Jump to content

jinksy9

Honorary Members
 View Profile  See their activity

  • Posts

    61

  • Joined

  • Last visited

 Content Type 

Everything posted by jinksy9

  1. jinksy9
    Hi Gringo. I've managed to remove the startups using Hijackthis although wasn't sure if it had worked because it just showed a blank box after I'd clicked on fix! I ran the scan again just to check and they've gone from the list so guess it did. Am now running the Eset scan (posting this from my laptop while the scan runs on the other one). I'll upload result as soon as it's done. cheers, jinksy9
  2. jinksy9
    Hi Gringo. Well, this one is doing fine and I haven't noticed the MB message 'but' - I'll only be convinced we've sorted this after a longer time not seeing it because of the way it's popped up again previously when I'd thought it had gone. Having said that, I really appreciate your time and perserverance with this (both on this one and the other one). je vous merci, muchas gracias, jinksy9
  3. jinksy9
    Hi Gringo. aswMBR log follows: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-17 12:29:21 ----------------------------- 12:29:21.250 OS Version: Windows 5.1.2600 Service Pack 3 12:29:21.250 Number of processors: 1 586 0xE08 12:29:21.250 ComputerName: DELL UserName: 12:29:23.078 Initialize success 13:04:49.843 AVAST engine defs: 12061700 13:08:31.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 13:08:31.921 Disk 0 Vendor: Hitachi_HTS541060G9SA00 MB3OC60R Size: 55796MB BusType: 3 13:08:31.937 Disk 0 MBR read successfully 13:08:31.937 Disk 0 MBR scan 13:08:31.984 Disk 0 unknown MBR code 13:08:31.984 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63 13:08:32.000 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 39629 MB offset 160650 13:08:32.031 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12848 MB offset 81337095 13:08:32.062 Disk 0 Partition 4 00 DB CP/M / CTOS MSDOS5.0 3223 MB offset 107651565 13:08:32.062 Disk 0 scanning sectors +114254280 13:08:32.140 Disk 0 scanning C:\WINDOWS\system32\drivers 13:09:59.109 Service scanning 13:10:41.234 Modules scanning 13:10:50.968 Disk 0 trace - called modules: 13:10:50.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 13:10:50.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8a0ab8] 13:10:50.984 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a8a3920] 13:10:50.984 5 PCTCore.sys[b9e99407] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a8f7940] 13:10:51.515 AVAST engine scan C:\WINDOWS 13:11:04.984 AVAST engine scan C:\WINDOWS\system32 13:15:56.468 AVAST engine scan C:\WINDOWS\system32\drivers 13:16:24.218 AVAST engine scan C:\Documents and Settings\Jinks 13:23:47.078 AVAST engine scan C:\Documents and Settings\All Users 13:27:27.093 Scan finished successfully 13:35:01.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jinks\Desktop\MBR.dat" 13:35:01.234 The log file has been saved successfully to "C:\Documents and Settings\Jinks\Desktop\aswMBR.txt" Many thanks, jinksy9
  4. jinksy9
    Hi Gringo. Ran TDSSKiller and report is: 12:25:16.0203 2092 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31 12:25:16.0359 2092 ============================================================ 12:25:16.0359 2092 Current date / time: 2012/06/17 12:25:16.0359 12:25:16.0359 2092 SystemInfo: 12:25:16.0359 2092 12:25:16.0359 2092 OS Version: 5.1.2600 ServicePack: 3.0 12:25:16.0359 2092 Product type: Workstation 12:25:16.0359 2092 ComputerName: DELL 12:25:16.0359 2092 UserName: Jinks 12:25:16.0359 2092 Windows directory: C:\WINDOWS 12:25:16.0359 2092 System windows directory: C:\WINDOWS 12:25:16.0359 2092 Processor architecture: Intel x86 12:25:16.0359 2092 Number of processors: 1 12:25:16.0359 2092 Page size: 0x1000 12:25:16.0359 2092 Boot type: Normal boot 12:25:16.0359 2092 ============================================================ 12:25:19.0515 2092 Drive \Device\Harddisk0\DR0 - Size: 0xD9F411200 (54.49 Gb), SectorSize: 0x200, Cylinders: 0x1BC9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 12:25:19.0515 2092 ============================================================ 12:25:19.0515 2092 \Device\Harddisk0\DR0: 12:25:19.0515 2092 MBR partitions: 12:25:19.0515 2092 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x4D668BC 12:25:19.0515 2092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4D91B07, BlocksNum 0x19186E6 12:25:19.0515 2092 ============================================================ 12:25:19.0687 2092 C: <-> \Device\Harddisk0\DR0\Partition0 12:25:19.0796 2092 D: <-> \Device\Harddisk0\DR0\Partition1 12:25:19.0796 2092 ============================================================ 12:25:19.0796 2092 Initialize success 12:25:19.0796 2092 ============================================================ 12:25:27.0921 3244 ============================================================ 12:25:27.0921 3244 Scan started 12:25:27.0921 3244 Mode: Manual; 12:25:27.0921 3244 ============================================================ 12:25:28.0609 3244 Abiosdsk - ok 12:25:28.0640 3244 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 12:25:28.0718 3244 abp480n5 - ok 12:25:28.0781 3244 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 12:25:28.0781 3244 ACPI - ok 12:25:28.0796 3244 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 12:25:28.0875 3244 ACPIEC - ok 12:25:29.0000 3244 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 12:25:29.0000 3244 AdobeFlashPlayerUpdateSvc - ok 12:25:29.0015 3244 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 12:25:29.0093 3244 adpu160m - ok 12:25:29.0156 3244 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 12:25:29.0156 3244 aec - ok 12:25:29.0203 3244 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys 12:25:29.0203 3244 AegisP - ok 12:25:29.0234 3244 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 12:25:29.0250 3244 AFD - ok 12:25:29.0265 3244 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 12:25:29.0296 3244 agp440 - ok 12:25:29.0296 3244 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 12:25:29.0312 3244 agpCPQ - ok 12:25:29.0328 3244 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 12:25:29.0343 3244 Aha154x - ok 12:25:29.0375 3244 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 12:25:29.0375 3244 aic78u2 - ok 12:25:29.0390 3244 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 12:25:29.0390 3244 aic78xx - ok 12:25:29.0453 3244 akshasp (64fc197d24a2b240598f29ce0a6660c0) C:\WINDOWS\system32\DRIVERS\akshasp.sys 12:25:29.0484 3244 akshasp - ok 12:25:29.0484 3244 aksusb (cce6c56f18d214de8d66f3f2a774cd5b) C:\WINDOWS\system32\DRIVERS\aksusb.sys 12:25:29.0500 3244 aksusb - ok 12:25:29.0531 3244 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 12:25:29.0562 3244 Alerter - ok 12:25:29.0593 3244 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 12:25:29.0593 3244 ALG - ok 12:25:29.0609 3244 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 12:25:29.0609 3244 AliIde - ok 12:25:29.0625 3244 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 12:25:29.0656 3244 alim1541 - ok 12:25:29.0671 3244 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 12:25:29.0703 3244 amdagp - ok 12:25:29.0734 3244 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 12:25:29.0734 3244 amsint - ok 12:25:29.0765 3244 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 12:25:29.0765 3244 APPDRV - ok 12:25:29.0828 3244 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 12:25:29.0859 3244 AppMgmt - ok 12:25:29.0890 3244 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 12:25:29.0890 3244 Arp1394 - ok 12:25:29.0906 3244 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 12:25:29.0906 3244 asc - ok 12:25:29.0921 3244 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 12:25:29.0921 3244 asc3350p - ok 12:25:29.0937 3244 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 12:25:29.0937 3244 asc3550 - ok 12:25:29.0968 3244 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 12:25:29.0968 3244 ASCTRM - ok 12:25:30.0109 3244 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 12:25:30.0125 3244 aspnet_state - ok 12:25:30.0140 3244 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 12:25:30.0140 3244 AsyncMac - ok 12:25:30.0156 3244 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 12:25:30.0156 3244 atapi - ok 12:25:30.0171 3244 Atdisk - ok 12:25:30.0203 3244 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 12:25:30.0203 3244 Atmarpc - ok 12:25:30.0250 3244 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 12:25:30.0250 3244 AudioSrv - ok 12:25:30.0281 3244 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 12:25:30.0281 3244 audstub - ok 12:25:30.0312 3244 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 12:25:30.0312 3244 bcm4sbxp - ok 12:25:30.0359 3244 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 12:25:30.0359 3244 Beep - ok 12:25:30.0406 3244 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 12:25:30.0421 3244 BITS - ok 12:25:30.0453 3244 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 12:25:30.0453 3244 Browser - ok 12:25:30.0593 3244 Browser Defender Update Service (335219836821cb675533ab4731779754) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe 12:25:30.0593 3244 Browser Defender Update Service - ok 12:25:30.0625 3244 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 12:25:30.0625 3244 cbidf - ok 12:25:30.0625 3244 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 12:25:30.0625 3244 cbidf2k - ok 12:25:30.0671 3244 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 12:25:30.0671 3244 cd20xrnt - ok 12:25:30.0687 3244 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 12:25:30.0703 3244 Cdaudio - ok 12:25:30.0734 3244 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 12:25:30.0734 3244 Cdfs - ok 12:25:30.0796 3244 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 12:25:30.0796 3244 Cdrom - ok 12:25:30.0812 3244 Changer - ok 12:25:30.0843 3244 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 12:25:30.0859 3244 CiSvc - ok 12:25:30.0890 3244 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 12:25:30.0921 3244 ClipSrv - ok 12:25:31.0093 3244 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:25:31.0171 3244 clr_optimization_v2.0.50727_32 - ok 12:25:31.0218 3244 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 12:25:31.0218 3244 CmBatt - ok 12:25:31.0250 3244 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 12:25:31.0250 3244 CmdIde - ok 12:25:31.0250 3244 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 12:25:31.0265 3244 Compbatt - ok 12:25:31.0265 3244 COMSysApp - ok 12:25:31.0296 3244 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 12:25:31.0296 3244 Cpqarray - ok 12:25:31.0328 3244 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 12:25:31.0343 3244 CryptSvc - ok 12:25:31.0359 3244 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 12:25:31.0359 3244 dac2w2k - ok 12:25:31.0375 3244 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 12:25:31.0375 3244 dac960nt - ok 12:25:31.0437 3244 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 12:25:31.0453 3244 DcomLaunch - ok 12:25:31.0484 3244 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 12:25:31.0500 3244 Dhcp - ok 12:25:31.0515 3244 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 12:25:31.0515 3244 Disk - ok 12:25:31.0515 3244 dmadmin - ok 12:25:31.0609 3244 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 12:25:31.0640 3244 dmboot - ok 12:25:31.0656 3244 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 12:25:31.0656 3244 dmio - ok 12:25:31.0687 3244 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 12:25:31.0687 3244 dmload - ok 12:25:31.0718 3244 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 12:25:31.0734 3244 dmserver - ok 12:25:31.0796 3244 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 12:25:31.0796 3244 DMusic - ok 12:25:31.0843 3244 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 12:25:31.0843 3244 Dnscache - ok 12:25:31.0875 3244 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 12:25:31.0906 3244 Dot3svc - ok 12:25:31.0937 3244 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 12:25:31.0937 3244 dpti2o - ok 12:25:31.0953 3244 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 12:25:31.0953 3244 drmkaud - ok 12:25:31.0984 3244 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys 12:25:31.0984 3244 drvmcdb - ok 12:25:32.0000 3244 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys 12:25:32.0000 3244 drvnddm - ok 12:25:32.0015 3244 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 12:25:32.0015 3244 E100B - ok 12:25:32.0062 3244 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 12:25:32.0093 3244 EapHost - ok 12:25:32.0109 3244 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 12:25:32.0109 3244 ERSvc - ok 12:25:32.0156 3244 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 12:25:32.0156 3244 Eventlog - ok 12:25:32.0218 3244 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 12:25:32.0218 3244 EventSystem - ok 12:25:32.0312 3244 EvtEng (ed9c755312f29d55b8c815eec7115635) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 12:25:32.0312 3244 EvtEng - ok 12:25:32.0328 3244 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 12:25:32.0328 3244 Fastfat - ok 12:25:32.0375 3244 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 12:25:32.0375 3244 FastUserSwitchingCompatibility - ok 12:25:32.0453 3244 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe 12:25:32.0453 3244 Fax - ok 12:25:32.0468 3244 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 12:25:32.0468 3244 Fdc - ok 12:25:32.0500 3244 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 12:25:32.0500 3244 Fips - ok 12:25:32.0500 3244 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 12:25:32.0515 3244 Flpydisk - ok 12:25:32.0531 3244 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 12:25:32.0531 3244 FltMgr - ok 12:25:32.0625 3244 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 12:25:32.0656 3244 FontCache3.0.0.0 - ok 12:25:32.0703 3244 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 12:25:32.0703 3244 Fs_Rec - ok 12:25:32.0734 3244 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 12:25:32.0734 3244 Ftdisk - ok 12:25:32.0812 3244 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 12:25:32.0812 3244 Gpc - ok 12:25:32.0890 3244 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 12:25:32.0890 3244 gupdate - ok 12:25:32.0906 3244 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 12:25:32.0906 3244 gupdatem - ok 12:25:32.0937 3244 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 12:25:32.0968 3244 gusvc - ok 12:25:33.0078 3244 hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\WINDOWS\system32\drivers\hardlock.sys 12:25:33.0093 3244 hardlock - ok 12:25:33.0125 3244 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 12:25:33.0125 3244 HDAudBus - ok 12:25:33.0171 3244 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 12:25:33.0171 3244 helpsvc - ok 12:25:33.0187 3244 HidServ - ok 12:25:33.0187 3244 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 12:25:33.0187 3244 HidUsb - ok 12:25:33.0234 3244 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 12:25:33.0250 3244 hkmsvc - ok 12:25:33.0296 3244 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 12:25:33.0296 3244 hpn - ok 12:25:33.0390 3244 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 12:25:33.0390 3244 hpqcxs08 - ok 12:25:33.0437 3244 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 12:25:33.0437 3244 hpqddsvc - ok 12:25:33.0453 3244 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 12:25:33.0484 3244 HPZid412 - ok 12:25:33.0484 3244 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 12:25:33.0500 3244 HPZipr12 - ok 12:25:33.0515 3244 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 12:25:33.0515 3244 HPZius12 - ok 12:25:33.0578 3244 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 12:25:33.0578 3244 HSFHWAZL - ok 12:25:33.0671 3244 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 12:25:33.0687 3244 HSF_DPV - ok 12:25:33.0750 3244 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 12:25:33.0750 3244 HTTP - ok 12:25:33.0781 3244 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 12:25:33.0812 3244 HTTPFilter - ok 12:25:33.0859 3244 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 12:25:33.0859 3244 i2omgmt - ok 12:25:33.0906 3244 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 12:25:33.0906 3244 i2omp - ok 12:25:33.0921 3244 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 12:25:33.0921 3244 i8042prt - ok 12:25:34.0078 3244 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 12:25:34.0109 3244 ialm - ok 12:25:34.0281 3244 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 12:25:34.0312 3244 idsvc - ok 12:25:34.0390 3244 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 12:25:34.0390 3244 Imapi - ok 12:25:34.0437 3244 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 12:25:34.0437 3244 ImapiService - ok 12:25:34.0468 3244 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 12:25:34.0468 3244 ini910u - ok 12:25:34.0484 3244 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 12:25:34.0515 3244 IntelIde - ok 12:25:34.0546 3244 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 12:25:34.0562 3244 intelppm - ok 12:25:34.0562 3244 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 12:25:34.0562 3244 Ip6Fw - ok 12:25:34.0578 3244 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 12:25:34.0578 3244 IpFilterDriver - ok 12:25:34.0593 3244 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 12:25:34.0609 3244 IpInIp - ok 12:25:34.0640 3244 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 12:25:34.0640 3244 IpNat - ok 12:25:34.0671 3244 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 12:25:34.0671 3244 IPSec - ok 12:25:34.0687 3244 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 12:25:34.0687 3244 IRENUM - ok 12:25:34.0703 3244 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 12:25:34.0718 3244 isapnp - ok 12:25:34.0796 3244 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 12:25:34.0812 3244 JavaQuickStarterService - ok 12:25:34.0812 3244 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 12:25:34.0812 3244 Kbdclass - ok 12:25:34.0843 3244 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 12:25:34.0843 3244 kmixer - ok 12:25:34.0875 3244 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 12:25:34.0875 3244 KSecDD - ok 12:25:34.0906 3244 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 12:25:34.0921 3244 lanmanserver - ok 12:25:34.0937 3244 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 12:25:34.0953 3244 lanmanworkstation - ok 12:25:34.0953 3244 lbrtfdc - ok 12:25:34.0984 3244 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 12:25:34.0984 3244 LmHosts - ok 12:25:35.0000 3244 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 12:25:35.0000 3244 MBAMProtector - ok 12:25:35.0109 3244 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 12:25:35.0125 3244 MBAMService - ok 12:25:35.0187 3244 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 12:25:35.0187 3244 MDM - ok 12:25:35.0218 3244 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12:25:35.0218 3244 mdmxsdk - ok 12:25:35.0265 3244 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 12:25:35.0281 3244 Messenger - ok 12:25:35.0312 3244 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 12:25:35.0328 3244 mnmdd - ok 12:25:35.0359 3244 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 12:25:35.0375 3244 mnmsrvc - ok 12:25:35.0421 3244 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 12:25:35.0421 3244 Modem - ok 12:25:35.0453 3244 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 12:25:35.0453 3244 Mouclass - ok 12:25:35.0484 3244 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 12:25:35.0484 3244 mouhid - ok 12:25:35.0500 3244 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 12:25:35.0500 3244 MountMgr - ok 12:25:35.0578 3244 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 12:25:35.0578 3244 MozillaMaintenance - ok 12:25:35.0625 3244 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 12:25:35.0625 3244 mraid35x - ok 12:25:35.0671 3244 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 12:25:35.0671 3244 MRxDAV - ok 12:25:35.0750 3244 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 12:25:35.0750 3244 MRxSmb - ok 12:25:35.0781 3244 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 12:25:35.0781 3244 MSDTC - ok 12:25:35.0796 3244 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 12:25:35.0796 3244 Msfs - ok 12:25:35.0812 3244 MSIServer - ok 12:25:35.0828 3244 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 12:25:35.0859 3244 MSKSSRV - ok 12:25:35.0859 3244 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 12:25:35.0859 3244 MSPCLOCK - ok 12:25:35.0875 3244 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 12:25:35.0875 3244 MSPQM - ok 12:25:35.0906 3244 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 12:25:35.0906 3244 mssmbios - ok 12:25:35.0937 3244 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 12:25:35.0937 3244 Mup - ok 12:25:36.0000 3244 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 12:25:36.0031 3244 napagent - ok 12:25:36.0046 3244 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 12:25:36.0062 3244 NDIS - ok 12:25:36.0109 3244 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12:25:36.0109 3244 NdisTapi - ok 12:25:36.0156 3244 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 12:25:36.0156 3244 Ndisuio - ok 12:25:36.0156 3244 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 12:25:36.0171 3244 NdisWan - ok 12:25:36.0187 3244 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 12:25:36.0187 3244 NDProxy - ok 12:25:36.0234 3244 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll 12:25:36.0234 3244 Net Driver HPZ12 - ok 12:25:36.0250 3244 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 12:25:36.0250 3244 NetBIOS - ok 12:25:36.0281 3244 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 12:25:36.0281 3244 NetBT - ok 12:25:36.0312 3244 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 12:25:36.0312 3244 NetDDE - ok 12:25:36.0328 3244 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 12:25:36.0328 3244 NetDDEdsdm - ok 12:25:36.0359 3244 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 12:25:36.0359 3244 Netlogon - ok 12:25:36.0390 3244 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 12:25:36.0390 3244 Netman - ok 12:25:36.0703 3244 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 12:25:36.0734 3244 NetTcpPortSharing - ok 12:25:36.0750 3244 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 12:25:36.0750 3244 NIC1394 - ok 12:25:36.0875 3244 NICCONFIGSVC (11d8a00c7eff1aaec8e8464769c84a3d) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe 12:25:36.0875 3244 NICCONFIGSVC - ok 12:25:36.0921 3244 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 12:25:36.0937 3244 Nla - ok 12:25:36.0968 3244 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 12:25:36.0968 3244 Npfs - ok 12:25:37.0031 3244 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 12:25:37.0062 3244 Ntfs - ok 12:25:37.0125 3244 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 12:25:37.0140 3244 NtLmSsp - ok 12:25:37.0187 3244 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 12:25:37.0203 3244 NtmsSvc - ok 12:25:37.0250 3244 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 12:25:37.0250 3244 Null - ok 12:25:37.0406 3244 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 12:25:37.0437 3244 nv - ok 12:25:37.0515 3244 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 12:25:37.0531 3244 NwlnkFlt - ok 12:25:37.0562 3244 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 12:25:37.0562 3244 NwlnkFwd - ok 12:25:37.0609 3244 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 12:25:37.0609 3244 ohci1394 - ok 12:25:37.0640 3244 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys 12:25:37.0656 3244 omci - ok 12:25:37.0718 3244 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:25:37.0734 3244 ose - ok 12:25:37.0781 3244 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 12:25:37.0781 3244 Parport - ok 12:25:37.0781 3244 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 12:25:37.0796 3244 PartMgr - ok 12:25:37.0812 3244 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 12:25:37.0812 3244 ParVdm - ok 12:25:37.0812 3244 PCAMPR5 - ok 12:25:37.0828 3244 PCANDIS5 (ceef86cb35abe95c40a88784f5b631ad) C:\WINDOWS\system32\PCANDIS5.SYS 12:25:37.0859 3244 PCANDIS5 - ok 12:25:37.0875 3244 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 12:25:37.0875 3244 PCI - ok 12:25:37.0875 3244 PCIDump - ok 12:25:37.0890 3244 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 12:25:37.0890 3244 PCIIde - ok 12:25:37.0921 3244 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 12:25:37.0937 3244 Pcmcia - ok 12:25:37.0953 3244 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys 12:25:37.0968 3244 PCTBD - ok 12:25:38.0031 3244 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys 12:25:38.0031 3244 PCTCore - ok 12:25:38.0109 3244 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\WINDOWS\system32\drivers\pctDS.sys 12:25:38.0109 3244 pctDS - ok 12:25:38.0203 3244 pctEFA (653d8079cc000ec454789740a07b84a8) C:\WINDOWS\system32\drivers\pctEFA.sys 12:25:38.0218 3244 pctEFA - ok 12:25:38.0250 3244 pctgntdi (cee55a1df92cb30f87280b6a04aadce8) C:\WINDOWS\system32\drivers\pctgntdi.sys 12:25:38.0250 3244 pctgntdi - ok 12:25:38.0281 3244 pctplsg (061b86fd64a61ad187efc788d6c408b0) C:\WINDOWS\system32\drivers\pctplsg.sys 12:25:38.0281 3244 pctplsg - ok 12:25:38.0312 3244 PCTSD (eb98f7514dcf1b922b318e6182d836b1) C:\WINDOWS\system32\Drivers\PCTSD.sys 12:25:38.0312 3244 PCTSD - ok 12:25:38.0312 3244 PDCOMP - ok 12:25:38.0328 3244 PDFRAME - ok 12:25:38.0328 3244 PDRELI - ok 12:25:38.0343 3244 PDRFRAME - ok 12:25:38.0359 3244 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 12:25:38.0375 3244 perc2 - ok 12:25:38.0375 3244 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 12:25:38.0390 3244 perc2hib - ok 12:25:38.0421 3244 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 12:25:38.0437 3244 PlugPlay - ok 12:25:38.0484 3244 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll 12:25:38.0484 3244 Pml Driver HPZ12 - ok 12:25:38.0500 3244 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 12:25:38.0500 3244 PolicyAgent - ok 12:25:38.0546 3244 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 12:25:38.0546 3244 PptpMiniport - ok 12:25:38.0546 3244 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 12:25:38.0546 3244 ProtectedStorage - ok 12:25:38.0562 3244 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 12:25:38.0562 3244 PSched - ok 12:25:38.0578 3244 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 12:25:38.0578 3244 Ptilink - ok 12:25:38.0593 3244 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 12:25:38.0593 3244 PxHelp20 - ok 12:25:38.0640 3244 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 12:25:38.0640 3244 ql1080 - ok 12:25:38.0656 3244 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 12:25:38.0656 3244 Ql10wnt - ok 12:25:38.0671 3244 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 12:25:38.0671 3244 ql12160 - ok 12:25:38.0687 3244 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 12:25:38.0687 3244 ql1240 - ok 12:25:38.0687 3244 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 12:25:38.0703 3244 ql1280 - ok 12:25:38.0750 3244 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\WINDOWS\system32\drivers\RapportBuka.sys 12:25:38.0765 3244 RapportBuka - ok 12:25:38.0906 3244 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys 12:25:38.0906 3244 RapportCerberus_34302 - ok 12:25:38.0984 3244 RapportEI (ab79b1f18421fd72c2980a2c511e41b3) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 12:25:38.0984 3244 RapportEI - ok 12:25:39.0062 3244 RapportIaso (35199ec35edc7dcba71fda711dfb05c0) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys 12:25:39.0062 3244 RapportIaso - ok 12:25:39.0109 3244 RapportKELL (d62d8cf270824d5a542b654a7980ae3c) C:\WINDOWS\system32\Drivers\RapportKELL.sys 12:25:39.0125 3244 RapportKELL - ok 12:25:39.0265 3244 RapportMgmtService (d41b2804aafaba0ea8fd7e71ae33c30c) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe 12:25:39.0265 3244 RapportMgmtService - ok 12:25:39.0312 3244 RapportPG (102efe077c8502b68f08eb8f126dcc65) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 12:25:39.0312 3244 RapportPG - ok 12:25:39.0343 3244 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 12:25:39.0343 3244 RasAcd - ok 12:25:39.0390 3244 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 12:25:39.0406 3244 RasAuto - ok 12:25:39.0468 3244 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 12:25:39.0468 3244 Rasl2tp - ok 12:25:39.0515 3244 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 12:25:39.0531 3244 RasMan - ok 12:25:39.0531 3244 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 12:25:39.0531 3244 RasPppoe - ok 12:25:39.0546 3244 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 12:25:39.0546 3244 Raspti - ok 12:25:39.0578 3244 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 12:25:39.0578 3244 Rdbss - ok 12:25:39.0578 3244 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 12:25:39.0593 3244 RDPCDD - ok 12:25:39.0609 3244 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 12:25:39.0609 3244 rdpdr - ok 12:25:39.0671 3244 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys 12:25:39.0687 3244 RDPWD - ok 12:25:39.0718 3244 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 12:25:39.0750 3244 RDSessMgr - ok 12:25:39.0796 3244 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 12:25:39.0796 3244 redbook - ok 12:25:39.0875 3244 RegSrvc (6f81c8a63fb824eb8a2401ab45795553) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 12:25:39.0875 3244 RegSrvc - ok 12:25:39.0921 3244 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 12:25:39.0921 3244 RemoteAccess - ok 12:25:39.0937 3244 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 12:25:39.0937 3244 RemoteRegistry - ok 12:25:39.0968 3244 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 12:25:39.0984 3244 rimmptsk - ok 12:25:40.0000 3244 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 12:25:40.0000 3244 rimsptsk - ok 12:25:40.0046 3244 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 12:25:40.0062 3244 rismxdp - ok 12:25:40.0093 3244 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 12:25:40.0093 3244 RpcLocator - ok 12:25:40.0156 3244 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 12:25:40.0171 3244 RpcSs - ok 12:25:40.0203 3244 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 12:25:40.0203 3244 RSVP - ok 12:25:40.0265 3244 S24EventMonitor (b792f2c647b1fc3e4987de582ee00fe3) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 12:25:40.0281 3244 S24EventMonitor - ok 12:25:40.0296 3244 s24trans (2e4e912ce95f5ef4d4a5079f6ce367fc) C:\WINDOWS\system32\DRIVERS\s24trans.sys 12:25:40.0312 3244 s24trans - ok 12:25:40.0312 3244 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 12:25:40.0312 3244 SamSs - ok 12:25:40.0359 3244 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 12:25:40.0375 3244 SCardSvr - ok 12:25:40.0421 3244 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 12:25:40.0421 3244 Schedule - ok 12:25:40.0515 3244 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools Security\pctsAuxs.exe 12:25:40.0515 3244 sdAuxService - ok 12:25:40.0546 3244 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 12:25:40.0546 3244 sdbus - ok 12:25:40.0656 3244 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files\PC Tools Security\pctsSvc.exe 12:25:40.0671 3244 sdCoreService - ok 12:25:40.0703 3244 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 12:25:40.0734 3244 Secdrv - ok 12:25:40.0765 3244 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 12:25:40.0765 3244 seclogon - ok 12:25:40.0781 3244 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 12:25:40.0781 3244 SENS - ok 12:25:40.0812 3244 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 12:25:40.0828 3244 serenum - ok 12:25:40.0859 3244 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 12:25:40.0859 3244 Serial - ok 12:25:40.0890 3244 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 12:25:40.0890 3244 Sfloppy - ok 12:25:40.0953 3244 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 12:25:40.0968 3244 SharedAccess - ok 12:25:41.0000 3244 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 12:25:41.0015 3244 ShellHWDetection - ok 12:25:41.0015 3244 Simbad - ok 12:25:41.0062 3244 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 12:25:41.0062 3244 sisagp - ok 12:25:41.0093 3244 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 12:25:41.0093 3244 Sparrow - ok 12:25:41.0140 3244 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 12:25:41.0140 3244 splitter - ok 12:25:41.0171 3244 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 12:25:41.0171 3244 Spooler - ok 12:25:41.0187 3244 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 12:25:41.0187 3244 sr - ok 12:25:41.0218 3244 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 12:25:41.0218 3244 srservice - ok 12:25:41.0281 3244 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 12:25:41.0281 3244 Srv - ok 12:25:41.0296 3244 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys 12:25:41.0312 3244 sscdbhk5 - ok 12:25:41.0328 3244 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 12:25:41.0328 3244 SSDPSRV - ok 12:25:41.0343 3244 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys 12:25:41.0343 3244 ssrtln - ok 12:25:41.0453 3244 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys 12:25:41.0468 3244 STHDA - ok 12:25:41.0515 3244 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 12:25:41.0515 3244 stisvc - ok 12:25:41.0578 3244 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 12:25:41.0578 3244 swenum - ok 12:25:41.0593 3244 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 12:25:41.0609 3244 swmidi - ok 12:25:41.0609 3244 SwPrv - ok 12:25:41.0625 3244 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 12:25:41.0625 3244 symc810 - ok 12:25:41.0640 3244 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 12:25:41.0656 3244 symc8xx - ok 12:25:41.0671 3244 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 12:25:41.0671 3244 sym_hi - ok 12:25:41.0671 3244 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 12:25:41.0687 3244 sym_u3 - ok 12:25:41.0937 3244 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys 12:25:41.0937 3244 SynTP - ok 12:25:41.0953 3244 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 12:25:41.0953 3244 sysaudio - ok 12:25:41.0984 3244 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 12:25:41.0984 3244 SysmonLog - ok 12:25:42.0015 3244 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 12:25:42.0031 3244 TapiSrv - ok 12:25:42.0109 3244 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 12:25:42.0109 3244 Tcpip - ok 12:25:42.0140 3244 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 12:25:42.0156 3244 TDPIPE - ok 12:25:42.0171 3244 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 12:25:42.0187 3244 TDTCP - ok 12:25:42.0187 3244 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 12:25:42.0203 3244 TermDD - ok 12:25:42.0265 3244 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 12:25:42.0265 3244 TermService - ok 12:25:42.0312 3244 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys 12:25:42.0312 3244 tfsnboio - ok 12:25:42.0328 3244 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys 12:25:42.0328 3244 tfsncofs - ok 12:25:42.0328 3244 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys 12:25:42.0328 3244 tfsndrct - ok 12:25:42.0343 3244 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys 12:25:42.0343 3244 tfsndres - ok 12:25:42.0359 3244 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys 12:25:42.0359 3244 tfsnifs - ok 12:25:42.0375 3244 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys 12:25:42.0375 3244 tfsnopio - ok 12:25:42.0375 3244 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys 12:25:42.0375 3244 tfsnpool - ok 12:25:42.0390 3244 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys 12:25:42.0390 3244 tfsnudf - ok 12:25:42.0406 3244 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys 12:25:42.0421 3244 tfsnudfa - ok 12:25:42.0468 3244 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 12:25:42.0468 3244 Themes - ok 12:25:42.0515 3244 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 12:25:42.0531 3244 TlntSvr - ok 12:25:42.0546 3244 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 12:25:42.0546 3244 TosIde - ok 12:25:42.0562 3244 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 12:25:42.0562 3244 TrkWks - ok 12:25:42.0765 3244 TuneUp.UtilitiesSvc (118edc3e712ff83ce25612081a69075d) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe 12:25:42.0781 3244 TuneUp.UtilitiesSvc - ok 12:25:42.0828 3244 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys 12:25:42.0828 3244 TuneUpUtilitiesDrv - ok 12:25:42.0937 3244 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 12:25:42.0937 3244 Udfs - ok 12:25:42.0953 3244 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 12:25:42.0953 3244 ultra - ok 12:25:42.0984 3244 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe 12:25:43.0000 3244 UMWdf - ok 12:25:43.0078 3244 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 12:25:43.0093 3244 Update - ok 12:25:43.0125 3244 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 12:25:43.0140 3244 upnphost - ok 12:25:43.0156 3244 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 12:25:43.0171 3244 UPS - ok 12:25:43.0203 3244 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 12:25:43.0203 3244 usbccgp - ok 12:25:43.0218 3244 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 12:25:43.0218 3244 usbehci - ok 12:25:43.0234 3244 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 12:25:43.0234 3244 usbhub - ok 12:25:43.0250 3244 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 12:25:43.0281 3244 usbprint - ok 12:25:43.0296 3244 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 12:25:43.0312 3244 usbscan - ok 12:25:43.0328 3244 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 12:25:43.0328 3244 USBSTOR - ok 12:25:43.0359 3244 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 12:25:43.0359 3244 usbuhci - ok 12:25:43.0406 3244 UxTuneUp (24f51fba322f06a3e336c301025d6d12) C:\WINDOWS\System32\uxtuneup.dll 12:25:43.0406 3244 UxTuneUp - ok 12:25:43.0421 3244 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 12:25:43.0421 3244 VgaSave - ok 12:25:43.0437 3244 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 12:25:43.0468 3244 viaagp - ok 12:25:43.0484 3244 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 12:25:43.0515 3244 ViaIde - ok 12:25:43.0546 3244 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 12:25:43.0546 3244 VolSnap - ok 12:25:43.0593 3244 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 12:25:43.0609 3244 VSS - ok 12:25:43.0750 3244 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe 12:25:43.0765 3244 vToolbarUpdater11.1.0 - ok 12:25:43.0796 3244 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 12:25:43.0812 3244 w32time - ok 12:25:43.0968 3244 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys 12:25:43.0984 3244 w39n51 - ok 12:25:44.0156 3244 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 12:25:44.0156 3244 Wanarp - ok 12:25:44.0171 3244 wanatw - ok 12:25:44.0171 3244 WDICA - ok 12:25:44.0203 3244 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 12:25:44.0203 3244 wdmaud - ok 12:25:44.0234 3244 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 12:25:44.0250 3244 WebClient - ok 12:25:44.0328 3244 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 12:25:44.0343 3244 winachsf - ok 12:25:44.0421 3244 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 12:25:44.0421 3244 winmgmt - ok 12:25:44.0531 3244 WLANKEEPER (afb5a2a79bb01699a269c316d8b9bef1) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe 12:25:44.0531 3244 WLANKEEPER - ok 12:25:44.0562 3244 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\mspmsnsv.dll 12:25:44.0562 3244 WmdmPmSN - ok 12:25:44.0656 3244 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 12:25:44.0656 3244 Wmi - ok 12:25:44.0703 3244 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 12:25:44.0718 3244 WmiApSrv - ok 12:25:44.0781 3244 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 12:25:44.0796 3244 WS2IFSL - ok 12:25:44.0843 3244 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 12:25:44.0843 3244 wscsvc - ok 12:25:44.0890 3244 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 12:25:44.0890 3244 wuauserv - ok 12:25:44.0968 3244 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 12:25:44.0968 3244 WZCSVC - ok 12:25:45.0015 3244 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 12:25:45.0031 3244 xmlprov - ok 12:25:45.0078 3244 MBR (0x1B8) (dea9e81f0228b68c9adaf84c9b0cf931) \Device\Harddisk0\DR0 12:25:45.0531 3244 \Device\Harddisk0\DR0 - ok 12:25:45.0531 3244 Boot (0x1200) (424646a5056014def5a61376b476049c) \Device\Harddisk0\DR0\Partition0 12:25:45.0531 3244 \Device\Harddisk0\DR0\Partition0 - ok 12:25:45.0562 3244 Boot (0x1200) (fc91ac0a7b9e4cfba978764e8aba167c) \Device\Harddisk0\DR0\Partition1 12:25:45.0562 3244 \Device\Harddisk0\DR0\Partition1 - ok 12:25:45.0562 3244 ============================================================ 12:25:45.0562 3244 Scan finished 12:25:45.0562 3244 ============================================================ 12:25:45.0578 2792 Detected object count: 0 12:25:45.0578 2792 Actual detected object count: 0
  5. jinksy9
    Have downloaded Hijackthis and double-clicked icon on desktop to start it. Nothing happened except the hard drive blue light flashed a lot. So I clicked on the icon again and a pop up window said it was already running. Checked task manager - no sign of any program running (because none were) It lied . Gave it a rest and tried again. Still the same message. Again checked task manager, no sign. Now it's had about 15 mins or more so tried to start it again and still got the same message Hijackthis is running!!! . I'm going to sutdown the laptop and see if that sorts it. cheers, jinksy9
  6. jinksy9
    Hi Gringo. I ran the Hijackthis scan, selected the startup entries you listed (they were all there) and clicked fix checked. The Hijackthis got stuck and 'not responding' finally showed in the title bar so I closed it. When I tried to run it again windows said it was already running! I left it a bit longer and tried again. It started but didn't look right. I realised it wasn't showing me the main page so clicked on the button for that but it still didn't look quite as I remembered it when I ran it the first time. However, I ran the scan again and it listed all the startups except the first (SuiteTray) so I guess that one was removed the first time before the program got stuck. I started to tick the ones to remove and then all the buttons disappeared. Oh....that's not right I thought so I closed Hijackthis and have uninstalled it. I'll download a new one and try again. cheers, jinksy9
  7. jinksy9
    Well, spoke too soon about not seeing the "svchost.exe outgoing blocked" message on my laptop. It's appeared again! (And has also appeared again on other laptop soon after I'd writen that all was ok!!!) PCTools ran scheduled intelliguard scan at 21:00 (approx) picked up 4 threats and 59 infections, which it quarantined and removed. Would it help for you to see the details of that? We seem to be going around in circles with this. What gets me is that it's the same IP address every time but I don't know what's caused it. I really appreciate the time you've given me on this but please say if you think we should call it a day. Many thanks, jinksy9
  8. jinksy9
    Hi Gringo. MBAM and Hijack this logs follow: Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.16.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jinks :: JINKS-LAPTOP [administrator] Protection: Enabled 16/06/2012 21:51:36 mbam-log-2012-06-16 (21-51-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208218 Time elapsed: 2 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ------------------------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:04:15, on 16/06/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe C:\Windows\PLFSetI.exe C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: PC Tools Browser Defender - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O3 - Toolbar: PC Tools Browser Defender - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9339 bytes ---------------------------------------------------------------------- No problems with doing these scans. All seems ok at the mo but it's returned on my laptop (yet to update about that on that thread) We have PC Tools Spyware Doctor with Anti-virus on this laptop as well and it regularly detects and removes various spyware/malware but whatever has caused this scvhost.exe outgoing can't have been picked up. The most recent PCTools scan was at 18:04 BST today. I have saved it as an htm file and wondered if you'd mind having a look at the results of that too, please. Thanks again for all your help. cheers, jinksy9
  9. jinksy9
    Hi Gringo. So I was right it was disabled but Windows was still seeing enabled? Thanks for the link about changing the download option in Firefox. I guessed it would be possible just wasn't sure where to look. I've always preferred downloading to the desktop and then moving stuff to where I want it. Thanks for the offer about a different anti-virus. I'm giving PC Tools a go for now but may get back to you about that. I've not seen the malwarebytes message about an outgoing attempt since I started up today and computer seems to be doing ok. I know that if MB does flag it it means I'm protected because it's blocked it doing whatever it wanted to do but I wish I knew what had caused it. Very annoying. Speak to you on the other thread in a while. cheers, jinksy9
  10. jinksy9
    Hi Gringo. Is it essential to tick to remove passwrods in cccleaner? I've downloaded java but will do the rest tomorrow now. cheers, jinksy9
  11. jinksy9
    Hi Gringo. Here's the combofix log for my laptop. I see it says PC Tools is enabled but it wasn't!!! (not happy with PC Tools actually - we had problems with my laptop about 12 months ago and the guy who we had look at it installed it. I think it makes it run too slow) Speak tomorrow. cheers, jinksy9 ComboFix 12-06-15.06 - Jinks 15/06/2012 21:16:25.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1037 [GMT 1:00] Running from: c:\documents and settings\Jinks\Desktop\ComboFix.exe AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\windows\system32\Cache c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\76fd01c60bddf399.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\f998975c9cc711ee.fb . . ((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 ))))))))))))))))))))))))))))))) . . 2012-06-15 19:34 . 2012-06-15 19:34 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-06-15 19:34 . 2012-06-15 19:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\Malwarebytes 2012-06-14 17:29 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-11 19:49 . 2012-06-11 19:49 -------- d-----w- c:\program files\VS Revo Group 2012-06-10 21:36 . 2012-06-10 21:36 -------- d-----w- c:\program files\ESET 2012-06-10 20:23 . 2012-06-10 20:23 388096 ----a-r- c:\documents and settings\Jinks\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-06-10 20:23 . 2012-06-10 20:23 -------- d-----w- c:\program files\Trend Micro 2012-06-10 18:52 . 2012-06-10 18:52 -------- d-----w- c:\program files\CCleaner 2012-06-10 18:47 . 2012-06-10 18:47 -------- d-----w- c:\program files\Common Files\Java 2012-06-10 18:46 . 2012-06-10 18:46 -------- d-----w- c:\program files\Oracle 2012-06-10 18:46 . 2012-06-10 18:46 -------- d-----w- c:\documents and settings\Jinks\Application Data\Oracle 2012-06-10 18:46 . 2012-04-04 17:47 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-10 18:46 . 2012-04-04 17:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-10 18:46 . 2012-06-10 18:46 -------- d-----w- c:\program files\Java 2012-06-08 20:42 . 2012-06-08 20:42 65720 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2012-06-07 22:08 . 2012-06-07 22:08 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-07 22:08 . 2012-06-07 22:08 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-14 17:34 . 2012-03-29 18:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-14 17:34 . 2011-05-16 10:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-31 13:22 . 2004-08-11 16:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08 . 2004-08-11 16:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20 . 2004-08-11 16:00 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42 . 2004-08-11 16:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42 . 2004-08-11 16:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2004-08-11 16:00 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:12 . 2004-08-11 16:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2004-08-03 21:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2004-08-11 16:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-04 17:47 . 2010-06-12 06:36 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 14:56 . 2011-07-14 16:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-07 22:08 . 2011-05-02 07:51 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-06-11 21:16 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-11 2068536] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-11 1104440] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" /startup "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Corel Photo Downloader"=c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe "CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" /r "Dell QuickSet"=c:\program files\Dell\QuickSet\quickset.exe "DMXLauncher"=c:\program files\Dell\Media Experience\DMXLauncher.exe "dla"=c:\windows\system32\dla\tfswctrl.exe "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start "igfxtray"=c:\windows\system32\igfxtray.exe "igfxhkcmd"=c:\windows\system32\hkcmd.exe "igfxpers"=c:\windows\system32\igfxpers.exe "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "MSKDetectorExe"=c:\program files\McAfee\SpamKiller\MSKDetct.exe /uninstall "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" "RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER "SigmatelSysTrayApp"=stsystra.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\gnucash\\bin\\gnucash.exe"= "c:\\Program Files\\gnucash\\bin\\gconfd-2.exe"= . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [14/07/2011 18:07 331880] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [14/07/2011 18:07 342168] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [14/07/2011 18:07 909728] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [08/06/2012 21:42 65720] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [14/07/2011 18:07 253352] R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [14/07/2011 18:07 185560] R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [25/02/2010 10:25 390528] R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 22:54 228208] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [08/06/2012 21:42 71480] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [08/06/2012 21:42 166840] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [03/04/2012 20:01 550864] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [14/07/2011 17:58 654408] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [08/06/2012 21:42 976728] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [08/12/2011 17:34 1527104] R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [11/06/2012 22:16 935480] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [14/07/2011 17:58 22344] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [15/06/2012 20:34 40776] R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [03/04/2012 20:01 56840] R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [28/05/2012 21:42 21520] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07/10/2010 13:34 10064] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/06/2010 22:31 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29/03/2012 19:42 257224] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/06/2010 22:31 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [28/04/2012 17:16 113120] S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [14/07/2011 18:07 70536] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [14/07/2011 18:07 402336] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - RAPPORTIASO *Deregistered* - PCTSDInjDriver32 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder . 2012-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 17:34] . 2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 21:31] . 2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 21:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = 10.53.2.50:8080 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll Trusted Zone: betfair.com TCP: DhcpNameServer = 8.8.8.8 212.117.175.185 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll FF - ProfilePath - c:\documents and settings\Jinks\Application Data\Mozilla\Firefox\Profiles\addhz8as.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc99b86ca-a46d-463c-9269-c12bb58402ba%7D&mid=4e07cfa99153ad82b408cb00d9946d3b-723e59e997752d7593d1d6e72556ca3ab2da8b41&ds=tt014&v=10.2.0.3〈=en&pr=sa&d=2011-12-14%2019%3A17%3A29&sap=ku&q= FF - user.js: yahoo.ytff.general.dontshowhpoffer - true FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-15 21:40 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(1016) c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll . Completion time: 2012-06-15 21:48:53 ComboFix-quarantined-files.txt 2012-06-15 20:48 . Pre-Run: 18,797,363,200 bytes free Post-Run: 18,844,499,968 bytes free . - - End Of File - - D99EA283BCE54AC8E591A1161F6A9397
  12. jinksy9
    Hi Gringo. I've downloaded new copy of combofix to my laptop. As instructed I disabled anti-virus and anti-malware (PC Tools Spyware Doctor with antivirus and Malwarebytes). When I started up combofix it said antivrus was still running. I double-checked I'd disabled both, which I had, so carried on starting combofix. It came up with the message that the anit-virus was still running and I was using combofix at my own risk. As this also happened on our other laptop (but not on mine the first time I used combofix) do you have any ides why? I continued to run combo fix and it's working at the mo. BTW why does it have to be downloaded to the desktop? I usually use Firefox and when I download the files automatically go to the downloads folder. I don't get the option to save them where I want as I do using IE (or is there some wy of changing it in Firefox to do that?) Sorry about all the questions. Many thanks for all your help. cheers, jinksy9
  13. jinksy9
    well, after downloading latest version of combofix it was running fine but I had to leave it for a mo and that's when it needed to reboot. However, that didn't seem to be a problem and the log file loaded after the reboot. ComboFix 12-06-14.01 - Jinks 14/06/2012 22:45:07.2.3 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2811.1730 [GMT 1:00] Running from: c:\users\Jinks\Documents\Gringo\ComboFix.exe Command switches used :: c:\users\Jinks\Documents\Gringo\CFScript.txt AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Mozilla Maintenance Service c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe c:\program files (x86)\Mozilla Maintenance Service\Uninstall.exe c:\program files (x86)\Mozilla Maintenance Service\updater.ini . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_MozillaMaintenance -------\Service_MozillaMaintenance . . ((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 ))))))))))))))))))))))))))))))) . . 2012-06-14 21:52 . 2012-06-14 21:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-14 10:58 . 2012-05-15 00:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3980BDCB-5BDF-4425-B5E2-F3E6593FFB17}\mpengine.dll 2012-06-14 10:58 . 2012-06-14 10:58 -------- d-----w- C:\761825195b6309684499a399b728c3 2012-06-12 19:40 . 2012-06-12 19:40 -------- d-----w- c:\users\Jinks\AppData\Roaming\ATI 2012-06-12 19:40 . 2012-06-12 19:40 -------- d-----w- c:\users\Jinks\AppData\Local\ATI 2012-06-12 19:40 . 2012-06-12 19:40 -------- d-----w- c:\programdata\ATI 2012-06-06 19:59 . 2012-06-06 19:59 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-06 19:59 . 2012-06-06 19:59 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-05-19 21:39 . 2012-05-19 21:39 -------- d-----w- c:\program files\Microsoft Silverlight 2012-05-19 21:39 . 2012-05-19 21:39 -------- d-----w- c:\program files (x86)\Microsoft Silverlight . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 18:55 . 2012-04-06 06:33 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-05 18:55 . 2011-08-26 15:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 18:54 . 2012-04-06 11:06 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-04 14:56 . 2011-09-22 12:29 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-31 06:05 . 2012-05-11 21:27 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-31 04:39 . 2012-05-11 21:27 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-31 04:39 . 2012-05-11 21:27 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-31 03:10 . 2012-05-11 21:27 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-03-30 11:35 . 2012-05-11 21:23 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-17 07:58 . 2012-05-11 21:25 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-06-13_19.44.19 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-06-13 12:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-06-14 21:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-06-13 12:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-06-14 21:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-12-15 04:18 . 2012-06-14 17:14 46610 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-14 17:14 48782 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-08-23 16:23 . 2012-06-14 17:14 11812 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3480568362-12528471-548720365-1001_UserData.bin - 2012-06-13 10:47 . 2012-06-13 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-14 21:54 . 2012-06-14 21:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-14 21:54 . 2012-06-14 21:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-13 10:47 . 2012-06-13 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 04:54 . 2012-06-14 21:54 786432 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-13 12:51 786432 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-08-24 06:50 . 2012-06-14 13:09 285008 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2012-06-13 12:55 667934 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-06-14 17:17 667934 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-06-13 12:55 126578 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-06-14 17:17 126578 c:\windows\system32\perfc009.dat + 2011-08-23 16:37 . 2012-02-23 09:18 279656 c:\windows\system32\MpSigStub.exe + 2009-07-14 05:01 . 2012-06-14 21:53 386500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-06-12 21:28 386500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-08-26 21:25 . 2012-06-14 21:53 32296204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3480568362-12528471-548720365-1001-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 03:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-28 98304] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520] R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-10-27 402336] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x] S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x] S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x] S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-10-25 542672] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 18:55] . 2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3480568362-12528471-548720365-1001Core.job - c:\users\Jinks\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-08 12:21] . 2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3480568362-12528471-548720365-1001UA.job - c:\users\Jinks\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-08 12:21] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 03:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-21 11444840] "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-12-28 206208] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "combofix"="c:\combofix\CF8627.3XE" [2010-11-20 345088] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://acer.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 8.8.8.8 212.117.175.185 FF - ProfilePath - c:\users\Jinks\AppData\Roaming\Mozilla\Firefox\Profiles\4ifmu0p4.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-MozillaMaintenanceService - c:\program files (x86)\Mozilla Maintenance Service\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE . ************************************************************************** . Completion time: 2012-06-14 22:59:27 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-14 21:59 ComboFix2.txt 2012-06-13 19:47 . Pre-Run: 420,207,296,512 bytes free Post-Run: 419,850,412,032 bytes free . - - End Of File - - 6354B4098739714489C2812C5D2E57A3
  14. jinksy9
    Received message that there's a new version of combofix available so have downloaded it
  15. jinksy9
    Sorry, should have made it clear - this happened on my laptop - the one we've checked already - not the other one that we're working on now.
  16. jinksy9
    Arghhhh................. It's popped up again. Just opened an email from a friend - found it was a forwarded type that wants you to send it to others too. Should have known better I guess. Straight away the Malwarebytes message about ougoing to 212.117.175.185 popped up. Then another message about incoming blocked from 83.243.11.176. Any thoughts Gringo?
  17. jinksy9
    Hi Gringo. Everything seems to have gone ok with these latest downloads and scans. aswMBR log follows: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-13 23:28:07 ----------------------------- 23:28:07.409 OS Version: Windows x64 6.1.7601 Service Pack 1 23:28:07.409 Number of processors: 3 586 0x503 23:28:07.409 ComputerName: JINKS-LAPTOP UserName: Jinks 23:28:09.047 Initialze error C0000034 - driver not loaded 23:29:00.153 AVAST engine defs: 12061301 23:29:14.848 Service scanning 23:29:38.014 Modules scanning 23:29:38.014 Disk 0 trace - called modules: 23:29:38.014 23:29:40.011 AVAST engine scan C:\Windows 23:29:44.488 AVAST engine scan C:\Windows\system32 23:32:48.537 AVAST engine scan C:\Windows\system32\drivers 23:33:03.108 AVAST engine scan C:\Users\Jinks 23:35:46.643 AVAST engine scan C:\ProgramData 23:36:25.830 Scan finished successfully 23:38:58.570 The log file has been saved successfully to "C:\Users\Jinks\Documents\Gringo\aswMBR.txt" Past my bedtime now so I'll catch up with you tomorrow. Thanks for all the help, jinksy9
  18. jinksy9
    Hi Gringo. TDSSkiller report is: 23:23:35.0687 7036 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 23:23:35.0905 7036 ============================================================ 23:23:35.0905 7036 Current date / time: 2012/06/13 23:23:35.0905 23:23:35.0905 7036 SystemInfo: 23:23:35.0905 7036 23:23:35.0905 7036 OS Version: 6.1.7601 ServicePack: 1.0 23:23:35.0905 7036 Product type: Workstation 23:23:35.0905 7036 ComputerName: JINKS-LAPTOP 23:23:35.0905 7036 UserName: Jinks 23:23:35.0905 7036 Windows directory: C:\Windows 23:23:35.0905 7036 System windows directory: C:\Windows 23:23:35.0905 7036 Running under WOW64 23:23:35.0905 7036 Processor architecture: Intel x64 23:23:35.0905 7036 Number of processors: 3 23:23:35.0905 7036 Page size: 0x1000 23:23:35.0905 7036 Boot type: Normal boot 23:23:35.0905 7036 ============================================================ 23:23:36.0451 7036 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 23:23:36.0467 7036 ============================================================ 23:23:36.0467 7036 \Device\Harddisk0\DR0: 23:23:36.0467 7036 MBR partitions: 23:23:36.0467 7036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000 23:23:36.0467 7036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x38753000 23:23:36.0467 7036 ============================================================ 23:23:36.0483 7036 C: <-> \Device\Harddisk0\DR0\Partition1 23:23:36.0483 7036 ============================================================ 23:23:36.0483 7036 Initialize success 23:23:36.0483 7036 ============================================================ 23:23:51.0895 7012 ============================================================ 23:23:51.0895 7012 Scan started 23:23:51.0895 7012 Mode: Manual; 23:23:51.0895 7012 ============================================================ 23:23:52.0691 7012 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 23:23:52.0707 7012 1394ohci - ok 23:23:52.0769 7012 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 23:23:52.0816 7012 ACPI - ok 23:23:52.0847 7012 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 23:23:52.0863 7012 AcpiPmi - ok 23:23:52.0972 7012 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 23:23:52.0972 7012 AdobeARMservice - ok 23:23:53.0112 7012 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 23:23:53.0112 7012 AdobeFlashPlayerUpdateSvc - ok 23:23:53.0206 7012 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 23:23:53.0237 7012 adp94xx - ok 23:23:53.0284 7012 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 23:23:53.0315 7012 adpahci - ok 23:23:53.0346 7012 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 23:23:53.0362 7012 adpu320 - ok 23:23:53.0409 7012 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 23:23:53.0409 7012 AeLookupSvc - ok 23:23:53.0502 7012 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 23:23:53.0533 7012 AFD - ok 23:23:53.0565 7012 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 23:23:53.0565 7012 agp440 - ok 23:23:53.0611 7012 ahcix64s (0e4e66f50833896af12a2b57330ffe42) C:\Windows\system32\DRIVERS\ahcix64s.sys 23:23:53.0611 7012 ahcix64s - ok 23:23:53.0643 7012 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 23:23:53.0643 7012 ALG - ok 23:23:53.0658 7012 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 23:23:53.0658 7012 aliide - ok 23:23:53.0721 7012 AMD External Events Utility (3349f39f53993cee03a6edcc1f7b8242) C:\Windows\system32\atiesrxx.exe 23:23:53.0783 7012 AMD External Events Utility - ok 23:23:53.0845 7012 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 23:23:53.0845 7012 amdide - ok 23:23:53.0877 7012 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 23:23:53.0877 7012 AmdK8 - ok 23:23:54.0547 7012 amdkmdag (579b3e8c7b599815a4e615fd21e651f0) C:\Windows\system32\DRIVERS\atikmdag.sys 23:23:54.0781 7012 amdkmdag - ok 23:23:54.0953 7012 amdkmdap (77e54953a21e9e7cc316006e3dbaa7b9) C:\Windows\system32\DRIVERS\atikmpag.sys 23:23:54.0953 7012 amdkmdap - ok 23:23:54.0984 7012 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 23:23:54.0984 7012 AmdPPM - ok 23:23:55.0047 7012 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 23:23:55.0047 7012 amdsata - ok 23:23:55.0078 7012 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 23:23:55.0093 7012 amdsbs - ok 23:23:55.0125 7012 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 23:23:55.0125 7012 amdxata - ok 23:23:55.0187 7012 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 23:23:55.0203 7012 AppID - ok 23:23:55.0234 7012 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 23:23:55.0234 7012 AppIDSvc - ok 23:23:55.0265 7012 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 23:23:55.0281 7012 Appinfo - ok 23:23:55.0327 7012 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 23:23:55.0343 7012 arc - ok 23:23:55.0359 7012 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 23:23:55.0359 7012 arcsas - ok 23:23:55.0483 7012 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 23:23:55.0483 7012 aspnet_state - ok 23:23:55.0515 7012 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 23:23:55.0515 7012 AsyncMac - ok 23:23:55.0546 7012 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 23:23:55.0561 7012 atapi - ok 23:23:55.0733 7012 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys 23:23:55.0795 7012 athr - ok 23:23:55.0983 7012 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\Windows\system32\drivers\AtihdW76.sys 23:23:55.0983 7012 AtiHDAudioService - ok 23:23:56.0014 7012 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys 23:23:56.0029 7012 AtiPcie - ok 23:23:56.0107 7012 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 23:23:56.0123 7012 AudioEndpointBuilder - ok 23:23:56.0139 7012 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 23:23:56.0154 7012 AudioSrv - ok 23:23:56.0232 7012 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 23:23:56.0248 7012 AxInstSV - ok 23:23:56.0310 7012 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 23:23:56.0357 7012 b06bdrv - ok 23:23:56.0404 7012 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 23:23:56.0419 7012 b57nd60a - ok 23:23:56.0466 7012 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 23:23:56.0466 7012 BDESVC - ok 23:23:56.0497 7012 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 23:23:56.0497 7012 Beep - ok 23:23:56.0622 7012 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 23:23:56.0653 7012 BFE - ok 23:23:56.0763 7012 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 23:23:56.0794 7012 BITS - ok 23:23:56.0825 7012 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 23:23:56.0825 7012 blbdrive - ok 23:23:56.0872 7012 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 23:23:56.0872 7012 bowser - ok 23:23:56.0903 7012 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 23:23:56.0903 7012 BrFiltLo - ok 23:23:56.0919 7012 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 23:23:56.0919 7012 BrFiltUp - ok 23:23:56.0981 7012 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 23:23:56.0981 7012 BridgeMP - ok 23:23:57.0028 7012 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 23:23:57.0043 7012 Browser - ok 23:23:57.0168 7012 Browser Defender Update Service (a2e9bde9fc118ae3a4df2c5a7fd6cbcb) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe 23:23:57.0168 7012 Browser Defender Update Service - ok 23:23:57.0215 7012 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 23:23:57.0231 7012 Brserid - ok 23:23:57.0246 7012 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 23:23:57.0246 7012 BrSerWdm - ok 23:23:57.0262 7012 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 23:23:57.0262 7012 BrUsbMdm - ok 23:23:57.0277 7012 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 23:23:57.0293 7012 BrUsbSer - ok 23:23:57.0309 7012 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 23:23:57.0309 7012 BTHMODEM - ok 23:23:57.0355 7012 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 23:23:57.0355 7012 bthserv - ok 23:23:57.0371 7012 catchme - ok 23:23:57.0418 7012 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 23:23:57.0418 7012 cdfs - ok 23:23:57.0496 7012 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 23:23:57.0496 7012 cdrom - ok 23:23:57.0558 7012 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 23:23:57.0558 7012 CertPropSvc - ok 23:23:57.0574 7012 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 23:23:57.0574 7012 circlass - ok 23:23:57.0621 7012 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 23:23:57.0636 7012 CLFS - ok 23:23:57.0714 7012 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:23:57.0714 7012 clr_optimization_v2.0.50727_32 - ok 23:23:57.0745 7012 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 23:23:57.0761 7012 clr_optimization_v2.0.50727_64 - ok 23:23:57.0855 7012 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:23:57.0855 7012 clr_optimization_v4.0.30319_32 - ok 23:23:57.0901 7012 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 23:23:57.0901 7012 clr_optimization_v4.0.30319_64 - ok 23:23:57.0948 7012 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 23:23:57.0948 7012 CmBatt - ok 23:23:57.0964 7012 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 23:23:57.0964 7012 cmdide - ok 23:23:58.0057 7012 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 23:23:58.0089 7012 CNG - ok 23:23:58.0120 7012 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 23:23:58.0120 7012 Compbatt - ok 23:23:58.0167 7012 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 23:23:58.0167 7012 CompositeBus - ok 23:23:58.0182 7012 COMSysApp - ok 23:23:58.0198 7012 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 23:23:58.0198 7012 crcdisk - ok 23:23:58.0260 7012 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 23:23:58.0260 7012 CryptSvc - ok 23:23:58.0354 7012 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 23:23:58.0369 7012 DcomLaunch - ok 23:23:58.0447 7012 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 23:23:58.0463 7012 defragsvc - ok 23:23:58.0494 7012 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 23:23:58.0510 7012 DfsC - ok 23:23:58.0588 7012 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 23:23:58.0603 7012 Dhcp - ok 23:23:58.0619 7012 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 23:23:58.0619 7012 discache - ok 23:23:58.0650 7012 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 23:23:58.0650 7012 Disk - ok 23:23:58.0697 7012 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 23:23:58.0697 7012 Dnscache - ok 23:23:58.0759 7012 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 23:23:58.0775 7012 dot3svc - ok 23:23:58.0822 7012 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 23:23:58.0822 7012 DPS - ok 23:23:58.0853 7012 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 23:23:58.0853 7012 drmkaud - ok 23:23:58.0962 7012 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe 23:23:58.0978 7012 DsiWMIService - ok 23:23:59.0103 7012 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 23:23:59.0118 7012 DXGKrnl - ok 23:23:59.0165 7012 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 23:23:59.0196 7012 EapHost - ok 23:23:59.0430 7012 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 23:23:59.0508 7012 ebdrv - ok 23:23:59.0649 7012 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 23:23:59.0649 7012 EFS - ok 23:23:59.0727 7012 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 23:23:59.0758 7012 ehRecvr - ok 23:23:59.0789 7012 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 23:23:59.0820 7012 ehSched - ok 23:23:59.0898 7012 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 23:23:59.0914 7012 elxstor - ok 23:23:59.0945 7012 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 23:23:59.0945 7012 ErrDev - ok 23:24:00.0007 7012 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 23:24:00.0023 7012 EventSystem - ok 23:24:00.0070 7012 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 23:24:00.0070 7012 exfat - ok 23:24:00.0101 7012 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 23:24:00.0117 7012 fastfat - ok 23:24:00.0226 7012 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 23:24:00.0241 7012 Fax - ok 23:24:00.0257 7012 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 23:24:00.0257 7012 fdc - ok 23:24:00.0304 7012 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 23:24:00.0304 7012 fdPHost - ok 23:24:00.0319 7012 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 23:24:00.0319 7012 FDResPub - ok 23:24:00.0335 7012 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 23:24:00.0351 7012 FileInfo - ok 23:24:00.0351 7012 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 23:24:00.0366 7012 Filetrace - ok 23:24:00.0522 7012 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 23:24:00.0553 7012 FLEXnet Licensing Service - ok 23:24:00.0585 7012 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 23:24:00.0585 7012 flpydisk - ok 23:24:00.0647 7012 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 23:24:00.0663 7012 FltMgr - ok 23:24:00.0787 7012 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 23:24:00.0819 7012 FontCache - ok 23:24:00.0897 7012 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 23:24:00.0897 7012 FontCache3.0.0.0 - ok 23:24:00.0943 7012 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 23:24:00.0943 7012 FsDepends - ok 23:24:00.0975 7012 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 23:24:00.0975 7012 Fs_Rec - ok 23:24:01.0021 7012 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 23:24:01.0037 7012 fvevol - ok 23:24:01.0068 7012 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 23:24:01.0068 7012 gagp30kx - ok 23:24:01.0162 7012 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 23:24:01.0177 7012 gpsvc - ok 23:24:01.0224 7012 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe 23:24:01.0224 7012 GREGService - ok 23:24:01.0240 7012 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 23:24:01.0240 7012 hcw85cir - ok 23:24:01.0318 7012 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 23:24:01.0333 7012 HdAudAddService - ok 23:24:01.0349 7012 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 23:24:01.0365 7012 HDAudBus - ok 23:24:01.0380 7012 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 23:24:01.0380 7012 HidBatt - ok 23:24:01.0411 7012 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 23:24:01.0411 7012 HidBth - ok 23:24:01.0427 7012 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 23:24:01.0427 7012 HidIr - ok 23:24:01.0458 7012 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 23:24:01.0458 7012 hidserv - ok 23:24:01.0521 7012 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 23:24:01.0521 7012 HidUsb - ok 23:24:01.0567 7012 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 23:24:01.0567 7012 hkmsvc - ok 23:24:01.0645 7012 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 23:24:01.0661 7012 HomeGroupListener - ok 23:24:01.0723 7012 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 23:24:01.0739 7012 HomeGroupProvider - ok 23:24:01.0770 7012 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 23:24:01.0786 7012 HpSAMD - ok 23:24:01.0879 7012 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 23:24:01.0911 7012 HTTP - ok 23:24:01.0942 7012 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 23:24:01.0957 7012 hwpolicy - ok 23:24:01.0989 7012 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 23:24:02.0004 7012 i8042prt - ok 23:24:02.0082 7012 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 23:24:02.0098 7012 iaStorV - ok 23:24:02.0223 7012 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 23:24:02.0238 7012 idsvc - ok 23:24:02.0269 7012 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 23:24:02.0269 7012 iirsp - ok 23:24:02.0379 7012 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 23:24:02.0410 7012 IKEEXT - ok 23:24:02.0659 7012 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys 23:24:02.0722 7012 IntcAzAudAddService - ok 23:24:02.0847 7012 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 23:24:02.0847 7012 intelide - ok 23:24:02.0862 7012 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 23:24:02.0862 7012 intelppm - ok 23:24:02.0909 7012 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 23:24:02.0909 7012 IPBusEnum - ok 23:24:02.0956 7012 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:24:02.0956 7012 IpFilterDriver - ok 23:24:03.0034 7012 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 23:24:03.0049 7012 iphlpsvc - ok 23:24:03.0081 7012 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 23:24:03.0081 7012 IPMIDRV - ok 23:24:03.0112 7012 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 23:24:03.0127 7012 IPNAT - ok 23:24:03.0159 7012 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 23:24:03.0174 7012 IRENUM - ok 23:24:03.0190 7012 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 23:24:03.0190 7012 isapnp - ok 23:24:03.0330 7012 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 23:24:03.0346 7012 iScsiPrt - ok 23:24:03.0486 7012 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys 23:24:03.0502 7012 k57nd60a - ok 23:24:03.0533 7012 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 23:24:03.0533 7012 kbdclass - ok 23:24:03.0580 7012 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 23:24:03.0580 7012 kbdhid - ok 23:24:03.0595 7012 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 23:24:03.0595 7012 KeyIso - ok 23:24:03.0627 7012 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 23:24:03.0627 7012 KSecDD - ok 23:24:03.0642 7012 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 23:24:03.0658 7012 KSecPkg - ok 23:24:03.0673 7012 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 23:24:03.0673 7012 ksthunk - ok 23:24:03.0736 7012 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 23:24:03.0751 7012 KtmRm - ok 23:24:03.0798 7012 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 23:24:03.0814 7012 LanmanServer - ok 23:24:03.0861 7012 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 23:24:03.0861 7012 LanmanWorkstation - ok 23:24:03.0923 7012 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 23:24:03.0923 7012 lltdio - ok 23:24:03.0970 7012 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 23:24:03.0985 7012 lltdsvc - ok 23:24:04.0001 7012 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 23:24:04.0001 7012 lmhosts - ok 23:24:04.0032 7012 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 23:24:04.0032 7012 LSI_FC - ok 23:24:04.0079 7012 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 23:24:04.0079 7012 LSI_SAS - ok 23:24:04.0095 7012 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 23:24:04.0110 7012 LSI_SAS2 - ok 23:24:04.0126 7012 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 23:24:04.0141 7012 LSI_SCSI - ok 23:24:04.0157 7012 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 23:24:04.0173 7012 luafv - ok 23:24:04.0251 7012 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 23:24:04.0251 7012 MBAMProtector - ok 23:24:04.0422 7012 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 23:24:04.0453 7012 MBAMService - ok 23:24:04.0500 7012 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 23:24:04.0516 7012 Mcx2Svc - ok 23:24:04.0609 7012 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 23:24:04.0609 7012 MDM - ok 23:24:04.0656 7012 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 23:24:04.0656 7012 megasas - ok 23:24:04.0703 7012 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 23:24:04.0734 7012 MegaSR - ok 23:24:04.0812 7012 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 23:24:04.0812 7012 MMCSS - ok 23:24:04.0859 7012 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 23:24:04.0859 7012 Modem - ok 23:24:04.0906 7012 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 23:24:04.0906 7012 monitor - ok 23:24:04.0953 7012 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 23:24:04.0953 7012 mouclass - ok 23:24:04.0984 7012 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 23:24:04.0984 7012 mouhid - ok 23:24:05.0015 7012 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 23:24:05.0031 7012 mountmgr - ok 23:24:05.0093 7012 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 23:24:05.0093 7012 MozillaMaintenance - ok 23:24:05.0140 7012 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 23:24:05.0155 7012 mpio - ok 23:24:05.0171 7012 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 23:24:05.0171 7012 mpsdrv - ok 23:24:05.0296 7012 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 23:24:05.0311 7012 MpsSvc - ok 23:24:05.0358 7012 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 23:24:05.0358 7012 MRxDAV - ok 23:24:05.0405 7012 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 23:24:05.0421 7012 mrxsmb - ok 23:24:05.0467 7012 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:24:05.0483 7012 mrxsmb10 - ok 23:24:05.0530 7012 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:24:05.0530 7012 mrxsmb20 - ok 23:24:05.0561 7012 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 23:24:05.0561 7012 msahci - ok 23:24:05.0577 7012 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 23:24:05.0592 7012 msdsm - ok 23:24:05.0623 7012 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 23:24:05.0623 7012 MSDTC - ok 23:24:05.0639 7012 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 23:24:05.0639 7012 Msfs - ok 23:24:05.0655 7012 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 23:24:05.0655 7012 mshidkmdf - ok 23:24:05.0670 7012 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 23:24:05.0670 7012 msisadrv - ok 23:24:05.0717 7012 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 23:24:05.0717 7012 MSiSCSI - ok 23:24:05.0733 7012 msiserver - ok 23:24:05.0764 7012 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 23:24:05.0779 7012 MSKSSRV - ok 23:24:05.0811 7012 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 23:24:05.0811 7012 MSPCLOCK - ok 23:24:05.0826 7012 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 23:24:05.0826 7012 MSPQM - ok 23:24:05.0889 7012 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 23:24:05.0904 7012 MsRPC - ok 23:24:05.0935 7012 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 23:24:05.0951 7012 mssmbios - ok 23:24:05.0967 7012 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 23:24:05.0967 7012 MSTEE - ok 23:24:05.0982 7012 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 23:24:05.0982 7012 MTConfig - ok 23:24:06.0029 7012 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 23:24:06.0029 7012 Mup - ok 23:24:06.0060 7012 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 23:24:06.0060 7012 mwlPSDFilter - ok 23:24:06.0076 7012 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 23:24:06.0076 7012 mwlPSDNServ - ok 23:24:06.0107 7012 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 23:24:06.0107 7012 mwlPSDVDisk - ok 23:24:06.0216 7012 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe 23:24:06.0232 7012 MWLService - ok 23:24:06.0294 7012 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 23:24:06.0325 7012 napagent - ok 23:24:06.0372 7012 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 23:24:06.0388 7012 NativeWifiP - ok 23:24:06.0466 7012 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 23:24:06.0497 7012 NDIS - ok 23:24:06.0528 7012 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 23:24:06.0528 7012 NdisCap - ok 23:24:06.0575 7012 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 23:24:06.0575 7012 NdisTapi - ok 23:24:06.0622 7012 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 23:24:06.0622 7012 Ndisuio - ok 23:24:06.0669 7012 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 23:24:06.0700 7012 NdisWan - ok 23:24:06.0747 7012 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 23:24:06.0747 7012 NDProxy - ok 23:24:06.0762 7012 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 23:24:06.0762 7012 NetBIOS - ok 23:24:06.0825 7012 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 23:24:06.0840 7012 NetBT - ok 23:24:06.0871 7012 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 23:24:06.0887 7012 Netlogon - ok 23:24:06.0949 7012 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 23:24:06.0965 7012 Netman - ok 23:24:07.0090 7012 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:24:07.0090 7012 NetMsmqActivator - ok 23:24:07.0090 7012 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:24:07.0090 7012 NetPipeActivator - ok 23:24:07.0137 7012 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 23:24:07.0152 7012 netprofm - ok 23:24:07.0152 7012 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:24:07.0152 7012 NetTcpActivator - ok 23:24:07.0168 7012 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:24:07.0168 7012 NetTcpPortSharing - ok 23:24:07.0230 7012 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 23:24:07.0230 7012 nfrd960 - ok 23:24:07.0308 7012 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 23:24:07.0324 7012 NlaSvc - ok 23:24:07.0355 7012 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 23:24:07.0355 7012 Npfs - ok 23:24:07.0355 7012 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 23:24:07.0371 7012 nsi - ok 23:24:07.0371 7012 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 23:24:07.0371 7012 nsiproxy - ok 23:24:07.0527 7012 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 23:24:07.0573 7012 Ntfs - ok 23:24:07.0698 7012 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe 23:24:07.0698 7012 NTI IScheduleSvc - ok 23:24:07.0823 7012 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys 23:24:07.0823 7012 NTIDrvr - ok 23:24:07.0839 7012 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 23:24:07.0839 7012 Null - ok 23:24:07.0885 7012 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 23:24:07.0901 7012 nvraid - ok 23:24:07.0932 7012 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 23:24:07.0932 7012 nvstor - ok 23:24:07.0979 7012 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 23:24:07.0995 7012 nv_agp - ok 23:24:08.0041 7012 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 23:24:08.0041 7012 ohci1394 - ok 23:24:08.0088 7012 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 23:24:08.0104 7012 ose - ok 23:24:08.0166 7012 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 23:24:08.0166 7012 p2pimsvc - ok 23:24:08.0213 7012 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 23:24:08.0229 7012 p2psvc - ok 23:24:08.0244 7012 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 23:24:08.0260 7012 Parport - ok 23:24:08.0291 7012 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 23:24:08.0291 7012 partmgr - ok 23:24:08.0322 7012 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 23:24:08.0322 7012 PcaSvc - ok 23:24:08.0353 7012 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 23:24:08.0369 7012 pci - ok 23:24:08.0385 7012 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 23:24:08.0385 7012 pciide - ok 23:24:08.0431 7012 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 23:24:08.0463 7012 pcmcia - ok 23:24:08.0509 7012 PCTBD (7b92f2574a45a99da507a153c7920e8a) C:\Windows\system32\Drivers\PCTBD64.sys 23:24:08.0525 7012 PCTBD - ok 23:24:08.0603 7012 PCTCore (b34958cf94a8e924e8870ea6fb5b1923) C:\Windows\system32\drivers\PCTCore64.sys 23:24:08.0603 7012 PCTCore - ok 23:24:08.0650 7012 pctDS (00cdbcb3178668c780a0c186b958a433) C:\Windows\system32\drivers\pctDS64.sys 23:24:08.0665 7012 pctDS - ok 23:24:08.0743 7012 pctEFA (6a509ceeb76361d12f0efe28e48f2221) C:\Windows\system32\drivers\pctEFA64.sys 23:24:08.0759 7012 pctEFA - ok 23:24:08.0790 7012 pctgntdi (07396a10e07af751a3a045872cf1e5ac) C:\Windows\System32\drivers\pctgntdi64.sys 23:24:08.0806 7012 pctgntdi - ok 23:24:08.0837 7012 pctplsg (18b9a064b02b5f20c4c78ab8c5788f04) C:\Windows\System32\drivers\pctplsg64.sys 23:24:08.0837 7012 pctplsg - ok 23:24:08.0868 7012 PCTSD (2ab248581631e918b37b630516b005e7) C:\Windows\system32\Drivers\PCTSD64.sys 23:24:08.0884 7012 PCTSD - ok 23:24:08.0899 7012 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 23:24:08.0899 7012 pcw - ok 23:24:08.0962 7012 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 23:24:08.0977 7012 PEAUTH - ok 23:24:09.0087 7012 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 23:24:09.0087 7012 PerfHost - ok 23:24:09.0274 7012 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 23:24:09.0305 7012 pla - ok 23:24:09.0383 7012 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 23:24:09.0399 7012 PlugPlay - ok 23:24:09.0430 7012 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 23:24:09.0430 7012 PNRPAutoReg - ok 23:24:09.0477 7012 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 23:24:09.0477 7012 PNRPsvc - ok 23:24:09.0555 7012 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys 23:24:09.0555 7012 Point64 - ok 23:24:09.0617 7012 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 23:24:09.0633 7012 PolicyAgent - ok 23:24:09.0679 7012 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 23:24:09.0679 7012 Power - ok 23:24:09.0742 7012 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 23:24:09.0742 7012 PptpMiniport - ok 23:24:09.0773 7012 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 23:24:09.0773 7012 Processor - ok 23:24:09.0820 7012 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 23:24:09.0835 7012 ProfSvc - ok 23:24:09.0882 7012 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 23:24:09.0882 7012 ProtectedStorage - ok 23:24:09.0945 7012 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 23:24:09.0960 7012 Psched - ok 23:24:10.0101 7012 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 23:24:10.0132 7012 ql2300 - ok 23:24:10.0272 7012 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 23:24:10.0303 7012 ql40xx - ok 23:24:10.0381 7012 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 23:24:10.0397 7012 QWAVE - ok 23:24:10.0413 7012 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 23:24:10.0413 7012 QWAVEdrv - ok 23:24:10.0428 7012 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 23:24:10.0428 7012 RasAcd - ok 23:24:10.0459 7012 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 23:24:10.0459 7012 RasAgileVpn - ok 23:24:10.0475 7012 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 23:24:10.0491 7012 RasAuto - ok 23:24:10.0537 7012 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 23:24:10.0553 7012 Rasl2tp - ok 23:24:10.0631 7012 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 23:24:10.0647 7012 RasMan - ok 23:24:10.0678 7012 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 23:24:10.0678 7012 RasPppoe - ok 23:24:10.0709 7012 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 23:24:10.0709 7012 RasSstp - ok 23:24:10.0756 7012 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 23:24:10.0771 7012 rdbss - ok 23:24:10.0787 7012 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 23:24:10.0787 7012 rdpbus - ok 23:24:10.0803 7012 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 23:24:10.0803 7012 RDPCDD - ok 23:24:10.0849 7012 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 23:24:10.0849 7012 RDPENCDD - ok 23:24:10.0881 7012 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 23:24:10.0881 7012 RDPREFMP - ok 23:24:10.0927 7012 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 23:24:10.0927 7012 RDPWD - ok 23:24:10.0974 7012 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 23:24:11.0005 7012 rdyboost - ok 23:24:11.0037 7012 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 23:24:11.0068 7012 RemoteAccess - ok 23:24:11.0099 7012 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 23:24:11.0115 7012 RemoteRegistry - ok 23:24:11.0146 7012 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 23:24:11.0161 7012 RpcEptMapper - ok 23:24:11.0193 7012 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 23:24:11.0193 7012 RpcLocator - ok 23:24:11.0271 7012 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 23:24:11.0286 7012 RpcSs - ok 23:24:11.0302 7012 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 23:24:11.0302 7012 rspndr - ok 23:24:11.0364 7012 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys 23:24:11.0380 7012 RSUSBSTOR - ok 23:24:11.0427 7012 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 23:24:11.0442 7012 SamSs - ok 23:24:11.0473 7012 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 23:24:11.0473 7012 sbp2port - ok 23:24:11.0520 7012 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 23:24:11.0536 7012 SCardSvr - ok 23:24:11.0567 7012 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 23:24:11.0567 7012 scfilter - ok 23:24:11.0692 7012 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 23:24:11.0739 7012 Schedule - ok 23:24:11.0785 7012 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 23:24:11.0785 7012 SCPolicySvc - ok 23:24:11.0879 7012 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe 23:24:11.0879 7012 sdAuxService - ok 23:24:11.0988 7012 sdCoreService (cb2447edda6f8098f3a966b8c82d35fd) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe 23:24:11.0988 7012 sdCoreService - ok 23:24:12.0144 7012 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 23:24:12.0160 7012 SDRSVC - ok 23:24:12.0191 7012 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 23:24:12.0207 7012 secdrv - ok 23:24:12.0238 7012 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 23:24:12.0253 7012 seclogon - ok 23:24:12.0269 7012 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 23:24:12.0285 7012 SENS - ok 23:24:12.0316 7012 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 23:24:12.0316 7012 SensrSvc - ok 23:24:12.0347 7012 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 23:24:12.0347 7012 Serenum - ok 23:24:12.0394 7012 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 23:24:12.0394 7012 Serial - ok 23:24:12.0425 7012 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 23:24:12.0425 7012 sermouse - ok 23:24:12.0472 7012 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 23:24:12.0487 7012 SessionEnv - ok 23:24:12.0519 7012 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 23:24:12.0519 7012 sffdisk - ok 23:24:12.0534 7012 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 23:24:12.0534 7012 sffp_mmc - ok 23:24:12.0550 7012 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 23:24:12.0550 7012 sffp_sd - ok 23:24:12.0565 7012 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 23:24:12.0565 7012 sfloppy - ok 23:24:12.0612 7012 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 23:24:12.0612 7012 SharedAccess - ok 23:24:12.0675 7012 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 23:24:12.0690 7012 ShellHWDetection - ok 23:24:12.0721 7012 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 23:24:12.0721 7012 SiSRaid2 - ok 23:24:12.0737 7012 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 23:24:12.0737 7012 SiSRaid4 - ok 23:24:12.0753 7012 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 23:24:12.0768 7012 Smb - ok 23:24:12.0784 7012 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 23:24:12.0784 7012 SNMPTRAP - ok 23:24:12.0799 7012 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 23:24:12.0799 7012 spldr - ok 23:24:12.0846 7012 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 23:24:12.0862 7012 Spooler - ok 23:24:13.0111 7012 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 23:24:13.0205 7012 sppsvc - ok 23:24:13.0330 7012 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 23:24:13.0345 7012 sppuinotify - ok 23:24:13.0408 7012 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 23:24:13.0423 7012 srv - ok 23:24:13.0470 7012 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 23:24:13.0486 7012 srv2 - ok 23:24:13.0517 7012 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 23:24:13.0533 7012 srvnet - ok 23:24:13.0595 7012 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 23:24:13.0611 7012 SSDPSRV - ok 23:24:13.0642 7012 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 23:24:13.0642 7012 SstpSvc - ok 23:24:13.0673 7012 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 23:24:13.0673 7012 stexstor - ok 23:24:13.0751 7012 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 23:24:13.0767 7012 stisvc - ok 23:24:13.0798 7012 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 23:24:13.0798 7012 swenum - ok 23:24:13.0860 7012 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 23:24:13.0876 7012 swprv - ok 23:24:13.0938 7012 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys 23:24:13.0954 7012 SynTP - ok 23:24:14.0125 7012 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 23:24:14.0172 7012 SysMain - ok 23:24:14.0250 7012 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 23:24:14.0250 7012 TabletInputService - ok 23:24:14.0297 7012 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 23:24:14.0313 7012 TapiSrv - ok 23:24:14.0391 7012 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 23:24:14.0391 7012 TBS - ok 23:24:14.0609 7012 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 23:24:14.0656 7012 Tcpip - ok 23:24:14.0874 7012 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 23:24:14.0890 7012 TCPIP6 - ok 23:24:14.0983 7012 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 23:24:14.0983 7012 tcpipreg - ok 23:24:15.0015 7012 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 23:24:15.0015 7012 TDPIPE - ok 23:24:15.0061 7012 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 23:24:15.0061 7012 TDTCP - ok 23:24:15.0108 7012 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 23:24:15.0108 7012 tdx - ok 23:24:15.0124 7012 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 23:24:15.0124 7012 TermDD - ok 23:24:15.0202 7012 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 23:24:15.0217 7012 TermService - ok 23:24:15.0264 7012 TfFsMon (7a9db95526d3111a7482cfac748e3150) C:\Windows\system32\drivers\TfFsMon.sys 23:24:15.0264 7012 TfFsMon - ok 23:24:15.0280 7012 TfNetMon (9189c9f2ff899a14f13f94cb9c1447cf) C:\Windows\system32\drivers\TfNetMon.sys 23:24:15.0280 7012 TfNetMon - ok 23:24:15.0389 7012 TFSysMon (af463ca8e9998cdd6c93cc285ec1516c) C:\Windows\system32\drivers\TfSysMon.sys 23:24:15.0420 7012 TFSysMon - ok 23:24:15.0436 7012 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 23:24:15.0436 7012 Themes - ok 23:24:15.0467 7012 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 23:24:15.0467 7012 THREADORDER - ok 23:24:15.0529 7012 ThreatFire - ok 23:24:15.0592 7012 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 23:24:15.0607 7012 TrkWks - ok 23:24:15.0670 7012 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 23:24:15.0685 7012 TrustedInstaller - ok 23:24:15.0717 7012 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 23:24:15.0732 7012 tssecsrv - ok 23:24:15.0795 7012 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 23:24:15.0810 7012 TsUsbFlt - ok 23:24:15.0873 7012 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 23:24:15.0904 7012 tunnel - ok 23:24:15.0951 7012 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 23:24:15.0951 7012 uagp35 - ok 23:24:15.0966 7012 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys 23:24:15.0966 7012 UBHelper - ok 23:24:16.0044 7012 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 23:24:16.0060 7012 udfs - ok 23:24:16.0091 7012 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 23:24:16.0091 7012 UI0Detect - ok 23:24:16.0138 7012 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 23:24:16.0138 7012 uliagpkx - ok 23:24:16.0185 7012 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 23:24:16.0185 7012 umbus - ok 23:24:16.0216 7012 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 23:24:16.0216 7012 UmPass - ok 23:24:16.0294 7012 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe 23:24:16.0309 7012 Updater Service - ok 23:24:16.0403 7012 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 23:24:16.0450 7012 upnphost - ok 23:24:16.0481 7012 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 23:24:16.0497 7012 usbccgp - ok 23:24:16.0559 7012 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 23:24:16.0559 7012 usbcir - ok 23:24:16.0590 7012 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 23:24:16.0590 7012 usbehci - ok 23:24:16.0637 7012 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys 23:24:16.0637 7012 usbfilter - ok 23:24:16.0684 7012 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 23:24:16.0699 7012 usbhub - ok 23:24:16.0731 7012 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 23:24:16.0731 7012 usbohci - ok 23:24:16.0762 7012 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 23:24:16.0762 7012 usbprint - ok 23:24:16.0793 7012 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 23:24:16.0793 7012 usbscan - ok 23:24:16.0824 7012 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 23:24:16.0840 7012 USBSTOR - ok 23:24:16.0855 7012 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 23:24:16.0855 7012 usbuhci - ok 23:24:16.0902 7012 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 23:24:16.0902 7012 usbvideo - ok 23:24:16.0933 7012 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 23:24:16.0933 7012 UxSms - ok 23:24:16.0965 7012 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 23:24:16.0965 7012 VaultSvc - ok 23:24:16.0996 7012 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 23:24:16.0996 7012 vdrvroot - ok 23:24:17.0089 7012 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 23:24:17.0105 7012 vds - ok 23:24:17.0121 7012 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 23:24:17.0121 7012 vga - ok 23:24:17.0152 7012 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 23:24:17.0152 7012 VgaSave - ok 23:24:17.0199 7012 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 23:24:17.0214 7012 vhdmp - ok 23:24:17.0230 7012 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 23:24:17.0230 7012 viaide - ok 23:24:17.0277 7012 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 23:24:17.0277 7012 volmgr - ok 23:24:17.0355 7012 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 23:24:17.0370 7012 volmgrx - ok 23:24:17.0417 7012 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 23:24:17.0433 7012 volsnap - ok 23:24:17.0464 7012 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 23:24:17.0479 7012 vsmraid - ok 23:24:17.0620 7012 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 23:24:17.0667 7012 VSS - ok 23:24:17.0791 7012 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 23:24:17.0791 7012 vwifibus - ok 23:24:17.0823 7012 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 23:24:17.0823 7012 vwififlt - ok 23:24:17.0901 7012 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 23:24:17.0901 7012 W32Time - ok 23:24:17.0932 7012 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 23:24:17.0932 7012 WacomPen - ok 23:24:17.0979 7012 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 23:24:17.0979 7012 WANARP - ok 23:24:18.0010 7012 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 23:24:18.0010 7012 Wanarpv6 - ok 23:24:18.0213 7012 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 23:24:18.0244 7012 WatAdminSvc - ok 23:24:18.0369 7012 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 23:24:18.0400 7012 wbengine - ok 23:24:18.0509 7012 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 23:24:18.0540 7012 WbioSrvc - ok 23:24:18.0603 7012 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 23:24:18.0618 7012 wcncsvc - ok 23:24:18.0634 7012 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 23:24:18.0634 7012 WcsPlugInService - ok 23:24:18.0665 7012 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 23:24:18.0665 7012 Wd - ok 23:24:18.0743 7012 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 23:24:18.0774 7012 Wdf01000 - ok 23:24:18.0790 7012 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 23:24:18.0805 7012 WdiServiceHost - ok 23:24:18.0805 7012 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 23:24:18.0805 7012 WdiSystemHost - ok 23:24:18.0868 7012 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 23:24:18.0883 7012 WebClient - ok 23:24:18.0915 7012 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 23:24:18.0930 7012 Wecsvc - ok 23:24:18.0946 7012 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 23:24:18.0961 7012 wercplsupport - ok 23:24:18.0993 7012 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 23:24:18.0993 7012 WerSvc - ok 23:24:19.0024 7012 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 23:24:19.0024 7012 WfpLwf - ok 23:24:19.0039 7012 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 23:24:19.0055 7012 WIMMount - ok 23:24:19.0086 7012 WinDefend - ok 23:24:19.0102 7012 WinHttpAutoProxySvc - ok 23:24:19.0242 7012 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 23:24:19.0258 7012 Winmgmt - ok 23:24:19.0461 7012 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 23:24:19.0507 7012 WinRM - ok 23:24:19.0679 7012 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 23:24:19.0695 7012 Wlansvc - ok 23:24:19.0773 7012 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 23:24:19.0773 7012 wlcrasvc - ok 23:24:20.0007 7012 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 23:24:20.0053 7012 wlidsvc - ok 23:24:20.0163 7012 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 23:24:20.0163 7012 WmiAcpi - ok 23:24:20.0303 7012 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 23:24:20.0319 7012 wmiApSrv - ok 23:24:20.0381 7012 WMPNetworkSvc - ok 23:24:20.0412 7012 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 23:24:20.0412 7012 WPCSvc - ok 23:24:20.0475 7012 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 23:24:20.0490 7012 WPDBusEnum - ok 23:24:20.0521 7012 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 23:24:20.0521 7012 ws2ifsl - ok 23:24:20.0553 7012 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 23:24:20.0568 7012 wscsvc - ok 23:24:20.0568 7012 WSearch - ok 23:24:20.0787 7012 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 23:24:20.0849 7012 wuauserv - ok 23:24:21.0021 7012 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 23:24:21.0021 7012 WudfPf - ok 23:24:21.0067 7012 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 23:24:21.0083 7012 WUDFRd - ok 23:24:21.0114 7012 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 23:24:21.0114 7012 wudfsvc - ok 23:24:21.0161 7012 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 23:24:21.0177 7012 WwanSvc - ok 23:24:21.0208 7012 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 23:24:21.0535 7012 \Device\Harddisk0\DR0 - ok 23:24:21.0551 7012 Boot (0x1200) (9f8098c9e1c35cf4ec8568e66e043ed7) \Device\Harddisk0\DR0\Partition0 23:24:21.0551 7012 \Device\Harddisk0\DR0\Partition0 - ok 23:24:21.0567 7012 Boot (0x1200) (b9e4554dba742dee12a72c2d9177188d) \Device\Harddisk0\DR0\Partition1 23:24:21.0567 7012 \Device\Harddisk0\DR0\Partition1 - ok 23:24:21.0567 7012 ============================================================ 23:24:21.0567 7012 Scan finished 23:24:21.0567 7012 ============================================================ 23:24:21.0598 7280 Detected object count: 0 23:24:21.0598 7280 Actual detected object count: 0
  19. jinksy9
    Hi Gringo. Slight hiccup when I startedn to run combofix. It popped up a message saying pc tools spyware doctor was still active. I checked and it was definitely disabled so I clicked ok. Combofix popped up another message saying it a was still active and I double-checked - it was definitely disabled. Ran combofix with fingers crossed. It seems to have run ok and the following is the log: ComboFix 12-06-13.04 - Jinks 13/06/2012 20:35:41.1.3 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2811.1707 [GMT 1:00] Running from: c:\users\Jinks\Desktop\ComboFix.exe AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\users\Jinks\AppData\Roaming\Microsoft\Protect\g32.txt c:\users\Jinks\AppData\Roaming\Microsoft\Protect\gs32.txt c:\users\Jinks\AppData\Roaming\Microsoft\Protect\s32.txt c:\users\Jinks\Documents\FSP359F7E65F64F4BFEB7E9C50238CBFE88.tmp . . ((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 ))))))))))))))))))))))))))))))) . . 2012-06-13 19:43 . 2012-06-13 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-12 19:40 . 2012-06-12 19:40 -------- d-----w- c:\users\Jinks\AppData\Roaming\ATI 2012-06-12 19:40 . 2012-06-12 19:40 -------- d-----w- c:\users\Jinks\AppData\Local\ATI 2012-06-12 19:40 . 2012-06-12 19:40 -------- d-----w- c:\programdata\ATI 2012-06-06 19:59 . 2012-06-06 19:59 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-06 19:59 . 2012-06-06 19:59 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-05-19 21:39 . 2012-05-19 21:39 -------- d-----w- c:\program files\Microsoft Silverlight 2012-05-19 21:39 . 2012-05-19 21:39 -------- d-----w- c:\program files (x86)\Microsoft Silverlight . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 18:55 . 2012-04-06 06:33 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-05 18:55 . 2011-08-26 15:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 18:54 . 2012-04-06 11:06 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-04 14:56 . 2011-09-22 12:29 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-31 06:05 . 2012-05-11 21:27 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-31 04:39 . 2012-05-11 21:27 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-31 04:39 . 2012-05-11 21:27 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-31 03:10 . 2012-05-11 21:27 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-03-30 11:35 . 2012-05-11 21:23 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-17 07:58 . 2012-05-11 21:25 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 03:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-28 98304] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-06 113120] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520] R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-10-27 402336] R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x] S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x] S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x] S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-10-25 542672] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x] S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 18:55] . 2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3480568362-12528471-548720365-1001Core.job - c:\users\Jinks\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-08 12:21] . 2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3480568362-12528471-548720365-1001UA.job - c:\users\Jinks\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-08 12:21] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 03:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-21 11444840] "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-12-28 206208] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://acer.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 8.8.8.8 212.117.175.185 FF - ProfilePath - c:\users\Jinks\AppData\Roaming\Mozilla\Firefox\Profiles\4ifmu0p4.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-13 20:47:48 ComboFix-quarantined-files.txt 2012-06-13 19:47 . Pre-Run: 418,667,618,304 bytes free Post-Run: 419,317,223,424 bytes free . - - End Of File - - CAFF3E0CB6DF91D3587D45C9BBE79616
  20. jinksy9
    Everything seemed to work ok this time DDS reports follow. I'll catch up with you tomorrow Gringo - it's bedtime here. cheers, jinksy9 DDS.txt report is: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Jinks at 22:13:41 on 2012-06-12 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2811.1575 [GMT 1:00] . AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Acer\Registration\GREGsvc.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\PLFSetI.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ uDefault_Page_URL = hxxp://acer.msn.com mDefault_Page_URL = hxxp://acer.msn.com mStart Page = hxxp://acer.msn.com uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll uRun: [Google Update] "C:\Users\Jinks\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [iSTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 8.8.8.8 212.117.175.185 TCP: Interfaces\{24E9E55F-9551-4D52-B4D3-B5A2BF4D329C} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{CC604D7E-1F32-4AA6-89E7-EAD66244A8B6} : DhcpNameServer = 8.8.8.8 212.117.175.185 TCP: Interfaces\{CC604D7E-1F32-4AA6-89E7-EAD66244A8B6}\24142502C45402051425659435 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{CC604D7E-1F32-4AA6-89E7-EAD66244A8B6}\66275656D286F6473707F647E236F6D60236862303D2E33393 : DhcpNameServer = 208.67.222.222 208.67.220.220 192.168.1.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: PC Tools Browser Defender BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll BHO-X64: Browser Defender BHO - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll TB-X64: PC Tools Browser Defender: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll mRun-x64: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [iSTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jinks\AppData\Roaming\Mozilla\Firefox\Profiles\4ifmu0p4.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Jinks\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?] R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?] R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?] R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?] R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?] R0 TFSysMon;TFSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?] R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?] R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?] R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?] R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?] R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-11-1 542672] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-15 321104] R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-12 654408] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-29 255744] R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-11-1 402336] R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2011-11-1 1117624] R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-12-15 243232] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?] R3 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?] R3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?] R3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 257696] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120] S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-06-12 21:00:46 711240 ----a-w- C:\Windows\isRS-000.tmp 2012-06-12 19:40:09 -------- d-----w- C:\Users\Jinks\AppData\Local\ATI 2012-06-06 19:59:05 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-06 19:59:04 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll . ==================== Find3M ==================== . 2012-05-05 18:55:05 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 18:55:05 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-05 18:54:59 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-04-04 14:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys . ============= FINISH: 22:15:43.71 =============== Attach.txt report is: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 24/08/2011 01:04:24 System Uptime: 12/06/2012 22:02:45 (0 hours ago) . Motherboard: Acer | | JE51_DN Processor: AMD Phenom II N830 Triple-Core Processor | Socket S1G4 | 798/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 452 GiB total, 390.644 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: PC Tools Data Store Device ID: ROOT\LEGACY_PCTDS\0000 Manufacturer: Name: PC Tools Data Store PNP Device ID: ROOT\LEGACY_PCTDS\0000 Service: pctDS . ==== System Restore Points =================== . RP52: 17/03/2012 07:12:11 - Windows Update RP53: 17/03/2012 16:58:38 - Windows Modules Installer RP55: 30/03/2012 14:31:45 - Scheduled Checkpoint RP57: 14/04/2012 09:55:21 - Windows Modules Installer RP58: 21/04/2012 17:56:10 - Scheduled Checkpoint RP59: 30/04/2012 14:28:23 - Scheduled Checkpoint RP60: 09/05/2012 19:31:01 - Scheduled Checkpoint RP61: 13/05/2012 07:07:17 - Windows Update RP62: 19/05/2012 22:37:56 - Windows Update RP63: 27/05/2012 14:48:06 - Scheduled Checkpoint RP64: 05/06/2012 11:00:09 - Windows Update RP65: 12/06/2012 19:09:33 - Scheduled Checkpoint . ==== Installed Programs ====================== . Acer Backup Manager Acer Crystal Eye webcam Ver:1.1.194.1021 Acer eRecovery Management Acer GameZone Console Acer Registration Acer ScreenSaver Acer Updater Acrobat.com Adobe AIR Adobe Reader X (10.1.3) Adobe Shockwave Player 11.6 Airport Mania First Flight Amazonia Backup Manager Basic Bet Angel - Professional Browser Defender 4.0 Cake Mania Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Compatibility Pack for the 2007 Office system CyberLink PowerDVD 9 D3DX10 Dream Day First Home eBay Worldwide Farm Frenzy 2 Galapago GnuCash 2.4.8 Google Chrome Heroes of Hellas Identity Card Junk Mail filter update Launch Manager Malwarebytes Anti-Malware version 1.61.0.1400 Merriam Websters Spell Jam Mesh Runtime Microsoft Office 2010 Microsoft Office File Validation Add-In Microsoft Office Professional Edition 2003 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works 6-9 Converter Mozilla Firefox 13.0 (x86 en-GB) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MyWinLocker MyWinLocker Suite NTI Media Maker 9 PC Tools Spyware Doctor with AntiVirus 9.0 Poker Pop Punters Paymaster Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Shredder Skype™ 5.5 Spin & Win swMSM Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Welcome Center Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 12/06/2012 22:01:57, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ThreatFire service. 12/06/2012 20:37:21, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s). 12/06/2012 20:04:37, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 10/06/2012 09:50:05, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2. 10/06/2012 09:50:03, Error: PCTCore [280] - The item store is corrupted: @5503. 10/06/2012 02:56:38, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 05/06/2012 10:59:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED} 05/06/2012 10:59:33, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect. 05/06/2012 10:59:33, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File ===========================
  21. jinksy9
    Hi Gringo. I've restarted the computer and have been able to delete the DDS.scr file. I'll have another go at downloading it and running it now. cheers, jinksy9
  22. jinksy9
    Hi Gringo. Problems? When I had downloaded Security Check it took me a number of tries before it opened. When it finally did so it seemed to work ok and I've posted the results. However, now have another, similar problem. The command window hasn't appeared when I tried to run DDS. Tried double-clicking, also tried right-click and then clicked on Test (it didn't say open). After another failed attempt I decided to delete it and download again but when I tried to delete it a message came up to say it couldn't be deleted because it was open in system! What should I do please. Thanks, jinksy9
  23. jinksy9
    Hi Gringo. Here we go again Results of Security Check are: Results of screen317's Security Check version 0.99.41 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Disabled! Spyware Doctor with AntiVirus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` PC Tools Spyware Doctor with AntiVirus 9.0 Malwarebytes Anti-Malware version 1.60.0.1800 Adobe Flash Player 11.2.202.235 Adobe Reader X (10.1.3) Mozilla Firefox (13.0) Google Chrome 19.0.1084.52 Google Chrome 19.0.1084.56 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe ThreatFire TFService.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  24. jinksy9
    Hi Gringo. Just a couple of things before I get started with the other laptop. I re-enabled defogger but you didn't say anything about uninstalling it. Should I? I uninstalled combofix and used OTCleanIt. Should that have removed aswMBR, HiJackthis and TDSSkiller? Also, what about the log files from those? Should I delete those too now? See you on the other thread shortly Thanks, jinksy9
  25. jinksy9
    Hi Gringo - link to new topic is: http://forums.malwarebytes.org/index.php?showtopic=111006 cheers, jinksy9
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.