Jump to content

Svchost downloading 20-30MB an hour. Infected?


Recommended Posts

Hi, I've been losing precious MBs of my metered download quota to the tune of 400+ MB a day. I've narrowed it down to a scvhost process that starts and stops but can't find the why. The computer is a quad core laptop runing windows 7 64bit home premium. Neither AVG nor Malwarebytes detects anything is wrong. Please help.

DDS.TXT

+++++++++++++++++++++++++++++++++++++++++++++

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by jerry at 20:22:21 on 2012-06-16

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.1189 [GMT -4:00]

.

AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\USB Safely Remove\USBSRService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\FarStone\RestoreIT 7\IBP\fsloader.exe

C:\Program Files\FarStone\RestoreIT 7\IBP\VBPTask.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files (x86)\Launch Manager\LMutilps32.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Server\Bin\SharedServiceHost.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

C:\Program Files\NetLimiter 3\nlsvc.exe

C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\tcpsvcs.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

C:\Program Files\Windows Server\Bin\WhsMcClient.exe

C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe

C:\Program Files\Windows Server\Bin\LANConfigSvc.exe

C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Windows Server\Bin\SharedServiceHost.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\Windows Server\Bin\Launchpad.exe

C:\Program Files (x86)\DSUtilities\hnFAP-Alert\hnFAPAlert.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Windows Server\Bin\SharedServiceHost.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files\NetLimiter 3\NLClientApp.exe

C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe

C:\Program Files\Windows Server\Bin\SharedServiceHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Dolby PCEE4\pcee4.exe

C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files (x86)\Firetrust\MailWasher\MailWasherProApp.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\EgisTec IPS\PMMUpdate.exe

C:\Program Files\EgisTec IPS\EgisUpdate.exe

C:\Program Files\NetBalancer\SeriousBit.NetBalancer.UI.exe

C:\Users\jerry\Downloads\Programs\procexp.exe

C:\Users\jerry\Downloads\Programs\procexp64.exe

C:\Program Files (x86)\AVG\AVG PC Tuneup\boostspeed.exe

C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

\\.\globalroot\systemroot\Installer\{32be1b79-4a5c-39a4-4f00-70a2c67a80d1}\U

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://acer.msn.com

uDefault_Page_URL = hxxp://acer.msn.com

mDefault_Page_URL = hxxp://acer.msn.com

mStart Page = hxxp://acer.msn.com

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [hnFAPAlert] "C:\Program Files (x86)\DSUtilities\hnFAP-Alert\hnFAPAlert.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\jerry\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"

uRun: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray

uRun: [NetBalancer] C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart

mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [<NO NAME>]

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

StartupFolder: C:\Users\jerry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAILWA~2.LNK - C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 66.82.4.8 66.82.4.12

TCP: Interfaces\{9C56C13D-F6C3-41B8-B2BF-37359E40AE20} : DhcpNameServer = 66.82.4.8 66.82.4.12

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

mRun-x64: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart

mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [(Default)]

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\jerry\AppData\Roaming\Mozilla\Firefox\Profiles\h4tw4v0c.default\

FF - prefs.js: browser.search.selectedEngine - IMDB

FF - prefs.js: browser.startup.homepage - 192.168.0.1/fap_meter/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B185205bb-0033-414b-88fb-50d6f4cec9d6%7D&mid=b512b7160e5847d19f136939b218ffc7-1c07acd960f6a939eff9c9e4bab6dabd435d842c&ds=AVG&v=10.2.0.3〈=en&pr=pr&d=2011-12-20%2020%3A39%3A29&sap=ku&q=

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files (x86)\WMZHE\Pure Codec\Real Player\browser\plugins\nppl3260.dll

FF - plugin: C:\Program Files (x86)\WMZHE\Pure Codec\Real Player\browser\plugins\nprpjplug.dll

FF - plugin: C:\Users\jerry\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 VVBackd5;VVBackd5;C:\Windows\system32\drivers\VVBackd5.sys --> C:\Windows\system32\drivers\VVBackd5.sys [?]

R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]

R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2010-8-30 88200]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 arXfrSvc;Windows Server Media Center TV Archive Transfer Service;C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [2011-3-2 79744]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-8-2 103584]

R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]

R2 DriveClone Network Client IBP;DriveClone Network Client IBP;C:\Program Files\FarStone\RestoreIT 7\IBP\FsLoader.exe [2012-6-13 126976]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-26 353360]

R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-9-30 872552]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]

R2 HCDisk;HCDisk;C:\Windows\system32\drivers\HCDisk.sys --> C:\Windows\system32\drivers\HCDisk.sys [?]

R2 HealthAlertsSvc;Windows Server Health Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-26 13336]

R2 LANConfig;Windows Server LAN Configuration;C:\Program Files\Windows Server\Bin\LANConfigSvc.exe [2011-3-2 27520]

R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-26 244624]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-14 654408]

R2 NetBalancer Windows Service;NetBalancer Windows Service;C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2012-6-16 10240]

R2 NotificationsProviderSvc;Windows Server Notifications Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]

R2 providers_system;Windows Server Download Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]

R2 ServiceProviderRegistry;Windows Server Service Provider Registry;C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2012-1-12 40832]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-26 2656280]

R2 USBSafelyRemoveService;USB Safely Remove Assistant;C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [2011-11-26 539032]

R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-11 935480]

R2 WhsMcClient;Windows Server Media Center Client Service;C:\Program Files\Windows Server\Bin\WhsMcClient.exe [2011-3-2 111488]

R2 WSConnectorUpdate;Windows Server Connector Update;C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe [2011-3-2 228736]

R2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 BackupReader;BackupReader;C:\Windows\system32\DRIVERS\BackupReader.sys --> C:\Windows\system32\DRIVERS\BackupReader.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 FARMNTIO;FARMNTIO;\??\c:\windows\system32\drivers\farmntio.sys --> c:\windows\system32\drivers\farmntio.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

R3 Nbdrv;NetBalancer;C:\Windows\system32\DRIVERS\nbdrv.sys --> C:\Windows\system32\DRIVERS\nbdrv.sys [?]

R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]

S2 initMonitor;Windows Server Initialization Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 253088]

S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-23 129976]

S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S4 SqmProviderSvc;Windows Server SQM Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-06-16 23:33:20 -------- d-----w- C:\Users\jerry\AppData\Roaming\AVG

2012-06-16 22:09:41 -------- d-----w- C:\ProgramData\SeriousBit

2012-06-16 21:57:10 41256 ----a-w- C:\Windows\System32\drivers\nbdrv.sys

2012-06-16 21:57:09 -------- d-----w- C:\Program Files\NetBalancer

2012-06-15 11:25:23 -------- d-----w- C:\SRN Micro

2012-06-14 21:15:13 -------- d-----w- C:\ProgramData\SecTaskMan

2012-06-14 21:15:06 -------- d-----w- C:\Program Files (x86)\Security Task Manager

2012-06-14 12:13:31 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2012-06-14 12:09:38 -------- d-----w- C:\Users\jerry\AppData\Local\Adobe

2012-06-14 12:07:41 -------- d-----w- C:\Users\jerry\AppData\Local\Acer

2012-06-14 08:52:20 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-06-14 08:52:20 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-06-13 23:37:47 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-13 23:37:47 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-13 23:37:47 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-13 23:37:47 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-13 23:37:47 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-13 23:37:47 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-13 23:33:43 -------- d-----w- C:\Users\jerry\AppData\Roaming\Malwarebytes

2012-06-13 23:33:37 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-13 23:33:34 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-13 23:33:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-13 23:19:52 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-13 23:19:52 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-06-13 23:19:52 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-13 23:19:40 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-13 23:19:37 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-06-13 23:19:36 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-06-13 23:19:36 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-06-13 23:19:31 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-06-13 23:19:29 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-06-13 23:19:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-06-13 23:19:29 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-13 23:04:14 -------- d-----w- C:\Program Files (x86)\WinPcap

2012-06-13 23:02:47 -------- d-----w- C:\Program Files (x86)\Nsasoft

2012-06-13 22:54:22 -------- d-----w- C:\Users\jerry\AppData\Local\Locktime

2012-06-13 22:50:37 -------- d-----w- C:\ProgramData\Locktime

2012-06-13 22:50:37 -------- d-----w- C:\Program Files\NetLimiter 3

2012-06-13 22:28:48 66136 ------w- C:\Windows\System32\drivers\HCDisk.sys

2012-06-13 22:28:48 162392 ----a-w- C:\Windows\System32\drivers\VvBackd5.sys

2012-06-13 22:28:12 -------- d-----w- C:\Program Files\FarStone

2012-06-12 01:40:06 -------- d-----w- C:\Users\jerry\AppData\Local\AVG Secure Search

2012-06-12 01:31:36 4096 --sh--r- C:\RESCUMBR.BIN

2012-06-12 00:57:55 24664 ------w- C:\Windows\System32\drivers\FarMntIo.sys

2012-06-12 00:57:43 -------- d-----w- C:\ProgramData\Farstone

2012-06-12 00:45:02 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2012-05-28 19:29:04 -------- d-----w- C:\Program Files (x86)\PC Drivers HeadQuarters

2012-05-28 00:57:58 -------- d-----w- C:\Program Files (x86)\JTWAIN

2012-05-28 00:09:48 -------- d-----w- C:\Windows\Documalis Free Scanner 1.0

2012-05-27 23:04:24 919616 ----a-w- C:\Windows\SysWow64\gdocrplug.tesseract.dll

2012-05-27 23:04:24 132672 ----a-w- C:\Windows\SysWow64\gdbarcode.1dreader.dll

2012-05-27 23:04:24 117312 ----a-w- C:\Windows\SysWow64\gdbarcode.dmreader.dll

2012-05-27 23:04:23 8112704 ----a-w- C:\Windows\SysWow64\gdpdfplug.dll

2012-05-27 23:04:23 2834496 ----a-w- C:\Windows\SysWow64\gdimgplug.dll

2012-05-27 23:04:23 152848 ----a-w- C:\Windows\SysWow64\comdlg32.ocx

2012-05-27 23:04:23 144960 ----a-w- C:\Windows\SysWow64\gdtwain.dll

2012-05-27 23:04:23 1123392 ----a-w- C:\Windows\SysWow64\gdtwain2s.ocx

2012-05-27 23:04:23 1123392 ----a-w- C:\Windows\SysWow64\gdtwain2.ocx

2012-05-27 23:04:23 -------- d-----w- C:\Program Files (x86)\GdTwain ActiveX

2012-05-27 22:12:08 -------- d-----w- C:\Program Files (x86)\Scanner ActiveX Control

2012-05-27 21:53:45 -------- d-----w- C:\Program Files (x86)\EZTwain

2012-05-27 20:03:58 -------- d-----w- C:\Users\jerry\AppData\Local\ElevatedDiagnostics

2012-05-27 19:20:25 -------- d-----w- C:\Users\jerry\AppData\Local\HP

2012-05-27 19:09:59 224768 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzpp64w.dll

2012-05-27 18:51:31 -------- d-----w- C:\Program Files (x86)\Common Files\HP

2012-05-27 18:51:30 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard

2012-05-27 18:50:59 671816 ----a-w- C:\Windows\SysWow64\hpcdmc32.dll

2012-05-27 18:50:59 233472 ----a-w- C:\Windows\SysWow64\hpzc364w.dll

2012-05-27 18:50:59 131072 ----a-w- C:\Windows\System32\hpz3l64w.dll

2012-05-27 18:50:50 -------- d-----w- C:\Program Files (x86)\HP

2012-05-27 18:49:48 944128 ----a-w- C:\Windows\System32\hpwwiax3.dll

2012-05-27 18:49:48 359256 ----a-w- C:\Windows\System32\hpzids40.dll

2012-05-27 18:49:48 1420288 ----a-w- C:\Windows\System32\hpwtiop3.dll

2012-05-27 18:49:47 540672 ----a-w- C:\Windows\System32\hppldcoi.dll

2012-05-27 18:49:47 488960 ----a-w- C:\Windows\System32\hpovst11.dll

2012-05-27 18:45:32 -------- d-----r- C:\Users\jerry\AppData\Roaming\Brother

2012-05-27 18:38:19 -------- d-----w- C:\Windows\System32\user

2012-05-24 00:48:09 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-05-24 00:48:07 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-05-24 00:48:07 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

.

==================== Find3M ====================

.

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-04-20 23:47:59 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-20 23:47:59 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 20:22:40.57 ===============

ATTACH.TXT

+++++++++++++++++++++++++++++++++++++++++++++

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/26/2011 10:44:54 AM

System Uptime: 6/16/2012 6:08:27 PM (2 hours ago)

.

Motherboard: Acer | | JE70_HR

Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU1 | 2401/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 580 GiB total, 184.78 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet J6400 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet J6400 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

6400_Help

Acer Backup Manager

Acer Crystal Eye Webcam

Acer ePower Management

Acer eRecovery Management

Acer Registration

Acer ScreenSaver

Acer Updater

Adobe Acrobat X Pro - English, Russian

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader X (10.1.3) MUI

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

AUPEO!

AVG PC Tuneup

Backup Manager V3

Belarc Advisor 8.2

bpd_scan

BPDSoftware

BPDSoftware_Ini

Brother MFL-Pro Suite MFC-9440CN

clear.fi

clear.fi Client

D3DX10

DBPix 2.0 Control 2.0.3

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DeLorme Phone Data 2012

DeLorme Street Atlas USA 2012 Plus

Dolby Advanced Audio v2

Ezy Access Ribbon Builder v1.0 BETA

Galerie de photos Windows Live

Google Chrome

Google Earth

Google Update Helper

hnFAP-Alert

Identity Card

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

iSEEK AnswerWorks English Runtime

J6400_Basic

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Launch Manager

MailWasherPro

Malwarebytes Anti-Malware version 1.61.0.1400

Mesh Runtime

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyWinLocker 4

MyWinLocker Suite

NBMonitor Network Bandwidth Monitor 1.2.2

NOOK for PC

NTI Media Maker 9

Pure Codec

Quicken 2012

Radmin Viewer 3.4

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

RestoreIT 7

Scan

Security Task Manager 1.8d

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Shredder

Skype™ 5.3

Solo Antivirus 11.0

SolSuite 2011 v11.6

Times Reader

Toolbox

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

USB Safely Remove 4.5

Visual Studio 2008 x64 Redistributables

VuePrint

WebReg

Welcome Center

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Your Uninstaller! 2010

.

==== Event Viewer Messages From Past Week ========

.

6/9/2012 12:49:48 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.15. The computer with the IP address 192.168.0.4 did not allow the name to be claimed by this computer.

6/16/2012 6:12:28 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

6/16/2012 6:12:28 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

6/16/2012 6:09:34 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

6/16/2012 6:09:24 PM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.

6/16/2012 6:09:14 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

6/16/2012 6:09:08 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

6/14/2012 8:22:14 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

6/14/2012 7:43:45 PM, Error: Service Control Manager [7000] - The WinPcap Packet Driver (NPF) service failed to start due to the following error: The system cannot find the file specified.

6/14/2012 3:35:13 AM, Error: Service Control Manager [7001] - The Windows Server Media Center TV Archive Transfer Service service depends on the Windows Media Center Receiver Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.

6/13/2012 7:27:34 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

6/13/2012 6:55:22 PM, Error: Service Control Manager [7000] - The Windows Server Initialization Service service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.

6/13/2012 6:54:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

6/13/2012 6:54:23 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/13/2012 6:38:09 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

6/13/2012 6:28:48 PM, Error: Service Control Manager [7030] - The DriveClone Network Client IBP service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

6/13/2012 6:23:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Server Initialization Service service to connect.

6/13/2012 6:23:14 PM, Error: Service Control Manager [7000] - The Windows Server Initialization Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/13/2012 5:49:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8008076350, 0xfffffa8008076630, 0xfffff80003195510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061312-47159-01.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

Link to post
Share on other sites

Thank you! I'm pretty sure this took care of my annoying problem, I'm keeping an eye on my metered download and it has not been disappearing for the last 15 min.

Report 1 (initial run):

RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: jerry [Admin rights]

Mode: Scan -- Date: 06/19/2012 18:23:32

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BPVT-22HXZT3 +++++

--- User ---

[MBR] 3ff3acf13e75a738cf0dc981d405b8b0

[bSP] e982c5cf6bcf1b1732993fc3821432b1 : Standard MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 33556480 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33761280 | Size: 593994 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

2nd run for good measure:

RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: jerry [Admin rights]

Mode: Remove -- Date: 06/19/2012 18:24:38

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BPVT-22HXZT3 +++++

--- User ---

[MBR] 3ff3acf13e75a738cf0dc981d405b8b0

[bSP] e982c5cf6bcf1b1732993fc3821432b1 : Standard MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 33556480 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33761280 | Size: 593994 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Link to post
Share on other sites

Click Scan to scan the system (don't run any other options, they're not all bad!)

Please follow my instructions. Those entries are not your problem.

----------------------------------------------

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Attached is the report that was created by TDSKiller. It only found a piece of software that was downloaded after the rootkit started. It was installed to help watch/try to find out what it was.

TDSKiller report:

00:16:13.0578 8356 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31

00:16:15.0588 8356 ============================================================

00:16:15.0588 8356 Current date / time: 2012/06/20 00:16:15.0588

00:16:15.0588 8356 SystemInfo:

00:16:15.0588 8356

00:16:15.0588 8356 OS Version: 6.1.7601 ServicePack: 1.0

00:16:15.0588 8356 Product type: Workstation

00:16:15.0588 8356 ComputerName: LAPTOP

00:16:15.0588 8356 UserName: jerry

00:16:15.0588 8356 Windows directory: C:\Windows

00:16:15.0588 8356 System windows directory: C:\Windows

00:16:15.0588 8356 Running under WOW64

00:16:15.0588 8356 Processor architecture: Intel x64

00:16:15.0588 8356 Number of processors: 4

00:16:15.0588 8356 Page size: 0x1000

00:16:15.0588 8356 Boot type: Normal boot

00:16:15.0588 8356 ============================================================

00:16:16.0297 8356 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

00:16:16.0307 8356 Drive \Device\Harddisk1\DR1 - Size: 0x1D11B0000 (7.27 Gb), SectorSize: 0x200, Cylinders: 0x3B4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

00:16:16.0312 8356 ============================================================

00:16:16.0313 8356 \Device\Harddisk0\DR0:

00:16:16.0313 8356 MBR partitions:

00:16:16.0313 8356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000

00:16:16.0313 8356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x48825000

00:16:16.0313 8356 \Device\Harddisk1\DR1:

00:16:16.0314 8356 MBR partitions:

00:16:16.0314 8356 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1F80, BlocksNum 0xE86E00

00:16:16.0314 8356 ============================================================

00:16:16.0402 8356 C: <-> \Device\Harddisk0\DR0\Partition1

00:16:16.0402 8356 ============================================================

00:16:16.0402 8356 Initialize success

00:16:16.0402 8356 ============================================================

00:16:36.0296 8252 ============================================================

00:16:36.0296 8252 Scan started

00:16:36.0296 8252 Mode: Manual; SigCheck; TDLFS;

00:16:36.0296 8252 ============================================================

00:16:36.0768 8252 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

00:16:36.0934 8252 1394ohci - ok

00:16:37.0000 8252 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

00:16:37.0016 8252 ACPI - ok

00:16:37.0049 8252 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

00:16:37.0140 8252 AcpiPmi - ok

00:16:37.0250 8252 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

00:16:37.0318 8252 adp94xx - ok

00:16:37.0388 8252 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

00:16:37.0457 8252 adpahci - ok

00:16:37.0508 8252 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

00:16:37.0578 8252 adpu320 - ok

00:16:37.0629 8252 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

00:16:37.0808 8252 AeLookupSvc - ok

00:16:37.0868 8252 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

00:16:37.0929 8252 AFD - ok

00:16:37.0982 8252 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

00:16:38.0026 8252 agp440 - ok

00:16:38.0063 8252 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

00:16:38.0096 8252 ALG - ok

00:16:38.0139 8252 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

00:16:38.0173 8252 aliide - ok

00:16:38.0192 8252 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

00:16:38.0206 8252 amdide - ok

00:16:38.0240 8252 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

00:16:38.0283 8252 AmdK8 - ok

00:16:38.0314 8252 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

00:16:38.0352 8252 AmdPPM - ok

00:16:38.0372 8252 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

00:16:38.0418 8252 amdsata - ok

00:16:38.0447 8252 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

00:16:38.0472 8252 amdsbs - ok

00:16:38.0492 8252 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

00:16:38.0501 8252 amdxata - ok

00:16:38.0520 8252 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

00:16:38.0718 8252 AppID - ok

00:16:38.0747 8252 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

00:16:38.0806 8252 AppIDSvc - ok

00:16:38.0833 8252 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

00:16:38.0883 8252 Appinfo - ok

00:16:38.0914 8252 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

00:16:38.0925 8252 arc - ok

00:16:38.0943 8252 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

00:16:38.0954 8252 arcsas - ok

00:16:39.0103 8252 arXfrSvc (5820df4e8da29ada5872708c4f46ecad) C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe

00:16:39.0120 8252 arXfrSvc - ok

00:16:39.0397 8252 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

00:16:39.0438 8252 aspnet_state - ok

00:16:39.0465 8252 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

00:16:39.0526 8252 AsyncMac - ok

00:16:39.0581 8252 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

00:16:39.0600 8252 atapi - ok

00:16:39.0632 8252 AthBTPort (185f180536188c1a4ed605234721a5b9) C:\Windows\system32\DRIVERS\btath_flt.sys

00:16:39.0654 8252 AthBTPort - ok

00:16:39.0720 8252 AtherosSvc (944d401b4db9c64e78e9edb6690f7368) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

00:16:39.0741 8252 AtherosSvc - ok

00:16:39.0958 8252 athr (de9fb3dade8fd39ae2c587df22d36b8e) C:\Windows\system32\DRIVERS\athrx.sys

00:16:40.0130 8252 athr - ok

00:16:40.0312 8252 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

00:16:40.0380 8252 AudioEndpointBuilder - ok

00:16:40.0385 8252 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

00:16:40.0417 8252 AudioSrv - ok

00:16:40.0473 8252 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys

00:16:40.0513 8252 Avgfwfd - ok

00:16:40.0865 8252 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

00:16:40.0996 8252 avgfws - ok

00:16:41.0307 8252 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

00:16:41.0471 8252 AVGIDSAgent - ok

00:16:41.0626 8252 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

00:16:41.0652 8252 AVGIDSDriver - ok

00:16:41.0699 8252 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

00:16:41.0721 8252 AVGIDSEH - ok

00:16:41.0756 8252 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

00:16:41.0770 8252 AVGIDSFilter - ok

00:16:41.0857 8252 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys

00:16:41.0934 8252 Avgldx64 - ok

00:16:41.0963 8252 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys

00:16:41.0993 8252 Avgmfx64 - ok

00:16:42.0022 8252 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys

00:16:42.0033 8252 Avgrkx64 - ok

00:16:42.0096 8252 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys

00:16:42.0138 8252 Avgtdia - ok

00:16:42.0318 8252 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

00:16:42.0347 8252 avgwd - ok

00:16:42.0401 8252 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

00:16:42.0479 8252 AxInstSV - ok

00:16:42.0570 8252 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

00:16:42.0632 8252 b06bdrv - ok

00:16:42.0695 8252 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

00:16:42.0753 8252 b57nd60a - ok

00:16:42.0802 8252 BackupReader (7729395761f4061a643b573bf7f19aa8) C:\Windows\system32\DRIVERS\BackupReader.sys

00:16:42.0834 8252 BackupReader - ok

00:16:43.0294 8252 BCM43XX (11f844b46b631337395651abe9c4167b) C:\Windows\system32\DRIVERS\bcmwl664.sys

00:16:43.0484 8252 BCM43XX - ok

00:16:43.0624 8252 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

00:16:43.0672 8252 BDESVC - ok

00:16:43.0726 8252 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

00:16:43.0810 8252 Beep - ok

00:16:43.0910 8252 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

00:16:43.0959 8252 BFE - ok

00:16:44.0051 8252 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

00:16:44.0133 8252 BITS - ok

00:16:44.0219 8252 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

00:16:44.0247 8252 blbdrive - ok

00:16:44.0269 8252 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

00:16:44.0318 8252 bowser - ok

00:16:44.0337 8252 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

00:16:44.0368 8252 BrFiltLo - ok

00:16:44.0380 8252 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

00:16:44.0394 8252 BrFiltUp - ok

00:16:44.0439 8252 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

00:16:44.0487 8252 Browser - ok

00:16:44.0527 8252 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

00:16:44.0584 8252 Brserid - ok

00:16:44.0591 8252 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

00:16:44.0611 8252 BrSerWdm - ok

00:16:44.0614 8252 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

00:16:44.0626 8252 BrUsbMdm - ok

00:16:44.0629 8252 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

00:16:44.0645 8252 BrUsbSer - ok

00:16:44.0712 8252 BTATH_A2DP (d74a81ccf0372c955862692b7af272c9) C:\Windows\system32\drivers\btath_a2dp.sys

00:16:44.0768 8252 BTATH_A2DP - ok

00:16:44.0795 8252 btath_avdt (3118072d09daa1961a9f6549a4e8433a) C:\Windows\system32\drivers\btath_avdt.sys

00:16:44.0832 8252 btath_avdt - ok

00:16:44.0866 8252 BTATH_BUS (e6b734a37ade36fe1a77035f4e484c8c) C:\Windows\system32\DRIVERS\btath_bus.sys

00:16:44.0875 8252 BTATH_BUS - ok

00:16:44.0921 8252 BTATH_HCRP (fb3833e63ff602b69c2ff085846dcf43) C:\Windows\system32\DRIVERS\btath_hcrp.sys

00:16:44.0951 8252 BTATH_HCRP - ok

00:16:44.0996 8252 BTATH_LWFLT (8008d892a2bda67eefbe25e14eb5dc83) C:\Windows\system32\DRIVERS\btath_lwflt.sys

00:16:45.0018 8252 BTATH_LWFLT - ok

00:16:45.0072 8252 BTATH_RCP (58535686697e5e82ec3a87938ac3da54) C:\Windows\system32\DRIVERS\btath_rcp.sys

00:16:45.0108 8252 BTATH_RCP - ok

00:16:45.0186 8252 BtFilter (3df6c4913a683c76f29f376ee814221e) C:\Windows\system32\DRIVERS\btfilter.sys

00:16:45.0255 8252 BtFilter - ok

00:16:45.0290 8252 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys

00:16:45.0344 8252 BthEnum - ok

00:16:45.0390 8252 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

00:16:45.0414 8252 BTHMODEM - ok

00:16:45.0452 8252 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

00:16:45.0486 8252 BthPan - ok

00:16:45.0549 8252 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys

00:16:45.0602 8252 BTHPORT - ok

00:16:45.0645 8252 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

00:16:45.0712 8252 bthserv - ok

00:16:45.0738 8252 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys

00:16:45.0760 8252 BTHUSB - ok

00:16:45.0811 8252 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

00:16:45.0867 8252 cdfs - ok

00:16:45.0909 8252 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

00:16:45.0942 8252 cdrom - ok

00:16:45.0963 8252 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

00:16:46.0010 8252 CertPropSvc - ok

00:16:46.0037 8252 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

00:16:46.0050 8252 circlass - ok

00:16:46.0104 8252 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

00:16:46.0140 8252 CLFS - ok

00:16:46.0195 8252 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

00:16:46.0227 8252 clr_optimization_v2.0.50727_32 - ok

00:16:46.0276 8252 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

00:16:46.0304 8252 clr_optimization_v2.0.50727_64 - ok

00:16:46.0533 8252 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

00:16:46.0557 8252 clr_optimization_v4.0.30319_32 - ok

00:16:46.0774 8252 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

00:16:46.0797 8252 clr_optimization_v4.0.30319_64 - ok

00:16:46.0833 8252 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

00:16:46.0865 8252 CmBatt - ok

00:16:46.0880 8252 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

00:16:46.0897 8252 cmdide - ok

00:16:46.0974 8252 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

00:16:47.0121 8252 CNG - ok

00:16:47.0154 8252 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

00:16:47.0168 8252 Compbatt - ok

00:16:47.0204 8252 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

00:16:47.0241 8252 CompositeBus - ok

00:16:47.0258 8252 COMSysApp - ok

00:16:47.0277 8252 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

00:16:47.0289 8252 crcdisk - ok

00:16:47.0343 8252 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

00:16:47.0383 8252 CryptSvc - ok

00:16:47.0455 8252 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

00:16:47.0535 8252 DcomLaunch - ok

00:16:47.0609 8252 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

00:16:47.0679 8252 defragsvc - ok

00:16:47.0714 8252 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

00:16:47.0766 8252 DfsC - ok

00:16:47.0823 8252 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

00:16:47.0920 8252 Dhcp - ok

00:16:47.0939 8252 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

00:16:47.0980 8252 discache - ok

00:16:48.0016 8252 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

00:16:48.0026 8252 Disk - ok

00:16:48.0055 8252 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

00:16:48.0106 8252 Dnscache - ok

00:16:48.0155 8252 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

00:16:48.0193 8252 dot3svc - ok

00:16:48.0209 8252 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

00:16:48.0247 8252 DPS - ok

00:16:48.0283 8252 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

00:16:48.0313 8252 drmkaud - ok

00:16:48.0405 8252 DsiWMIService (9dd3a22f804697606c2b7ff9e912ff6b) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

00:16:48.0441 8252 DsiWMIService - ok

00:16:48.0532 8252 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

00:16:48.0576 8252 DXGKrnl - ok

00:16:48.0614 8252 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

00:16:48.0657 8252 EapHost - ok

00:16:48.0890 8252 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

00:16:49.0021 8252 ebdrv - ok

00:16:49.0133 8252 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

00:16:49.0195 8252 EFS - ok

00:16:49.0296 8252 EgisTec Ticket Service (5332ec2ba1c112bd4bb1f38127848fef) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

00:16:49.0363 8252 EgisTec Ticket Service - ok

00:16:49.0475 8252 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

00:16:49.0574 8252 ehRecvr - ok

00:16:49.0606 8252 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

00:16:49.0623 8252 ehSched - ok

00:16:49.0745 8252 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

00:16:49.0824 8252 elxstor - ok

00:16:49.0977 8252 ePowerSvc (48425c93b6f36529707206e4fa680cf3) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

00:16:50.0017 8252 ePowerSvc - ok

00:16:50.0124 8252 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

00:16:50.0162 8252 ErrDev - ok

00:16:50.0226 8252 ETD (9d8739a2a2173c9d27c499a3fc6eda3f) C:\Windows\system32\DRIVERS\ETD.sys

00:16:50.0295 8252 ETD - ok

00:16:50.0366 8252 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

00:16:50.0428 8252 EventSystem - ok

00:16:50.0509 8252 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

00:16:50.0590 8252 exfat - ok

00:16:50.0633 8252 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

00:16:50.0724 8252 fastfat - ok

00:16:50.0799 8252 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

00:16:50.0853 8252 Fax - ok

00:16:50.0881 8252 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

00:16:50.0907 8252 fdc - ok

00:16:50.0929 8252 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

00:16:50.0967 8252 fdPHost - ok

00:16:50.0987 8252 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

00:16:51.0014 8252 FDResPub - ok

00:16:51.0039 8252 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

00:16:51.0048 8252 FileInfo - ok

00:16:51.0059 8252 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

00:16:51.0105 8252 Filetrace - ok

00:16:51.0224 8252 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

00:16:51.0292 8252 FLEXnet Licensing Service - ok

00:16:51.0337 8252 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

00:16:51.0350 8252 flpydisk - ok

00:16:51.0374 8252 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

00:16:51.0392 8252 FltMgr - ok

00:16:51.0504 8252 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

00:16:51.0581 8252 FontCache - ok

00:16:51.0649 8252 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

00:16:51.0686 8252 FontCache3.0.0.0 - ok

00:16:51.0726 8252 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

00:16:51.0746 8252 FsDepends - ok

00:16:51.0776 8252 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

00:16:51.0794 8252 Fs_Rec - ok

00:16:51.0826 8252 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

00:16:51.0857 8252 fvevol - ok

00:16:51.0882 8252 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

00:16:51.0891 8252 gagp30kx - ok

00:16:51.0988 8252 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

00:16:52.0072 8252 gpsvc - ok

00:16:52.0134 8252 GREGService (c9b2d1d3f86fd3673ef847def73b6f9e) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

00:16:52.0155 8252 GREGService - ok

00:16:52.0188 8252 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

00:16:52.0267 8252 hcw85cir - ok

00:16:52.0334 8252 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

00:16:52.0395 8252 HdAudAddService - ok

00:16:52.0443 8252 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

00:16:52.0483 8252 HDAudBus - ok

00:16:52.0638 8252 HealthAlertsSvc (d319a833ec173ad83c67885b3ed6c71c) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe

00:16:52.0657 8252 HealthAlertsSvc - ok

00:16:52.0692 8252 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

00:16:52.0725 8252 HidBatt - ok

00:16:52.0747 8252 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

00:16:52.0782 8252 HidBth - ok

00:16:52.0788 8252 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

00:16:52.0806 8252 HidIr - ok

00:16:52.0838 8252 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

00:16:52.0885 8252 hidserv - ok

00:16:52.0918 8252 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

00:16:52.0928 8252 HidUsb - ok

00:16:52.0969 8252 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

00:16:53.0042 8252 hkmsvc - ok

00:16:53.0076 8252 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

00:16:53.0135 8252 HomeGroupListener - ok

00:16:53.0186 8252 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

00:16:53.0252 8252 HomeGroupProvider - ok

00:16:53.0309 8252 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

00:16:53.0341 8252 HpSAMD - ok

00:16:53.0412 8252 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

00:16:53.0487 8252 HTTP - ok

00:16:53.0490 8252 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

00:16:53.0502 8252 hwpolicy - ok

00:16:53.0529 8252 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

00:16:53.0543 8252 i8042prt - ok

00:16:53.0608 8252 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys

00:16:53.0631 8252 iaStor - ok

00:16:53.0688 8252 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

00:16:53.0710 8252 IAStorDataMgrSvc - ok

00:16:53.0774 8252 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

00:16:53.0822 8252 iaStorV - ok

00:16:53.0945 8252 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

00:16:54.0000 8252 idsvc - ok

00:16:54.0686 8252 igfx (9937600a1584ff00565d5379eb4c9edb) C:\Windows\system32\DRIVERS\igdkmd64.sys

00:16:55.0120 8252 igfx - ok

00:16:55.0266 8252 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

00:16:55.0287 8252 iirsp - ok

00:16:55.0380 8252 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

00:16:55.0439 8252 IKEEXT - ok

00:16:55.0593 8252 initMonitor (d319a833ec173ad83c67885b3ed6c71c) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe

00:16:55.0606 8252 initMonitor - ok

00:16:55.0824 8252 IntcAzAudAddService (b60accd29f8fafc4a6344cd2bd5ca3a5) C:\Windows\system32\drivers\RTKVHD64.sys

00:16:55.0926 8252 IntcAzAudAddService - ok

00:16:56.0086 8252 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

00:16:56.0182 8252 IntcDAud - ok

00:16:56.0220 8252 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

00:16:56.0236 8252 intelide - ok

00:16:56.0269 8252 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

00:16:56.0301 8252 intelppm - ok

00:16:56.0350 8252 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

00:16:56.0383 8252 IPBusEnum - ok

00:16:56.0427 8252 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:16:56.0475 8252 IpFilterDriver - ok

00:16:56.0538 8252 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

00:16:56.0610 8252 iphlpsvc - ok

00:16:56.0618 8252 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

00:16:56.0638 8252 IPMIDRV - ok

00:16:56.0649 8252 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

00:16:56.0677 8252 IPNAT - ok

00:16:56.0701 8252 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

00:16:56.0714 8252 IRENUM - ok

00:16:56.0725 8252 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

00:16:56.0742 8252 isapnp - ok

00:16:56.0777 8252 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

00:16:56.0802 8252 iScsiPrt - ok

00:16:56.0836 8252 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

00:16:56.0863 8252 kbdclass - ok

00:16:56.0874 8252 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

00:16:56.0887 8252 kbdhid - ok

00:16:56.0921 8252 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:16:56.0929 8252 KeyIso - ok

00:16:56.0945 8252 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

00:16:56.0955 8252 KSecDD - ok

00:16:56.0986 8252 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

00:16:57.0021 8252 KSecPkg - ok

00:16:57.0050 8252 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

00:16:57.0102 8252 ksthunk - ok

00:16:57.0171 8252 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

00:16:57.0268 8252 KtmRm - ok

00:16:57.0320 8252 L1C (0e154da6ca9105354a07d0c576804037) C:\Windows\system32\DRIVERS\L1C62x64.sys

00:16:57.0379 8252 L1C - ok

00:16:57.0512 8252 LANConfig (f11ff47203538dd145faf56a4daf5d75) C:\Program Files\Windows Server\Bin\LANConfigSvc.exe

00:16:57.0533 8252 LANConfig - ok

00:16:57.0596 8252 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

00:16:57.0665 8252 LanmanServer - ok

00:16:57.0713 8252 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

00:16:57.0779 8252 LanmanWorkstation - ok

00:16:57.0856 8252 Live Updater Service (b705c7097f9a0ec941d02dce7c7d426c) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

00:16:57.0887 8252 Live Updater Service - ok

00:16:57.0921 8252 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

00:16:58.0001 8252 lltdio - ok

00:16:58.0055 8252 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

00:16:58.0151 8252 lltdsvc - ok

00:16:58.0172 8252 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

00:16:58.0200 8252 lmhosts - ok

00:16:58.0338 8252 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

00:16:58.0370 8252 LMS - ok

00:16:58.0415 8252 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

00:16:58.0429 8252 LSI_FC - ok

00:16:58.0455 8252 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

00:16:58.0469 8252 LSI_SAS - ok

00:16:58.0477 8252 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

00:16:58.0490 8252 LSI_SAS2 - ok

00:16:58.0509 8252 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

00:16:58.0541 8252 LSI_SCSI - ok

00:16:58.0570 8252 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

00:16:58.0668 8252 luafv - ok

00:16:58.0671 8252 McAfee SiteAdvisor Service - ok

00:16:58.0706 8252 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

00:16:58.0728 8252 Mcx2Svc - ok

00:16:58.0733 8252 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

00:16:58.0741 8252 megasas - ok

00:16:58.0786 8252 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

00:16:58.0824 8252 MegaSR - ok

00:16:58.0869 8252 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys

00:16:58.0895 8252 MEIx64 - ok

00:16:58.0914 8252 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

00:16:58.0944 8252 MMCSS - ok

00:16:58.0958 8252 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

00:16:58.0996 8252 Modem - ok

00:16:59.0035 8252 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

00:16:59.0067 8252 monitor - ok

00:16:59.0082 8252 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

00:16:59.0098 8252 mouclass - ok

00:16:59.0120 8252 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys

00:16:59.0153 8252 mouhid - ok

00:16:59.0193 8252 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

00:16:59.0210 8252 mountmgr - ok

00:16:59.0241 8252 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

00:16:59.0272 8252 mpio - ok

00:16:59.0280 8252 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

00:16:59.0312 8252 mpsdrv - ok

00:16:59.0406 8252 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

00:16:59.0495 8252 MpsSvc - ok

00:16:59.0509 8252 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

00:16:59.0540 8252 MRxDAV - ok

00:16:59.0554 8252 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

00:16:59.0593 8252 mrxsmb - ok

00:16:59.0653 8252 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:16:59.0713 8252 mrxsmb10 - ok

00:16:59.0726 8252 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:16:59.0742 8252 mrxsmb20 - ok

00:16:59.0769 8252 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

00:16:59.0778 8252 msahci - ok

00:16:59.0792 8252 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

00:16:59.0835 8252 msdsm - ok

00:16:59.0879 8252 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

00:16:59.0927 8252 MSDTC - ok

00:16:59.0951 8252 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

00:16:59.0997 8252 Msfs - ok

00:17:00.0015 8252 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

00:17:00.0057 8252 mshidkmdf - ok

00:17:00.0060 8252 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

00:17:00.0069 8252 msisadrv - ok

00:17:00.0116 8252 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

00:17:00.0202 8252 MSiSCSI - ok

00:17:00.0205 8252 msiserver - ok

00:17:00.0234 8252 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

00:17:00.0277 8252 MSKSSRV - ok

00:17:00.0289 8252 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

00:17:00.0331 8252 MSPCLOCK - ok

00:17:00.0356 8252 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

00:17:00.0398 8252 MSPQM - ok

00:17:00.0430 8252 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

00:17:00.0445 8252 MsRPC - ok

00:17:00.0450 8252 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

00:17:00.0460 8252 mssmbios - ok

00:17:00.0491 8252 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

00:17:00.0537 8252 MSTEE - ok

00:17:00.0550 8252 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

00:17:00.0560 8252 MTConfig - ok

00:17:00.0567 8252 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

00:17:00.0576 8252 Mup - ok

00:17:00.0579 8252 mwlPSDFilter (c009123b206c56854f4e88596035231d) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

00:17:00.0587 8252 mwlPSDFilter - ok

00:17:00.0608 8252 mwlPSDNServ (bf3739eeb9f008b1debac115089a53f8) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

00:17:00.0666 8252 mwlPSDNServ - ok

00:17:00.0677 8252 mwlPSDVDisk (38dd143d95e7a01b86f219dda9c28779) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

00:17:00.0690 8252 mwlPSDVDisk - ok

00:17:00.0759 8252 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

00:17:00.0836 8252 napagent - ok

00:17:00.0920 8252 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

00:17:00.0974 8252 NativeWifiP - ok

00:17:01.0030 8252 Nbdrv (37bfe7ce56133f2e8e90ef68157d73c8) C:\Windows\system32\DRIVERS\nbdrv.sys

00:17:01.0093 8252 Nbdrv - ok

00:17:01.0243 8252 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

00:17:01.0282 8252 NDIS - ok

00:17:01.0313 8252 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

00:17:01.0342 8252 NdisCap - ok

00:17:01.0357 8252 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

00:17:01.0383 8252 NdisTapi - ok

00:17:01.0402 8252 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

00:17:01.0440 8252 Ndisuio - ok

00:17:01.0455 8252 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

00:17:01.0488 8252 NdisWan - ok

00:17:01.0505 8252 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

00:17:01.0530 8252 NDProxy - ok

00:17:01.0591 8252 NetBalancer Windows Service (bc4a5463cdab54967671f500d5f2c79d) C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe

00:17:01.0624 8252 NetBalancer Windows Service ( UnsignedFile.Multi.Generic ) - warning

00:17:01.0624 8252 NetBalancer Windows Service - detected UnsignedFile.Multi.Generic (1)

00:17:01.0630 8252 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

00:17:01.0663 8252 NetBIOS - ok

00:17:01.0685 8252 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

00:17:01.0715 8252 NetBT - ok

00:17:01.0743 8252 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:17:01.0753 8252 Netlogon - ok

00:17:01.0815 8252 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

00:17:01.0891 8252 Netman - ok

00:17:02.0162 8252 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

00:17:02.0186 8252 NetMsmqActivator - ok

00:17:02.0198 8252 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

00:17:02.0212 8252 NetPipeActivator - ok

00:17:02.0280 8252 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

00:17:02.0437 8252 netprofm - ok

00:17:02.0440 8252 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

00:17:02.0451 8252 NetTcpActivator - ok

00:17:02.0453 8252 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

00:17:02.0461 8252 NetTcpPortSharing - ok

00:17:02.0531 8252 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

00:17:02.0564 8252 nfrd960 - ok

00:17:02.0618 8252 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

00:17:02.0673 8252 NlaSvc - ok

00:17:02.0816 8252 NotificationsProviderSvc (d319a833ec173ad83c67885b3ed6c71c) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe

00:17:02.0838 8252 NotificationsProviderSvc - ok

00:17:02.0856 8252 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

00:17:02.0887 8252 Npfs - ok

00:17:02.0904 8252 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

00:17:02.0942 8252 nsi - ok

00:17:02.0962 8252 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

00:17:03.0007 8252 nsiproxy - ok

00:17:03.0151 8252 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

00:17:03.0235 8252 Ntfs - ok

00:17:03.0318 8252 NTI IScheduleSvc (1873214666f6f0a883742df91fbc48c9) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

00:17:03.0353 8252 NTI IScheduleSvc - ok

00:17:03.0463 8252 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys

00:17:03.0486 8252 NTIDrvr - ok

00:17:03.0491 8252 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

00:17:03.0524 8252 Null - ok

00:17:03.0570 8252 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

00:17:03.0620 8252 nvraid - ok

00:17:03.0636 8252 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

00:17:03.0655 8252 nvstor - ok

00:17:03.0681 8252 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

00:17:03.0713 8252 nv_agp - ok

00:17:03.0721 8252 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

00:17:03.0745 8252 ohci1394 - ok

00:17:03.0799 8252 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

00:17:03.0864 8252 p2pimsvc - ok

00:17:03.0934 8252 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

00:17:03.0984 8252 p2psvc - ok

00:17:03.0994 8252 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

00:17:04.0009 8252 Parport - ok

00:17:04.0043 8252 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

00:17:04.0067 8252 partmgr - ok

00:17:04.0086 8252 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

00:17:04.0122 8252 PcaSvc - ok

00:17:04.0163 8252 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

00:17:04.0205 8252 pci - ok

00:17:04.0228 8252 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

00:17:04.0239 8252 pciide - ok

00:17:04.0283 8252 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

00:17:04.0318 8252 pcmcia - ok

00:17:04.0325 8252 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

00:17:04.0340 8252 pcw - ok

00:17:04.0382 8252 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

00:17:04.0431 8252 PEAUTH - ok

00:17:04.0516 8252 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

00:17:04.0555 8252 PerfHost - ok

00:17:04.0697 8252 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

00:17:04.0795 8252 pla - ok

00:17:04.0871 8252 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

00:17:04.0936 8252 PlugPlay - ok

00:17:04.0963 8252 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

00:17:04.0994 8252 PNRPAutoReg - ok

00:17:05.0045 8252 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

00:17:05.0074 8252 PNRPsvc - ok

00:17:05.0142 8252 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

00:17:05.0211 8252 PolicyAgent - ok

00:17:05.0229 8252 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

00:17:05.0262 8252 Power - ok

00:17:05.0334 8252 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

00:17:05.0422 8252 PptpMiniport - ok

00:17:05.0442 8252 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

00:17:05.0462 8252 Processor - ok

00:17:05.0508 8252 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

00:17:05.0563 8252 ProfSvc - ok

00:17:05.0587 8252 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:17:05.0601 8252 ProtectedStorage - ok

00:17:05.0738 8252 providers_system (d319a833ec173ad83c67885b3ed6c71c) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe

00:17:05.0755 8252 providers_system - ok

00:17:05.0808 8252 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

00:17:05.0858 8252 Psched - ok

00:17:06.0006 8252 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

00:17:06.0098 8252 ql2300 - ok

00:17:06.0225 8252 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

00:17:06.0271 8252 ql40xx - ok

00:17:06.0315 8252 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

00:17:06.0354 8252 QWAVE - ok

00:17:06.0373 8252 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

00:17:06.0408 8252 QWAVEdrv - ok

00:17:06.0428 8252 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

00:17:06.0469 8252 RasAcd - ok

00:17:06.0516 8252 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

00:17:06.0579 8252 RasAgileVpn - ok

00:17:06.0589 8252 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

00:17:06.0639 8252 RasAuto - ok

00:17:06.0668 8252 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

00:17:06.0763 8252 Rasl2tp - ok

00:17:06.0796 8252 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

00:17:06.0840 8252 RasMan - ok

00:17:06.0849 8252 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

00:17:06.0881 8252 RasPppoe - ok

00:17:06.0904 8252 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

00:17:06.0941 8252 RasSstp - ok

00:17:06.0969 8252 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

00:17:06.0999 8252 rdbss - ok

00:17:07.0019 8252 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

00:17:07.0031 8252 rdpbus - ok

00:17:07.0035 8252 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

00:17:07.0073 8252 RDPCDD - ok

00:17:07.0086 8252 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

00:17:07.0127 8252 RDPENCDD - ok

00:17:07.0131 8252 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

00:17:07.0158 8252 RDPREFMP - ok

00:17:07.0206 8252 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

00:17:07.0277 8252 RDPWD - ok

00:17:07.0323 8252 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

00:17:07.0344 8252 rdyboost - ok

00:17:07.0371 8252 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

00:17:07.0417 8252 RemoteAccess - ok

00:17:07.0451 8252 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

00:17:07.0489 8252 RemoteRegistry - ok

00:17:07.0550 8252 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

00:17:07.0596 8252 RFCOMM - ok

00:17:07.0618 8252 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

00:17:07.0676 8252 RpcEptMapper - ok

00:17:07.0704 8252 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

00:17:07.0714 8252 RpcLocator - ok

00:17:07.0760 8252 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

00:17:07.0807 8252 RpcSs - ok

00:17:07.0839 8252 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

00:17:07.0869 8252 rspndr - ok

00:17:07.0939 8252 RSUSBSTOR (9beb5f18a418ff70659ce2e356829568) C:\Windows\system32\Drivers\RtsUStor.sys

00:17:08.0033 8252 RSUSBSTOR - ok

00:17:08.0065 8252 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:17:08.0095 8252 SamSs - ok

00:17:08.0125 8252 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

00:17:08.0140 8252 sbp2port - ok

00:17:08.0179 8252 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

00:17:08.0225 8252 SCardSvr - ok

00:17:08.0238 8252 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

00:17:08.0278 8252 scfilter - ok

00:17:08.0399 8252 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

00:17:08.0464 8252 Schedule - ok

00:17:08.0502 8252 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

00:17:08.0531 8252 SCPolicySvc - ok

00:17:08.0547 8252 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

00:17:08.0579 8252 SDRSVC - ok

00:17:08.0644 8252 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

00:17:08.0710 8252 secdrv - ok

00:17:08.0726 8252 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

00:17:08.0753 8252 seclogon - ok

00:17:08.0777 8252 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

00:17:08.0819 8252 SENS - ok

00:17:08.0848 8252 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

00:17:08.0884 8252 SensrSvc - ok

00:17:08.0923 8252 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

00:17:08.0954 8252 Serenum - ok

00:17:08.0983 8252 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

00:17:08.0994 8252 Serial - ok

00:17:09.0007 8252 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

00:17:09.0031 8252 sermouse - ok

00:17:09.0181 8252 ServiceProviderRegistry (2af4866050e7c07132473aa5e57630eb) C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe

00:17:09.0202 8252 ServiceProviderRegistry - ok

00:17:09.0236 8252 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

00:17:09.0323 8252 SessionEnv - ok

00:17:09.0337 8252 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

00:17:09.0365 8252 sffdisk - ok

00:17:09.0384 8252 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

00:17:09.0413 8252 sffp_mmc - ok

00:17:09.0417 8252 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

00:17:09.0429 8252 sffp_sd - ok

00:17:09.0448 8252 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

00:17:09.0465 8252 sfloppy - ok

00:17:09.0518 8252 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

00:17:09.0586 8252 SharedAccess - ok

00:17:09.0637 8252 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

00:17:09.0707 8252 ShellHWDetection - ok

00:17:09.0741 8252 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

00:17:09.0769 8252 SiSRaid2 - ok

00:17:09.0779 8252 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

00:17:09.0793 8252 SiSRaid4 - ok

00:17:09.0814 8252 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

00:17:09.0851 8252 Smb - ok

00:17:09.0875 8252 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

00:17:09.0906 8252 SNMPTRAP - ok

00:17:09.0922 8252 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

00:17:09.0931 8252 spldr - ok

00:17:09.0996 8252 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

00:17:10.0048 8252 Spooler - ok

00:17:10.0287 8252 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

00:17:10.0438 8252 sppsvc - ok

00:17:10.0553 8252 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

00:17:10.0610 8252 sppuinotify - ok

00:17:10.0748 8252 SqmProviderSvc (d319a833ec173ad83c67885b3ed6c71c) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe

00:17:10.0766 8252 SqmProviderSvc - ok

00:17:10.0830 8252 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

00:17:10.0891 8252 srv - ok

00:17:10.0927 8252 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

00:17:10.0958 8252 srv2 - ok

00:17:10.0977 8252 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

00:17:11.0026 8252 srvnet - ok

00:17:11.0084 8252 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

00:17:11.0180 8252 SSDPSRV - ok

00:17:11.0188 8252 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

00:17:11.0220 8252 SstpSvc - ok

00:17:11.0232 8252 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

00:17:11.0240 8252 stexstor - ok

00:17:11.0320 8252 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

00:17:11.0367 8252 stisvc - ok

00:17:11.0383 8252 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

00:17:11.0392 8252 swenum - ok

00:17:11.0457 8252 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

00:17:11.0524 8252 swprv - ok

00:17:11.0669 8252 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

00:17:11.0765 8252 SysMain - ok

00:17:11.0863 8252 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

00:17:11.0901 8252 TabletInputService - ok

00:17:11.0945 8252 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

00:17:12.0023 8252 TapiSrv - ok

00:17:12.0044 8252 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

00:17:12.0073 8252 TBS - ok

00:17:12.0245 8252 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

00:17:12.0345 8252 Tcpip - ok

00:17:12.0571 8252 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

00:17:12.0620 8252 TCPIP6 - ok

00:17:12.0705 8252 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

00:17:12.0752 8252 tcpipreg - ok

00:17:12.0771 8252 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

00:17:12.0796 8252 TDPIPE - ok

00:17:12.0823 8252 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

00:17:12.0851 8252 TDTCP - ok

00:17:12.0863 8252 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

00:17:12.0890 8252 tdx - ok

00:17:12.0896 8252 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

00:17:12.0906 8252 TermDD - ok

00:17:12.0996 8252 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

00:17:13.0123 8252 TermService - ok

00:17:13.0144 8252 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

00:17:13.0158 8252 Themes - ok

00:17:13.0191 8252 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

00:17:13.0236 8252 THREADORDER - ok

00:17:13.0259 8252 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

00:17:13.0345 8252 TrkWks - ok

00:17:13.0410 8252 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

00:17:13.0469 8252 TrustedInstaller - ok

00:17:13.0493 8252 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

00:17:13.0534 8252 tssecsrv - ok

00:17:13.0577 8252 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

00:17:13.0614 8252 TsUsbFlt - ok

00:17:13.0641 8252 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

00:17:13.0655 8252 TsUsbGD - ok

00:17:13.0706 8252 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

00:17:13.0786 8252 tunnel - ok

00:17:13.0814 8252 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys

00:17:13.0825 8252 TurboB - ok

00:17:13.0938 8252 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

00:17:13.0961 8252 TurboBoost - ok

00:17:13.0971 8252 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

00:17:13.0983 8252 uagp35 - ok

00:17:14.0000 8252 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys

00:17:14.0007 8252 UBHelper - ok

00:17:14.0067 8252 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

00:17:14.0147 8252 udfs - ok

00:17:14.0177 8252 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

00:17:14.0191 8252 UI0Detect - ok

00:17:14.0198 8252 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

00:17:14.0209 8252 uliagpkx - ok

00:17:14.0214 8252 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

00:17:14.0237 8252 umbus - ok

00:17:14.0274 8252 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

00:17:14.0308 8252 UmPass - ok

00:17:14.0528 8252 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

00:17:14.0634 8252 UNS - ok

00:17:14.0773 8252 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

00:17:14.0849 8252 upnphost - ok

00:17:14.0906 8252 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

00:17:14.0947 8252 usbccgp - ok

00:17:14.0991 8252 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

00:17:15.0012 8252 usbcir - ok

00:17:15.0019 8252 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

00:17:15.0054 8252 usbehci - ok

00:17:15.0099 8252 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys

00:17:15.0113 8252 usbhub - ok

00:17:15.0135 8252 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

00:17:15.0157 8252 usbohci - ok

00:17:15.0177 8252 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

00:17:15.0194 8252 usbprint - ok

00:17:15.0205 8252 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:17:15.0242 8252 USBSTOR - ok

00:17:15.0269 8252 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

00:17:15.0292 8252 usbuhci - ok

00:17:15.0330 8252 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

00:17:15.0346 8252 usbvideo - ok

00:17:15.0371 8252 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

00:17:15.0411 8252 UxSms - ok

00:17:15.0442 8252 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:17:15.0465 8252 VaultSvc - ok

00:17:15.0479 8252 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

00:17:15.0488 8252 vdrvroot - ok

00:17:15.0547 8252 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

00:17:15.0633 8252 vds - ok

00:17:15.0664 8252 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

00:17:15.0676 8252 vga - ok

00:17:15.0681 8252 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

00:17:15.0708 8252 VgaSave - ok

00:17:15.0726 8252 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

00:17:15.0738 8252 vhdmp - ok

00:17:15.0775 8252 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

00:17:15.0795 8252 viaide - ok

00:17:15.0804 8252 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

00:17:15.0813 8252 volmgr - ok

00:17:15.0868 8252 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

00:17:15.0911 8252 volmgrx - ok

00:17:15.0940 8252 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

00:17:15.0958 8252 volsnap - ok

00:17:16.0000 8252 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

00:17:16.0028 8252 vsmraid - ok

00:17:16.0182 8252 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

00:17:16.0285 8252 VSS - ok

00:17:16.0396 8252 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

00:17:16.0444 8252 vwifibus - ok

00:17:16.0451 8252 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

00:17:16.0477 8252 vwififlt - ok

00:17:16.0547 8252 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

00:17:16.0592 8252 W32Time - ok

00:17:16.0623 8252 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

00:17:16.0652 8252 WacomPen - ok

00:17:16.0679 8252 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:17:16.0728 8252 WANARP - ok

00:17:16.0730 8252 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:17:16.0756 8252 Wanarpv6 - ok

00:17:16.0924 8252 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

00:17:16.0973 8252 WatAdminSvc - ok

00:17:17.0128 8252 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

00:17:17.0261 8252 wbengine - ok

00:17:17.0371 8252 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

00:17:17.0425 8252 WbioSrvc - ok

00:17:17.0469 8252 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

00:17:17.0531 8252 wcncsvc - ok

00:17:17.0538 8252 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

00:17:17.0578 8252 WcsPlugInService - ok

00:17:17.0616 8252 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

00:17:17.0627 8252 Wd - ok

00:17:17.0703 8252 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

00:17:17.0758 8252 Wdf01000 - ok

00:17:17.0774 8252 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

00:17:17.0879 8252 WdiServiceHost - ok

00:17:17.0884 8252 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

00:17:17.0907 8252 WdiSystemHost - ok

00:17:17.0949 8252 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

00:17:17.0987 8252 WebClient - ok

00:17:18.0009 8252 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

00:17:18.0043 8252 Wecsvc - ok

00:17:18.0065 8252 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

00:17:18.0093 8252 wercplsupport - ok

00:17:18.0114 8252 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

00:17:18.0157 8252 WerSvc - ok

00:17:18.0227 8252 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

00:17:18.0268 8252 WfpLwf - ok

00:17:18.0427 8252 WhsMcClient (12172b572ab4589d44d20052dae82ed7) C:\Program Files\Windows Server\Bin\WhsMcClient.exe

00:17:18.0473 8252 WhsMcClient - ok

00:17:18.0494 8252 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

00:17:18.0511 8252 WIMMount - ok

00:17:18.0561 8252 WinDefend - ok

00:17:18.0578 8252 WinHttpAutoProxySvc - ok

00:17:18.0666 8252 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

00:17:18.0739 8252 Winmgmt - ok

00:17:18.0978 8252 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

00:17:19.0099 8252 WinRM - ok

00:17:19.0293 8252 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

00:17:19.0367 8252 Wlansvc - ok

00:17:19.0438 8252 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

00:17:19.0488 8252 wlcrasvc - ok

00:17:19.0673 8252 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

00:17:19.0763 8252 wlidsvc - ok

00:17:19.0894 8252 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

00:17:19.0927 8252 WmiAcpi - ok

00:17:19.0994 8252 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

00:17:20.0050 8252 wmiApSrv - ok

00:17:20.0100 8252 WMPNetworkSvc - ok

00:17:20.0151 8252 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

00:17:20.0189 8252 WPCSvc - ok

00:17:20.0216 8252 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

00:17:20.0270 8252 WPDBusEnum - ok

00:17:20.0293 8252 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

00:17:20.0330 8252 ws2ifsl - ok

00:17:20.0472 8252 WSConnectorUpdate (aaa0f5cde4d5c357a65e14df793fda81) C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe

00:17:20.0511 8252 WSConnectorUpdate - ok

00:17:20.0535 8252 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

00:17:20.0561 8252 wscsvc - ok

00:17:20.0563 8252 WSearch - ok

00:17:20.0592 8252 WSS_ComputerBackupProviderSvc (d319a833ec173ad83c67885b3ed6c71c) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe

00:17:20.0603 8252 WSS_ComputerBackupProviderSvc - ok

00:17:20.0790 8252 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

00:17:20.0903 8252 wuauserv - ok

00:17:21.0050 8252 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

00:17:21.0113 8252 WudfPf - ok

00:17:21.0156 8252 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

00:17:21.0209 8252 WUDFRd - ok

00:17:21.0251 8252 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

00:17:21.0283 8252 wudfsvc - ok

00:17:21.0314 8252 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

00:17:21.0353 8252 WwanSvc - ok

00:17:21.0383 8252 MBR (0x1B8) (539b66f28905acf132f9da29db8d6931) \Device\Harddisk0\DR0

00:17:21.0830 8252 \Device\Harddisk0\DR0 - ok

00:17:21.0837 8252 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

00:17:23.0711 8252 \Device\Harddisk1\DR1 - ok

00:17:23.0716 8252 Boot (0x1200) (ea4db0ec0fe7059d147ab0e081e8e50e) \Device\Harddisk0\DR0\Partition0

00:17:23.0719 8252 \Device\Harddisk0\DR0\Partition0 - ok

00:17:23.0729 8252 Boot (0x1200) (be8921fff7868f83c44b268bb51c20c9) \Device\Harddisk0\DR0\Partition1

00:17:23.0732 8252 \Device\Harddisk0\DR0\Partition1 - ok

00:17:23.0738 8252 Boot (0x1200) (d8ba34611cb2343e480f2fbe657fa275) \Device\Harddisk1\DR1\Partition0

00:17:23.0742 8252 \Device\Harddisk1\DR1\Partition0 - ok

00:17:23.0743 8252 ============================================================

00:17:23.0743 8252 Scan finished

00:17:23.0743 8252 ============================================================

00:17:23.0756 7848 Detected object count: 1

00:17:23.0756 7848 Actual detected object count: 1

00:17:48.0277 7848 NetBalancer Windows Service ( UnsignedFile.Multi.Generic ) - skipped by user

00:17:48.0277 7848 NetBalancer Windows Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:18:01.0732 8936 Deinitialize success

Link to post
Share on other sites

That scan was clean....please do this:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review. (Post It!)

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-06-19.03 - jerry 06/20/2012 8:49.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.1944 [GMT -4:00]

Running from: c:\users\jerry\Desktop\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Public\Documents\NTILiveUpdateV9.dll

c:\users\Public\Documents\NTIMMV9Acer.dll

c:\users\Public\Documents\NTIMMV9REGET.dll

c:\windows\Installer\{32be1b79-4a5c-39a4-4f00-70a2c67a80d1}\@

c:\windows\Installer\{32be1b79-4a5c-39a4-4f00-70a2c67a80d1}\U\00000001.@

c:\windows\Installer\{32be1b79-4a5c-39a4-4f00-70a2c67a80d1}\U\80000000.@

c:\windows\Installer\{32be1b79-4a5c-39a4-4f00-70a2c67a80d1}\U\800000cb.@

.

.

((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 )))))))))))))))))))))))))))))))

.

.

2012-06-20 12:52 . 2012-06-20 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-20 04:24 . 2011-08-04 17:42 162392 ----a-w- c:\windows\system32\drivers\VvBackd5.sys

2012-06-20 04:24 . 2011-01-05 05:18 66136 ------w- c:\windows\system32\drivers\HCDisk.sys

2012-06-20 04:23 . 2012-06-20 04:23 -------- d-----w- c:\program files\FarStone

2012-06-20 04:21 . 2011-04-18 15:12 24664 ------w- c:\windows\system32\drivers\FarMntIo.sys

2012-06-20 04:21 . 2012-06-20 12:43 -------- d-----w- c:\programdata\Farstone

2012-06-20 02:19 . 2012-06-20 02:38 -------- d-----w- c:\programdata\AVG2012

2012-06-20 01:26 . 2012-06-20 01:26 -------- d--h--w- c:\programdata\Common Files

2012-06-20 01:26 . 2012-06-20 01:26 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-06-20 01:25 . 2012-06-20 02:19 -------- d-----w- c:\windows\system32\drivers\AVG

2012-06-20 01:24 . 2012-06-20 02:18 -------- d-----w- c:\program files (x86)\AVG

2012-06-20 01:22 . 2012-06-20 02:28 -------- d-----w- c:\programdata\MFAData

2012-06-20 00:56 . 2012-06-20 00:56 -------- d-----w- c:\programdata\AWIECO

2012-06-20 00:55 . 2012-06-20 00:55 -------- d-----w- c:\program files\AWIECO

2012-06-20 00:55 . 2012-06-20 00:55 274432 ----a-w- c:\programdata\Microsoft\Windows Server\Data\DownloadCache\Client64.msi

2012-06-20 00:27 . 2012-06-20 00:27 -------- d-----w- c:\program files\Windows Server

2012-06-20 00:12 . 2012-06-20 05:27 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2012-06-18 05:00 . 2012-06-18 05:00 -------- d-----w- c:\windows\NAPP_Dism_Log

2012-06-18 04:40 . 2012-06-18 04:40 -------- d-----w- c:\program files (x86)\Barnes & Noble

2012-06-18 04:38 . 2012-06-18 04:39 -------- d-----w- c:\programdata\CLSK

2012-06-18 04:37 . 2012-06-18 04:37 -------- d-----w- c:\program files (x86)\Cyberlink

2012-06-18 04:37 . 2012-06-18 04:39 -------- d-----w- c:\programdata\CyberLink

2012-06-18 04:34 . 2012-06-18 04:34 -------- d-----w- c:\programdata\NTI Launcher

2012-06-18 04:32 . 2012-06-18 04:32 -------- d-----w- c:\programdata\FLEXnet

2012-06-18 04:32 . 2012-06-18 04:32 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared

2012-06-18 04:30 . 2012-06-18 03:03 -------- d-----w- c:\program files (x86)\Microsoft

2012-06-18 04:29 . 2012-06-18 04:29 -------- d-----w- c:\programdata\Atheros

2012-06-18 04:20 . 2012-06-18 04:20 -------- d-----w- c:\program files\Elantech

2012-06-18 04:19 . 2012-06-18 04:19 -------- d-----w- c:\program files\Intel

2012-06-18 04:17 . 2012-06-18 04:18 -------- d-----w- c:\program files (x86)\Launch Manager

2012-06-18 04:14 . 2012-06-18 04:14 -------- d-----w- c:\program files (x86)\Common Files\Atheros

2012-06-18 04:14 . 2012-06-18 04:14 -------- d-----w- c:\program files (x86)\Bluetooth Suite

2012-06-18 04:11 . 2012-06-18 04:11 -------- d-----w- c:\programdata\EgisTec

2012-06-18 04:11 . 2012-06-18 04:11 -------- d-----w- c:\programdata\Intel

2012-06-18 04:06 . 2012-06-18 04:06 -------- d-----w- c:\program files\Common Files\Intel

2012-06-18 04:06 . 2012-06-18 04:06 -------- d-----w- c:\program files (x86)\Common Files\Intel

2012-06-18 03:16 . 2012-06-18 03:16 -------- d-----w- c:\windows\SysWow64\Wat

2012-06-18 03:16 . 2012-06-18 03:16 -------- d-----w- c:\windows\system32\Wat

2012-06-18 03:16 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-06-18 03:16 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-06-18 03:01 . 2012-06-18 03:01 -------- d-----w- c:\program files (x86)\Your Uninstaller! 7

2012-06-18 03:01 . 2012-06-18 03:01 -------- d-----w- c:\programdata\Babylon

2012-06-18 02:59 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-06-18 02:59 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-06-18 02:59 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-06-18 02:59 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-06-18 02:59 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-06-18 02:59 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-06-18 02:59 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-06-18 02:53 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2012-06-18 02:52 . 2011-07-16 05:21 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-06-18 02:51 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-18 02:51 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-18 02:51 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-18 02:50 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2012-06-18 02:50 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2012-06-18 02:50 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2012-06-18 02:50 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2012-06-18 02:47 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-06-18 02:46 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-06-18 02:46 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-06-18 02:46 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-18 02:45 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2012-06-18 02:45 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2012-06-18 02:42 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-06-18 02:42 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-06-18 02:42 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-06-18 02:29 . 2012-06-20 12:43 -------- d-----w- c:\programdata\clear.fi

2012-06-18 02:26 . 2012-06-18 02:26 -------- d-----w- c:\programdata\SeriousBit

2012-06-18 02:25 . 2011-05-18 20:57 41256 ----a-w- c:\windows\system32\drivers\nbdrv.sys

2012-06-18 02:25 . 2012-06-18 02:26 -------- d-----w- c:\program files\NetBalancer

2012-06-18 02:20 . 2012-06-18 02:20 -------- d-----w- c:\program files (x86)\DSUtilities

2012-06-18 02:20 . 2004-03-09 05:00 609824 ----a-w- c:\windows\SysWow64\ComCtl32.ocx

2012-06-18 02:17 . 2012-06-18 02:17 -------- d-----w- c:\programdata\Hewlett-Packard

2012-06-18 02:17 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll

2012-06-18 02:07 . 2012-06-18 02:07 -------- d-----w- c:\programdata\OEM_E471269A730D

2012-06-18 02:07 . 2012-06-18 02:07 -------- d-----w- c:\program files (x86)\Times Reader

2012-06-18 02:07 . 2012-06-18 02:07 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2012-06-18 02:06 . 2012-06-18 02:09 -------- d-----w- c:\users\jerry

2012-06-18 02:06 . 2012-06-18 02:06 -------- d-----w- C:\Recovery

2012-06-17 22:57 . 2012-06-20 05:39 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-15 11:25 . 2012-06-15 23:40 -------- d-----w- C:\SRN Micro

2012-06-12 01:31 . 2012-06-20 04:24 4096 --sh--r- C:\RESCUMBR.BIN

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-18 04:34 . 2011-08-26 09:33 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-18 02:51 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hnFAPAlert"="c:\program files (x86)\DSUtilities\hnFAP-Alert\hnFAPAlert.exe" [2011-10-19 139264]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-06-21 341360]

"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]

"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]

"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-10 177448]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DriveClone Network Client IBP;DriveClone Network Client IBP;c:\program files\FarStone\RestoreIT 7\IBP\fsloader.exe [2009-08-18 126976]

R2 initMonitor;Windows Server Initialization Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]

R2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2012-02-16 10240]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S0 VVBackd5;VVBackd5; [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 arXfrSvc;Windows Server Media Center TV Archive Transfer Service;c:\program files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [2011-03-02 79744]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-08-02 103584]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]

S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]

S2 HCDisk;HCDisk; [x]

S2 HealthAlertsSvc;Windows Server Health Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]

S2 LANConfig;Windows Server LAN Configuration;c:\program files\Windows Server\Bin\LANConfigSvc.exe [2011-03-02 27520]

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]

S2 NotificationsProviderSvc;Windows Server Notifications Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]

S2 providers_system;Windows Server Download Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]

S2 ServiceProviderRegistry;Windows Server Service Provider Registry;c:\program files\Windows Server\Bin\ProviderRegistryService.exe [2012-01-12 40832]

S2 SqmProviderSvc;Windows Server SQM Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S2 WhsMcClient;Windows Server Media Center Client Service;c:\program files\Windows Server\Bin\WhsMcClient.exe [2011-03-02 111488]

S2 WSConnectorUpdate;Windows Server Connector Update;c:\program files\Windows Server\Bin\WSConnectorUpdate.exe [2011-03-02 228736]

S2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\farmntio.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]

S3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-20 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS\AutoKMS.exe [2012-06-20 04:46]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-08-02 961184]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-08-02 798880]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-09 2189416]

"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://acer.msn.com

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 66.82.4.8 66.82.4.12

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

HKLM-Run-Launchpad - c:\program files (x86)\Windows Server\Bin\Launchpad.exe

AddRemove-WTA-209b9556-d362-4c24-9f12-6fc537e8f570 - c:\program files (x86)\Acer Games\Build-a-lot 4 - Power Source\uninstall\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-20 15:17:40

ComboFix-quarantined-files.txt 2012-06-20 19:17

.

Pre-Run: 497,149,812,736 bytes free

Post-Run: 497,544,286,208 bytes free

.

- - End Of File - - 0C44A8CF59738E0388D0193378AF3090

Link to post
Share on other sites

Looks Good

Did you install these and use these two programs: (both installed at the same time)

2012-06-18 03:01 . 2012-06-18 03:01 -------- d-----w- c:\program files (x86)\Your Uninstaller! 7

2012-06-18 03:01 . 2012-06-18 03:01 -------- d-----w- c:\programdata\Babylon

--------------------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

I did install Your Uninstaller! 7, but I'm not sure what Babylon is. I went to the folder but it was empty.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 912062110

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

6/21/2012 5:20:50 PM

mbam-log-2012-06-21 (17-20-50).txt

Scan type: Quick scan

Objects scanned: 207635

Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Great :)

A little cleanup to do.......

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

(IE: RogueKiller.exe, RKreport[any #].txt, RK_Quarantine folder, etc....)

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.