB-8B-E7-60-EB-69-4B-BC-19
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter ????:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 60-EB-69-4B-BC-19
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A1570363-2474-4627-9269-0759B3798908}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F624C962-EE0B-4142-8B3F-7A98B3646F48}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{098059E3-73B5-40D5-A18C-EF9E1C860723}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:18e7:2b52:3f57:ff90(Preferred)
Link-local IPv6 Address . . . . . : fe80::18e7:2b52:3f57:ff90%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: NULL

Unable to initialize Windows Sockets interface. General failure.
Server: UnKnown
Address: NULL

Unable to initialize Windows Sockets interface. General failure.
Unable to initialize Windows Sockets interface. General failure.
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [46592] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/12/2012 06:42:57 PM) (Source: Application Error) (User: )
Description: ?????????: PMMdatamgr.exe,??: 3.1.212.0,????: 0x4bfd07df
???????: sysenv.dll,??: 3.1.212.0,????: 0x4bfd07c8
?????: 0x40000015
????: 0x0002085c
??????????: 0x1064
???????????: 0xPMMdatamgr.exe0
?????????: PMMdatamgr.exe1
???????: PMMdatamgr.exe2
?????: PMMdatamgr.exe3

Error: (11/11/2012 06:41:39 PM) (Source: Application Error) (User: )
Description: ?????????: PMMdatamgr.exe,??: 3.1.212.0,????: 0x4bfd07df
???????: sysenv.dll,??: 3.1.212.0,????: 0x4bfd07c8
?????: 0x40000015
????: 0x0002085c
??????????: 0xd6c
???????????: 0xPMMdatamgr.exe0
?????????: PMMdatamgr.exe1
???????: PMMdatamgr.exe2
?????: PMMdatamgr.exe3

Error: (11/09/2012 11:54:53 PM) (Source: Application Error) (User: )
Description: ?????????: PMMdatamgr.exe,??: 3.1.212.0,????: 0x4bfd07df
???????: sysenv.dll,??: 3.1.212.0,????: 0x4bfd07c8
?????: 0x40000015
????: 0x0002085c
??????????: 0xf4c
???????????: 0xPMMdatamgr.exe0
?????????: PMMdatamgr.exe1
???????: PMMdatamgr.exe2
?????: PMMdatamgr.exe3

Error: (10/29/2012 11:56:13 PM) (Source: Application Error) (User: )
Description: ?????????: CivilizationV_DX11.exe,??: 1.0.1.705,????: 0x4febeef5
???????: CivilizationV_DX11.exe,??: 1.0.1.705,????: 0x4febeef5
?????: 0xc0000005
????: 0x00371462
??????????: 0x1700
???????????: 0xCivilizationV_DX11.exe0
?????????: CivilizationV_DX11.exe1
???????: CivilizationV_DX11.exe2
?????: CivilizationV_DX11.exe3

Error: (10/29/2012 00:20:27 AM) (Source: Application Error) (User: )
Description: ?????????: CivilizationV_DX11.exe,??: 1.0.1.705,????: 0x4febeef5
???????: CivilizationV_DX11.exe,??: 1.0.1.705,????: 0x4febeef5
?????: 0xc0000005
????: 0x00371462
??????????: 0x1694
???????????: 0xCivilizationV_DX11.exe0
?????????: CivilizationV_DX11.exe1
???????: CivilizationV_DX11.exe2
?????: CivilizationV_DX11.exe3

Error: (10/26/2012 02:04:43 PM) (Source: SideBySide) (User: )
Description: "assemblyIdentity1" ??????????????????? "assemblyIdentity2" ?? assemblyIdentity3 ??????
?? "assemblyIdentity" ?? "version" ?? "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" ????

Error: (10/26/2012 01:29:19 PM) (Source: SideBySide) (User: )
Description: "assemblyIdentity1" ??????????????????? "assemblyIdentity2" ?? assemblyIdentity3 ??????
?? "assemblyIdentity" ?? "version" ?? "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" ????

Error: (10/24/2012 02:42:56 PM) (Source: CVHSVC) (User: )
Description: ????
(Patch task for {90140011-0066-0404-0000-0000000FF1CE}): DownloadLatest Failed: ????

Error: (10/23/2012 06:19:33 PM) (Source: Application Error) (User: )
Description: ?????????: CivilizationV_DX11.exe,??: 1.0.1.705,????: 0x4febeef5
???????: CivilizationV_DX11.exe,??: 1.0.1.705,????: 0x4febeef5
?????: 0xc0000005
????: 0x00371462
??????????: 0xd28
???????????: 0xCivilizationV_DX11.exe0
?????????: CivilizationV_DX11.exe1
???????: CivilizationV_DX11.exe2
?????: CivilizationV_DX11.exe3

Error: (10/23/2012 11:01:06 AM) (Source: SideBySide) (User: )
Description: "assemblyIdentity1" ??????????????????? "assemblyIdentity2" ?? assemblyIdentity3 ??????
?? "assemblyIdentity" ?? "version" ?? "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" ????


System errors:
=============
Error: (11/12/2012 06:46:07 PM) (Source: BROWSER) (User: )
Description: ???????????? \Device\NetBT_Tcpip_{F624C962-EE0B-4142-8B3F-7A98B3646F48} ??????????
??????????

Error: (11/12/2012 06:44:54 PM) (Source: Service Control Manager) (User: )
Description: Intel(R) Management & Security Application User Notification Service ????? Intel(R) Management and Security Application Local Management Service ???????????????:
%%1053

Error: (11/12/2012 06:44:54 PM) (Source: Service Control Manager) (User: )
Description: Intel(R) Management and Security Application Local Management Service ??????,??????:
%%1053

Error: (11/12/2012 06:44:54 PM) (Source: Service Control Manager) (User: )
Description: ?? Intel(R) Management and Security Application Local Management Service ????????? (30000 ??)?

Error: (11/12/2012 06:42:50 PM) (Source: Service Control Manager) (User: )
Description: ???????????????????:
ProtectorA

Error: (11/12/2012 06:42:17 PM) (Source: Service Control Manager) (User: )
Description: Intel(R) Management and Security Application Local Management Service ??????,??????:
%%1053

Error: (11/12/2012 06:42:17 PM) (Source: Service Control Manager) (User: )
Description: ?? Intel(R) Management and Security Application Local Management Service ????????? (30000 ??)?

Error: (11/12/2012 06:42:16 PM) (Source: Service Control Manager) (User: )
Description: Bonjour Service ?????????? %%10107 ????

Error: (11/11/2012 09:58:55 PM) (Source: Service Control Manager) (User: )
Description: ?? NTI IScheduleSvc ???????????? (30000 ??)?

Error: (11/11/2012 09:58:24 PM) (Source: Service Control Manager) (User: )
Description: ?? NTI IScheduleSvc ???????????? (30000 ??)?


Microsoft Office Sessions:
=========================
Error: (11/12/2012 06:42:57 PM) (Source: Application Error)(User: )
Description: PMMdatamgr.exe3.1.212.04bfd07dfsysenv.dll3.1.212.04bfd07c8400000150002085c106401cdc0c272ad5c8eC:\Program Files (x86)\EgisTec MyWinLocker\x86\PMMdatamgr.exeC:\Program Files (x86)\EgisTec MyWinLocker\x86\sysenv.dllb828cf13-2cb5-11e2-b4d7-60eb694bbc19

Error: (11/11/2012 06:41:39 PM) (Source: Application Error)(User: )
Description: PMMdatamgr.exe3.1.212.04bfd07dfsysenv.dll3.1.212.04bfd07c8400000150002085cd6c01cdbff913414b58C:\Program Files (x86)\EgisTec MyWinLocker\x86\PMMdatamgr.exeC:\Program Files (x86)\EgisTec MyWinLocker\x86\sysenv.dll5f86c828-2bec-11e2-ab62-60eb694bbc19

Error: (11/09/2012 11:54:53 PM) (Source: Application Error)(User: )
Description: PMMdatamgr.exe3.1.212.04bfd07dfsysenv.dll3.1.212.04bfd07c8400000150002085cf4c01cdbe927b50437fC:\Program Files (x86)\EgisTec MyWinLocker\x86\PMMdatamgr.exeC:\Program Files (x86)\EgisTec MyWinLocker\x86\sysenv.dllcc9e250b-2a85-11e2-aabc-60eb694bbc19

Error: (10/29/2012 11:56:13 PM) (Source: Application Error)(User: )
Description: CivilizationV_DX11.exe1.0.1.7054febeef5CivilizationV_DX11.exe1.0.1.7054febeef5c000000500371462170001cdb5e38e641fd4C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\CivilizationV_DX11.exeC:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\CivilizationV_DX11.exe29d6989e-21e1-11e2-92fe-60eb694bbc19

Error: (10/29/2012 00:20:27 AM) (Source: Application Error)(User: )
Description: CivilizationV_DX11.exe1.0.1.7054febeef5CivilizationV_DX11.exe1.0.1.7054febeef5c000000500371462169401cdb50e9abdef0bC:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\CivilizationV_DX11.exeC:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\CivilizationV_DX11.exe61a1ac26-211b-11e2-9a54-60eb694bbc19

Error: (10/26/2012 02:04:43 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (10/26/2012 01:29:19 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (10/24/2012 02:42:56 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0404-0000-0000000FF1CE}): DownloadLatest Failed: ????

Error: (10/23/2012 06:19:33 PM) (Source: Application Error)(User: )
Description: CivilizationV_DX11.exe1.0.1.7054febeef5CivilizationV_DX11.exe1.0.1.7054febeef5c000000500371462d2801cdb0c0f5cffe3cC:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\CivilizationV_DX11.exeC:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\CivilizationV_DX11.exe232c2909-1cfb-11e2-8b10-60eb694bbc19

Error: (10/23/2012 11:01:06 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


CodeIntegrity Errors:
===================================
Date: 2012-11-12 18:42:03.671
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\ProtectorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-12 18:42:03.640
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\ProtectorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-11 20:01:10.797
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\ProtectorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-11 20:01:10.782
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\ProtectorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-11 19:57:35.296
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\ProtectorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-11 19:57:35.281
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\ProtectorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-11 18:40:52.827
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\ProtectorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-11 18:40:52.796
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\ProtectorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-10 00:17:26.030
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\ProtectorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-10 00:17:25.998
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\ProtectorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

中国银行网上银行安全控件 1.5
礣orrent (Version: 2.2.1)
64 Bit HP CIO Components Installer (Version: 8.2.2)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Acer Backup Manager (Version: 2.0.0.68)
Acer Crystal Eye webcam (Version: 1.0.3.7)
Acer ePower Management (Version: 5.00.3005)
Acer eRecovery Management (Version: 4.05.3013)
Acer Registration (Version: 1.03.3003)
Acer ScreenSaver (Version: 1.1.0120.2010)
Acer Updater (Version: 1.02.3001)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader 9.1 MUI (Version: 9.1.0)
Alcor Micro USB Card Reader (Version: 1.9.17.06019)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Astrill
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.31)
AutoCAD 2010 - English (Version: 18.0.55.0)
AutoCAD 2010 Language Pack - English (Version: 18.0.55.0)
Avira Free Antivirus (Version: 12.0.0.1199)
Backup Manager Basic (Version: 2.0.0.68)
BOCNET Security Applet 1.5
Bonjour (Version: 2.0.5.0)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox (Version: 1.4.7)
eReg (Version: 1.20.138.34)
ERUNT 1.1j
Google SketchUp Pro 8 (Version: 3.0.3117)
HP Deskjet 1000 J110 series ?? (Version: 140.0.65.65)
HP Deskjet 1000 J110 series ?????? (Version: 22.50.231.0)
HP Update (Version: 5.002.006.003)
Identity Card (Version: 1.00.3003)
Intel(R) Control Center (Version: 1.2.1.1007)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2119)
Intel(R) Management Engine Components (Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (Version: 9.6.0.1014)
Intel(R) Turbo Boost ????? (Version: 1.0.186.6)
iTunes (Version: 10.3.1.55)
Java Auto Updater (Version: 2.0.7.2)
Java(TM) 6 Update 37 (Version: 6.0.370)
JDownloader 0.9 (Version: 0.9)
Junk Mail filter update (Version: 15.4.3502.0922)
Launch Manager (Version: 4.0.12)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile ???????? (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile CHT Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office ???? 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Single Image 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - ?? (??) (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
Mozilla Thunderbird (7.0) (Version: 7.0 (en-US))
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyWinLocker (Version: 3.1.212.0)
MyWinLocker Suite (Version: 3.1.212.0)
Norton Online Backup (Version: 2.1.17869)
NTI Backup Now 5 (Version: 5.1.2.630)
NTI Backup Now Standard (Version: 5.1.2.630)
NTI Media Maker 8 (Version: 8.0.12.6636)
NVIDIA Install Application (Version: 2.270.54.0)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX ???? 9.10.0514 (Version: 9.10.0514)
Optical Drive Power Management (Version: 1.01.3007)
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver (Version: 6.0.1.6141)
Sandboxie 3.56 (64-bit)
Shredder (Version: 2.0.8.3)
Sid Meier's Civilization V
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 15.0.18.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VirtualCloneDrive
VLC media player 1.1.11 (Version: 1.1.11)
Welcome Center (Version: 1.02.3002)
WIDCOMM Bluetooth Software (Version: 6.3.0.6000)
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ??? (Version: 15.4.3538.0513)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinHTTrack Website Copier 3.44-1 (x64) (Version: 3.44.1)
WinRAR 4.00 (64-bit) (Version: 4.00.0)

**** End of log ****

shelf life
2012-11-13, 04:00
go to start>all programs>Accessories> right click on command prompt and run as admin. In the command prompt that opens type or copy paste in:
ping 192.168.0.1
then click enter

Once its done it will go back to the cursor
this time copy/paste or type in;
ping www.yahoo.com
click enter

When done type in:
ping 216.239.32.10

Once its all done you can right click in the window: select all, then paste the results in your reply.

darbi101
2012-11-14, 03:35
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>ping 192.168.0.1

Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time=4ms TTL=255
Reply from 192.168.0.1: bytes=32 time=1ms TTL=255
Reply from 192.168.0.1: bytes=32 time=3ms TTL=255
Reply from 192.168.0.1: bytes=32 time=1ms TTL=255

Ping statistics for 192.168.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 4ms, Average = 2ms

C:\Windows\system32>ping www.yahoo.com

Pinging ds-tw-fp3.wg1.b.yahoo.com [203.84.197.25] with 32 bytes of data:
Reply from 203.84.197.25: bytes=32 time=66ms TTL=50
Reply from 203.84.197.25: bytes=32 time=68ms TTL=50
Reply from 203.84.197.25: bytes=32 time=77ms TTL=50
Reply from 203.84.197.25: bytes=32 time=121ms TTL=50

Ping statistics for 203.84.197.25:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 66ms, Maximum = 121ms, Average = 83ms

C:\Windows\system32>ping 216.239.32.10

Pinging 216.239.32.10 with 32 bytes of data:
Reply from 216.239.32.10: bytes=32 time=1500ms TTL=46
Reply from 216.239.32.10: bytes=32 time=64ms TTL=46
Reply from 216.239.32.10: bytes=32 time=66ms TTL=46
Reply from 216.239.32.10: bytes=32 time=64ms TTL=46

Ping statistics for 216.239.32.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 64ms, Maximum = 1500ms, Average = 423ms

C:\Windows\system32>

shelf life
2012-11-15, 02:09
Two things: download this (http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixZeroAccess.exe) to your desktop. Right click and run as admin and follow the prompts.
After the above please rerun tdsskiller once more and post the log.

darbi101
2012-11-15, 05:00
10:58:02.0457 5896 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:58:02.0457 5896 ============================================================
10:58:02.0457 5896 Current date / time: 2012/11/15 10:58:02.0457
10:58:02.0457 5896 SystemInfo:
10:58:02.0457 5896
10:58:02.0457 5896 OS Version: 6.1.7600 ServicePack: 0.0
10:58:02.0457 5896 Product type: Workstation
10:58:02.0457 5896 ComputerName: CAROLINE-PC
10:58:02.0473 5896 UserName: Caroline
10:58:02.0473 5896 Windows directory: C:\Windows
10:58:02.0473 5896 System windows directory: C:\Windows
10:58:02.0473 5896 Running under WOW64
10:58:02.0473 5896 Processor architecture: Intel x64
10:58:02.0473 5896 Number of processors: 4
10:58:02.0473 5896 Page size: 0x1000
10:58:02.0473 5896 Boot type: Normal boot
10:58:02.0473 5896 ============================================================
10:58:03.0768 5896 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:58:03.0768 5896 ============================================================
10:58:03.0783 5896 \Device\Harddisk0\DR0:
10:58:03.0783 5896 MBR partitions:
10:58:03.0783 5896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
10:58:03.0783 5896 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x2A300000
10:58:03.0783 5896 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2BD32800, BlocksNum 0x2B813000
10:58:03.0783 5896 ============================================================
10:58:03.0799 5896 C: <-> \Device\Harddisk0\DR0\Partition2
10:58:03.0830 5896 D: <-> \Device\Harddisk0\DR0\Partition3
10:58:03.0830 5896 ============================================================
10:58:03.0830 5896 Initialize success
10:58:03.0830 5896 ============================================================
10:58:09.0774 5952 ============================================================
10:58:09.0774 5952 Scan started
10:58:09.0774 5952 Mode: Manual;
10:58:09.0774 5952 ============================================================
10:58:10.0101 5952 ================ Scan system memory ========================
10:58:10.0101 5952 System memory - ok
10:58:10.0101 5952 ================ Scan services =============================
10:58:10.0289 5952 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
10:58:10.0304 5952 1394ohci - ok
10:58:10.0335 5952 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
10:58:10.0351 5952 ACPI - ok
10:58:10.0367 5952 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
10:58:10.0382 5952 AcpiPmi - ok
10:58:10.0429 5952 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
10:58:10.0445 5952 adfs - ok
10:58:10.0601 5952 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:58:10.0616 5952 AdobeFlashPlayerUpdateSvc - ok
10:58:10.0663 5952 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:58:10.0679 5952 adp94xx - ok
10:58:10.0710 5952 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:58:10.0725 5952 adpahci - ok
10:58:10.0757 5952 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:58:10.0757 5952 adpu320 - ok
10:58:10.0788 5952 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:58:10.0788 5952 AeLookupSvc - ok
10:58:10.0850 5952 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
10:58:10.0866 5952 AFD - ok
10:58:10.0881 5952 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
10:58:10.0897 5952 agp440 - ok
10:58:10.0913 5952 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:58:10.0928 5952 ALG - ok
10:58:10.0959 5952 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
10:58:10.0959 5952 aliide - ok
10:58:10.0975 5952 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
10:58:10.0991 5952 amdide - ok
10:58:11.0022 5952 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:58:11.0022 5952 AmdK8 - ok
10:58:11.0037 5952 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:58:11.0053 5952 AmdPPM - ok
10:58:11.0084 5952 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:58:11.0100 5952 amdsata - ok
10:58:11.0115 5952 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:58:11.0147 5952 amdsbs - ok
10:58:11.0147 5952 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:58:11.0162 5952 amdxata - ok
10:58:11.0193 5952 [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
10:58:11.0193 5952 AmUStor - ok
10:58:11.0318 5952 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:58:11.0318 5952 AntiVirSchedulerService - ok
10:58:11.0365 5952 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:58:11.0365 5952 AntiVirService - ok
10:58:11.0427 5952 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
10:58:11.0427 5952 AppID - ok
10:58:11.0459 5952 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:58:11.0474 5952 AppIDSvc - ok
10:58:11.0490 5952 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
10:58:11.0490 5952 Appinfo - ok
10:58:11.0583 5952 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:58:11.0599 5952 Apple Mobile Device - ok
10:58:11.0630 5952 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:58:11.0630 5952 arc - ok
10:58:11.0677 5952 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:58:11.0677 5952 arcsas - ok
10:58:11.0771 5952 [ 54AB80D7F53E0C228A3F0FDB167DC83E ] ASOVPNHelper C:\Program Files (x86)\Astrill\ASOvpnSvc.exe
10:58:11.0786 5952 ASOVPNHelper - ok
10:58:11.0849 5952 [ 28ACE90CB457888AB4C664E4B0AA950D ] asvpndrv C:\Windows\system32\DRIVERS\asvpndrv.sys
10:58:11.0849 5952 asvpndrv - ok
10:58:11.0880 5952 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:58:11.0880 5952 AsyncMac - ok
10:58:11.0942 5952 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
10:58:11.0942 5952 atapi - ok
10:58:11.0989 5952 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:58:12.0020 5952 AudioEndpointBuilder - ok
10:58:12.0020 5952 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:58:12.0020 5952 AudioSrv - ok
10:58:12.0114 5952 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
10:58:12.0114 5952 avgntflt - ok
10:58:12.0161 5952 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
10:58:12.0161 5952 avipbb - ok
10:58:12.0192 5952 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
10:58:12.0207 5952 avkmgr - ok
10:58:12.0239 5952 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:58:12.0254 5952 AxInstSV - ok
10:58:12.0301 5952 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:58:12.0317 5952 b06bdrv - ok
10:58:12.0379 5952 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:58:12.0395 5952 b57nd60a - ok
10:58:12.0551 5952 [ 2D659B569A76CDB83B815675A80D7096 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
10:58:12.0566 5952 BCM43XX - ok
10:58:12.0613 5952 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:58:12.0613 5952 BDESVC - ok
10:58:12.0660 5952 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:58:12.0660 5952 Beep - ok
10:58:12.0707 5952 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
10:58:12.0722 5952 BFE - ok
10:58:12.0753 5952 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
10:58:12.0769 5952 BITS - ok
10:58:12.0785 5952 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:58:12.0800 5952 blbdrive - ok
10:58:12.0847 5952 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
10:58:12.0863 5952 Bonjour Service - ok
10:58:12.0909 5952 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:58:12.0909 5952 bowser - ok
10:58:12.0956 5952 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:58:12.0972 5952 BrFiltLo - ok
10:58:12.0987 5952 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:58:12.0987 5952 BrFiltUp - ok
10:58:13.0034 5952 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:58:13.0034 5952 BridgeMP - ok
10:58:13.0065 5952 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
10:58:13.0065 5952 Browser - ok
10:58:13.0081 5952 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:58:13.0097 5952 Brserid - ok
10:58:13.0128 5952 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:58:13.0128 5952 BrSerWdm - ok
10:58:13.0143 5952 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:58:13.0143 5952 BrUsbMdm - ok
10:58:13.0159 5952 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:58:13.0159 5952 BrUsbSer - ok
10:58:13.0206 5952 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:58:13.0206 5952 BthEnum - ok
10:58:13.0237 5952 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:58:13.0253 5952 BTHMODEM - ok
10:58:13.0284 5952 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:58:13.0284 5952 BthPan - ok
10:58:13.0331 5952 [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:58:13.0346 5952 BTHPORT - ok
10:58:13.0362 5952 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:58:13.0377 5952 bthserv - ok
10:58:13.0393 5952 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:58:13.0393 5952 BTHUSB - ok
10:58:13.0440 5952 [ 73A1C54749FE4F0019241E36C796AB86 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
10:58:13.0440 5952 btwampfl - ok
10:58:13.0487 5952 [ 1872074ED0A3FB22E3F1E3197B984BFA ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
10:58:13.0487 5952 btwaudio - ok
10:58:13.0518 5952 [ 691CF076C33AB1C3A5B2FD5450300733 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
10:58:13.0518 5952 btwavdt - ok
10:58:13.0596 5952 [ 4E6AC6475EF653BDFFDA67A74B9591D8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:58:13.0596 5952 btwdins - ok
10:58:13.0627 5952 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
10:58:13.0627 5952 btwl2cap - ok
10:58:13.0658 5952 [ C9273B20DEC8CE38DBCE5D29DE63C907 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
10:58:13.0674 5952 btwrchid - ok
10:58:13.0689 5952 catchme - ok
10:58:13.0705 5952 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:58:13.0721 5952 cdfs - ok
10:58:13.0752 5952 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:58:13.0752 5952 cdrom - ok
10:58:13.0783 5952 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
10:58:13.0799 5952 CertPropSvc - ok
10:58:13.0814 5952 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:58:13.0814 5952 circlass - ok
10:58:13.0830 5952 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:58:13.0845 5952 CLFS - ok
10:58:13.0923 5952 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:58:13.0923 5952 clr_optimization_v2.0.50727_32 - ok
10:58:13.0970 5952 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:58:13.0970 5952 clr_optimization_v2.0.50727_64 - ok
10:58:14.0033 5952 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:58:14.0095 5952 clr_optimization_v4.0.30319_32 - ok
10:58:14.0126 5952 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:58:14.0126 5952 clr_optimization_v4.0.30319_64 - ok
10:58:14.0173 5952 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:58:14.0173 5952 CmBatt - ok
10:58:14.0189 5952 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
10:58:14.0189 5952 cmdide - ok
10:58:14.0235 5952 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
10:58:14.0251 5952 CNG - ok
10:58:14.0282 5952 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:58:14.0282 5952 Compbatt - ok
10:58:14.0313 5952 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:58:14.0313 5952 CompositeBus - ok
10:58:14.0329 5952 COMSysApp - ok
10:58:14.0345 5952 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:58:14.0360 5952 crcdisk - ok
10:58:14.0391 5952 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:58:14.0407 5952 CryptSvc - ok
10:58:14.0532 5952 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:58:14.0532 5952 cvhsvc - ok
10:58:14.0579 5952 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:58:14.0579 5952 DcomLaunch - ok
10:58:14.0610 5952 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:58:14.0625 5952 defragsvc - ok
10:58:14.0657 5952 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:58:14.0657 5952 DfsC - ok
10:58:14.0688 5952 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
10:58:14.0703 5952 Dhcp - ok
10:58:14.0735 5952 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:58:14.0735 5952 discache - ok
10:58:14.0766 5952 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:58:14.0766 5952 Disk - ok
10:58:14.0797 5952 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:58:14.0813 5952 Dnscache - ok
10:58:14.0828 5952 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
10:58:14.0844 5952 dot3svc - ok
10:58:14.0859 5952 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
10:58:14.0859 5952 DPS - ok
10:58:14.0891 5952 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:58:14.0891 5952 drmkaud - ok
10:58:14.0969 5952 [ 1FCA854CEDFC2CCD0C22E46EA4EA18F1 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
10:58:14.0969 5952 DsiWMIService - ok
10:58:15.0015 5952 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:58:15.0015 5952 DXGKrnl - ok
10:58:15.0047 5952 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:58:15.0062 5952 EapHost - ok
10:58:15.0109 5952 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:58:15.0203 5952 ebdrv - ok
10:58:15.0249 5952 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
10:58:15.0249 5952 EFS - ok
10:58:15.0296 5952 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:58:15.0312 5952 ehRecvr - ok
10:58:15.0327 5952 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:58:15.0343 5952 ehSched - ok
10:58:15.0390 5952 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
10:58:15.0390 5952 ElbyCDIO - ok
10:58:15.0437 5952 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:58:15.0437 5952 elxstor - ok
10:58:15.0499 5952 [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
10:58:15.0499 5952 ePowerSvc - ok
10:58:15.0515 5952 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
10:58:15.0515 5952 ErrDev - ok
10:58:15.0577 5952 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:58:15.0593 5952 EventSystem - ok
10:58:15.0608 5952 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:58:15.0624 5952 exfat - ok
10:58:15.0639 5952 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:58:15.0639 5952 fastfat - ok
10:58:15.0686 5952 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
10:58:15.0702 5952 Fax - ok
10:58:15.0733 5952 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:58:15.0733 5952 fdc - ok
10:58:15.0733 5952 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:58:15.0749 5952 fdPHost - ok
10:58:15.0749 5952 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:58:15.0764 5952 FDResPub - ok
10:58:15.0795 5952 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:58:15.0795 5952 FileInfo - ok
10:58:15.0811 5952 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:58:15.0811 5952 Filetrace - ok
10:58:15.0889 5952 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
10:58:15.0905 5952 FLEXnet Licensing Service 64 - ok
10:58:15.0936 5952 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:58:15.0936 5952 flpydisk - ok
10:58:15.0951 5952 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:58:15.0967 5952 FltMgr - ok
10:58:15.0998 5952 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
10:58:16.0014 5952 FontCache - ok
10:58:16.0076 5952 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:58:16.0076 5952 FontCache3.0.0.0 - ok
10:58:16.0107 5952 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:58:16.0107 5952 FsDepends - ok
10:58:16.0123 5952 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:58:16.0123 5952 Fs_Rec - ok
10:58:16.0154 5952 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:58:16.0170 5952 fvevol - ok
10:58:16.0201 5952 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:58:16.0201 5952 gagp30kx - ok
10:58:16.0248 5952 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:58:16.0263 5952 GEARAspiWDM - ok
10:58:16.0295 5952 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
10:58:16.0310 5952 gpsvc - ok
10:58:16.0388 5952 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
10:58:16.0388 5952 GREGService - ok
10:58:16.0404 5952 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:58:16.0420 5952 hcw85cir - ok
10:58:16.0451 5952 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:58:16.0466 5952 HdAudAddService - ok
10:58:16.0482 5952 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:58:16.0482 5952 HDAudBus - ok
10:58:16.0513 5952 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:58:16.0513 5952 HECIx64 - ok
10:58:16.0529 5952 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:58:16.0544 5952 HidBatt - ok
10:58:16.0560 5952 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:58:16.0560 5952 HidBth - ok
10:58:16.0591 5952 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:58:16.0591 5952 HidIr - ok
10:58:16.0622 5952 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:58:16.0622 5952 hidserv - ok
10:58:16.0669 5952 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:58:16.0685 5952 HidUsb - ok
10:58:16.0700 5952 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:58:16.0700 5952 hkmsvc - ok
10:58:16.0716 5952 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:58:16.0732 5952 HomeGroupListener - ok
10:58:16.0747 5952 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:58:16.0763 5952 HomeGroupProvider - ok
10:58:16.0810 5952 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
10:58:16.0810 5952 HpSAMD - ok
10:58:16.0841 5952 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:58:16.0856 5952 HTTP - ok
10:58:16.0872 5952 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:58:16.0872 5952 hwpolicy - ok
10:58:16.0919 5952 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:58:16.0919 5952 i8042prt - ok
10:58:16.0950 5952 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:58:16.0950 5952 iaStor - ok
10:58:16.0997 5952 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:58:17.0012 5952 IAStorDataMgrSvc - ok
10:58:17.0044 5952 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:58:17.0059 5952 iaStorV - ok
10:58:17.0106 5952 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:58:17.0122 5952 idsvc - ok
10:58:17.0293 5952 [ 2A22AB054F4630D2EF4BAB2853F6D5F6 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:58:17.0465 5952 igfx - ok
10:58:17.0512 5952 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:58:17.0512 5952 iirsp - ok
10:58:17.0543 5952 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
10:58:17.0558 5952 IKEEXT - ok
10:58:17.0605 5952 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
10:58:17.0605 5952 Impcd - ok
10:58:17.0683 5952 [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:58:17.0699 5952 IntcAzAudAddService - ok
10:58:17.0730 5952 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
10:58:17.0746 5952 IntcDAud - ok
10:58:17.0746 5952 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
10:58:17.0761 5952 intelide - ok
10:58:17.0777 5952 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:58:17.0777 5952 intelppm - ok
10:58:17.0808 5952 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:58:17.0808 5952 IPBusEnum - ok
10:58:17.0839 5952 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:58:17.0855 5952 IpFilterDriver - ok
10:58:17.0886 5952 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:58:17.0902 5952 iphlpsvc - ok
10:58:17.0902 5952 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:58:17.0902 5952 IPMIDRV - ok
10:58:17.0917 5952 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:58:17.0917 5952 IPNAT - ok
10:58:18.0011 5952 [ D38469601B72D2DA4F847FC642174E21 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:58:18.0026 5952 iPod Service - ok
10:58:18.0058 5952 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:58:18.0058 5952 IRENUM - ok
10:58:18.0089 5952 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
10:58:18.0089 5952 isapnp - ok
10:58:18.0104 5952 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:58:18.0120 5952 iScsiPrt - ok
10:58:18.0136 5952 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:58:18.0151 5952 kbdclass - ok
10:58:18.0182 5952 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:58:18.0182 5952 kbdhid - ok
10:58:18.0214 5952 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
10:58:18.0214 5952 KeyIso - ok
10:58:18.0214 5952 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:58:18.0229 5952 KSecDD - ok
10:58:18.0260 5952 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:58:18.0260 5952 KSecPkg - ok
10:58:18.0276 5952 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:58:18.0276 5952 ksthunk - ok
10:58:18.0307 5952 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:58:18.0323 5952 KtmRm - ok
10:58:18.0354 5952 [ 0EB28A5F9BD82F0357A77FF11722763F ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
10:58:18.0354 5952 L1C - ok
10:58:18.0401 5952 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:58:18.0401 5952 LanmanServer - ok
10:58:18.0432 5952 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:58:18.0448 5952 LanmanWorkstation - ok
10:58:18.0479 5952 [ 1074C77A47835E03C15BF92452F9A750 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:58:18.0494 5952 LHidFilt - ok
10:58:18.0526 5952 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:58:18.0541 5952 lltdio - ok
10:58:18.0557 5952 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:58:18.0572 5952 lltdsvc - ok
10:58:18.0588 5952 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:58:18.0588 5952 lmhosts - ok
10:58:18.0619 5952 [ 96999C364C649E2866A268F7420A304A ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:58:18.0619 5952 LMouFilt - ok
10:58:18.0682 5952 [ 85C7497997BA8B7C1728B12199616747 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:58:18.0697 5952 LMS - ok
10:58:18.0728 5952 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:58:18.0728 5952 LSI_FC - ok
10:58:18.0744 5952 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:58:18.0760 5952 LSI_SAS - ok
10:58:18.0760 5952 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:58:18.0775 5952 LSI_SAS2 - ok
10:58:18.0791 5952 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:58:18.0791 5952 LSI_SCSI - ok
10:58:18.0822 5952 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:58:18.0822 5952 luafv - ok
10:58:18.0853 5952 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:58:18.0869 5952 Mcx2Svc - ok
10:58:18.0884 5952 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:58:18.0900 5952 megasas - ok
10:58:18.0916 5952 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:58:18.0931 5952 MegaSR - ok
10:58:18.0947 5952 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:58:18.0947 5952 MMCSS - ok
10:58:18.0962 5952 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:58:18.0962 5952 Modem - ok
10:58:18.0994 5952 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:58:18.0994 5952 monitor - ok
10:58:19.0025 5952 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:58:19.0025 5952 mouclass - ok
10:58:19.0040 5952 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:58:19.0040 5952 mouhid - ok
10:58:19.0072 5952 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:58:19.0087 5952 mountmgr - ok
10:58:19.0150 5952 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:58:19.0165 5952 MozillaMaintenance - ok
10:58:19.0181 5952 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
10:58:19.0181 5952 mpio - ok
10:58:19.0212 5952 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:58:19.0228 5952 mpsdrv - ok
10:58:19.0259 5952 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:58:19.0274 5952 MpsSvc - ok
10:58:19.0274 5952 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:58:19.0290 5952 MRxDAV - ok
10:58:19.0321 5952 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:58:19.0321 5952 mrxsmb - ok
10:58:19.0352 5952 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:58:19.0368 5952 mrxsmb10 - ok

shelf life
2012-11-16, 00:49
Hi darbi101,

I know you ran this once before but please run it one more time:

Download Rougekiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) to your desktop. right click on it. It will do a quick pre-scan, when its done click the scan button and afterwards the Report button, copy/paste in the results in your reply.
From those errors it looks like you just cant update some of your software. I am still looking for a possible malware cause.
Does your normal web browsing appear to be ok? Are you getting redirected to any web site you didnt intend to go to? thanks

darbi101
2012-11-17, 05:32
I can only use IE at the moment. Normal web browsing right now seems OK. No similar popups at the lower corner yet.

Roguekiller seemed to have found 4 items. Should I do something about it with Roguekiller?


RogueKiller V8.1.1 [10/01/2012] tigzy 設計製作
電子郵件: tigzyRK<at>gmail<dot>com
意見反應: http://www.geekstogo.com/forum/files/file/413-roguekiller/
網站: http://tigzy.geekstogo.com/roguekiller.php
部落格: http://tigzyrk.blogspot.com

作業系統: Windows 7 (6.1.7600 ) 64 bits version
開始在 : 標準模式
使用者 : Caroline [系統管理員權限]
模式 : 掃瞄 -- 日期 : 11/17/2012 11:30:26

い 損壞的處理程序 : 0 い

い 系統登錄項目 : 4 い
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> 找到
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> 找到
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> 找到
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> 找到

い 特定檔案/資料夾: い

い 驅動程式 : [未載入] い

い HOSTS 檔: い
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


い MBR 檢查: い

+++++ PhysicalDrive0: TOSHIBA MK7559GSXP +++++
--- User ---
[MBR] 00008b6b67a5062727341ec8837d87e2
[BSP] 86b5acc9bb9a0a56824020b80d4b0420 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 345600 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 735258624 | Size: 356390 Mo
User = LL1 ... OK!
User = LL2 ... OK!

完成 : << RKreport[1].txt >>
RKreport[1].txt

shelf life
2012-11-19, 18:47
Sorry for the delay. Yes you can have rougekiller delete the items under the registry tab. So what happens when you use Firefox, does it start up ok but just wont grab a connection?
Boot your machine into safe mode by tapping the f8 key during a computer restart: from the list of options that come up chose: safe mode with networking.
See if Firefox will work ok while in safe mode. Reboot normally to get back to your regular desktop.

darbi101
2012-11-19, 19:41
Deleted items in rougekiller as advised.

Started computer in safe mode with networking, Firefox still not working. It just keeps saying server not found. Explorer has no such problem.

shelf life
2012-11-20, 03:08
According to the logs neither IE or FF are using a proxy. You have connectivity because IE works and the pings you did worked. You said you lost connectivity after you ran combofix awhile back?

darbi101
2012-11-20, 13:58
Yes, Firefox stopped working after combofix. I have never used IE on that computer until Firefox stopped working.

Firefox just keeps saying that it can not connect to server as if there is no internet connection.

shelf life
2012-11-20, 21:19
Is there a plugin or extension in FF to toggle using your VPN client on or off?

From the log:
extensions\addon@astrill.com

darbi101
2012-11-21, 04:19
There was an astrill extension in Firefox. I removed it. FF still not working. I uninstalled FF, reinstalled it. FF still not working...

darbi101
2012-11-21, 05:00
I think something is wrong with my proxy setting... that seems to be the reason why Avira will not update. I have also uninstalled Astrill, but it didn't help. Here's a log from Avira:

Avira Free Antivirus Updater
Complete product update

Creation time: Wednesday, November 21, 2012 10:58:48

Operating system:
Windows 7 x64 () [6.1.7600] 64 bit

Product information:
Product version: 12.0.0.898
Updater: C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe 12.1.13.17
Update resource: C:\Program Files (x86)\Avira\AntiVir Desktop\updaterc.dll 12.1.0.17
Library: C:\Program Files (x86)\Avira\AntiVir Desktop\update.dll 1.0.0.8
Plugin: C:\Program Files (x86)\Avira\AntiVir Desktop\updext.dll 12.1.0.17
GUI: C:\Program Files (x86)\Avira\AntiVir Desktop\updgui.dll 12.1.3.17

Temp Directory: C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\
Backup folder: C:\ProgramData\Avira\AntiVir Desktop\BACKUP\
Installation Directory: C:\Program Files (x86)\Avira\AntiVir Desktop\
Updater folder: C:\Program Files (x86)\Avira\AntiVir Desktop\
AppData folder: C:\ProgramData\Avira\AntiVir Desktop\

Proxy settings:
System settings used

10:58:48 [UPD] [ERROR] Terminating update. Initialization of UpdateLib has reported error 10107.


Summary:
********
0 Files downloaded
0 Files installed

Wednesday, November 21, 2012 10:58:48

The update failed!

shelf life
2012-11-21, 17:02
Try rebooting your modem, router and computer by powering them off then back on if you havent done that yet. Take a look in device manager and click the plus sign next to Network adapters and see if there is a yellow ! showing up.
If you go to start and copy paste in the search box then click ok or enter:

devmgmt.msc

Device manager should open up.
Did you install Astrill yourself, or is this a company owned machine?

darbi101
2012-11-22, 06:57
Just looked at device manager, there is no yellow ! showing up. I installed Astrill myself, this is not a personal computer not company machine.

shelf life
2012-11-22, 16:14
Take a look in network connections and see what it looks like. Do you see your vpn connection listed? See screenshot, its XP not W7.

Also take a look here. (https://www.astrill.com/knowledge-base/29/Windows-7) See if it helps any.

darbi101
2012-11-23, 15:21
I have already uninstalled Astrill. I looked at the network connections window but there's no such thing as a VPN connection.

shelf life
2012-11-23, 16:18
I know you uninstalled VPN, I posted the link so you could check any settings that might have been changed and might still remain after the uninstall.
Could it be one of your security programs, do you have a software firewall installed? You could consider doing a system restore (http://windows.microsoft.com/en-US/windows7/What-is-System-Restore) back to a point where everything was working.

darbi101
2012-11-23, 16:33
so is there no malware in my computer after all?

shelf life
2012-11-23, 19:09
Based on the tools and logs no, I dont recognize any malware.