Jump to content
longbeachlouise

another mydomainadvisor

Recommended Posts

Hi, Thanx for this thread: http://forums.malwarebytes.org/index.php?showtopic=111582

According to instructions at the above, I first ran RogueKiller:

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Carol [Admin rights]

Mode: Scan -- Date: 07/20/2012 01:49:43

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[sUSP PATH] HKLM\[...]\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1200BEVS-60UST0 ATA Device +++++

--- User ---

[MBR] fb45e0326db354fbfa82b5ec4ac2f616

[bSP] 78bdb73a0d4df3812c203f774116f891 : HP tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 103049 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 211045905 | Size: 11421 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

******************End RogueKiller Report***************************************************

Then I downloaded and ran ComboFix:

ComboFix 12-07-19.02 - Carol 07/20/2012 2:18.1.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3262.1696 [GMT -4:00]

Running from: c:\users\Carol\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\blekkotb_031\blEKkotb_019x.dll

c:\program files\Mozilla Firefox\searchplugins\search.xml

c:\users\Carol\AppData\Local\jetmp3\ie\jeTMp3.dll

c:\users\Carol\g2mdlhlpx.exe

c:\users\Default\AppData

c:\users\Default\AppData\Local\Microsoft\Windows\History\desktop.ini

c:\users\Default\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini

c:\users\Default\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

c:\users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5NK950F8\desktop.ini

c:\users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini

c:\users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

c:\users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K72MG3WK\desktop.ini

c:\users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K8KIVMP7\desktop.ini

c:\users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WH2AOWJA\desktop.ini

c:\users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini

c:\users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

c:\users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

c:\users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

c:\users\Default\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

c:\users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget

c:\users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink

c:\users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini

c:\users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\CyberLink DVD Suite.lnk

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\LabelPrint.lnk

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\Power2Go.lnk

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDirector.lnk

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk

c:\windows\system32\KBL.LOG

c:\windows\system32\roboot.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))

.

.

2012-07-20 07:12 . 2012-07-20 07:17 -------- d-----w- c:\users\Carol\AppData\Local\temp

2012-07-06 03:17 . 2012-07-06 03:17 -------- d-----w- c:\users\Carol\AppData\Roaming\Watchtower

2012-07-06 03:16 . 2012-07-06 03:16 -------- d-----w- c:\program files\Watchtower

2012-07-06 03:16 . 2002-10-18 03:15 40960 ----a-w- c:\windows\system32\wh2robo.dll

2012-07-06 03:16 . 2002-10-18 03:15 1044480 ----a-w- c:\windows\system32\Roboex32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-06 05:08 . 2012-07-06 05:07 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8667A28-FDD6-4741-8BF1-8143C62EA1F2}\offreg.dll

2012-07-03 17:46 . 2012-06-19 15:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-18 07:14 . 2012-07-02 02:42 6762896 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8667A28-FDD6-4741-8BF1-8143C62EA1F2}\mpengine.dll

2012-05-04 00:34 . 2012-05-04 00:35 476960 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-05-04 00:34 . 2010-04-29 14:25 472864 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-04 01:32 . 2012-06-07 19:40 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-09 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-09 8497696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-09 81920]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzgyNDkzMzAzLVhPMTArMi1RSVgxKzQtRjEwTTEwRCsxLVgyMDEwKzItRkwxMCsxLUNJUCsyLUREVCs1MDYyNi1ERDEwRisxLVNUMTBGQVBQKzEtTDEwTSsxLUYxME0xMkFOKzIyLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLVNUMTJGT0krMS1GMTBNMTJBVSsxLUVVTEErMS1TVDEyRkFQUCsxLVNURjEwTTEyQVVGKzE∏=90&ver=2012.0.1831&mid=2f5e155032c547d6a51ed1572eb0a5f4-67a770033ab46c38be4f16cb6e0539da3b11bf91" [?]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2011-12-16 117344]

WinTV Recording Status..lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2011-12-16 82944]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - TRUESIGHT

*Deregistered* - TrueSight

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000Core.job

- c:\users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 23:51]

.

2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000UA.job

- c:\users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 23:51]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\n1e4bns6.default\

FF - prefs.js: browser.search.selectedEngine - Blekko

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=E2D73851095728C817E9D84FDFD98339&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-20 03:17

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-07-20 03:30:46

ComboFix-quarantined-files.txt 2012-07-20 07:30

.

Pre-Run: 39,549,009,920 bytes free

Post-Run: 41,126,002,688 bytes free

.

- - End Of File - - 7AD6F04F8F07F02FF35FAB774236D9ED

******************************************End ComboFix Report***********************************************************

What next?

Thanx!

- L :)

Share this post


Link to post
Share on other sites

Hi,

Running those tools while not under supervision is dangerous...

What current symptoms of infection are you experiencing?

Share this post


Link to post
Share on other sites

Hi, Same as mydomainadvisor here: http://forums.malwarebytes.org/index.php?showtopic=111582

Redirects of typos on IE 9, running vista on laptop. Malwarebytes doesn't pick it up, neither did Microsoft Security Essentials before that.

The same downloaded copy of ComboFix is on my desktop. While it ran - took hours! - there was a popup which said<blockquote>A problem caused the program to stop working. Windows will close the program and notify you if a solution is available</blockquote>Then, a 2nd popup held up ComboFix, while the desktop was hidden<blockquote>Recylce Bin on C: is corrupted. Do you want to empty the recycle bin for this drive?</blockquote>The first, I clicked, "Close," and the program resumed. The 2nd, I clicked, "Empty."

Thank you.

Share this post


Link to post
Share on other sites

I left out a detail on the first message. Let me rephrase the above:

The same downloaded copy of ComboFix is on my desktop. While it ran - took hours! - there was a popup which said

Freeware img. of XCACLS has stopped working. A problem caused the program to stop working. Windows will close the program and notify you if a solution is available

Then, a 2nd popup held up ComboFix, while the desktop was hidden
Recylce Bin on C: is corrupted. Do you want to empty the recycle bin for this drive?
The first, I clicked, "Close," and the program resumed. The 2nd, I clicked, "Empty."

Share this post


Link to post
Share on other sites

Hi,

Sorry for the delay.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Share this post


Link to post
Share on other sites

Hi, Thanx for replying!

If I am to update Malwarebytes - I have a question. A popup window suggested I update, then I ran an update last week. Then another popup asked me to update. So, should I delete the current version of Malwarebytes, then download another trial version?

Thanx! :)

Share this post


Link to post
Share on other sites

Hi,

Just click yes to the update prompts that you receive. You'll get the latest version in due time. :)

Share this post


Link to post
Share on other sites

Hi,

Here is the report for a QuickScan:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.25.07

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Carol :: BILL [administrator]

7/25/2012 1:15:32 PM

mbam-log-2012-07-25 (13-15-32).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 188226

Time elapsed: 20 minute(s), 58 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Hi Chris,

Just a reminder, I have stil ComboFix and RogueKiller on my desktop - never deleted them!

Hi,

Sorry for the delay.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Okay. Here is the DDS report:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Carol at 13:40:43 on 2012-07-25

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3262.1328 [GMT -4:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\astsrv.exe

C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe

C:\Program Files\WinTV\WinTV7\WinTVTray.exe

C:\Windows\System32\Macromed\Shockwave 10\SwHelper_1020023.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\System32\mspaint.exe

C:\Windows\notepad.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wermgr.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE

uRunOnce: [shockwave Updater] "c:\windows\system32\macromed\shockwave 10\SwHelper_1020023.exe" -Update -1020023 -iexplore.exe9.0

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzgyNDkzMzAzLVhPMTArMi1RSVgxKzQtRjEwTTEwRCsxLVgyMDEwKzItRkwxMCsxLUNJUCsyLUREVCs1MDYyNi1ERDEwRisxLVNUMTBGQVBQKzEtTDEwTSsxLUYxME0xMkFOKzIyLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLVNUMTJGT0krMS1GMTBNMTJBVSsxLUVVTEErMS1TVDEyRkFQUCsxLVNURjEwTTEyQVVGKzE"&"prod=90"&"ver=2012.0.1831"&"mid=2f5e155032c547d6a51ed1572eb0a5f4-67a770033ab46c38be4f16cb6e0539da3b11bf91

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autostart ir.lnk - c:\program files\wintv\Ir.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wintv recording status..lnk - c:\program files\wintv\wintv7\WinTVTray.exe

uPolicies-explorer: NoInstrumentation = 1

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7}

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{5BDA6017-34CF-4407-A303-0315F31DBA14} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{AFF8AD68-D2A5-4A7C-BBF2-ED461B9A885C} : DhcpNameServer = 192.168.1.1

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\carol\appdata\roaming\mozilla\firefox\profiles\n1e4bns6.default\

FF - prefs.js: browser.search.selectedEngine - Blekko

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=E2D73851095728C817E9D84FDFD98339&q=

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrl.1.0.20926.0.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\users\carol\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 HauppaugeTVServer;HauppaugeTVServer;c:\program files\wintv\tvserver\HauppaugeTVServer.exe [2011-12-16 562176]

R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-4-16 173352]

R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-11-3 2358656]

R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-11-29 2916736]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-19 22344]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-7 113120]

S3 MxL111SF_AVS_USB;Hauppauge WinTV-Aero-M;c:\windows\system32\drivers\hcwC6bda.sys [2011-12-16 85248]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-19 655944]

.

=============== Created Last 30 ================

.

2012-07-20 07:30:52 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-20 07:30:49 -------- d-----w- c:\users\carol\appdata\local\temp

2012-07-20 06:09:09 518144 ----a-w- c:\windows\SWREG.exe

2012-07-20 06:09:09 256000 ----a-w- c:\windows\PEV.exe

2012-07-20 06:09:09 208896 ----a-w- c:\windows\MBR.exe

2012-07-20 06:09:08 98816 ----a-w- c:\windows\sed.exe

2012-07-06 05:07:55 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f8667a28-fdd6-4741-8bf1-8143c62ea1f2}\offreg.dll

2012-07-06 03:17:44 -------- d-----w- c:\users\carol\appdata\roaming\Watchtower

2012-07-06 03:16:43 40960 ----a-w- c:\windows\system32\wh2robo.dll

2012-07-06 03:16:43 1044480 ----a-w- c:\windows\system32\Roboex32.dll

2012-07-06 03:16:43 -------- d-----w- c:\program files\Watchtower

2012-07-02 02:42:36 6762896 ------w- c:\programdata\microsoft\windows defender\definition updates\{f8667a28-fdd6-4741-8bf1-8143c62ea1f2}\mpengine.dll

.

==================== Find3M ====================

.

2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-04 00:34:13 476960 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-05-04 00:34:13 472864 ----a-w- c:\windows\system32\deployJava1.dll

.

============= FINISH: 13:44:37.04 ===============

Share this post


Link to post
Share on other sites

14:20:37.0450 3116 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

14:20:37.0999 3116 ============================================================

14:20:38.0000 3116 Current date / time: 2012/07/25 14:20:37.0999

14:20:38.0000 3116 SystemInfo:

14:20:38.0000 3116

14:20:38.0000 3116 OS Version: 6.0.6002 ServicePack: 2.0

14:20:38.0000 3116 Product type: Workstation

14:20:38.0000 3116 ComputerName: BILL

14:20:38.0001 3116 UserName: Carol

14:20:38.0001 3116 Windows directory: C:\Windows

14:20:38.0001 3116 System windows directory: C:\Windows

14:20:38.0001 3116 Processor architecture: Intel x86

14:20:38.0001 3116 Number of processors: 2

14:20:38.0001 3116 Page size: 0x1000

14:20:38.0001 3116 Boot type: Normal boot

14:20:38.0001 3116 ============================================================

14:20:41.0868 3116 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:20:41.0871 3116 ============================================================

14:20:41.0871 3116 \Device\Harddisk0\DR0:

14:20:41.0871 3116 MBR partitions:

14:20:41.0871 3116 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC944DD2

14:20:41.0871 3116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC944E11, BlocksNum 0x164E9B0

14:20:41.0871 3116 ============================================================

14:20:41.0883 3116 C: <-> \Device\Harddisk0\DR0\Partition0

14:20:41.0935 3116 D: <-> \Device\Harddisk0\DR0\Partition1

14:20:41.0935 3116 ============================================================

14:20:41.0935 3116 Initialize success

14:20:41.0935 3116 ============================================================

14:20:46.0152 2576 ============================================================

14:20:46.0267 2576 Scan started

14:20:46.0267 2576 Mode: Manual;

14:20:46.0267 2576 ============================================================

14:21:56.0888 2576 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

14:21:56.0953 2576 ACPI - ok

14:21:57.0112 2576 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

14:21:57.0185 2576 adp94xx - ok

14:21:57.0357 2576 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

14:21:57.0366 2576 adpahci - ok

14:21:57.0393 2576 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

14:21:57.0397 2576 adpu160m - ok

14:21:57.0457 2576 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

14:21:57.0462 2576 adpu320 - ok

14:21:57.0530 2576 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

14:21:57.0531 2576 AeLookupSvc - ok

14:21:57.0628 2576 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

14:21:57.0635 2576 AFD - ok

14:21:57.0770 2576 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

14:21:57.0771 2576 agp440 - ok

14:21:57.0805 2576 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

14:21:57.0808 2576 aic78xx - ok

14:21:57.0834 2576 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

14:21:57.0836 2576 ALG - ok

14:21:57.0855 2576 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

14:21:57.0857 2576 aliide - ok

14:21:57.0946 2576 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

14:21:57.0948 2576 amdagp - ok

14:21:57.0973 2576 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

14:21:57.0975 2576 amdide - ok

14:21:58.0303 2576 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

14:21:58.0314 2576 AmdK7 - ok

14:21:58.0497 2576 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

14:21:58.0520 2576 AmdK8 - ok

14:21:58.0727 2576 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

14:21:58.0837 2576 Appinfo - ok

14:21:59.0876 2576 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

14:21:59.0892 2576 arc - ok

14:22:00.0329 2576 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

14:22:00.0353 2576 arcsas - ok

14:22:01.0535 2576 astcc (0c83fc56707bf68db04947052a8188b1) C:\Windows\system32\astsrv.exe

14:22:01.0560 2576 astcc - ok

14:22:01.0739 2576 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

14:22:01.0741 2576 AsyncMac - ok

14:22:01.0961 2576 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

14:22:01.0962 2576 atapi - ok

14:22:09.0049 2576 athr (0437199c88f6e88a387cfec8a8886a6e) C:\Windows\system32\DRIVERS\athr.sys

14:22:09.0475 2576 athr - ok

14:22:10.0529 2576 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

14:22:10.0598 2576 AudioEndpointBuilder - ok

14:22:10.0601 2576 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

14:22:10.0605 2576 Audiosrv - ok

14:22:13.0368 2576 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys

14:22:13.0388 2576 BCM43XV - ok

14:22:14.0127 2576 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

14:22:14.0130 2576 Beep - ok

14:22:14.0924 2576 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

14:22:14.0989 2576 BFE - ok

14:22:16.0493 2576 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll

14:22:16.0693 2576 BITS - ok

14:22:16.0757 2576 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

14:22:16.0769 2576 blbdrive - ok

14:22:16.0901 2576 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

14:22:16.0955 2576 bowser - ok

14:22:17.0088 2576 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

14:22:17.0091 2576 BrFiltLo - ok

14:22:17.0168 2576 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

14:22:17.0170 2576 BrFiltUp - ok

14:22:17.0266 2576 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

14:22:17.0299 2576 Browser - ok

14:22:17.0460 2576 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

14:22:17.0503 2576 Brserid - ok

14:22:17.0601 2576 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

14:22:17.0643 2576 BrSerWdm - ok

14:22:18.0596 2576 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

14:22:18.0598 2576 BrUsbMdm - ok

14:22:18.0660 2576 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

14:22:18.0781 2576 BrUsbSer - ok

14:22:18.0902 2576 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

14:22:19.0038 2576 BTHMODEM - ok

14:22:19.0123 2576 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS

14:22:19.0199 2576 BVRPMPR5 - ok

14:22:19.0366 2576 catchme - ok

14:22:19.0445 2576 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

14:22:19.0542 2576 cdfs - ok

14:22:20.0865 2576 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

14:22:20.0874 2576 cdrom - ok

14:22:21.0124 2576 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

14:22:21.0127 2576 CertPropSvc - ok

14:22:21.0183 2576 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

14:22:21.0186 2576 circlass - ok

14:22:21.0446 2576 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

14:22:21.0458 2576 CLFS - ok

14:22:21.0543 2576 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:22:21.0548 2576 clr_optimization_v2.0.50727_32 - ok

14:22:21.0652 2576 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:22:21.0734 2576 clr_optimization_v4.0.30319_32 - ok

14:22:21.0786 2576 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

14:22:21.0789 2576 CmBatt - ok

14:22:21.0849 2576 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

14:22:21.0852 2576 cmdide - ok

14:22:21.0942 2576 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys

14:22:21.0966 2576 CnxtHdAudService - ok

14:22:22.0088 2576 Com4Qlb (d8774ace03b46c9b01a49818055f9ad4) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

14:22:22.0183 2576 Com4Qlb - ok

14:22:22.0308 2576 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

14:22:22.0352 2576 Compbatt - ok

14:22:22.0361 2576 COMSysApp - ok

14:22:22.0393 2576 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

14:22:22.0432 2576 crcdisk - ok

14:22:22.0945 2576 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

14:22:23.0068 2576 Crusoe - ok

14:22:24.0023 2576 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

14:22:24.0029 2576 CryptSvc - ok

14:22:24.0339 2576 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

14:22:24.0462 2576 DcomLaunch - ok

14:22:24.0554 2576 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

14:22:24.0631 2576 DfsC - ok

14:22:27.0421 2576 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

14:22:28.0167 2576 DFSR - ok

14:22:29.0053 2576 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

14:22:29.0063 2576 Dhcp - ok

14:22:29.0185 2576 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

14:22:29.0195 2576 disk - ok

14:22:29.0289 2576 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

14:22:29.0294 2576 Dnscache - ok

14:22:29.0525 2576 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

14:22:29.0591 2576 dot3svc - ok

14:22:29.0723 2576 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

14:22:29.0779 2576 DPS - ok

14:22:29.0846 2576 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

14:22:29.0848 2576 drmkaud - ok

14:22:31.0660 2576 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

14:22:31.0721 2576 DXGKrnl - ok

14:22:31.0837 2576 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

14:22:31.0904 2576 E1G60 - ok

14:22:31.0967 2576 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

14:22:31.0971 2576 EapHost - ok

14:22:32.0192 2576 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

14:22:32.0258 2576 Ecache - ok

14:22:32.0539 2576 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

14:22:32.0639 2576 elxstor - ok

14:22:34.0730 2576 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

14:22:34.0774 2576 EMDMgmt - ok

14:22:34.0859 2576 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

14:22:34.0862 2576 ErrDev - ok

14:22:34.0917 2576 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

14:22:34.0923 2576 EventSystem - ok

14:22:34.0977 2576 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

14:22:34.0994 2576 exfat - ok

14:22:35.0361 2576 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

14:22:35.0386 2576 fastfat - ok

14:22:35.0422 2576 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

14:22:35.0425 2576 fdc - ok

14:22:35.0460 2576 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

14:22:35.0464 2576 fdPHost - ok

14:22:35.0490 2576 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

14:22:35.0494 2576 FDResPub - ok

14:22:35.0573 2576 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

14:22:35.0576 2576 FileInfo - ok

14:22:35.0607 2576 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

14:22:35.0608 2576 Filetrace - ok

14:22:35.0624 2576 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

14:22:35.0626 2576 flpydisk - ok

14:22:35.0666 2576 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

14:22:35.0714 2576 FltMgr - ok

14:22:36.0182 2576 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

14:22:36.0222 2576 FontCache - ok

14:22:36.0292 2576 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

14:22:36.0295 2576 FontCache3.0.0.0 - ok

14:22:36.0323 2576 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

14:22:36.0325 2576 Fs_Rec - ok

14:22:36.0359 2576 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

14:22:36.0363 2576 gagp30kx - ok

14:22:36.0447 2576 GameConsoleService (44d07e5a444692e9b6a5cdd7401b4402) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

14:22:36.0539 2576 GameConsoleService - ok

14:22:36.0867 2576 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

14:22:36.0909 2576 gpsvc - ok

14:22:37.0053 2576 HauppaugeTVServer (de847265c24e69df988bcb1399026fc7) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe

14:22:37.0058 2576 HauppaugeTVServer - ok

14:22:37.0340 2576 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys

14:22:37.0343 2576 HBtnKey - ok

14:22:37.0424 2576 HdAudAddService (7be40bb4cd16d8760e18ea981ff452ec) C:\Windows\system32\drivers\CHDART.sys

14:22:37.0438 2576 HdAudAddService - ok

14:22:37.0523 2576 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:22:37.0565 2576 HDAudBus - ok

14:22:37.0603 2576 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

14:22:37.0606 2576 HidBth - ok

14:22:37.0637 2576 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

14:22:37.0640 2576 HidIr - ok

14:22:37.0675 2576 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll

14:22:37.0679 2576 hidserv - ok

14:22:37.0725 2576 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

14:22:37.0727 2576 HidUsb - ok

14:22:38.0137 2576 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

14:22:38.0149 2576 hkmsvc - ok

14:22:38.0259 2576 HP Health Check Service (0d26c438e2938a3e6bdd91173bc96ff0) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

14:22:38.0263 2576 HP Health Check Service - ok

14:22:38.0298 2576 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

14:22:38.0301 2576 HpCISSs - ok

14:22:38.0322 2576 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

14:22:38.0324 2576 HpqKbFiltr - ok

14:22:38.0362 2576 hpqwmiex (f8968c9778f25a90a35755c3c97c7f62) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

14:22:38.0377 2576 hpqwmiex - ok

14:22:38.0463 2576 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

14:22:38.0476 2576 HSFHWAZL - ok

14:22:39.0050 2576 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys

14:22:39.0103 2576 HSF_DPV - ok

14:22:39.0162 2576 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

14:22:39.0177 2576 HSXHWAZL - ok

14:22:39.0273 2576 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys

14:22:39.0283 2576 HTTP - ok

14:22:39.0326 2576 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

14:22:39.0328 2576 i2omp - ok

14:22:39.0386 2576 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

14:22:39.0388 2576 i8042prt - ok

14:22:39.0755 2576 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

14:22:39.0802 2576 iaStorV - ok

14:22:39.0939 2576 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

14:22:39.0944 2576 IDriverT - ok

14:22:40.0361 2576 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

14:22:40.0401 2576 idsvc - ok

14:22:40.0454 2576 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

14:22:40.0458 2576 iirsp - ok

14:22:40.0523 2576 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

14:22:40.0608 2576 IKEEXT - ok

14:22:40.0728 2576 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

14:22:40.0761 2576 intelide - ok

14:22:40.0899 2576 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

14:22:40.0931 2576 intelppm - ok

14:22:41.0015 2576 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

14:22:41.0048 2576 IPBusEnum - ok

14:22:41.0141 2576 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:22:41.0175 2576 IpFilterDriver - ok

14:22:41.0354 2576 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

14:22:41.0386 2576 iphlpsvc - ok

14:22:41.0400 2576 IpInIp - ok

14:22:41.0444 2576 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

14:22:41.0448 2576 IPMIDRV - ok

14:22:41.0589 2576 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

14:22:41.0645 2576 IPNAT - ok

14:22:41.0690 2576 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

14:22:41.0692 2576 IRENUM - ok

14:22:41.0781 2576 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

14:22:41.0792 2576 isapnp - ok

14:22:42.0121 2576 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

14:22:42.0166 2576 iScsiPrt - ok

14:22:42.0223 2576 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

14:22:42.0255 2576 iteatapi - ok

14:22:42.0296 2576 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

14:22:42.0328 2576 iteraid - ok

14:22:42.0462 2576 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

14:22:42.0494 2576 kbdclass - ok

14:22:42.0616 2576 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

14:22:42.0682 2576 kbdhid - ok

14:22:42.0762 2576 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

14:22:42.0800 2576 KeyIso - ok

14:22:43.0339 2576 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

14:22:43.0449 2576 KSecDD - ok

14:22:43.0752 2576 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

14:22:43.0853 2576 KtmRm - ok

14:22:44.0069 2576 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll

14:22:44.0090 2576 LanmanServer - ok

14:22:44.0187 2576 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

14:22:44.0220 2576 LanmanWorkstation - ok

14:22:44.0262 2576 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

14:22:44.0265 2576 lltdio - ok

14:22:44.0306 2576 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

14:22:44.0320 2576 lltdsvc - ok

14:22:44.0353 2576 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

14:22:44.0357 2576 lmhosts - ok

14:22:44.0390 2576 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

14:22:44.0393 2576 LSI_FC - ok

14:22:44.0409 2576 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

14:22:44.0412 2576 LSI_SAS - ok

14:22:44.0543 2576 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

14:22:44.0562 2576 LSI_SCSI - ok

14:22:44.0649 2576 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

14:22:44.0681 2576 luafv - ok

14:22:44.0778 2576 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys

14:22:44.0833 2576 MBAMProtector - ok

14:22:45.0580 2576 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

14:22:45.0737 2576 MBAMService - ok

14:22:45.0803 2576 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

14:22:45.0858 2576 mdmxsdk - ok

14:22:46.0042 2576 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

14:22:46.0243 2576 megasas - ok

14:22:46.0788 2576 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

14:22:46.0893 2576 MegaSR - ok

14:22:46.0950 2576 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

14:22:46.0981 2576 MMCSS - ok

14:22:47.0052 2576 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

14:22:47.0096 2576 Modem - ok

14:22:47.0153 2576 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

14:22:47.0196 2576 monitor - ok

14:22:47.0273 2576 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

14:22:47.0283 2576 mouclass - ok

14:22:47.0391 2576 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

14:22:47.0425 2576 mouhid - ok

14:22:47.0569 2576 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

14:22:47.0576 2576 MountMgr - ok

14:22:47.0845 2576 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

14:22:47.0868 2576 MozillaMaintenance - ok

14:22:48.0003 2576 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

14:22:48.0031 2576 mpio - ok

14:22:48.0135 2576 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

14:22:48.0147 2576 mpsdrv - ok

14:22:48.0449 2576 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

14:22:48.0610 2576 MpsSvc - ok

14:22:48.0662 2576 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

14:22:48.0663 2576 Mraid35x - ok

14:22:48.0697 2576 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

14:22:48.0700 2576 MRxDAV - ok

14:22:48.0735 2576 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:22:48.0774 2576 mrxsmb - ok

14:22:49.0142 2576 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:22:49.0308 2576 mrxsmb10 - ok

14:22:49.0376 2576 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:22:49.0379 2576 mrxsmb20 - ok

14:22:49.0407 2576 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

14:22:49.0408 2576 msahci - ok

14:22:49.0432 2576 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

14:22:49.0435 2576 msdsm - ok

14:22:49.0474 2576 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

14:22:49.0478 2576 MSDTC - ok

14:22:49.0500 2576 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

14:22:49.0502 2576 Msfs - ok

14:22:49.0561 2576 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

14:22:49.0562 2576 msisadrv - ok

14:22:49.0594 2576 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

14:22:49.0610 2576 MSiSCSI - ok

14:22:49.0628 2576 msiserver - ok

14:22:49.0701 2576 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

14:22:49.0702 2576 MSKSSRV - ok

14:22:49.0799 2576 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

14:22:49.0801 2576 MSPCLOCK - ok

14:22:49.0876 2576 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

14:22:49.0898 2576 MSPQM - ok

14:22:50.0096 2576 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

14:22:50.0149 2576 MsRPC - ok

14:22:50.0207 2576 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

14:22:50.0250 2576 mssmbios - ok

14:22:50.0491 2576 MSSQL$SQLEXPRESS - ok

14:22:50.0716 2576 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

14:22:50.0761 2576 MSSQLServerADHelper - ok

14:22:50.0836 2576 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

14:22:50.0838 2576 MSTEE - ok

14:22:50.0954 2576 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

14:22:51.0008 2576 Mup - ok

14:22:51.0094 2576 MxL111SF_AVS_USB (87efbc5a9d095e5a1c7df49086b4b81d) C:\Windows\system32\DRIVERS\hcwC6bda.sys

14:22:51.0155 2576 MxL111SF_AVS_USB - ok

14:22:51.0382 2576 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

14:22:51.0424 2576 napagent - ok

14:22:51.0525 2576 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

14:22:51.0563 2576 NativeWifiP - ok

14:22:52.0230 2576 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

14:22:52.0328 2576 NDIS - ok

14:22:52.0386 2576 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

14:22:52.0388 2576 NdisTapi - ok

14:22:52.0463 2576 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

14:22:52.0465 2576 Ndisuio - ok

14:22:52.0567 2576 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

14:22:52.0596 2576 NdisWan - ok

14:22:52.0631 2576 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

14:22:52.0663 2576 NDProxy - ok

14:22:52.0734 2576 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

14:22:52.0767 2576 NetBIOS - ok

14:22:53.0006 2576 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

14:22:53.0060 2576 netbt - ok

14:22:53.0137 2576 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

14:22:53.0139 2576 Netlogon - ok

14:22:53.0364 2576 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

14:22:53.0469 2576 Netman - ok

14:22:53.0790 2576 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

14:22:53.0835 2576 netprofm - ok

14:22:54.0128 2576 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:22:54.0167 2576 NetTcpPortSharing - ok

14:22:54.0209 2576 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

14:22:54.0212 2576 nfrd960 - ok

14:22:54.0250 2576 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

14:22:54.0267 2576 NlaSvc - ok

14:22:54.0304 2576 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

14:22:54.0306 2576 Npfs - ok

14:22:54.0320 2576 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

14:22:54.0322 2576 nsi - ok

14:22:54.0335 2576 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

14:22:54.0336 2576 nsiproxy - ok

14:22:54.0734 2576 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

14:22:54.0782 2576 Ntfs - ok

14:22:54.0822 2576 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

14:22:54.0824 2576 ntrigdigi - ok

14:22:54.0877 2576 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys

14:22:54.0879 2576 NuidFltr - ok

14:22:54.0896 2576 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

14:22:54.0898 2576 Null - ok

14:22:55.0686 2576 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys

14:22:55.0870 2576 NVENETFD - ok

14:23:01.0187 2576 nvlddmkm (3c65f41ebb779a0f16ff965bfd0df179) C:\Windows\system32\DRIVERS\nvlddmkm.sys

14:23:02.0498 2576 nvlddmkm - ok

14:23:03.0235 2576 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

14:23:03.0277 2576 nvraid - ok

14:23:03.0401 2576 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys

14:23:03.0403 2576 nvsmu - ok

14:23:03.0582 2576 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

14:23:03.0714 2576 nvstor - ok

14:23:03.0847 2576 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

14:23:03.0958 2576 nv_agp - ok

14:23:03.0967 2576 NwlnkFlt - ok

14:23:03.0974 2576 NwlnkFwd - ok

14:23:04.0498 2576 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

14:23:04.0541 2576 odserv - ok

14:23:04.0648 2576 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

14:23:04.0652 2576 ohci1394 - ok

14:23:04.0693 2576 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:23:04.0731 2576 ose - ok

14:23:06.0041 2576 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

14:23:06.0164 2576 p2pimsvc - ok

14:23:06.0182 2576 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

14:23:06.0200 2576 p2psvc - ok

14:23:07.0242 2576 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

14:23:07.0323 2576 Parport - ok

14:23:07.0415 2576 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

14:23:07.0474 2576 partmgr - ok

14:23:07.0605 2576 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

14:23:07.0607 2576 Parvdm - ok

14:23:07.0657 2576 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

14:23:07.0664 2576 PcaSvc - ok

14:23:07.0722 2576 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

14:23:07.0736 2576 pci - ok

14:23:07.0800 2576 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

14:23:07.0803 2576 pciide - ok

14:23:07.0846 2576 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

14:23:07.0858 2576 pcmcia - ok

14:23:08.0025 2576 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

14:23:08.0056 2576 PEAUTH - ok

14:23:08.0222 2576 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

14:23:08.0486 2576 pla - ok

14:23:09.0604 2576 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

14:23:09.0678 2576 PlugPlay - ok

14:23:10.0705 2576 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

14:23:10.0781 2576 PNRPAutoReg - ok

14:23:10.0789 2576 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

14:23:10.0797 2576 PNRPsvc - ok

14:23:11.0271 2576 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

14:23:11.0348 2576 PolicyAgent - ok

14:23:11.0559 2576 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

14:23:11.0615 2576 PptpMiniport - ok

14:23:11.0701 2576 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

14:23:11.0755 2576 Processor - ok

14:23:12.0596 2576 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

14:23:12.0774 2576 ProfSvc - ok

14:23:13.0740 2576 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

14:23:13.0745 2576 ProtectedStorage - ok

14:23:14.0029 2576 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

14:23:14.0032 2576 PSched - ok

14:23:14.0850 2576 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

14:23:14.0904 2576 ql2300 - ok

14:23:15.0002 2576 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

14:23:15.0014 2576 ql40xx - ok

14:23:15.0422 2576 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

14:23:15.0462 2576 QWAVE - ok

14:23:15.0515 2576 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

14:23:15.0559 2576 QWAVEdrv - ok

14:23:15.0587 2576 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

14:23:15.0589 2576 RasAcd - ok

14:23:15.0757 2576 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

14:23:15.0783 2576 RasAuto - ok

14:23:15.0902 2576 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:23:15.0946 2576 Rasl2tp - ok

14:23:16.0232 2576 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

14:23:16.0369 2576 RasMan - ok

14:23:16.0455 2576 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

14:23:16.0542 2576 RasPppoe - ok

14:23:16.0657 2576 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

14:23:16.0700 2576 RasSstp - ok

14:23:16.0936 2576 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

14:23:16.0970 2576 rdbss - ok

14:23:17.0045 2576 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:23:17.0046 2576 RDPCDD - ok

14:23:17.0387 2576 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

14:23:17.0450 2576 rdpdr - ok

14:23:17.0503 2576 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

14:23:17.0506 2576 RDPENCDD - ok

14:23:18.0023 2576 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

14:23:18.0123 2576 RDPWD - ok

14:23:18.0265 2576 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

14:23:18.0320 2576 RemoteAccess - ok

14:23:18.0464 2576 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

14:23:18.0529 2576 RemoteRegistry - ok

14:23:18.0811 2576 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files\CyberLink\Shared Files\RichVideo.exe

14:23:18.0844 2576 RichVideo - ok

14:23:18.0947 2576 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys

14:23:19.0025 2576 rimmptsk - ok

14:23:20.0249 2576 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys

14:23:20.0339 2576 rimsptsk - ok

14:23:20.0388 2576 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys

14:23:20.0392 2576 rismxdp - ok

14:23:20.0419 2576 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

14:23:20.0424 2576 RpcLocator - ok

14:23:20.0500 2576 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

14:23:20.0507 2576 RpcSs - ok

14:23:20.0538 2576 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

14:23:20.0541 2576 rspndr - ok

14:23:20.0552 2576 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

14:23:20.0554 2576 SamSs - ok

14:23:20.0582 2576 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

14:23:20.0585 2576 sbp2port - ok

14:23:20.0625 2576 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

14:23:20.0630 2576 SCardSvr - ok

14:23:20.0704 2576 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

14:23:20.0742 2576 Schedule - ok

14:23:20.0773 2576 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

14:23:20.0774 2576 SCPolicySvc - ok

14:23:20.0839 2576 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

14:23:20.0842 2576 sdbus - ok

14:23:20.0867 2576 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

14:23:20.0882 2576 SDRSVC - ok

14:23:20.0904 2576 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

14:23:20.0905 2576 secdrv - ok

14:23:20.0918 2576 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

14:23:20.0921 2576 seclogon - ok

14:23:20.0942 2576 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll

14:23:20.0946 2576 SENS - ok

14:23:20.0967 2576 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

14:23:20.0969 2576 Serenum - ok

14:23:21.0006 2576 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

14:23:21.0047 2576 Serial - ok

14:23:21.0176 2576 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

14:23:21.0217 2576 sermouse - ok

14:23:21.0649 2576 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

14:23:21.0683 2576 SessionEnv - ok

14:23:21.0767 2576 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

14:23:21.0780 2576 sffdisk - ok

14:23:21.0838 2576 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

14:23:21.0841 2576 sffp_mmc - ok

14:23:21.0912 2576 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

14:23:21.0915 2576 sffp_sd - ok

14:23:21.0983 2576 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

14:23:21.0986 2576 sfloppy - ok

14:23:22.0159 2576 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

14:23:22.0187 2576 SharedAccess - ok

14:23:22.0619 2576 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

14:23:22.0674 2576 ShellHWDetection - ok

14:23:22.0725 2576 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

14:23:22.0768 2576 sisagp - ok

14:23:22.0885 2576 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

14:23:22.0889 2576 SiSRaid2 - ok

14:23:22.0959 2576 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

14:23:23.0000 2576 SiSRaid4 - ok

14:23:24.0076 2576 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

14:23:24.0631 2576 slsvc - ok

14:23:25.0216 2576 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

14:23:25.0271 2576 SLUINotify - ok

14:23:26.0659 2576 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

14:23:26.0738 2576 Smb - ok

14:23:26.0880 2576 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

14:23:26.0898 2576 SNMPTRAP - ok

14:23:26.0931 2576 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

14:23:26.0935 2576 spldr - ok

14:23:27.0192 2576 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

14:23:27.0198 2576 Spooler - ok

14:23:27.0428 2576 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

14:23:27.0448 2576 SQLBrowser - ok

14:23:27.0517 2576 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

14:23:27.0521 2576 SQLWriter - ok

14:23:27.0578 2576 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

14:23:27.0621 2576 srv - ok

14:23:27.0700 2576 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

14:23:27.0718 2576 srv2 - ok

14:23:27.0750 2576 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

14:23:27.0754 2576 srvnet - ok

14:23:27.0777 2576 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

14:23:27.0790 2576 SSDPSRV - ok

14:23:27.0833 2576 ssmdrv (3d2829fde1c52fc64da5413889ce4dee) C:\Windows\system32\DRIVERS\ssmdrv.sys

14:23:27.0835 2576 ssmdrv - ok

14:23:27.0898 2576 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

14:23:27.0905 2576 SstpSvc - ok

14:23:27.0964 2576 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

14:23:27.0994 2576 stisvc - ok

14:23:28.0031 2576 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

14:23:28.0033 2576 swenum - ok

14:23:28.0079 2576 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

14:23:28.0097 2576 swprv - ok

14:23:28.0125 2576 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

14:23:28.0127 2576 Symc8xx - ok

14:23:28.0150 2576 SymIM - ok

14:23:28.0154 2576 SymIMMP - ok

14:23:28.0192 2576 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

14:23:28.0194 2576 Sym_hi - ok

14:23:28.0213 2576 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

14:23:28.0215 2576 Sym_u3 - ok

14:23:29.0198 2576 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys

14:23:29.0207 2576 SynTP - ok

14:23:29.0305 2576 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

14:23:29.0328 2576 SysMain - ok

14:23:29.0378 2576 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

14:23:29.0395 2576 TabletInputService - ok

14:23:29.0449 2576 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

14:23:29.0473 2576 TapiSrv - ok

14:23:29.0499 2576 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

14:23:29.0503 2576 TBS - ok

14:23:29.0650 2576 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys

14:23:29.0679 2576 Tcpip - ok

14:23:29.0694 2576 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys

14:23:29.0703 2576 Tcpip6 - ok

14:23:29.0739 2576 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys

14:23:29.0742 2576 tcpipreg - ok

14:23:29.0770 2576 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

14:23:29.0771 2576 TDPIPE - ok

14:23:29.0792 2576 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

14:23:29.0794 2576 TDTCP - ok

14:23:29.0903 2576 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

14:23:29.0958 2576 tdx - ok

14:23:30.0205 2576 TeamViewer5 (5624acd0b7900beabbd329443a4f4454) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

14:23:30.0304 2576 TeamViewer5 - ok

14:23:33.0185 2576 TeamViewer6 (01a402d34732ca3da91786adcc765069) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

14:23:33.0571 2576 TeamViewer6 - ok

14:23:34.0266 2576 TeamViewer7 (de09282b3abef632917ebedc4dcdfb56) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

14:23:34.0359 2576 TeamViewer7 - ok

14:23:34.0473 2576 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

14:23:34.0475 2576 TermDD - ok

14:23:35.0015 2576 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

14:23:35.0121 2576 TermService - ok

14:23:35.0440 2576 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

14:23:35.0450 2576 Themes - ok

14:23:35.0544 2576 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

14:23:35.0586 2576 THREADORDER - ok

14:23:35.0683 2576 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

14:23:35.0746 2576 TrkWks - ok

14:23:36.0098 2576 truecrypt (867d1d7c41e319268d4ef47f1f109199) C:\Windows\system32\drivers\truecrypt.sys

14:23:36.0147 2576 truecrypt - ok

14:23:37.0048 2576 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

14:23:37.0050 2576 TrustedInstaller - ok

14:23:37.0094 2576 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:23:37.0096 2576 tssecsrv - ok

14:23:37.0144 2576 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

14:23:37.0148 2576 tunmp - ok

14:23:37.0171 2576 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

14:23:37.0175 2576 tunnel - ok

14:23:37.0198 2576 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

14:23:37.0200 2576 uagp35 - ok

14:23:37.0256 2576 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

14:23:37.0268 2576 udfs - ok

14:23:37.0297 2576 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

14:23:37.0301 2576 UI0Detect - ok

14:23:37.0321 2576 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

14:23:37.0324 2576 uliagpkx - ok

14:23:37.0352 2576 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

14:23:37.0363 2576 uliahci - ok

14:23:37.0393 2576 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

14:23:37.0397 2576 UlSata - ok

14:23:37.0425 2576 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

14:23:37.0429 2576 ulsata2 - ok

14:23:37.0449 2576 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

14:23:37.0451 2576 umbus - ok

14:23:37.0491 2576 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

14:23:37.0514 2576 upnphost - ok

14:23:37.0532 2576 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

14:23:37.0535 2576 usbccgp - ok

14:23:37.0558 2576 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

14:23:37.0561 2576 usbcir - ok

14:23:37.0609 2576 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

14:23:37.0611 2576 usbehci - ok

14:23:37.0647 2576 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

14:23:37.0661 2576 usbhub - ok

14:23:37.0677 2576 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

14:23:37.0681 2576 usbohci - ok

14:23:37.0705 2576 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

14:23:37.0707 2576 usbprint - ok

14:23:37.0892 2576 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

14:23:37.0896 2576 usbscan - ok

14:23:37.0929 2576 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:23:37.0934 2576 USBSTOR - ok

14:23:37.0973 2576 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

14:23:37.0976 2576 usbuhci - ok

14:23:38.0048 2576 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

14:23:38.0080 2576 usbvideo - ok

14:23:38.0141 2576 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

14:23:38.0185 2576 UxSms - ok

14:23:39.0549 2576 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

14:23:39.0791 2576 vds - ok

14:23:39.0842 2576 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

14:23:39.0846 2576 vga - ok

14:23:39.0883 2576 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

14:23:39.0885 2576 VgaSave - ok

14:23:39.0903 2576 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

14:23:39.0905 2576 viaagp - ok

14:23:39.0924 2576 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

14:23:39.0927 2576 ViaC7 - ok

14:23:39.0942 2576 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

14:23:39.0944 2576 viaide - ok

14:23:39.0971 2576 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

14:23:39.0974 2576 volmgr - ok

14:23:40.0031 2576 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

14:23:40.0061 2576 volmgrx - ok

14:23:40.0103 2576 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

14:23:40.0125 2576 volsnap - ok

14:23:40.0195 2576 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

14:23:40.0199 2576 vsmraid - ok

14:23:40.0344 2576 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

14:23:40.0397 2576 VSS - ok

14:23:40.0463 2576 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

14:23:40.0484 2576 W32Time - ok

14:23:40.0551 2576 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

14:23:40.0553 2576 WacomPen - ok

14:23:40.0579 2576 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:23:40.0581 2576 Wanarp - ok

14:23:40.0584 2576 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:23:40.0586 2576 Wanarpv6 - ok

14:23:40.0639 2576 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

14:23:40.0666 2576 wcncsvc - ok

14:23:40.0715 2576 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

14:23:40.0720 2576 WcsPlugInService - ok

14:23:40.0860 2576 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

14:23:40.0861 2576 Wd - ok

14:23:40.0915 2576 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

14:23:40.0949 2576 Wdf01000 - ok

14:23:41.0122 2576 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

14:23:41.0127 2576 WdiServiceHost - ok

14:23:41.0130 2576 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

14:23:41.0134 2576 WdiSystemHost - ok

14:23:41.0378 2576 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

14:23:41.0390 2576 WebClient - ok

14:23:41.0446 2576 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

14:23:41.0494 2576 Wecsvc - ok

14:23:41.0588 2576 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

14:23:41.0608 2576 wercplsupport - ok

14:23:41.0669 2576 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

14:23:41.0687 2576 WerSvc - ok

14:23:42.0011 2576 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

14:23:42.0048 2576 winachsf - ok

14:23:42.0170 2576 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

14:23:42.0229 2576 WinDefend - ok

14:23:42.0242 2576 WinHttpAutoProxySvc - ok

14:23:42.0317 2576 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

14:23:42.0332 2576 Winmgmt - ok

14:23:42.0650 2576 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

14:23:42.0732 2576 WinRM - ok

14:23:42.0797 2576 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

14:23:42.0830 2576 Wlansvc - ok

14:23:43.0036 2576 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

14:23:43.0039 2576 WmiAcpi - ok

14:23:43.0238 2576 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

14:23:43.0248 2576 wmiApSrv - ok

14:23:44.0349 2576 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

14:23:44.0406 2576 WMPNetworkSvc - ok

14:23:44.0461 2576 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

14:23:44.0487 2576 WPCSvc - ok

14:23:44.0532 2576 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

14:23:44.0547 2576 WPDBusEnum - ok

14:23:44.0690 2576 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

14:23:44.0715 2576 WPFFontCache_v0400 - ok

14:23:44.0781 2576 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

14:23:44.0785 2576 ws2ifsl - ok

14:23:45.0474 2576 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll

14:23:45.0483 2576 wscsvc - ok

14:23:45.0494 2576 WSearch - ok

14:23:45.0701 2576 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

14:23:45.0773 2576 wuauserv - ok

14:23:46.0440 2576 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:23:46.0440 2576 WUDFRd - ok

14:23:46.0580 2576 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

14:23:46.0627 2576 wudfsvc - ok

14:23:46.0721 2576 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys

14:23:46.0721 2576 XAudio - ok

14:23:46.0783 2576 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe

14:23:46.0814 2576 XAudioService - ok

14:23:46.0877 2576 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0

14:23:46.0923 2576 \Device\Harddisk0\DR0 - ok

14:23:46.0939 2576 Boot (0x1200) (203649e746198176217358cb0be9f1ae) \Device\Harddisk0\DR0\Partition0

14:23:46.0939 2576 \Device\Harddisk0\DR0\Partition0 - ok

14:23:46.0939 2576 Boot (0x1200) (f10ef0571b6be9f8f927e610e89a6150) \Device\Harddisk0\DR0\Partition1

14:23:46.0939 2576 \Device\Harddisk0\DR0\Partition1 - ok

14:23:46.0939 2576 ============================================================

14:23:46.0939 2576 Scan finished

14:23:46.0939 2576 ============================================================

14:23:46.0955 2604 Detected object count: 0

14:23:46.0955 2604 Actual detected object count: 0

Share this post


Link to post
Share on other sites

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Share this post


Link to post
Share on other sites

Hi, Thanx! Running ESET Online Scanner. So far, it took 2 hours and 48 minutes to go through about 84,000 files, and it's not half way done, about 1/3. So, I guess I'll hear from you next week. Have a nice weekend!

Moderator, please don't close the thread!

Share this post


Link to post
Share on other sites

Results of screen317's Security Check version

0.99.43

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall

Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus;

attempting automatic update.

`````````Anti-malware/Other Utilities

Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

CCleaner

Java 6 Update 32

Java 6 Update 2

Java 6 Update 5

Java 6 Update 7

Java version out of Date!

Adobe Reader 8 Adobe Reader out of

Date!

Mozilla Firefox 13.0.1 Firefox out of

Date!

Google Chrome 20.0.1132.47

Google Chrome 20.0.1132.57

````````Process Check: objlist.exe by

Laurent````````

`````````````````System Health

check`````````````````

Total Fragmentation on Drive C: 60 %

Defragment your hard drive soon!

````````````````````End of

Log``````````````````````

Share this post


Link to post
Share on other sites

Hi,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Adobe Reader 8

Java™ 6 Update 32

Java™ 6 Update 2

Java™ 6 Update 5

Java™ 6 Update 7

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

In Firefox, click Help --> About, and update to the latest version (14).

Defragmenting is a must. It's one of the large reasons for system slowdowns. I use Defraggler to defragment. It is free to download and you can use it forever. I recommend installing it and defragmenting as soon as possible.

Afterward, reboot.

Let me know what issues remain.

Share this post


Link to post
Share on other sites

Funny! After trying to download TFC when I wasn't connected, I get redirected to mydomainadviser! Let me try running Malwarebytes first, just to be able to download it!

post-96106-0-93835800-1343642558.jpg

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.