jinksy9 Posted June 11, 2012 ID:559604 Share Posted June 11, 2012 As other topic svchost.exe Malwarebytes is blocking outgoing on our other laptop. Always the same IP address, which seems may be in Luxemburg!? if my internet search found the correct info.The message is:"Successfully blocked access to a potentially malicious website: 212.117.175.185Type: outgoingPort:*****, Process: svchost.exe"The ***** represents the fact that the port always changes.Gringo has helped me clear up my laptop but said to start a new topic for this on our other laptop.jinksy9 Link to post Share on other sites More sharing options...
Staff gringo_pr Posted June 11, 2012 Staff ID:559663 Share Posted June 11, 2012 GreetingsIt comes in so many different way I could not start to tell how you got itPlease do not run any tools unless instructed to do so. We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. [*]Please do not attach logs or use code boxes, just copy and paste the text. Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post. [*]Please read every post completely before doing anything. Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. [*]Please provide feedback about your experience as we go. A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post. NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.DeFogger:Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:Download DDS and save it to your desktopLink1Link2Link3Please disable any anti-malware program that will block scripts from running before running DDS.Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear: DDS.txt Attach.txt[*]A window will open instructing you save & post the logs[*]Save the logs to a convenient place such as your desktop[*]Copy the contents of both logs & post in your next replyinformation and logs:In your next post I need the following.logs from DDSlet me know of any problems you may have hadGringo Link to post Share on other sites More sharing options...
jinksy9 Posted June 12, 2012 Author ID:559926 Share Posted June 12, 2012 Hi Gringo. Here we go again Results of Security Check are: Results of screen317's Security Check version 0.99.41 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Disabled! Spyware Doctor with AntiVirus WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:````````` PC Tools Spyware Doctor with AntiVirus 9.0 Malwarebytes Anti-Malware version 1.60.0.1800 Adobe Flash Player 11.2.202.235 Adobe Reader X (10.1.3) Mozilla Firefox (13.0) Google Chrome 19.0.1084.52 Google Chrome 19.0.1084.56 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe ThreatFire TFService.exe`````````````````System Health check````````````````` Total Fragmentation on Drive C: 0%````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
jinksy9 Posted June 12, 2012 Author ID:559927 Share Posted June 12, 2012 Hi Gringo. Problems? When I had downloaded Security Check it took me a number of tries before it opened. When it finally did so it seemed to work ok and I've posted the results.However, now have another, similar problem. The command window hasn't appeared when I tried to run DDS. Tried double-clicking, also tried right-click and then clicked on Test (it didn't say open). After another failed attempt I decided to delete it and download again but when I tried to delete it a message came up to say it couldn't be deleted because it was open in system!What should I do please. Thanks, jinksy9 Link to post Share on other sites More sharing options...
jinksy9 Posted June 12, 2012 Author ID:559941 Share Posted June 12, 2012 Hi Gringo. I've restarted the computer and have been able to delete the DDS.scr file. I'll have another go at downloading it and running it now.cheers, jinksy9 Link to post Share on other sites More sharing options...
jinksy9 Posted June 12, 2012 Author ID:559947 Share Posted June 12, 2012 Everything seemed to work ok this time DDS reports follow. I'll catch up with you tomorrow Gringo - it's bedtime here. cheers, jinksy9DDS.txt report is:.DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421Run by Jinks at 22:13:41 on 2012-06-12Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2811.1575 [GMT 1:00].AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\rundll32.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Launch Manager\dsiwmis.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Acer\Registration\GREGsvc.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exeC:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exeC:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Acer\Acer Updater\UpdaterService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\PLFSetI.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\EgisTec IPS\PmmUpdate.exeC:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exeC:\Program Files (x86)\Launch Manager\LManager.exeC:\Program Files (x86)\Launch Manager\MMDx64Fx.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Launch Manager\LMworker.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\EgisTec IPS\EgisUpdate.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.co.uk/uDefault_Page_URL = hxxp://acer.msn.commDefault_Page_URL = hxxp://acer.msn.commStart Page = hxxp://acer.msn.comuURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dllmWinlogon: Userinit=userinit.exe,BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllTB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dlluRun: [Google Update] "C:\Users\Jinks\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimizeduRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunmRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -dmRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -kmRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun: [iSTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUImPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableLUA = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLLLSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dllTCP: DhcpNameServer = 8.8.8.8 212.117.175.185TCP: Interfaces\{24E9E55F-9551-4D52-B4D3-B5A2BF4D329C} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{CC604D7E-1F32-4AA6-89E7-EAD66244A8B6} : DhcpNameServer = 8.8.8.8 212.117.175.185TCP: Interfaces\{CC604D7E-1F32-4AA6-89E7-EAD66244A8B6}\24142502C45402051425659435 : DhcpNameServer = 192.168.1.1TCP: Interfaces\{CC604D7E-1F32-4AA6-89E7-EAD66244A8B6}\66275656D286F6473707F647E236F6D60236862303D2E33393 : DhcpNameServer = 208.67.222.222 208.67.220.220 192.168.1.1Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: PC Tools Browser Defender BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dllBHO-X64: Browser Defender BHO - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllTB-X64: PC Tools Browser Defender: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dllmRun-x64: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -dmRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -kmRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exemRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun-x64: [iSTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Jinks\AppData\Roaming\Mozilla\Firefox\Profiles\4ifmu0p4.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Jinks\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll.============= SERVICES / DRIVERS ===============.R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]R0 TFSysMon;TFSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-11-1 542672]R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-15 321104]R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-12 654408]R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-29 255744]R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-11-1 402336]R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2011-11-1 1117624]R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-12-15 243232]R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]R3 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?]R3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]R3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [?]R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 257696]S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-06-12 21:00:46 711240 ----a-w- C:\Windows\isRS-000.tmp2012-06-12 19:40:09 -------- d-----w- C:\Users\Jinks\AppData\Local\ATI2012-06-06 19:59:05 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll2012-06-06 19:59:04 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll.==================== Find3M ====================.2012-05-05 18:55:05 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-05-05 18:55:05 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-05-05 18:54:59 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe2012-04-04 14:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys.============= FINISH: 22:15:43.71 ===============Attach.txt report is:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 24/08/2011 01:04:24System Uptime: 12/06/2012 22:02:45 (0 hours ago).Motherboard: Acer | | JE51_DNProcessor: AMD Phenom II N830 Triple-Core Processor | Socket S1G4 | 798/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 452 GiB total, 390.644 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: PC Tools Data StoreDevice ID: ROOT\LEGACY_PCTDS\0000Manufacturer:Name: PC Tools Data StorePNP Device ID: ROOT\LEGACY_PCTDS\0000Service: pctDS.==== System Restore Points ===================.RP52: 17/03/2012 07:12:11 - Windows UpdateRP53: 17/03/2012 16:58:38 - Windows Modules InstallerRP55: 30/03/2012 14:31:45 - Scheduled CheckpointRP57: 14/04/2012 09:55:21 - Windows Modules InstallerRP58: 21/04/2012 17:56:10 - Scheduled CheckpointRP59: 30/04/2012 14:28:23 - Scheduled CheckpointRP60: 09/05/2012 19:31:01 - Scheduled CheckpointRP61: 13/05/2012 07:07:17 - Windows UpdateRP62: 19/05/2012 22:37:56 - Windows UpdateRP63: 27/05/2012 14:48:06 - Scheduled CheckpointRP64: 05/06/2012 11:00:09 - Windows UpdateRP65: 12/06/2012 19:09:33 - Scheduled Checkpoint.==== Installed Programs ======================.Acer Backup ManagerAcer Crystal Eye webcam Ver:1.1.194.1021Acer eRecovery ManagementAcer GameZone ConsoleAcer RegistrationAcer ScreenSaverAcer UpdaterAcrobat.comAdobe AIRAdobe Reader X (10.1.3)Adobe Shockwave Player 11.6Airport Mania First FlightAmazoniaBackup Manager BasicBet Angel - ProfessionalBrowser Defender 4.0Cake ManiaCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticCCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCompatibility Pack for the 2007 Office systemCyberLink PowerDVD 9D3DX10Dream Day First HomeeBay WorldwideFarm Frenzy 2GalapagoGnuCash 2.4.8Google ChromeHeroes of HellasIdentity CardJunk Mail filter updateLaunch ManagerMalwarebytes Anti-Malware version 1.61.0.1400Merriam Websters Spell JamMesh RuntimeMicrosoft Office 2010Microsoft Office File Validation Add-InMicrosoft Office Professional Edition 2003Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Works 6-9 ConverterMozilla Firefox 13.0 (x86 en-GB)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64MyWinLockerMyWinLocker SuiteNTI Media Maker 9PC Tools Spyware Doctor with AntiVirus 9.0Poker PopPunters PaymasterRealtek High Definition Audio DriverRealtek USB 2.0 Card ReaderSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)ShredderSkype™ 5.5Spin & WinswMSMUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Welcome CenterWindows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer Resources.==== Event Viewer Messages From Past Week ========.12/06/2012 22:01:57, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ThreatFire service.12/06/2012 20:37:21, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).12/06/2012 20:04:37, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.10/06/2012 09:50:05, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.10/06/2012 09:50:03, Error: PCTCore [280] - The item store is corrupted: @5503.10/06/2012 02:56:38, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.05/06/2012 10:59:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}05/06/2012 10:59:33, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.05/06/2012 10:59:33, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion..==== End Of File =========================== Link to post Share on other sites More sharing options...
Staff gringo_pr Posted June 13, 2012 Staff ID:560032 Share Posted June 13, 2012 HelloI Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo Link to post Share on other sites More sharing options...
jinksy9 Posted June 13, 2012 Author ID:560249 Share Posted June 13, 2012 Hi Gringo. Slight hiccup when I startedn to run combofix. It popped up a message saying pc tools spyware doctor was still active. I checked and it was definitely disabled so I clicked ok. Combofix popped up another message saying it a was still active and I double-checked - it was definitely disabled. Ran combofix with fingers crossed. It seems to have run ok and the following is the log:ComboFix 12-06-13.04 - Jinks 13/06/2012 20:35:41.1.3 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2811.1707 [GMT 1:00]Running from: c:\users\Jinks\Desktop\ComboFix.exeAV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\FullRemove.exec:\users\Jinks\AppData\Roaming\Microsoft\Protect\g32.txtc:\users\Jinks\AppData\Roaming\Microsoft\Protect\gs32.txtc:\users\Jinks\AppData\Roaming\Microsoft\Protect\s32.txtc:\users\Jinks\Documents\FSP359F7E65F64F4BFEB7E9C50238CBFE88.tmp..((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))..2012-06-13 19:43 . 2012-06-13 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp2012-06-12 19:40 . 2012-06-12 19:40 -------- d-----w- c:\users\Jinks\AppData\Roaming\ATI2012-06-12 19:40 . 2012-06-12 19:40 -------- d-----w- c:\users\Jinks\AppData\Local\ATI2012-06-12 19:40 . 2012-06-12 19:40 -------- d-----w- c:\programdata\ATI2012-06-06 19:59 . 2012-06-06 19:59 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll2012-06-06 19:59 . 2012-06-06 19:59 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll2012-05-19 21:39 . 2012-05-19 21:39 -------- d-----w- c:\program files\Microsoft Silverlight2012-05-19 21:39 . 2012-05-19 21:39 -------- d-----w- c:\program files (x86)\Microsoft Silverlight...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-05-05 18:55 . 2012-04-06 06:33 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-05-05 18:55 . 2011-08-26 15:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-05-05 18:54 . 2012-04-06 11:06 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2012-04-04 14:56 . 2011-09-22 12:29 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-03-31 06:05 . 2012-05-11 21:27 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe2012-03-31 04:39 . 2012-05-11 21:27 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-03-31 04:39 . 2012-05-11 21:27 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-03-31 03:10 . 2012-05-11 21:27 3146240 ----a-w- c:\windows\system32\win32k.sys2012-03-30 11:35 . 2012-05-11 21:23 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys2012-03-17 07:58 . 2012-05-11 21:25 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]2010-05-27 03:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-28 98304]"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-06 113120]R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-10-27 402336]R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-10-25 542672]S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]..Contents of the 'Scheduled Tasks' folder.2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 18:55].2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3480568362-12528471-548720365-1001Core.job- c:\users\Jinks\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-08 12:21].2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3480568362-12528471-548720365-1001UA.job- c:\users\Jinks\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-08 12:21]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]2010-05-27 03:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-21 11444840]"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]"PLFSetI"="c:\windows\PLFSetI.exe" [2010-12-28 206208]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uStart Page = hxxp://www.google.co.uk/uLocal Page = c:\windows\system32\blank.htmmStart Page = hxxp://acer.msn.commLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dllTCP: DhcpNameServer = 8.8.8.8 212.117.175.185FF - ProfilePath - c:\users\Jinks\AppData\Roaming\Mozilla\Firefox\Profiles\4ifmu0p4.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Toolbar-Locked - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeAddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-06-13 20:47:48ComboFix-quarantined-files.txt 2012-06-13 19:47.Pre-Run: 418,667,618,304 bytes freePost-Run: 419,317,223,424 bytes free.- - End Of File - - CAFF3E0CB6DF91D3587D45C9BBE79616 Link to post Share on other sites More sharing options...
Staff gringo_pr Posted June 13, 2012 Staff ID:560270 Share Posted June 13, 2012 GreetingsI want you to run these next,tdsskiller:Please read carefully and follow these steps.Download TDSSKiller and save it to your Desktop.doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.Please download aswMBR to your desktop.Double click the aswMBR.exe icon to run it it will ask to download extra definitions - ALLOW ITClick the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.If you have any problems running either one come back and let me knowplease reply with the reports from TDSSKiller and aswMBRGringo Link to post Share on other sites More sharing options...
jinksy9 Posted June 13, 2012 Author ID:560280 Share Posted June 13, 2012 Hi Gringo. TDSSkiller report is:23:23:35.0687 7036 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:1623:23:35.0905 7036 ============================================================23:23:35.0905 7036 Current date / time: 2012/06/13 23:23:35.090523:23:35.0905 7036 SystemInfo:23:23:35.0905 7036 23:23:35.0905 7036 OS Version: 6.1.7601 ServicePack: 1.023:23:35.0905 7036 Product type: Workstation23:23:35.0905 7036 ComputerName: JINKS-LAPTOP23:23:35.0905 7036 UserName: Jinks23:23:35.0905 7036 Windows directory: C:\Windows23:23:35.0905 7036 System windows directory: C:\Windows23:23:35.0905 7036 Running under WOW6423:23:35.0905 7036 Processor architecture: Intel x6423:23:35.0905 7036 Number of processors: 323:23:35.0905 7036 Page size: 0x100023:23:35.0905 7036 Boot type: Normal boot23:23:35.0905 7036 ============================================================23:23:36.0451 7036 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004023:23:36.0467 7036 ============================================================23:23:36.0467 7036 \Device\Harddisk0\DR0:23:23:36.0467 7036 MBR partitions:23:23:36.0467 7036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x3200023:23:36.0467 7036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x3875300023:23:36.0467 7036 ============================================================23:23:36.0483 7036 C: <-> \Device\Harddisk0\DR0\Partition123:23:36.0483 7036 ============================================================23:23:36.0483 7036 Initialize success23:23:36.0483 7036 ============================================================23:23:51.0895 7012 ============================================================23:23:51.0895 7012 Scan started23:23:51.0895 7012 Mode: Manual;23:23:51.0895 7012 ============================================================23:23:52.0691 7012 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys23:23:52.0707 7012 1394ohci - ok23:23:52.0769 7012 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys23:23:52.0816 7012 ACPI - ok23:23:52.0847 7012 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys23:23:52.0863 7012 AcpiPmi - ok23:23:52.0972 7012 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe23:23:52.0972 7012 AdobeARMservice - ok23:23:53.0112 7012 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe23:23:53.0112 7012 AdobeFlashPlayerUpdateSvc - ok23:23:53.0206 7012 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys23:23:53.0237 7012 adp94xx - ok23:23:53.0284 7012 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys23:23:53.0315 7012 adpahci - ok23:23:53.0346 7012 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys23:23:53.0362 7012 adpu320 - ok23:23:53.0409 7012 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll23:23:53.0409 7012 AeLookupSvc - ok23:23:53.0502 7012 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys23:23:53.0533 7012 AFD - ok23:23:53.0565 7012 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys23:23:53.0565 7012 agp440 - ok23:23:53.0611 7012 ahcix64s (0e4e66f50833896af12a2b57330ffe42) C:\Windows\system32\DRIVERS\ahcix64s.sys23:23:53.0611 7012 ahcix64s - ok23:23:53.0643 7012 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe23:23:53.0643 7012 ALG - ok23:23:53.0658 7012 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys23:23:53.0658 7012 aliide - ok23:23:53.0721 7012 AMD External Events Utility (3349f39f53993cee03a6edcc1f7b8242) C:\Windows\system32\atiesrxx.exe23:23:53.0783 7012 AMD External Events Utility - ok23:23:53.0845 7012 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys23:23:53.0845 7012 amdide - ok23:23:53.0877 7012 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys23:23:53.0877 7012 AmdK8 - ok23:23:54.0547 7012 amdkmdag (579b3e8c7b599815a4e615fd21e651f0) C:\Windows\system32\DRIVERS\atikmdag.sys23:23:54.0781 7012 amdkmdag - ok23:23:54.0953 7012 amdkmdap (77e54953a21e9e7cc316006e3dbaa7b9) C:\Windows\system32\DRIVERS\atikmpag.sys23:23:54.0953 7012 amdkmdap - ok23:23:54.0984 7012 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys23:23:54.0984 7012 AmdPPM - ok23:23:55.0047 7012 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys23:23:55.0047 7012 amdsata - ok23:23:55.0078 7012 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys23:23:55.0093 7012 amdsbs - ok23:23:55.0125 7012 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys23:23:55.0125 7012 amdxata - ok23:23:55.0187 7012 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys23:23:55.0203 7012 AppID - ok23:23:55.0234 7012 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll23:23:55.0234 7012 AppIDSvc - ok23:23:55.0265 7012 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll23:23:55.0281 7012 Appinfo - ok23:23:55.0327 7012 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys23:23:55.0343 7012 arc - ok23:23:55.0359 7012 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys23:23:55.0359 7012 arcsas - ok23:23:55.0483 7012 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe23:23:55.0483 7012 aspnet_state - ok23:23:55.0515 7012 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys23:23:55.0515 7012 AsyncMac - ok23:23:55.0546 7012 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys23:23:55.0561 7012 atapi - ok23:23:55.0733 7012 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys23:23:55.0795 7012 athr - ok23:23:55.0983 7012 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\Windows\system32\drivers\AtihdW76.sys23:23:55.0983 7012 AtiHDAudioService - ok23:23:56.0014 7012 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys23:23:56.0029 7012 AtiPcie - ok23:23:56.0107 7012 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll23:23:56.0123 7012 AudioEndpointBuilder - ok23:23:56.0139 7012 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll23:23:56.0154 7012 AudioSrv - ok23:23:56.0232 7012 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll23:23:56.0248 7012 AxInstSV - ok23:23:56.0310 7012 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys23:23:56.0357 7012 b06bdrv - ok23:23:56.0404 7012 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys23:23:56.0419 7012 b57nd60a - ok23:23:56.0466 7012 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll23:23:56.0466 7012 BDESVC - ok23:23:56.0497 7012 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys23:23:56.0497 7012 Beep - ok23:23:56.0622 7012 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll23:23:56.0653 7012 BFE - ok23:23:56.0763 7012 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll23:23:56.0794 7012 BITS - ok23:23:56.0825 7012 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys23:23:56.0825 7012 blbdrive - ok23:23:56.0872 7012 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys23:23:56.0872 7012 bowser - ok23:23:56.0903 7012 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys23:23:56.0903 7012 BrFiltLo - ok23:23:56.0919 7012 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys23:23:56.0919 7012 BrFiltUp - ok23:23:56.0981 7012 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys23:23:56.0981 7012 BridgeMP - ok23:23:57.0028 7012 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll23:23:57.0043 7012 Browser - ok23:23:57.0168 7012 Browser Defender Update Service (a2e9bde9fc118ae3a4df2c5a7fd6cbcb) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe23:23:57.0168 7012 Browser Defender Update Service - ok23:23:57.0215 7012 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys23:23:57.0231 7012 Brserid - ok23:23:57.0246 7012 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys23:23:57.0246 7012 BrSerWdm - ok23:23:57.0262 7012 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys23:23:57.0262 7012 BrUsbMdm - ok23:23:57.0277 7012 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys23:23:57.0293 7012 BrUsbSer - ok23:23:57.0309 7012 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys23:23:57.0309 7012 BTHMODEM - ok23:23:57.0355 7012 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll23:23:57.0355 7012 bthserv - ok23:23:57.0371 7012 catchme - ok23:23:57.0418 7012 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys23:23:57.0418 7012 cdfs - ok23:23:57.0496 7012 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys23:23:57.0496 7012 cdrom - ok23:23:57.0558 7012 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll23:23:57.0558 7012 CertPropSvc - ok23:23:57.0574 7012 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys23:23:57.0574 7012 circlass - ok23:23:57.0621 7012 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys23:23:57.0636 7012 CLFS - ok23:23:57.0714 7012 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe23:23:57.0714 7012 clr_optimization_v2.0.50727_32 - ok23:23:57.0745 7012 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe23:23:57.0761 7012 clr_optimization_v2.0.50727_64 - ok23:23:57.0855 7012 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe23:23:57.0855 7012 clr_optimization_v4.0.30319_32 - ok23:23:57.0901 7012 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe23:23:57.0901 7012 clr_optimization_v4.0.30319_64 - ok23:23:57.0948 7012 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys23:23:57.0948 7012 CmBatt - ok23:23:57.0964 7012 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys23:23:57.0964 7012 cmdide - ok23:23:58.0057 7012 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys23:23:58.0089 7012 CNG - ok23:23:58.0120 7012 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys23:23:58.0120 7012 Compbatt - ok23:23:58.0167 7012 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys23:23:58.0167 7012 CompositeBus - ok23:23:58.0182 7012 COMSysApp - ok23:23:58.0198 7012 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys23:23:58.0198 7012 crcdisk - ok23:23:58.0260 7012 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll23:23:58.0260 7012 CryptSvc - ok23:23:58.0354 7012 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll23:23:58.0369 7012 DcomLaunch - ok23:23:58.0447 7012 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll23:23:58.0463 7012 defragsvc - ok23:23:58.0494 7012 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys23:23:58.0510 7012 DfsC - ok23:23:58.0588 7012 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll23:23:58.0603 7012 Dhcp - ok23:23:58.0619 7012 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys23:23:58.0619 7012 discache - ok23:23:58.0650 7012 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys23:23:58.0650 7012 Disk - ok23:23:58.0697 7012 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll23:23:58.0697 7012 Dnscache - ok23:23:58.0759 7012 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll23:23:58.0775 7012 dot3svc - ok23:23:58.0822 7012 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll23:23:58.0822 7012 DPS - ok23:23:58.0853 7012 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys23:23:58.0853 7012 drmkaud - ok23:23:58.0962 7012 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe23:23:58.0978 7012 DsiWMIService - ok23:23:59.0103 7012 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys23:23:59.0118 7012 DXGKrnl - ok23:23:59.0165 7012 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll23:23:59.0196 7012 EapHost - ok23:23:59.0430 7012 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys23:23:59.0508 7012 ebdrv - ok23:23:59.0649 7012 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe23:23:59.0649 7012 EFS - ok23:23:59.0727 7012 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe23:23:59.0758 7012 ehRecvr - ok23:23:59.0789 7012 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe23:23:59.0820 7012 ehSched - ok23:23:59.0898 7012 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys23:23:59.0914 7012 elxstor - ok23:23:59.0945 7012 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys23:23:59.0945 7012 ErrDev - ok23:24:00.0007 7012 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll23:24:00.0023 7012 EventSystem - ok23:24:00.0070 7012 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys23:24:00.0070 7012 exfat - ok23:24:00.0101 7012 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys23:24:00.0117 7012 fastfat - ok23:24:00.0226 7012 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe23:24:00.0241 7012 Fax - ok23:24:00.0257 7012 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys23:24:00.0257 7012 fdc - ok23:24:00.0304 7012 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll23:24:00.0304 7012 fdPHost - ok23:24:00.0319 7012 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll23:24:00.0319 7012 FDResPub - ok23:24:00.0335 7012 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys23:24:00.0351 7012 FileInfo - ok23:24:00.0351 7012 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys23:24:00.0366 7012 Filetrace - ok23:24:00.0522 7012 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe23:24:00.0553 7012 FLEXnet Licensing Service - ok23:24:00.0585 7012 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys23:24:00.0585 7012 flpydisk - ok23:24:00.0647 7012 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys23:24:00.0663 7012 FltMgr - ok23:24:00.0787 7012 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll23:24:00.0819 7012 FontCache - ok23:24:00.0897 7012 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe23:24:00.0897 7012 FontCache3.0.0.0 - ok23:24:00.0943 7012 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys23:24:00.0943 7012 FsDepends - ok23:24:00.0975 7012 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys23:24:00.0975 7012 Fs_Rec - ok23:24:01.0021 7012 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys23:24:01.0037 7012 fvevol - ok23:24:01.0068 7012 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys23:24:01.0068 7012 gagp30kx - ok23:24:01.0162 7012 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll23:24:01.0177 7012 gpsvc - ok23:24:01.0224 7012 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe23:24:01.0224 7012 GREGService - ok23:24:01.0240 7012 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys23:24:01.0240 7012 hcw85cir - ok23:24:01.0318 7012 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys23:24:01.0333 7012 HdAudAddService - ok23:24:01.0349 7012 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys23:24:01.0365 7012 HDAudBus - ok23:24:01.0380 7012 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys23:24:01.0380 7012 HidBatt - ok23:24:01.0411 7012 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys23:24:01.0411 7012 HidBth - ok23:24:01.0427 7012 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys23:24:01.0427 7012 HidIr - ok23:24:01.0458 7012 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll23:24:01.0458 7012 hidserv - ok23:24:01.0521 7012 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys23:24:01.0521 7012 HidUsb - ok23:24:01.0567 7012 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll23:24:01.0567 7012 hkmsvc - ok23:24:01.0645 7012 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll23:24:01.0661 7012 HomeGroupListener - ok23:24:01.0723 7012 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll23:24:01.0739 7012 HomeGroupProvider - ok23:24:01.0770 7012 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys23:24:01.0786 7012 HpSAMD - ok23:24:01.0879 7012 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys23:24:01.0911 7012 HTTP - ok23:24:01.0942 7012 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys23:24:01.0957 7012 hwpolicy - ok23:24:01.0989 7012 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys23:24:02.0004 7012 i8042prt - ok23:24:02.0082 7012 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys23:24:02.0098 7012 iaStorV - ok23:24:02.0223 7012 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe23:24:02.0238 7012 idsvc - ok23:24:02.0269 7012 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys23:24:02.0269 7012 iirsp - ok23:24:02.0379 7012 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll23:24:02.0410 7012 IKEEXT - ok23:24:02.0659 7012 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys23:24:02.0722 7012 IntcAzAudAddService - ok23:24:02.0847 7012 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys23:24:02.0847 7012 intelide - ok23:24:02.0862 7012 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys23:24:02.0862 7012 intelppm - ok23:24:02.0909 7012 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll23:24:02.0909 7012 IPBusEnum - ok23:24:02.0956 7012 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys23:24:02.0956 7012 IpFilterDriver - ok23:24:03.0034 7012 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll23:24:03.0049 7012 iphlpsvc - ok23:24:03.0081 7012 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys23:24:03.0081 7012 IPMIDRV - ok23:24:03.0112 7012 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys23:24:03.0127 7012 IPNAT - ok23:24:03.0159 7012 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys23:24:03.0174 7012 IRENUM - ok23:24:03.0190 7012 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys23:24:03.0190 7012 isapnp - ok23:24:03.0330 7012 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys23:24:03.0346 7012 iScsiPrt - ok23:24:03.0486 7012 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys23:24:03.0502 7012 k57nd60a - ok23:24:03.0533 7012 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys23:24:03.0533 7012 kbdclass - ok23:24:03.0580 7012 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys23:24:03.0580 7012 kbdhid - ok23:24:03.0595 7012 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe23:24:03.0595 7012 KeyIso - ok23:24:03.0627 7012 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys23:24:03.0627 7012 KSecDD - ok23:24:03.0642 7012 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys23:24:03.0658 7012 KSecPkg - ok23:24:03.0673 7012 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys23:24:03.0673 7012 ksthunk - ok23:24:03.0736 7012 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll23:24:03.0751 7012 KtmRm - ok23:24:03.0798 7012 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll23:24:03.0814 7012 LanmanServer - ok23:24:03.0861 7012 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll23:24:03.0861 7012 LanmanWorkstation - ok23:24:03.0923 7012 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys23:24:03.0923 7012 lltdio - ok23:24:03.0970 7012 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll23:24:03.0985 7012 lltdsvc - ok23:24:04.0001 7012 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll23:24:04.0001 7012 lmhosts - ok23:24:04.0032 7012 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys23:24:04.0032 7012 LSI_FC - ok23:24:04.0079 7012 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys23:24:04.0079 7012 LSI_SAS - ok23:24:04.0095 7012 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys23:24:04.0110 7012 LSI_SAS2 - ok23:24:04.0126 7012 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys23:24:04.0141 7012 LSI_SCSI - ok23:24:04.0157 7012 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys23:24:04.0173 7012 luafv - ok23:24:04.0251 7012 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys23:24:04.0251 7012 MBAMProtector - ok23:24:04.0422 7012 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe23:24:04.0453 7012 MBAMService - ok23:24:04.0500 7012 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll23:24:04.0516 7012 Mcx2Svc - ok23:24:04.0609 7012 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE23:24:04.0609 7012 MDM - ok23:24:04.0656 7012 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys23:24:04.0656 7012 megasas - ok23:24:04.0703 7012 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys23:24:04.0734 7012 MegaSR - ok23:24:04.0812 7012 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll23:24:04.0812 7012 MMCSS - ok23:24:04.0859 7012 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys23:24:04.0859 7012 Modem - ok23:24:04.0906 7012 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys23:24:04.0906 7012 monitor - ok23:24:04.0953 7012 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys23:24:04.0953 7012 mouclass - ok23:24:04.0984 7012 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys23:24:04.0984 7012 mouhid - ok23:24:05.0015 7012 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys23:24:05.0031 7012 mountmgr - ok23:24:05.0093 7012 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe23:24:05.0093 7012 MozillaMaintenance - ok23:24:05.0140 7012 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys23:24:05.0155 7012 mpio - ok23:24:05.0171 7012 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys23:24:05.0171 7012 mpsdrv - ok23:24:05.0296 7012 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll23:24:05.0311 7012 MpsSvc - ok23:24:05.0358 7012 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys23:24:05.0358 7012 MRxDAV - ok23:24:05.0405 7012 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys23:24:05.0421 7012 mrxsmb - ok23:24:05.0467 7012 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys23:24:05.0483 7012 mrxsmb10 - ok23:24:05.0530 7012 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys23:24:05.0530 7012 mrxsmb20 - ok23:24:05.0561 7012 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys23:24:05.0561 7012 msahci - ok23:24:05.0577 7012 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys23:24:05.0592 7012 msdsm - ok23:24:05.0623 7012 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe23:24:05.0623 7012 MSDTC - ok23:24:05.0639 7012 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys23:24:05.0639 7012 Msfs - ok23:24:05.0655 7012 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys23:24:05.0655 7012 mshidkmdf - ok23:24:05.0670 7012 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys23:24:05.0670 7012 msisadrv - ok23:24:05.0717 7012 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll23:24:05.0717 7012 MSiSCSI - ok23:24:05.0733 7012 msiserver - ok23:24:05.0764 7012 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys23:24:05.0779 7012 MSKSSRV - ok23:24:05.0811 7012 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys23:24:05.0811 7012 MSPCLOCK - ok23:24:05.0826 7012 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys23:24:05.0826 7012 MSPQM - ok23:24:05.0889 7012 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys23:24:05.0904 7012 MsRPC - ok23:24:05.0935 7012 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys23:24:05.0951 7012 mssmbios - ok23:24:05.0967 7012 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys23:24:05.0967 7012 MSTEE - ok23:24:05.0982 7012 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys23:24:05.0982 7012 MTConfig - ok23:24:06.0029 7012 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys23:24:06.0029 7012 Mup - ok23:24:06.0060 7012 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys23:24:06.0060 7012 mwlPSDFilter - ok23:24:06.0076 7012 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys23:24:06.0076 7012 mwlPSDNServ - ok23:24:06.0107 7012 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys23:24:06.0107 7012 mwlPSDVDisk - ok23:24:06.0216 7012 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe23:24:06.0232 7012 MWLService - ok23:24:06.0294 7012 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll23:24:06.0325 7012 napagent - ok23:24:06.0372 7012 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys23:24:06.0388 7012 NativeWifiP - ok23:24:06.0466 7012 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys23:24:06.0497 7012 NDIS - ok23:24:06.0528 7012 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys23:24:06.0528 7012 NdisCap - ok23:24:06.0575 7012 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys23:24:06.0575 7012 NdisTapi - ok23:24:06.0622 7012 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys23:24:06.0622 7012 Ndisuio - ok23:24:06.0669 7012 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys23:24:06.0700 7012 NdisWan - ok23:24:06.0747 7012 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys23:24:06.0747 7012 NDProxy - ok23:24:06.0762 7012 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys23:24:06.0762 7012 NetBIOS - ok23:24:06.0825 7012 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys23:24:06.0840 7012 NetBT - ok23:24:06.0871 7012 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe23:24:06.0887 7012 Netlogon - ok23:24:06.0949 7012 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll23:24:06.0965 7012 Netman - ok23:24:07.0090 7012 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe23:24:07.0090 7012 NetMsmqActivator - ok23:24:07.0090 7012 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe23:24:07.0090 7012 NetPipeActivator - ok23:24:07.0137 7012 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll23:24:07.0152 7012 netprofm - ok23:24:07.0152 7012 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe23:24:07.0152 7012 NetTcpActivator - ok23:24:07.0168 7012 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe23:24:07.0168 7012 NetTcpPortSharing - ok23:24:07.0230 7012 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys23:24:07.0230 7012 nfrd960 - ok23:24:07.0308 7012 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll23:24:07.0324 7012 NlaSvc - ok23:24:07.0355 7012 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys23:24:07.0355 7012 Npfs - ok23:24:07.0355 7012 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll23:24:07.0371 7012 nsi - ok23:24:07.0371 7012 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys23:24:07.0371 7012 nsiproxy - ok23:24:07.0527 7012 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys23:24:07.0573 7012 Ntfs - ok23:24:07.0698 7012 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe23:24:07.0698 7012 NTI IScheduleSvc - ok23:24:07.0823 7012 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys23:24:07.0823 7012 NTIDrvr - ok23:24:07.0839 7012 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys23:24:07.0839 7012 Null - ok23:24:07.0885 7012 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys23:24:07.0901 7012 nvraid - ok23:24:07.0932 7012 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys23:24:07.0932 7012 nvstor - ok23:24:07.0979 7012 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys23:24:07.0995 7012 nv_agp - ok23:24:08.0041 7012 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys23:24:08.0041 7012 ohci1394 - ok23:24:08.0088 7012 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE23:24:08.0104 7012 ose - ok23:24:08.0166 7012 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll23:24:08.0166 7012 p2pimsvc - ok23:24:08.0213 7012 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll23:24:08.0229 7012 p2psvc - ok23:24:08.0244 7012 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys23:24:08.0260 7012 Parport - ok23:24:08.0291 7012 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys23:24:08.0291 7012 partmgr - ok23:24:08.0322 7012 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll23:24:08.0322 7012 PcaSvc - ok23:24:08.0353 7012 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys23:24:08.0369 7012 pci - ok23:24:08.0385 7012 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys23:24:08.0385 7012 pciide - ok23:24:08.0431 7012 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys23:24:08.0463 7012 pcmcia - ok23:24:08.0509 7012 PCTBD (7b92f2574a45a99da507a153c7920e8a) C:\Windows\system32\Drivers\PCTBD64.sys23:24:08.0525 7012 PCTBD - ok23:24:08.0603 7012 PCTCore (b34958cf94a8e924e8870ea6fb5b1923) C:\Windows\system32\drivers\PCTCore64.sys23:24:08.0603 7012 PCTCore - ok23:24:08.0650 7012 pctDS (00cdbcb3178668c780a0c186b958a433) C:\Windows\system32\drivers\pctDS64.sys23:24:08.0665 7012 pctDS - ok23:24:08.0743 7012 pctEFA (6a509ceeb76361d12f0efe28e48f2221) C:\Windows\system32\drivers\pctEFA64.sys23:24:08.0759 7012 pctEFA - ok23:24:08.0790 7012 pctgntdi (07396a10e07af751a3a045872cf1e5ac) C:\Windows\System32\drivers\pctgntdi64.sys23:24:08.0806 7012 pctgntdi - ok23:24:08.0837 7012 pctplsg (18b9a064b02b5f20c4c78ab8c5788f04) C:\Windows\System32\drivers\pctplsg64.sys23:24:08.0837 7012 pctplsg - ok23:24:08.0868 7012 PCTSD (2ab248581631e918b37b630516b005e7) C:\Windows\system32\Drivers\PCTSD64.sys23:24:08.0884 7012 PCTSD - ok23:24:08.0899 7012 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys23:24:08.0899 7012 pcw - ok23:24:08.0962 7012 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys23:24:08.0977 7012 PEAUTH - ok23:24:09.0087 7012 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe23:24:09.0087 7012 PerfHost - ok23:24:09.0274 7012 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll23:24:09.0305 7012 pla - ok23:24:09.0383 7012 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll23:24:09.0399 7012 PlugPlay - ok23:24:09.0430 7012 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll23:24:09.0430 7012 PNRPAutoReg - ok23:24:09.0477 7012 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll23:24:09.0477 7012 PNRPsvc - ok23:24:09.0555 7012 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys23:24:09.0555 7012 Point64 - ok23:24:09.0617 7012 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll23:24:09.0633 7012 PolicyAgent - ok23:24:09.0679 7012 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll23:24:09.0679 7012 Power - ok23:24:09.0742 7012 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys23:24:09.0742 7012 PptpMiniport - ok23:24:09.0773 7012 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys23:24:09.0773 7012 Processor - ok23:24:09.0820 7012 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll23:24:09.0835 7012 ProfSvc - ok23:24:09.0882 7012 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe23:24:09.0882 7012 ProtectedStorage - ok23:24:09.0945 7012 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys23:24:09.0960 7012 Psched - ok23:24:10.0101 7012 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys23:24:10.0132 7012 ql2300 - ok23:24:10.0272 7012 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys23:24:10.0303 7012 ql40xx - ok23:24:10.0381 7012 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll23:24:10.0397 7012 QWAVE - ok23:24:10.0413 7012 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys23:24:10.0413 7012 QWAVEdrv - ok23:24:10.0428 7012 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys23:24:10.0428 7012 RasAcd - ok23:24:10.0459 7012 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys23:24:10.0459 7012 RasAgileVpn - ok23:24:10.0475 7012 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll23:24:10.0491 7012 RasAuto - ok23:24:10.0537 7012 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys23:24:10.0553 7012 Rasl2tp - ok23:24:10.0631 7012 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll23:24:10.0647 7012 RasMan - ok23:24:10.0678 7012 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys23:24:10.0678 7012 RasPppoe - ok23:24:10.0709 7012 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys23:24:10.0709 7012 RasSstp - ok23:24:10.0756 7012 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys23:24:10.0771 7012 rdbss - ok23:24:10.0787 7012 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys23:24:10.0787 7012 rdpbus - ok23:24:10.0803 7012 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys23:24:10.0803 7012 RDPCDD - ok23:24:10.0849 7012 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys23:24:10.0849 7012 RDPENCDD - ok23:24:10.0881 7012 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys23:24:10.0881 7012 RDPREFMP - ok23:24:10.0927 7012 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys23:24:10.0927 7012 RDPWD - ok23:24:10.0974 7012 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys23:24:11.0005 7012 rdyboost - ok23:24:11.0037 7012 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll23:24:11.0068 7012 RemoteAccess - ok23:24:11.0099 7012 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll23:24:11.0115 7012 RemoteRegistry - ok23:24:11.0146 7012 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll23:24:11.0161 7012 RpcEptMapper - ok23:24:11.0193 7012 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe23:24:11.0193 7012 RpcLocator - ok23:24:11.0271 7012 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll23:24:11.0286 7012 RpcSs - ok23:24:11.0302 7012 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys23:24:11.0302 7012 rspndr - ok23:24:11.0364 7012 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys23:24:11.0380 7012 RSUSBSTOR - ok23:24:11.0427 7012 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe23:24:11.0442 7012 SamSs - ok23:24:11.0473 7012 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys23:24:11.0473 7012 sbp2port - ok23:24:11.0520 7012 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll23:24:11.0536 7012 SCardSvr - ok23:24:11.0567 7012 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys23:24:11.0567 7012 scfilter - ok23:24:11.0692 7012 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll23:24:11.0739 7012 Schedule - ok23:24:11.0785 7012 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll23:24:11.0785 7012 SCPolicySvc - ok23:24:11.0879 7012 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe23:24:11.0879 7012 sdAuxService - ok23:24:11.0988 7012 sdCoreService (cb2447edda6f8098f3a966b8c82d35fd) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe23:24:11.0988 7012 sdCoreService - ok23:24:12.0144 7012 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll23:24:12.0160 7012 SDRSVC - ok23:24:12.0191 7012 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys23:24:12.0207 7012 secdrv - ok23:24:12.0238 7012 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll23:24:12.0253 7012 seclogon - ok23:24:12.0269 7012 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll23:24:12.0285 7012 SENS - ok23:24:12.0316 7012 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll23:24:12.0316 7012 SensrSvc - ok23:24:12.0347 7012 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys23:24:12.0347 7012 Serenum - ok23:24:12.0394 7012 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys23:24:12.0394 7012 Serial - ok23:24:12.0425 7012 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys23:24:12.0425 7012 sermouse - ok23:24:12.0472 7012 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll23:24:12.0487 7012 SessionEnv - ok23:24:12.0519 7012 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys23:24:12.0519 7012 sffdisk - ok23:24:12.0534 7012 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys23:24:12.0534 7012 sffp_mmc - ok23:24:12.0550 7012 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys23:24:12.0550 7012 sffp_sd - ok23:24:12.0565 7012 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys23:24:12.0565 7012 sfloppy - ok23:24:12.0612 7012 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll23:24:12.0612 7012 SharedAccess - ok23:24:12.0675 7012 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll23:24:12.0690 7012 ShellHWDetection - ok23:24:12.0721 7012 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys23:24:12.0721 7012 SiSRaid2 - ok23:24:12.0737 7012 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys23:24:12.0737 7012 SiSRaid4 - ok23:24:12.0753 7012 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys23:24:12.0768 7012 Smb - ok23:24:12.0784 7012 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe23:24:12.0784 7012 SNMPTRAP - ok23:24:12.0799 7012 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys23:24:12.0799 7012 spldr - ok23:24:12.0846 7012 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe23:24:12.0862 7012 Spooler - ok23:24:13.0111 7012 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe23:24:13.0205 7012 sppsvc - ok23:24:13.0330 7012 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll23:24:13.0345 7012 sppuinotify - ok23:24:13.0408 7012 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys23:24:13.0423 7012 srv - ok23:24:13.0470 7012 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys23:24:13.0486 7012 srv2 - ok23:24:13.0517 7012 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys23:24:13.0533 7012 srvnet - ok23:24:13.0595 7012 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll23:24:13.0611 7012 SSDPSRV - ok23:24:13.0642 7012 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll23:24:13.0642 7012 SstpSvc - ok23:24:13.0673 7012 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys23:24:13.0673 7012 stexstor - ok23:24:13.0751 7012 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll23:24:13.0767 7012 stisvc - ok23:24:13.0798 7012 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys23:24:13.0798 7012 swenum - ok23:24:13.0860 7012 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll23:24:13.0876 7012 swprv - ok23:24:13.0938 7012 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys23:24:13.0954 7012 SynTP - ok23:24:14.0125 7012 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll23:24:14.0172 7012 SysMain - ok23:24:14.0250 7012 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll23:24:14.0250 7012 TabletInputService - ok23:24:14.0297 7012 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll23:24:14.0313 7012 TapiSrv - ok23:24:14.0391 7012 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll23:24:14.0391 7012 TBS - ok23:24:14.0609 7012 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys23:24:14.0656 7012 Tcpip - ok23:24:14.0874 7012 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys23:24:14.0890 7012 TCPIP6 - ok23:24:14.0983 7012 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys23:24:14.0983 7012 tcpipreg - ok23:24:15.0015 7012 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys23:24:15.0015 7012 TDPIPE - ok23:24:15.0061 7012 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys23:24:15.0061 7012 TDTCP - ok23:24:15.0108 7012 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys23:24:15.0108 7012 tdx - ok23:24:15.0124 7012 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys23:24:15.0124 7012 TermDD - ok23:24:15.0202 7012 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll23:24:15.0217 7012 TermService - ok23:24:15.0264 7012 TfFsMon (7a9db95526d3111a7482cfac748e3150) C:\Windows\system32\drivers\TfFsMon.sys23:24:15.0264 7012 TfFsMon - ok23:24:15.0280 7012 TfNetMon (9189c9f2ff899a14f13f94cb9c1447cf) C:\Windows\system32\drivers\TfNetMon.sys23:24:15.0280 7012 TfNetMon - ok23:24:15.0389 7012 TFSysMon (af463ca8e9998cdd6c93cc285ec1516c) C:\Windows\system32\drivers\TfSysMon.sys23:24:15.0420 7012 TFSysMon - ok23:24:15.0436 7012 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll23:24:15.0436 7012 Themes - ok23:24:15.0467 7012 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll23:24:15.0467 7012 THREADORDER - ok23:24:15.0529 7012 ThreatFire - ok23:24:15.0592 7012 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll23:24:15.0607 7012 TrkWks - ok23:24:15.0670 7012 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe23:24:15.0685 7012 TrustedInstaller - ok23:24:15.0717 7012 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys23:24:15.0732 7012 tssecsrv - ok23:24:15.0795 7012 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys23:24:15.0810 7012 TsUsbFlt - ok23:24:15.0873 7012 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys23:24:15.0904 7012 tunnel - ok23:24:15.0951 7012 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys23:24:15.0951 7012 uagp35 - ok23:24:15.0966 7012 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys23:24:15.0966 7012 UBHelper - ok23:24:16.0044 7012 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys23:24:16.0060 7012 udfs - ok23:24:16.0091 7012 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe23:24:16.0091 7012 UI0Detect - ok23:24:16.0138 7012 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys23:24:16.0138 7012 uliagpkx - ok23:24:16.0185 7012 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys23:24:16.0185 7012 umbus - ok23:24:16.0216 7012 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys23:24:16.0216 7012 UmPass - ok23:24:16.0294 7012 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe23:24:16.0309 7012 Updater Service - ok23:24:16.0403 7012 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll23:24:16.0450 7012 upnphost - ok23:24:16.0481 7012 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys23:24:16.0497 7012 usbccgp - ok23:24:16.0559 7012 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys23:24:16.0559 7012 usbcir - ok23:24:16.0590 7012 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys23:24:16.0590 7012 usbehci - ok23:24:16.0637 7012 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys23:24:16.0637 7012 usbfilter - ok23:24:16.0684 7012 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys23:24:16.0699 7012 usbhub - ok23:24:16.0731 7012 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys23:24:16.0731 7012 usbohci - ok23:24:16.0762 7012 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys23:24:16.0762 7012 usbprint - ok23:24:16.0793 7012 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys23:24:16.0793 7012 usbscan - ok23:24:16.0824 7012 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS23:24:16.0840 7012 USBSTOR - ok23:24:16.0855 7012 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys23:24:16.0855 7012 usbuhci - ok23:24:16.0902 7012 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys23:24:16.0902 7012 usbvideo - ok23:24:16.0933 7012 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll23:24:16.0933 7012 UxSms - ok23:24:16.0965 7012 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe23:24:16.0965 7012 VaultSvc - ok23:24:16.0996 7012 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys23:24:16.0996 7012 vdrvroot - ok23:24:17.0089 7012 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe23:24:17.0105 7012 vds - ok23:24:17.0121 7012 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys23:24:17.0121 7012 vga - ok23:24:17.0152 7012 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys23:24:17.0152 7012 VgaSave - ok23:24:17.0199 7012 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys23:24:17.0214 7012 vhdmp - ok23:24:17.0230 7012 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys23:24:17.0230 7012 viaide - ok23:24:17.0277 7012 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys23:24:17.0277 7012 volmgr - ok23:24:17.0355 7012 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys23:24:17.0370 7012 volmgrx - ok23:24:17.0417 7012 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys23:24:17.0433 7012 volsnap - ok23:24:17.0464 7012 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys23:24:17.0479 7012 vsmraid - ok23:24:17.0620 7012 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe23:24:17.0667 7012 VSS - ok23:24:17.0791 7012 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys23:24:17.0791 7012 vwifibus - ok23:24:17.0823 7012 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys23:24:17.0823 7012 vwififlt - ok23:24:17.0901 7012 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll23:24:17.0901 7012 W32Time - ok23:24:17.0932 7012 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys23:24:17.0932 7012 WacomPen - ok23:24:17.0979 7012 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys23:24:17.0979 7012 WANARP - ok23:24:18.0010 7012 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys23:24:18.0010 7012 Wanarpv6 - ok23:24:18.0213 7012 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe23:24:18.0244 7012 WatAdminSvc - ok23:24:18.0369 7012 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe23:24:18.0400 7012 wbengine - ok23:24:18.0509 7012 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll23:24:18.0540 7012 WbioSrvc - ok23:24:18.0603 7012 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll23:24:18.0618 7012 wcncsvc - ok23:24:18.0634 7012 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll23:24:18.0634 7012 WcsPlugInService - ok23:24:18.0665 7012 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys23:24:18.0665 7012 Wd - ok23:24:18.0743 7012 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys23:24:18.0774 7012 Wdf01000 - ok23:24:18.0790 7012 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll23:24:18.0805 7012 WdiServiceHost - ok23:24:18.0805 7012 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll23:24:18.0805 7012 WdiSystemHost - ok23:24:18.0868 7012 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll23:24:18.0883 7012 WebClient - ok23:24:18.0915 7012 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll23:24:18.0930 7012 Wecsvc - ok23:24:18.0946 7012 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll23:24:18.0961 7012 wercplsupport - ok23:24:18.0993 7012 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll23:24:18.0993 7012 WerSvc - ok23:24:19.0024 7012 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys23:24:19.0024 7012 WfpLwf - ok23:24:19.0039 7012 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys23:24:19.0055 7012 WIMMount - ok23:24:19.0086 7012 WinDefend - ok23:24:19.0102 7012 WinHttpAutoProxySvc - ok23:24:19.0242 7012 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll23:24:19.0258 7012 Winmgmt - ok23:24:19.0461 7012 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll23:24:19.0507 7012 WinRM - ok23:24:19.0679 7012 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll23:24:19.0695 7012 Wlansvc - ok23:24:19.0773 7012 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe23:24:19.0773 7012 wlcrasvc - ok23:24:20.0007 7012 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE23:24:20.0053 7012 wlidsvc - ok23:24:20.0163 7012 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys23:24:20.0163 7012 WmiAcpi - ok23:24:20.0303 7012 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe23:24:20.0319 7012 wmiApSrv - ok23:24:20.0381 7012 WMPNetworkSvc - ok23:24:20.0412 7012 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll23:24:20.0412 7012 WPCSvc - ok23:24:20.0475 7012 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll23:24:20.0490 7012 WPDBusEnum - ok23:24:20.0521 7012 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys23:24:20.0521 7012 ws2ifsl - ok23:24:20.0553 7012 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll23:24:20.0568 7012 wscsvc - ok23:24:20.0568 7012 WSearch - ok23:24:20.0787 7012 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll23:24:20.0849 7012 wuauserv - ok23:24:21.0021 7012 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys23:24:21.0021 7012 WudfPf - ok23:24:21.0067 7012 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys23:24:21.0083 7012 WUDFRd - ok23:24:21.0114 7012 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll23:24:21.0114 7012 wudfsvc - ok23:24:21.0161 7012 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll23:24:21.0177 7012 WwanSvc - ok23:24:21.0208 7012 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR023:24:21.0535 7012 \Device\Harddisk0\DR0 - ok23:24:21.0551 7012 Boot (0x1200) (9f8098c9e1c35cf4ec8568e66e043ed7) \Device\Harddisk0\DR0\Partition023:24:21.0551 7012 \Device\Harddisk0\DR0\Partition0 - ok23:24:21.0567 7012 Boot (0x1200) (b9e4554dba742dee12a72c2d9177188d) \Device\Harddisk0\DR0\Partition123:24:21.0567 7012 \Device\Harddisk0\DR0\Partition1 - ok23:24:21.0567 7012 ============================================================23:24:21.0567 7012 Scan finished23:24:21.0567 7012 ============================================================23:24:21.0598 7280 Detected object count: 023:24:21.0598 7280 Actual detected object count: 0 Link to post Share on other sites More sharing options...
jinksy9 Posted June 13, 2012 Author ID:560284 Share Posted June 13, 2012 Hi Gringo. Everything seems to have gone ok with these latest downloads and scans.aswMBR log follows:aswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-06-13 23:28:07-----------------------------23:28:07.409 OS Version: Windows x64 6.1.7601 Service Pack 123:28:07.409 Number of processors: 3 586 0x50323:28:07.409 ComputerName: JINKS-LAPTOP UserName: Jinks23:28:09.047 Initialze error C0000034 - driver not loaded23:29:00.153 AVAST engine defs: 1206130123:29:14.848 Service scanning23:29:38.014 Modules scanning23:29:38.014 Disk 0 trace - called modules:23:29:38.014 23:29:40.011 AVAST engine scan C:\Windows23:29:44.488 AVAST engine scan C:\Windows\system3223:32:48.537 AVAST engine scan C:\Windows\system32\drivers23:33:03.108 AVAST engine scan C:\Users\Jinks23:35:46.643 AVAST engine scan C:\ProgramData23:36:25.830 Scan finished successfully23:38:58.570 The log file has been saved successfully to "C:\Users\Jinks\Documents\Gringo\aswMBR.txt"Past my bedtime now so I'll catch up with you tomorrow.Thanks for all the help, jinksy9 Link to post Share on other sites More sharing options...
Staff gringo_pr Posted June 13, 2012 Staff ID:560291 Share Posted June 13, 2012 GreetingsAt this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.:Run CFScript:Open Notepad and copy/paste the text in the box into the window: ClearJavaCache:: Save it to your desktop as CFScript.txtRefering to the picture above, drag CFScript.txt into ComboFix.exeThis will let ComboFix run again.Restart if you have to.Save the produced logfile to your desktop.Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the followingreport from Combofixlet me know of any problems you may have hadHow is the computer doing now after running the script?Gringo Link to post Share on other sites More sharing options...
jinksy9 Posted June 14, 2012 Author ID:560572 Share Posted June 14, 2012 Received message that there's a new version of combofix available so have downloaded it Link to post Share on other sites More sharing options...
jinksy9 Posted June 14, 2012 Author ID:560588 Share Posted June 14, 2012 well, after downloading latest version of combofix it was running fine but I had to leave it for a mo and that's when it needed to reboot. However, that didn't seem to be a problem and the log file loaded after the reboot.ComboFix 12-06-14.01 - Jinks 14/06/2012 22:45:07.2.3 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2811.1730 [GMT 1:00]Running from: c:\users\Jinks\Documents\Gringo\ComboFix.exeCommand switches used :: c:\users\Jinks\Documents\Gringo\CFScript.txtAV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\Mozilla Maintenance Servicec:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exec:\program files (x86)\Mozilla Maintenance Service\Uninstall.exec:\program files (x86)\Mozilla Maintenance Service\updater.ini..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_MozillaMaintenance-------\Service_MozillaMaintenance..((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 )))))))))))))))))))))))))))))))..2012-06-14 21:52 . 2012-06-14 21:52 -------- d-----w- c:\users\Default\AppData\Local\temp2012-06-14 10:58 . 2012-05-15 00:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3980BDCB-5BDF-4425-B5E2-F3E6593FFB17}\mpengine.dll2012-06-14 10:58 . 2012-06-14 10:58 -------- d-----w- C:\761825195b6309684499a399b728c32012-06-12 19:40 . 2012-06-12 19:40 -------- d-----w- c:\users\Jinks\AppData\Roaming\ATI2012-06-12 19:40 . 2012-06-12 19:40 -------- d-----w- c:\users\Jinks\AppData\Local\ATI2012-06-12 19:40 . 2012-06-12 19:40 -------- d-----w- c:\programdata\ATI2012-06-06 19:59 . 2012-06-06 19:59 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll2012-06-06 19:59 . 2012-06-06 19:59 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll2012-05-19 21:39 . 2012-05-19 21:39 -------- d-----w- c:\program files\Microsoft Silverlight2012-05-19 21:39 . 2012-05-19 21:39 -------- d-----w- c:\program files (x86)\Microsoft Silverlight...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-05-05 18:55 . 2012-04-06 06:33 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-05-05 18:55 . 2011-08-26 15:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-05-05 18:54 . 2012-04-06 11:06 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2012-04-04 14:56 . 2011-09-22 12:29 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-03-31 06:05 . 2012-05-11 21:27 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe2012-03-31 04:39 . 2012-05-11 21:27 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-03-31 04:39 . 2012-05-11 21:27 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-03-31 03:10 . 2012-05-11 21:27 3146240 ----a-w- c:\windows\system32\win32k.sys2012-03-30 11:35 . 2012-05-11 21:23 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys2012-03-17 07:58 . 2012-05-11 21:25 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys..((((((((((((((((((((((((((((( SnapShot@2012-06-13_19.44.19 ))))))))))))))))))))))))))))))))))))))))).- 2009-07-14 04:54 . 2012-06-13 12:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2009-07-14 04:54 . 2012-06-14 21:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 04:54 . 2012-06-13 12:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 04:54 . 2012-06-14 21:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2010-12-15 04:18 . 2012-06-14 17:14 46610 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin+ 2009-07-14 05:10 . 2012-06-14 17:14 48782 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2011-08-23 16:23 . 2012-06-14 17:14 11812 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3480568362-12528471-548720365-1001_UserData.bin- 2012-06-13 10:47 . 2012-06-13 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-06-14 21:54 . 2012-06-14 21:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-06-14 21:54 . 2012-06-14 21:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2012-06-13 10:47 . 2012-06-13 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2009-07-14 04:54 . 2012-06-14 21:54 786432 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2012-06-13 12:51 786432 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2011-08-24 06:50 . 2012-06-14 13:09 285008 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin- 2009-07-14 02:36 . 2012-06-13 12:55 667934 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2012-06-14 17:17 667934 c:\windows\system32\perfh009.dat- 2009-07-14 02:36 . 2012-06-13 12:55 126578 c:\windows\system32\perfc009.dat+ 2009-07-14 02:36 . 2012-06-14 17:17 126578 c:\windows\system32\perfc009.dat+ 2011-08-23 16:37 . 2012-02-23 09:18 279656 c:\windows\system32\MpSigStub.exe+ 2009-07-14 05:01 . 2012-06-14 21:53 386500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat- 2009-07-14 05:01 . 2012-06-12 21:28 386500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2011-08-26 21:25 . 2012-06-14 21:53 32296204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3480568362-12528471-548720365-1001-12288.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]2010-05-27 03:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-28 98304]"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-10-27 402336]R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-10-25 542672]S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]..Contents of the 'Scheduled Tasks' folder.2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 18:55].2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3480568362-12528471-548720365-1001Core.job- c:\users\Jinks\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-08 12:21].2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3480568362-12528471-548720365-1001UA.job- c:\users\Jinks\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-08 12:21]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]2010-05-27 03:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-21 11444840]"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"PLFSetI"="c:\windows\PLFSetI.exe" [2010-12-28 206208]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]"combofix"="c:\combofix\CF8627.3XE" [2010-11-20 345088].------- Supplementary Scan -------.uStart Page = hxxp://www.google.co.uk/uLocal Page = c:\windows\system32\blank.htmmStart Page = hxxp://acer.msn.commLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dllTCP: DhcpNameServer = 8.8.8.8 212.117.175.185FF - ProfilePath - c:\users\Jinks\AppData\Roaming\Mozilla\Firefox\Profiles\4ifmu0p4.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)AddRemove-MozillaMaintenanceService - c:\program files (x86)\Mozilla Maintenance Service\uninstall.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE.**************************************************************************.Completion time: 2012-06-14 22:59:27 - machine was rebootedComboFix-quarantined-files.txt 2012-06-14 21:59ComboFix2.txt 2012-06-13 19:47.Pre-Run: 420,207,296,512 bytes freePost-Run: 419,850,412,032 bytes free.- - End Of File - - 6354B4098739714489C2812C5D2E57A3 Link to post Share on other sites More sharing options...
Staff gringo_pr Posted June 15, 2012 Staff ID:560637 Share Posted June 15, 2012 These logs are looking allot better. But we still have some work to do.Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..Install Java:Please go here to install Javaclick on the Free Java Download Buttonclick on Agree and start Free downloadclick on Runclick on run againclick on installwhen install is complete click on closeClean Out Temp FilesThis small application you may want to keep and use once a week to keep the computer clean.Download CCleaner from here http://www.ccleaner.com/Run the installer to install the application.When it gives you the option to install Yahoo toolbar uncheck the box next to it.Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).Click Run Cleaner.Close CCleaner.: Malwarebytes' Anti-Malware :I would like you to rerun MBAMDouble-click mbam icongo to the update tab at the topclick on check for updatesIf an update is found, it will download and install the latest version.Once the program has loaded, select Perform quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.When completed, a log will open in Notepad. please copy and paste the log into your next reply If you accidentally close it, the log file is saved here and will be named like this:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txtNote: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.Download HijackThisIf you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...) Go Here to download HijackThis Installer Save HijackThis Installer to your desktop. Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin) By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed it will launch Hijackthis. Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad. Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log. Come back here to this thread and Paste the log in your next reply.DO NOT use the Analyze This button its findings are dangerous if misinterpreted.DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.NOTE**sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bitand select to run as administrator"information and logs"In your next post I need the followingLog From MBAMreport from Hijackthislet me know of any problems you may have hadHow is the computer doing now?Gringo Link to post Share on other sites More sharing options...
jinksy9 Posted June 15, 2012 Author ID:560905 Share Posted June 15, 2012 Hi Gringo. Is it essential to tick to remove passwrods in cccleaner?I've downloaded java but will do the rest tomorrow now.cheers, jinksy9 Link to post Share on other sites More sharing options...
Staff gringo_pr Posted June 16, 2012 Staff ID:560999 Share Posted June 16, 2012 Greetings Is it essential to tick to remove passwrods in cccleaner? - no it is notgringo Link to post Share on other sites More sharing options...
jinksy9 Posted June 16, 2012 Author ID:561210 Share Posted June 16, 2012 Hi Gringo. MBAM and Hijack this logs follow:Malwarebytes Anti-Malware (PRO) 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.06.16.07Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Jinks :: JINKS-LAPTOP [administrator]Protection: Enabled16/06/2012 21:51:36mbam-log-2012-06-16 (21-51-36).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 208218Time elapsed: 2 minute(s), 27 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.4Scan saved at 22:04:15, on 16/06/2012Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v9.00 (9.00.8112.16446)Boot mode: NormalRunning processes:C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exeC:\Windows\PLFSetI.exeC:\Program Files (x86)\EgisTec IPS\PmmUpdate.exeC:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exeC:\Program Files (x86)\Launch Manager\LManager.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exeC:\Program Files (x86)\Launch Manager\LMworker.exeC:\Program Files (x86)\EgisTec IPS\EgisUpdate.exeC:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =R3 - URLSearchHook: PC Tools Browser Defender - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllO3 - Toolbar: PC Tools Browser Defender - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dllO4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -dO4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -kO4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exeO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [iSTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUIO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exeO23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exeO23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 9339 bytes----------------------------------------------------------------------No problems with doing these scans. All seems ok at the mo but it's returned on my laptop (yet to update about that on that thread)We have PC Tools Spyware Doctor with Anti-virus on this laptop as well and it regularly detects and removes various spyware/malware but whatever has caused this scvhost.exe outgoing can't have been picked up. The most recent PCTools scan was at 18:04 BST today. I have saved it as an htm file and wondered if you'd mind having a look at the results of that too, please.Thanks again for all your help.cheers, jinksy9 Link to post Share on other sites More sharing options...
Staff gringo_pr Posted June 17, 2012 Staff ID:561253 Share Posted June 17, 2012 GreetingsThese logs are looking very good, we are almost done!!! Just one more scan to go.:Remove unneeded start-up entries:This part of the fix is purely optionalThese are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...) Run HijackThis Click on the Scan button Put a check beside all of the items listed below (if present):O4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -dO4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun[*] Close all open windows and browsers/email, etc...[*] Click on the "Fix Checked" button[*] When completed, close the application.NOTE**You can research each of those lines >here< and see if you want to keep them or notjust copy the name between the brackets and paste into the search spaceO4 - HKLM\..\Run: [IntelliPoint]NOTE**sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bitand select to run as administratorEset Online Scanner**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as adminGo Eset web page to run an online scanner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanclick on the ESET Online Scanner buttonTick the box next to YES, I accept the Terms of Use.Click Start[*]When asked, allow the ActiveX control to installClick Start[*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.[*]Click on Advanced Settings, ensure the optionsScan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.[*]Click Scan[*]Wait for the scan to finish[*] Click on copy to clipboard or copy and paste the results here in this topicCopy and paste that log as a reply to this topicGringo Link to post Share on other sites More sharing options...
jinksy9 Posted June 17, 2012 Author ID:561294 Share Posted June 17, 2012 Hi Gringo. I ran the Hijackthis scan, selected the startup entries you listed (they were all there) and clicked fix checked. The Hijackthis got stuck and 'not responding' finally showed in the title bar so I closed it. When I tried to run it again windows said it was already running! I left it a bit longer and tried again. It started but didn't look right. I realised it wasn't showing me the main page so clicked on the button for that but it still didn't look quite as I remembered it when I ran it the first time. However, I ran the scan again and it listed all the startups except the first (SuiteTray) so I guess that one was removed the first time before the program got stuck. I started to tick the ones to remove and then all the buttons disappeared. Oh....that's not right I thought so I closed Hijackthis and have uninstalled it. I'll download a new one and try again. cheers, jinksy9 Link to post Share on other sites More sharing options...
jinksy9 Posted June 17, 2012 Author ID:561296 Share Posted June 17, 2012 Have downloaded Hijackthis and double-clicked icon on desktop to start it. Nothing happened except the hard drive blue light flashed a lot. So I clicked on the icon again and a pop up window said it was already running. Checked task manager - no sign of any program running (because none were) It lied . Gave it a rest and tried again. Still the same message. Again checked task manager, no sign. Now it's had about 15 mins or more so tried to start it again and still got the same message Hijackthis is running!!! . I'm going to sutdown the laptop and see if that sorts it. cheers, jinksy9 Link to post Share on other sites More sharing options...
Staff gringo_pr Posted June 17, 2012 Staff ID:561345 Share Posted June 17, 2012 yes restart the computer and try again pleasegringo Link to post Share on other sites More sharing options...
jinksy9 Posted June 17, 2012 Author ID:561423 Share Posted June 17, 2012 Hi Gringo. I've managed to remove the startups using Hijackthis although wasn't sure if it had worked because it just showed a blank box after I'd clicked on fix! I ran the scan again just to check and they've gone from the list so guess it did.Am now running the Eset scan (posting this from my laptop while the scan runs on the other one). I'll upload result as soon as it's done. cheers, jinksy9 Link to post Share on other sites More sharing options...
Staff gringo_pr Posted June 17, 2012 Staff ID:561436 Share Posted June 17, 2012 Link to post Share on other sites More sharing options...
jinksy9 Posted June 17, 2012 Author ID:561448 Share Posted June 17, 2012 Hi Gringo. Thought this was going on forever - it was showing 99% complete for about half an hour!!ESET scan found 4 threats. log follows:C:\Users\Jinks\Documents\AcerInvoice.pdf JS/Exploit.Pdfka.PAV trojanC:\Users\Jinks\Documents\jinks_laptop.pdf JS/Exploit.Pdfka.PAV trojanC:\Users\Jinks\Documents\laptop July11.pdf JS/Trackware.ReadNotify.A applicationC:\Users\Jinks\Documents\Spain Rent Exercise\SSmith Invoices\SSmith 050811.pdf JS/Trackware.ReadNotify.A applicationFYI - all 4 files found are from the same source. Do you think that means they're infected and don't know it?cheers, jinksy9 Link to post Share on other sites More sharing options...
Recommended Posts