Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with SireFef.r / ZeroAccess


  • This topic is locked This topic is locked
20 replies to this topic

#1 Oggadon

Oggadon

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 13 August 2012 - 04:15 PM

Mother's Brother's Son's laptop here with me :-/ Windows 7 Home Premium, 32 bit. On boot it throws an error dialog and then shuts down a minute later. MSE reports the sirefef.r virus and the sirefef.ah and sirefab.ab trojans are present.

I've booted into safe mode > recovery console > command prompt and run FRST with the following results:


Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-08-2012
Ran by SYSTEM at 13-08-2012 22:09:24
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [495708 2009-11-06] (IDT, Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [O2Start] C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe /s [2998272 2009-10-20] (O2)
HKLM\...\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot [2073480 2010-09-28] (BullGuard Ltd.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [136216 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [171032 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [170520 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\MOT2U Gloucester\...\Run: [Reminder] C:\Program Files\TTG\Reminder\Reminder.exe [3599360 2010-03-15] (DSG Retail Ltd)
HKU\MOT2U Gloucester\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-03-15] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Launch.lnk
ShortcutTarget: Launch.lnk -> C:\windows\Installer\{4A65DAD2-E914-4923-9C2A-81B968A68CE2}\_A685CC3126A7CC37D335DE.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\OSD.lnk
ShortcutTarget: OSD.lnk -> C:\windows\Installer\{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}\_693B294D31BEF0AFC52D71.exe ()
Startup: C:\Users\MOT2U Gloucester\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
Startup: C:\Users\MOT2U Gloucester\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

================================ Services (Whitelisted) ==================

3 BgRaSvc; "C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe" [122760 2010-08-25] (BullGuard Ltd.)
2 BsBrowser; C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll [58248 2010-08-25] (BullGuard Ltd.)
2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll [270728 2010-08-25] (BullGuard Ltd.)
2 BsFire; C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll [380808 2010-08-25] (BullGuard Ltd.)
2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll [175496 2010-09-22] (BullGuard Ltd.)
2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [169864 2010-08-25] (BullGuard Ltd.)
3 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [305032 2010-10-02] (BullGuard Ltd.)
2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [357504 2011-01-24] (BullGuard Ltd.)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 GoToMyPC; "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" Start=service [557424 2009-12-15] (Citrix Online, a division of Citrix Systems, Inc.)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 PCSUService; C:\Program Files\PC Speed Up\PCSUService.exe [233184 2011-09-05] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ca4025c68f96926d\STacSV.exe [229458 2009-11-06] (IDT, Inc.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

1 afw; C:\Windows\System32\DRIVERS\afw.sys [29208 2010-07-08] (Agnitum Ltd.)
3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [318488 2010-07-08] (Agnitum Ltd.)
1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [56400 2010-07-13] (BullGuard Ltd.)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
3 JME; C:\Windows\System32\DRIVERS\JME.sys [82272 2009-07-14] (JMicron Technology Corp.)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-07-30] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
1 MpKsl2c3f1dd6; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{19CA82DA-60BB-42BA-9E0B-C254C68494C6}\MpKsl2c3f1dd6.sys [29904 2012-07-25] ()
1 MpKsla9b6fdab; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{19CA82DA-60BB-42BA-9E0B-C254C68494C6}\MpKsla9b6fdab.sys [29904 2012-07-29] ()
1 MpKslb94702ba; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{19CA82DA-60BB-42BA-9E0B-C254C68494C6}\MpKslb94702ba.sys [29904 2012-07-25] ()
1 MpKslf81cf681; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{19CA82DA-60BB-42BA-9E0B-C254C68494C6}\MpKslf81cf681.sys [29904 2012-08-13] ()
2 SoilIO; C:\Windows\System32\Drivers\SoilIO.sys [16248 2009-12-04] ()
3 soilkbc; C:\Windows\System32\Drivers\soilkbc.sys [10744 2009-12-04] (Systems Internals)
3 SoilMC; C:\Windows\System32\Drivers\SoilMC.sys [10616 2009-12-04] (Systems Internals)
1 fktrltwg; \??\C:\Windows\system32\drivers\fktrltwg.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-13 21:22 - 2012-08-13 21:22 - 00000000 ____D C:\FRST
2012-07-29 13:10 - 2012-07-29 13:10 - 00000000 ____D C:\NBRT
2012-07-29 08:45 - 2012-07-30 00:47 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-29 08:45 - 2012-07-30 00:46 - 00000361 ____A C:\rkill.log
2012-07-29 08:43 - 2012-07-29 08:43 - 00003288 ____N C:\bootsqm.dat
2012-07-29 07:48 - 2012-07-29 07:48 - 00000000 ____D C:\Users\All Users\MFAData
2012-07-29 07:27 - 2012-07-29 07:27 - 00000000 ____D C:\Users\MOT2U Gloucester\AppData\Roaming\Malwarebytes
2012-07-29 07:25 - 2012-07-29 07:25 - 00001074 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-29 07:25 - 2012-07-29 07:25 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-29 07:25 - 2012-07-29 07:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-29 07:25 - 2012-07-03 04:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-25 02:15 - 2012-07-25 02:15 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xnrvytti.sys
2012-07-25 01:04 - 2012-07-25 01:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-25 01:00 - 2012-07-25 01:02 - 10288512 ____A (Microsoft Corporation) C:\Users\MOT2U Gloucester\Downloads\mseinstall (1).exe
2012-07-21 13:12 - 2012-07-21 13:12 - 00352840 ____A C:\Windows\Minidump\072112-18595-01.dmp
2012-07-21 08:36 - 2012-07-21 08:41 - 11709306 ____A C:\Users\MOT2U Gloucester\Downloads\Sphax 64x Tekkit SMP 3.0.3 v2.1.zip
2012-07-21 00:43 - 2012-07-25 00:05 - 00000000 ____D C:\Users\MOT2U Gloucester\AppData\Roaming\.techniclauncher
2012-07-21 00:43 - 2012-07-21 00:43 - 00052736 ____A (Technic) C:\Users\MOT2U Gloucester\Downloads\TechnicLauncher.exe
2012-07-16 04:48 - 2012-07-16 04:55 - 00000000 ____D C:\Users\MOT2U Gloucester\AppData\Local\Microsoft Games

============ 3 Months Modified Files ========================

2012-08-13 13:02 - 2010-07-08 03:55 - 00005108 ____A C:\Windows\System32\config\afw_hm.conf
2012-08-13 13:02 - 2010-07-08 03:55 - 00000004 ____A C:\Windows\System32\config\afw_db.conf
2012-08-13 13:02 - 2010-03-15 01:51 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-13 13:02 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-13 13:02 - 2009-07-13 20:39 - 00200010 ____A C:\Windows\setupact.log
2012-08-13 12:10 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-30 00:47 - 2012-07-29 08:45 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-30 00:46 - 2012-07-29 08:45 - 00000361 ____A C:\rkill.log
2012-07-29 10:02 - 2010-03-15 01:51 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-29 09:30 - 2012-03-30 11:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-29 08:43 - 2012-07-29 08:43 - 00003288 ____N C:\bootsqm.dat
2012-07-29 07:25 - 2012-07-29 07:25 - 00001074 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-29 04:02 - 2011-01-26 03:39 - 00002243 ____A C:\Windows\epplauncher.mif
2012-07-25 02:15 - 2012-07-25 02:15 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xnrvytti.sys
2012-07-25 01:54 - 2009-07-13 20:53 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-25 01:06 - 2010-07-08 03:03 - 01769408 ____A C:\Windows\WindowsUpdate.log
2012-07-25 01:05 - 2009-08-03 00:18 - 00735552 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-25 01:02 - 2012-07-25 01:00 - 10288512 ____A (Microsoft Corporation) C:\Users\MOT2U Gloucester\Downloads\mseinstall (1).exe
2012-07-24 23:35 - 2009-07-13 20:34 - 00018928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-24 23:35 - 2009-07-13 20:34 - 00018928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-21 13:12 - 2012-07-21 13:12 - 00352840 ____A C:\Windows\Minidump\072112-18595-01.dmp
2012-07-21 13:12 - 2011-10-11 01:43 - 276058273 ____A C:\Windows\MEMORY.DMP
2012-07-21 08:41 - 2012-07-21 08:36 - 11709306 ____A C:\Users\MOT2U Gloucester\Downloads\Sphax 64x Tekkit SMP 3.0.3 v2.1.zip
2012-07-21 00:43 - 2012-07-21 00:43 - 00052736 ____A (Technic) C:\Users\MOT2U Gloucester\Downloads\TechnicLauncher.exe
2012-07-12 07:30 - 2012-07-12 07:30 - 09822920 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-07-12 07:30 - 2012-03-30 11:24 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-12 07:30 - 2011-05-16 01:00 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-12 03:57 - 2010-03-15 01:51 - 00002288 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-11 02:56 - 2012-07-11 02:55 - 00146768 ____A C:\Windows\Minidump\071112-17316-01.dmp
2012-07-11 00:26 - 2009-07-13 20:33 - 00417832 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 00:22 - 2009-07-13 18:04 - 00000513 ____A C:\Windows\win.ini
2012-07-11 00:19 - 2010-07-12 07:17 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 04:46 - 2012-07-29 07:25 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-29 01:26 - 2012-06-29 01:26 - 00349656 ____A C:\Windows\Minidump\062912-19359-01.dmp
2012-06-11 18:40 - 2012-07-11 00:19 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 20:41 - 2012-07-10 20:45 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 21:05 - 2012-07-10 20:45 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-10 20:45 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-10 20:45 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-04 09:03 - 2012-06-04 09:03 - 00001943 ____A C:\Users\MOT2U Gloucester\Desktop\home printer - Shortcut.lnk
2012-06-02 14:19 - 2012-06-22 20:56 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 20:56 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 20:56 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 20:56 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 20:56 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-22 20:56 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-22 20:56 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-22 20:55 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:12 - 2012-06-22 20:55 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-11 00:23 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-11 00:23 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-11 00:23 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-11 00:23 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-11 00:23 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 00:23 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-11 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-11 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 00:23 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 00:23 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-11 00:23 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-11 00:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 00:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 00:23 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 20:45 - 2012-07-10 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-10 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-10 20:45 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-10 20:45 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-10 20:45 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-25 10:04 - 2012-05-25 10:04 - 00349672 ____A C:\Windows\Minidump\052512-17986-01.dmp


ZeroAccess:
C:\Windows\Installer\{3f763dc6-859f-01ee-e5af-377e746524b7}
C:\Windows\Installer\{3f763dc6-859f-01ee-e5af-377e746524b7}\@
C:\Windows\Installer\{3f763dc6-859f-01ee-e5af-377e746524b7}\L
C:\Windows\Installer\{3f763dc6-859f-01ee-e5af-377e746524b7}\n
C:\Windows\Installer\{3f763dc6-859f-01ee-e5af-377e746524b7}\U
C:\Windows\Installer\{3f763dc6-859f-01ee-e5af-377e746524b7}\L\00000004.@
C:\Windows\Installer\{3f763dc6-859f-01ee-e5af-377e746524b7}\L\1afb2d56
C:\Windows\Installer\{3f763dc6-859f-01ee-e5af-377e746524b7}\L\201d3dde

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 26%
Total physical RAM: 2013.18 MB
Available physical RAM: 1471.09 MB
Total Pagefile: 2013.18 MB
Available Pagefile: 1477.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.38 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:292.48 GB) (Free:241.58 GB) NTFS
3 Drive f: (DATASTICK) (Removable) (Total:14.91 GB) (Free:6.48 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System) (Fixed) (Total:5.6 GB) (Free:1.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 5739 MB 1024 KB
Partition 2 Primary 292 GB 5740 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System NTFS Partition 5739 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows NTFS Partition 292 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F DATASTICK NTFS Removable 14 GB Healthy

==================================================================================

Last Boot: 2012-07-18 03:56

======================= End Of Log ==========================


Thank you for reading.

Edited by Oggadon, 13 August 2012 - 04:17 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 AM

Posted 15 August 2012 - 12:41 PM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Oggadon

Oggadon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 15 August 2012 - 01:07 PM

Thank you for your reply gringo_pr.

I've booted into safe mode > recovery console > command prompt and ran FRST and searched for "services.exe" with the following results:


Farbar Recovery Scan Tool Version: 10-08-2012
Ran by SYSTEM at 2012-08-15 18:59:12
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-08-13 12:10] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 AM

Posted 15 August 2012 - 02:48 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
1 fktrltwg; \??\C:\Windows\system32\drivers\fktrltwg.sys [x]
C:\Windows\Installer\{3f763dc6-859f-01ee-e5af-377e746524b7}
C:\Windows\assembly\GAC\Desktop.ini

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Oggadon

Oggadon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 15 August 2012 - 03:27 PM

Hi gringo_pr.

I created the fixlist.txt file as instructed and clicked the FIX button in FRST. I have not yet restarted the laptop. Here is the fixlog.txt:


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 10-08-2012
Ran by SYSTEM at 2012-08-15 21:26:23 Run:1
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
fktrltwg service deleted successfully.
C:\Windows\Installer\{3f763dc6-859f-01ee-e5af-377e746524b7} moved successfully.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 AM

Posted 15 August 2012 - 04:05 PM

Hello

restart the laptop please

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Oggadon

Oggadon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 15 August 2012 - 04:56 PM

Hi,

I uninstalled BullGuard, McAfee Security Scanner, MBAM and MSE and rebooted.

Then I ran combofix.exe from the desktop. It did a scan, rebooted, thought for a long time, and then produced this log file:

ComboFix 12-08-15.01 - MOT2U Gloucester 15/08/2012 22:27:18.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2013.1224 [GMT 1:00]
Running from: c:\users\MOT2U Gloucester\Desktop\ComboFix.exe
AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: BullGuard Firewall *Disabled* {68747E43-7A47-EA26-053F-CB84640E3E67}
SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\E2010.tmp
c:\programdata\OSD10.tmp
c:\windows\system32\config\systemprofile\0.877382536739022.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 21:40 . 2012-08-15 21:42 -------- d-----w- c:\users\MOT2U Gloucester\AppData\Local\temp
2012-08-15 21:40 . 2012-08-15 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 05:22 . 2012-08-14 05:22 -------- d-----w- C:\FRST
2012-07-29 21:10 . 2012-07-29 21:10 -------- d-----w- C:\NBRT
2012-07-29 16:45 . 2012-07-30 08:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-29 15:48 . 2012-07-29 15:48 -------- d--h--w- c:\programdata\Common Files
2012-07-29 15:48 . 2012-07-29 15:48 -------- d-----w- c:\programdata\MFAData
2012-07-29 15:27 . 2012-07-29 15:27 -------- d-----w- c:\users\MOT2U Gloucester\AppData\Roaming\Malwarebytes
2012-07-29 15:25 . 2012-07-29 15:25 -------- d-----w- c:\programdata\Malwarebytes
2012-07-25 10:15 . 2012-07-25 10:15 43480 ----a-w- c:\windows\system32\drivers\xnrvytti.sys
2012-07-21 08:43 . 2012-07-25 08:05 -------- d-----w- c:\users\MOT2U Gloucester\AppData\Roaming\.techniclauncher
2012-07-17 08:25 . 2012-07-17 08:25 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-17 08:25 . 2012-07-17 08:25 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 15:30 . 2012-03-30 19:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 15:30 . 2011-05-16 09:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 15:30 . 2012-07-12 15:30 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-12 02:40 . 2012-07-11 08:19 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-11 04:45 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 04:45 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 04:45 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-23 04:56 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 04:56 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 04:56 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 04:56 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 04:56 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-23 04:56 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-23 04:56 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-23 04:55 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12 . 2012-06-23 04:55 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-11 08:23 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-11 08:23 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-11 08:23 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 08:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 08:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-11 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 04:45 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 04:45 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 04:45 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-17 08:25 . 2011-05-06 08:54 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="c:\program files\TTG\Reminder\Reminder.exe" [2010-03-15 3599360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-11-06 495708]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"O2Start"="c:\program files\O2CM-CE\O2 Connection Manager\tscui.exe" [2009-10-20 2998272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\MOT2U Gloucester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Launch.lnk - c:\windows\Installer\{4A65DAD2-E914-4923-9C2A-81B968A68CE2}\_A685CC3126A7CC37D335DE.exe [2010-3-15 17542]
OSD.lnk - c:\windows\Installer\{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}\_693B294D31BEF0AFC52D71.exe [2010-3-17 4286]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 MpKsl2c3f1dd6;MpKsl2c3f1dd6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19CA82DA-60BB-42BA-9E0B-C254C68494C6}\MpKsl2c3f1dd6.sys [x]
R1 MpKsla9b6fdab;MpKsla9b6fdab;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19CA82DA-60BB-42BA-9E0B-C254C68494C6}\MpKsla9b6fdab.sys [x]
R1 MpKslb94702ba;MpKslb94702ba;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19CA82DA-60BB-42BA-9E0B-C254C68494C6}\MpKslb94702ba.sys [x]
R1 MpKslf81cf681;MpKslf81cf681;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19CA82DA-60BB-42BA-9E0B-C254C68494C6}\MpKslf81cf681.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 JME;JMicron Ethernet Adapter NDIS6 Driver;c:\windows\system32\DRIVERS\JME.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PCSUService;PC Speed Up Service;c:\program files\PC Speed Up\PCSUService.exe [x]
S2 SoilIO;SoilIO; [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 soilkbc;soilkbc; [x]
S3 SoilMC;SoilMC; [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 15:30]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 09:50]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 09:50]
.
2010-07-17 c:\windows\Tasks\Install.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-07-17 13:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=DSGK&bmod=DSGK;
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\MOT2U Gloucester\AppData\Roaming\Mozilla\Firefox\Profiles\mb4c6so7.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 12463cd6-88d6-4925-80a0-1cc1ac504662
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-BsScanner
AddRemove-7-Zip - f:\7-zip\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ca4025c68f96926d\STacSV.exe
c:\program files\Citrix\GoToMyPC\g2svc.exe
c:\program files\Citrix\GoToMyPC\g2comm.exe
c:\program files\Citrix\GoToMyPC\g2pre.exe
c:\program files\Citrix\GoToMyPC\g2tray.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-08-15 22:51:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-15 21:51
.
Pre-Run: 260,660,940,800 bytes free
Post-Run: 261,473,431,552 bytes free
.
- - End Of File - - C84D3DDDD5CADED1318F52A1293A3C8B


The laptop has stopped rebooting every minute and seems much happier. I can access programs and use it as per normal, and nothing seems strange. If you are happy with the combo fix log file then I think we are all done!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 AM

Posted 15 August 2012 - 05:39 PM

Greetings

It takes a little more than that and this was just the first step

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Oggadon

Oggadon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 16 August 2012 - 01:57 PM

Aloha again!

I have run TDSSKiller.exe from the desktop. It did not seem to find anything and I include the log file below:

18:03:46.0925 3592 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
18:03:46.0956 3592 ============================================================
18:03:46.0956 3592 Current date / time: 2012/08/16 18:03:46.0956
18:03:46.0956 3592 SystemInfo:
18:03:46.0956 3592
18:03:46.0956 3592 OS Version: 6.1.7601 ServicePack: 1.0
18:03:46.0956 3592 Product type: Workstation
18:03:46.0956 3592 ComputerName: MOT2UGLOUCESTER
18:03:46.0956 3592 UserName: MOT2U Gloucester
18:03:46.0956 3592 Windows directory: C:\Windows
18:03:46.0956 3592 System windows directory: C:\Windows
18:03:46.0956 3592 Processor architecture: Intel x86
18:03:46.0956 3592 Number of processors: 2
18:03:46.0956 3592 Page size: 0x1000
18:03:46.0956 3592 Boot type: Normal boot
18:03:46.0956 3592 ============================================================
18:03:47.0580 3592 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:03:47.0596 3592 Drive \Device\Harddisk1\DR1 - Size: 0x3BA800000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:03:47.0596 3592 ============================================================
18:03:47.0596 3592 \Device\Harddisk0\DR0:
18:03:47.0596 3592 MBR partitions:
18:03:47.0596 3592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xB35800
18:03:47.0596 3592 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xB36000, BlocksNum 0x248F8000
18:03:47.0596 3592 \Device\Harddisk1\DR1:
18:03:47.0596 3592 MBR partitions:
18:03:47.0596 3592 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1F80, BlocksNum 0x1DD2080
18:03:47.0596 3592 ============================================================
18:03:47.0627 3592 C: <-> \Device\Harddisk0\DR0\Partition2
18:03:47.0627 3592 ============================================================
18:03:47.0627 3592 Initialize success
18:03:47.0627 3592 ============================================================
18:03:52.0650 4132 ============================================================
18:03:52.0650 4132 Scan started
18:03:52.0650 4132 Mode: Manual;
18:03:52.0650 4132 ============================================================
18:03:52.0962 4132 ================ Scan services =============================
18:03:53.0118 4132 [ 1b133875b8aa8ac48969bd3458afe9f5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:03:53.0118 4132 1394ohci - ok
18:03:53.0212 4132 [ cea80c80bed809aa0da6febc04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:03:53.0212 4132 ACPI - ok
18:03:53.0274 4132 [ 1efbc664abff416d1d07db115dcb264f ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:03:53.0274 4132 AcpiPmi - ok
18:03:53.0384 4132 [ 5e1a953c6472e7bb644892a4d0df5e72 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:03:53.0384 4132 AdobeFlashPlayerUpdateSvc - ok
18:03:53.0462 4132 [ 21e785ebd7dc90a06391141aac7892fb ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:03:53.0477 4132 adp94xx - ok
18:03:53.0508 4132 [ 0c676bc278d5b59ff5abd57bbe9123f2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:03:53.0524 4132 adpahci - ok
18:03:53.0555 4132 [ 7c7b5ee4b7b822ec85321fe23a27db33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:03:53.0571 4132 adpu320 - ok
18:03:53.0618 4132 [ 8b5eefeec1e6d1a72a06c526628ad161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:03:53.0618 4132 AeLookupSvc - ok
18:03:53.0664 4132 [ 9ebbba55060f786f0fcaa3893bfa2806 ] AFD C:\Windows\system32\drivers\afd.sys
18:03:53.0664 4132 AFD - ok
18:03:53.0742 4132 [ 7e10e3bb9b258ad8a9300f91214d67b9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
18:03:53.0789 4132 AgereSoftModem - ok
18:03:53.0852 4132 [ 507812c3054c21cef746b6ee3d04dd6e ] agp440 C:\Windows\system32\drivers\agp440.sys
18:03:53.0852 4132 agp440 - ok
18:03:53.0883 4132 [ 8b30250d573a8f6b4bd23195160d8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
18:03:53.0883 4132 aic78xx - ok
18:03:53.0930 4132 [ 18a54e132947cd98fea9accc57f98f13 ] ALG C:\Windows\System32\alg.exe
18:03:53.0930 4132 ALG - ok
18:03:53.0976 4132 [ 0d40bcf52ea90fc7df2aeab6503dea44 ] aliide C:\Windows\system32\drivers\aliide.sys
18:03:53.0976 4132 aliide - ok
18:03:54.0023 4132 [ 3c6600a0696e90a463771c7422e23ab5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:03:54.0023 4132 amdagp - ok
18:03:54.0101 4132 [ cd5914170297126b6266860198d1d4f0 ] amdide C:\Windows\system32\drivers\amdide.sys
18:03:54.0101 4132 amdide - ok
18:03:54.0164 4132 [ 00dda200d71bac534bf56a9db5dfd666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:03:54.0164 4132 AmdK8 - ok
18:03:54.0195 4132 [ 3cbf30f5370fda40dd3e87df38ea53b6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:03:54.0195 4132 AmdPPM - ok
18:03:54.0257 4132 [ d320bf87125326f996d4904fe24300fc ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:03:54.0257 4132 amdsata - ok
18:03:54.0304 4132 [ ea43af0c423ff267355f74e7a53bdaba ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:03:54.0304 4132 amdsbs - ok
18:03:54.0320 4132 [ 46387fb17b086d16dea267d5be23a2f2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:03:54.0320 4132 amdxata - ok
18:03:54.0382 4132 [ aea177f783e20150ace5383ee368da19 ] AppID C:\Windows\system32\drivers\appid.sys
18:03:54.0382 4132 AppID - ok
18:03:54.0413 4132 [ 62a9c86cb6085e20db4823e4e97826f5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:03:54.0413 4132 AppIDSvc - ok
18:03:54.0460 4132 [ fb1959012294d6ad43e5304df65e3c26 ] Appinfo C:\Windows\System32\appinfo.dll
18:03:54.0460 4132 Appinfo - ok
18:03:54.0538 4132 [ 2932004f49677bd84dbc72edb754ffb3 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:03:54.0538 4132 arc - ok
18:03:54.0585 4132 [ 5d6f36c46fd283ae1b57bd2e9feb0bc7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:03:54.0585 4132 arcsas - ok
18:03:54.0647 4132 [ add2ade1c2b285ab8378d2daaf991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:03:54.0647 4132 AsyncMac - ok
18:03:54.0694 4132 [ 338c86357871c167a96ab976519bf59e ] atapi C:\Windows\system32\drivers\atapi.sys
18:03:54.0694 4132 atapi - ok
18:03:54.0756 4132 [ ce3b4e731638d2ef62fcb419be0d39f0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:03:54.0772 4132 AudioEndpointBuilder - ok
18:03:54.0788 4132 [ ce3b4e731638d2ef62fcb419be0d39f0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:03:54.0803 4132 Audiosrv - ok
18:03:54.0850 4132 [ 6e30d02aac9cac84f421622e3a2f6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:03:54.0850 4132 AxInstSV - ok
18:03:54.0897 4132 [ 1a231abec60fd316ec54c66715543cec ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
18:03:54.0897 4132 b06bdrv - ok
18:03:54.0944 4132 [ bd8869eb9cde6bbe4508d869929869ee ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:03:54.0944 4132 b57nd60x - ok
18:03:54.0990 4132 [ ee1e9c3bb8228ae423dd38db69128e71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:03:54.0990 4132 BDESVC - ok
18:03:55.0037 4132 [ 505506526a9d467307b3c393dedaf858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:03:55.0037 4132 Beep - ok
18:03:55.0146 4132 [ 1e2bac209d184bb851e1a187d8a29136 ] BFE C:\Windows\System32\bfe.dll
18:03:55.0162 4132 BFE - ok
18:03:55.0256 4132 [ 2287078ed48fcfc477b05b20cf38f36f ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:03:55.0256 4132 blbdrive - ok
18:03:55.0334 4132 [ 8f2da3028d5fcbd1a060a3de64cd6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:03:55.0349 4132 bowser - ok
18:03:55.0380 4132 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:03:55.0380 4132 BrFiltLo - ok
18:03:55.0396 4132 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:03:55.0396 4132 BrFiltUp - ok
18:03:55.0427 4132 [ 77361d72a04f18809d0efb6cceb74d4b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:03:55.0427 4132 BridgeMP - ok
18:03:55.0474 4132 [ 6e11f33d14d020f58d5e02e4d67dfa19 ] Browser C:\Windows\System32\browser.dll
18:03:55.0474 4132 Browser - ok
18:03:55.0505 4132 [ 845b8ce732e67f3b4133164868c666ea ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:03:55.0521 4132 Brserid - ok
18:03:55.0552 4132 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:03:55.0552 4132 BrSerWdm - ok
18:03:55.0614 4132 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:03:55.0614 4132 BrUsbMdm - ok
18:03:55.0630 4132 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:03:55.0630 4132 BrUsbSer - ok
18:03:55.0646 4132 [ ed3df7c56ce0084eb2034432fc56565a ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:03:55.0646 4132 BTHMODEM - ok
18:03:55.0708 4132 [ 1df19c96eef6c29d1c3e1a8678e07190 ] bthserv C:\Windows\system32\bthserv.dll
18:03:55.0708 4132 bthserv - ok
18:03:55.0833 4132 catchme - ok
18:03:55.0880 4132 [ 77ea11b065e0a8ab902d78145ca51e10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:03:55.0880 4132 cdfs - ok
18:03:55.0942 4132 [ be167ed0fdb9c1fa1133953c18d5a6c9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:03:55.0942 4132 cdrom - ok
18:03:56.0004 4132 [ 319c6b309773d063541d01df8ac6f55f ] CertPropSvc C:\Windows\System32\certprop.dll
18:03:56.0004 4132 CertPropSvc - ok
18:03:56.0036 4132 [ 3fe3fe94a34df6fb06e6418d0f6a0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:03:56.0051 4132 circlass - ok
18:03:56.0129 4132 [ 635181e0e9bbf16871bf5380d71db02d ] CLFS C:\Windows\system32\CLFS.sys
18:03:56.0145 4132 CLFS - ok
18:03:56.0254 4132 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:03:56.0270 4132 clr_optimization_v2.0.50727_32 - ok
18:03:56.0348 4132 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:03:56.0348 4132 clr_optimization_v4.0.30319_32 - ok
18:03:56.0410 4132 [ dea805815e587dad1dd2c502220b5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:03:56.0410 4132 CmBatt - ok
18:03:56.0441 4132 [ c537b1db64d495b9b4717b4d6d9edbf2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:03:56.0441 4132 cmdide - ok
18:03:56.0519 4132 [ 247b4ce2dab1160cd422d532d5241e1f ] CNG C:\Windows\system32\Drivers\cng.sys
18:03:56.0519 4132 CNG - ok
18:03:56.0613 4132 [ a6023d3823c37043986713f118a89bee ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:03:56.0613 4132 Compbatt - ok
18:03:56.0660 4132 [ cbe8c58a8579cfe5fccf809e6f114e89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:03:56.0660 4132 CompositeBus - ok
18:03:56.0675 4132 COMSysApp - ok
18:03:56.0722 4132 [ 2c4ebcfc84a9b44f209dff6c6e6c61d1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:03:56.0722 4132 crcdisk - ok
18:03:56.0784 4132 [ 06e771aa596b8761107ab57e99f128d7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:03:56.0800 4132 CryptSvc - ok
18:03:56.0862 4132 [ 7660f01d3b38aca1747e397d21d790af ] DcomLaunch C:\Windows\system32\rpcss.dll
18:03:56.0862 4132 DcomLaunch - ok
18:03:56.0940 4132 [ 8d6e10a2d9a5eed59562d9b82cf804e1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:03:56.0940 4132 defragsvc - ok
18:03:57.0018 4132 [ f024449c97ec1e464aaffda18593db88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:03:57.0018 4132 DfsC - ok
18:03:57.0065 4132 [ e9e01eb683c132f7fa27cd607b8a2b63 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:03:57.0065 4132 Dhcp - ok
18:03:57.0096 4132 [ 1a050b0274bfb3890703d490f330c0da ] discache C:\Windows\system32\drivers\discache.sys
18:03:57.0096 4132 discache - ok
18:03:57.0128 4132 [ 565003f326f99802e68ca78f2a68e9ff ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:03:57.0128 4132 Disk - ok
18:03:57.0190 4132 [ 33ef4861f19a0736b11314aad9ae28d0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:03:57.0190 4132 Dnscache - ok
18:03:57.0221 4132 [ 366ba8fb4b7bb7435e3b9eacb3843f67 ] dot3svc C:\Windows\System32\dot3svc.dll
18:03:57.0237 4132 dot3svc - ok
18:03:57.0299 4132 [ b5e479eb83707dd698f66953e922042c ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
18:03:57.0299 4132 Dot4 - ok
18:03:57.0362 4132 [ caefd09b6a6249c53a67d55a9a9fcabf ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:03:57.0362 4132 Dot4Print - ok
18:03:57.0393 4132 [ cf491ff38d62143203c065260567e2f7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
18:03:57.0393 4132 dot4usb - ok
18:03:57.0455 4132 [ 8ec04ca86f1d68da9e11952eb85973d6 ] DPS C:\Windows\system32\dps.dll
18:03:57.0455 4132 DPS - ok
18:03:57.0502 4132 [ b918e7c5f9bf77202f89e1a9539f2eb4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:03:57.0502 4132 drmkaud - ok
18:03:57.0549 4132 [ 23f5d28378a160352ba8f817bd8c71cb ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:03:57.0564 4132 DXGKrnl - ok
18:03:57.0627 4132 [ 8600142fa91c1b96367d3300ad0f3f3a ] EapHost C:\Windows\System32\eapsvc.dll
18:03:57.0642 4132 EapHost - ok
18:03:57.0752 4132 [ 024e1b5cac09731e4d868e64dbfb4ab0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
18:03:57.0861 4132 ebdrv - ok
18:03:57.0908 4132 [ 81951f51e318aecc2d68559e47485cc4 ] EFS C:\Windows\System32\lsass.exe
18:03:57.0908 4132 EFS - ok
18:03:58.0001 4132 [ a8c362018efc87beb013ee28f29c0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:03:58.0001 4132 ehRecvr - ok
18:03:58.0079 4132 [ d389bff34f80caede417bf9d1507996a ] ehSched C:\Windows\ehome\ehsched.exe
18:03:58.0079 4132 ehSched - ok
18:03:58.0126 4132 [ 0ed67910c8c326796faa00b2bf6d9d3c ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:03:58.0142 4132 elxstor - ok
18:03:58.0188 4132 [ 8fc3208352dd3912c94367a206ab3f11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:03:58.0188 4132 ErrDev - ok
18:03:58.0313 4132 [ f6916efc29d9953d5d0df06882ae8e16 ] EventSystem C:\Windows\system32\es.dll
18:03:58.0329 4132 EventSystem - ok
18:03:58.0391 4132 [ 2dc9108d74081149cc8b651d3a26207f ] exfat C:\Windows\system32\drivers\exfat.sys
18:03:58.0407 4132 exfat - ok
18:03:58.0438 4132 [ 7e0ab74553476622fb6ae36f73d97d35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:03:58.0438 4132 fastfat - ok
18:03:58.0516 4132 [ 967ea5b213e9984cbe270205df37755b ] Fax C:\Windows\system32\fxssvc.exe
18:03:58.0532 4132 Fax - ok
18:03:58.0563 4132 [ e817a017f82df2a1f8cfdbda29388b29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:03:58.0563 4132 fdc - ok
18:03:58.0594 4132 [ f3222c893bd2f5821a0179e5c71e88fb ] fdPHost C:\Windows\system32\fdPHost.dll
18:03:58.0594 4132 fdPHost - ok
18:03:58.0610 4132 [ 7dbe8cbfe79efbdeb98c9fb08d3a9a5b ] FDResPub C:\Windows\system32\fdrespub.dll
18:03:58.0610 4132 FDResPub - ok
18:03:58.0625 4132 [ 6cf00369c97f3cf563be99be983d13d8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:03:58.0625 4132 FileInfo - ok
18:03:58.0672 4132 [ 42c51dc94c91da21cb9196eb64c45db9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:03:58.0672 4132 Filetrace - ok
18:03:58.0688 4132 [ 87907aa70cb3c56600f1c2fb8841579b ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:03:58.0688 4132 flpydisk - ok
18:03:58.0703 4132 [ 7520ec808e0c35e0ee6f841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:03:58.0719 4132 FltMgr - ok
18:03:58.0781 4132 [ b3a5ec6b6b6673db7e87c2bcdbddc074 ] FontCache C:\Windows\system32\FntCache.dll
18:03:58.0812 4132 FontCache - ok
18:03:58.0922 4132 [ e56f39f6b7fda0ac77a79b0fd3de1a2f ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:03:58.0922 4132 FontCache3.0.0.0 - ok
18:03:58.0953 4132 [ 1a16b57943853e598cff37fe2b8cbf1d ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:03:58.0953 4132 FsDepends - ok
18:03:59.0031 4132 [ 7dae5ebcc80e45d3253f4923dc424d05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:03:59.0031 4132 Fs_Rec - ok
18:03:59.0078 4132 [ 8a73e79089b282100b9393b644cb853b ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:03:59.0078 4132 fvevol - ok
18:03:59.0093 4132 [ 65ee0c7a58b65e74ae05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:03:59.0093 4132 gagp30kx - ok
18:03:59.0187 4132 [ 372dc23606a693e8667971dcbcb2e5b3 ] GoToMyPC C:\Program Files\Citrix\GoToMyPC\g2svc.exe
18:03:59.0187 4132 GoToMyPC - ok
18:03:59.0234 4132 [ e897eaf5ed6ba41e081060c9b447a673 ] gpsvc C:\Windows\System32\gpsvc.dll
18:03:59.0249 4132 gpsvc - ok
18:03:59.0405 4132 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:03:59.0405 4132 gupdate - ok
18:03:59.0436 4132 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:03:59.0436 4132 gupdatem - ok
18:03:59.0499 4132 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:03:59.0499 4132 gusvc - ok
18:03:59.0561 4132 [ 833051c6c6c42117191935f734cfbd97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
18:03:59.0561 4132 hamachi - ok
18:03:59.0592 4132 [ c44e3c2bab6837db337ddee7544736db ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:03:59.0592 4132 hcw85cir - ok
18:03:59.0639 4132 [ a5ef29d5315111c80a5c1abad14c8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:03:59.0639 4132 HdAudAddService - ok
18:03:59.0670 4132 [ 9036377b8a6c15dc2eec53e489d159b5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:03:59.0670 4132 HDAudBus - ok
18:03:59.0686 4132 [ 1d58a7f3e11a9731d0eaaaa8405acc36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:03:59.0686 4132 HidBatt - ok
18:03:59.0702 4132 [ 89448f40e6df260c206a193a4683ba78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:03:59.0702 4132 HidBth - ok
18:03:59.0717 4132 [ cf50b4cf4a4f229b9f3c08351f99ca5e ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:03:59.0733 4132 HidIr - ok
18:03:59.0764 4132 [ 2bc6f6a1992b3a77f5f41432ca6b3b6b ] hidserv C:\Windows\System32\hidserv.dll
18:03:59.0764 4132 hidserv - ok
18:03:59.0811 4132 [ 10c19f8290891af023eaec0832e1eb4d ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:03:59.0811 4132 HidUsb - ok
18:03:59.0858 4132 [ 196b4e3f4cccc24af836ce58facbb699 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:03:59.0858 4132 hkmsvc - ok
18:03:59.0920 4132 [ 6658f4404de03d75fe3ba09f7aba6a30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:03:59.0920 4132 HomeGroupListener - ok
18:03:59.0967 4132 [ dbc02d918fff1cad628acbe0c0eaa8e8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:03:59.0967 4132 HomeGroupProvider - ok
18:04:00.0092 4132 [ 0a3c6aa4a9fc38c20ba4eac2c3351c05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:04:00.0092 4132 hpqcxs08 - ok
18:04:00.0123 4132 [ f3f72a2a86c22610bca5439fa789dd52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:04:00.0123 4132 hpqddsvc - ok
18:04:00.0154 4132 [ 295fdc419039090eb8b49ffdbb374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:04:00.0154 4132 HpSAMD - ok
18:04:00.0185 4132 [ 568e44f6dcfa173f3670172b69379891 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
18:04:00.0201 4132 HPSLPSVC - ok
18:04:00.0248 4132 [ 871917b07a141bff43d76d8844d48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:04:00.0263 4132 HTTP - ok
18:04:00.0341 4132 [ 4154079a88089155d10168333b19627f ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:04:00.0341 4132 hwdatacard - ok
18:04:00.0372 4132 [ 0c4e035c7f105f1299258c90886c64c5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:04:00.0372 4132 hwpolicy - ok
18:04:00.0419 4132 [ f151f0bdc47f4a28b1b20a0818ea36d6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:04:00.0419 4132 i8042prt - ok
18:04:00.0466 4132 [ d5edb998656e6ecf1a17c78dab019a3c ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:04:00.0466 4132 iaStor - ok
18:04:00.0560 4132 [ 7493ea4de41348f7d3edbf9db298f56a ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
18:04:00.0560 4132 IAStorDataMgrSvc - ok
18:04:00.0606 4132 [ 5cd5f9a5444e6cdcb0ac89bd62d8b76e ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:04:00.0606 4132 iaStorV - ok
18:04:00.0716 4132 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:04:00.0716 4132 IDriverT - ok
18:04:00.0809 4132 [ c521d7eb6497bb1af6afa89e322fb43c ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:04:00.0856 4132 idsvc - ok
18:04:01.0137 4132 [ 8266ae06df974e5ba047b3e9e9e70b3f ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:04:01.0386 4132 igfx - ok
18:04:01.0433 4132 [ 4173ff5708f3236cf25195fecd742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:04:01.0449 4132 iirsp - ok
18:04:01.0496 4132 [ f95622f161474511b8d80d6b093aa610 ] IKEEXT C:\Windows\System32\ikeext.dll
18:04:01.0511 4132 IKEEXT - ok
18:04:01.0589 4132 [ a0f12f2c9ba6c72f3987ce780e77c130 ] intelide C:\Windows\system32\drivers\intelide.sys
18:04:01.0589 4132 intelide - ok
18:04:01.0636 4132 [ 3b514d27bfc4accb4037bc6685f766e0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:04:01.0636 4132 intelppm - ok
18:04:01.0698 4132 [ acb364b9075a45c0736e5c47be5cae19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:04:01.0698 4132 IPBusEnum - ok
18:04:01.0714 4132 [ 709d1761d3b19a932ff0238ea6d50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:04:01.0714 4132 IpFilterDriver - ok
18:04:01.0808 4132 [ 4d65a07b795d6674312f879d09aa7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:04:01.0823 4132 iphlpsvc - ok
18:04:01.0886 4132 [ 4bd7134618c1d2a27466a099062547bf ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:04:01.0886 4132 IPMIDRV - ok
18:04:01.0917 4132 [ a5fa468d67abcdaa36264e463a7bb0cd ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:04:01.0917 4132 IPNAT - ok
18:04:01.0932 4132 [ 42996cff20a3084a56017b7902307e9f ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:04:01.0932 4132 IRENUM - ok
18:04:01.0948 4132 [ 1f32bb6b38f62f7df1a7ab7292638a35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:04:01.0948 4132 isapnp - ok
18:04:01.0995 4132 [ cb7a9abb12b8415bce5d74994c7ba3ae ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:04:02.0010 4132 iScsiPrt - ok
18:04:02.0042 4132 [ 8c17deb1995e593853373c30485e7368 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
18:04:02.0042 4132 JMCR - ok
18:04:02.0073 4132 [ cd54cf660f7f079be411e97d6d794767 ] JME C:\Windows\system32\DRIVERS\JME.sys
18:04:02.0073 4132 JME - ok
18:04:02.0088 4132 [ adef52ca1aeae82b50df86b56413107e ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:04:02.0104 4132 kbdclass - ok
18:04:02.0166 4132 [ 9e3ced91863e6ee98c24794d05e27a71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:04:02.0166 4132 kbdhid - ok
18:04:02.0182 4132 [ 81951f51e318aecc2d68559e47485cc4 ] KeyIso C:\Windows\system32\lsass.exe
18:04:02.0182 4132 KeyIso - ok
18:04:02.0213 4132 [ b7895b4182c0d16f6efadeb8081e8d36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:04:02.0213 4132 KSecDD - ok
18:04:02.0244 4132 [ d30159ac9237519fbc62c6ec247d2d46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:04:02.0244 4132 KSecPkg - ok
18:04:02.0291 4132 [ 89a7b9cc98d0d80c6f31b91c0a310fcd ] KtmRm C:\Windows\system32\msdtckrm.dll
18:04:02.0307 4132 KtmRm - ok
18:04:02.0354 4132 [ d64af876d53eca3668bb97b51b4e70ab ] LanmanServer C:\Windows\System32\srvsvc.dll
18:04:02.0354 4132 LanmanServer - ok
18:04:02.0369 4132 [ 58405e4f68ba8e4057c6e914f326aba2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:04:02.0369 4132 LanmanWorkstation - ok
18:04:02.0432 4132 [ f7611ec07349979da9b0ae1f18ccc7a6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:04:02.0432 4132 lltdio - ok
18:04:02.0463 4132 [ 5700673e13a2117fa3b9020c852c01e2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:04:02.0478 4132 lltdsvc - ok
18:04:02.0494 4132 [ 55ca01ba19d0006c8f2639b6c045e08b ] lmhosts C:\Windows\System32\lmhsvc.dll
18:04:02.0494 4132 lmhosts - ok
18:04:02.0525 4132 [ eb119a53ccf2acc000ac71b065b78fef ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:04:02.0525 4132 LSI_FC - ok
18:04:02.0556 4132 [ 8ade1c877256a22e49b75d1cc9161f9c ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:04:02.0556 4132 LSI_SAS - ok
18:04:02.0588 4132 [ dc9dc3d3daa0e276fd2ec262e38b11e9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:04:02.0588 4132 LSI_SAS2 - ok
18:04:02.0603 4132 [ 0a036c7d7cab643a7f07135ac47e0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:04:02.0603 4132 LSI_SCSI - ok
18:04:02.0634 4132 [ 6703e366cc18d3b6e534f5cf7df39cee ] luafv C:\Windows\system32\drivers\luafv.sys
18:04:02.0650 4132 luafv - ok
18:04:02.0759 4132 [ 0db7527db188c7d967a37bb51bbf3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
18:04:02.0759 4132 MBAMSwissArmy - ok
18:04:02.0790 4132 [ bfb9ee8ee977efe85d1a3105abef6dd1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:04:02.0790 4132 Mcx2Svc - ok
18:04:02.0822 4132 [ 0fff5b045293002ab38eb1fd1fc2fb74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:04:02.0822 4132 megasas - ok
18:04:02.0853 4132 [ dcbab2920c75f390caf1d29f675d03d6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:04:02.0853 4132 MegaSR - ok
18:04:02.0946 4132 [ 123271bd5237ab991dc5c21fdf8835eb ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:04:02.0946 4132 Microsoft Office Groove Audit Service - ok
18:04:02.0993 4132 [ 146b6f43a673379a3c670e86d89be5ea ] MMCSS C:\Windows\system32\mmcss.dll
18:04:02.0993 4132 MMCSS - ok
18:04:03.0024 4132 [ f001861e5700ee84e2d4e52c712f4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:04:03.0024 4132 Modem - ok
18:04:03.0071 4132 [ 79d10964de86b292320e9dfe02282a23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:04:03.0071 4132 monitor - ok
18:04:03.0102 4132 [ fb18cc1d4c2e716b6b903b0ac0cc0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:04:03.0102 4132 mouclass - ok
18:04:03.0134 4132 [ 2c388d2cd01c9042596cf3c8f3c7b24d ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:04:03.0149 4132 mouhid - ok
18:04:03.0180 4132 [ fc8771f45ecccfd89684e38842539b9b ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:04:03.0180 4132 mountmgr - ok
18:04:03.0258 4132 [ 15d5398eed42c2504bb3d4fc875c15d1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:04:03.0258 4132 MozillaMaintenance - ok
18:04:03.0274 4132 [ 2d699fb6e89ce0d8da14ecc03b3edfe0 ] mpio C:\Windows\system32\drivers\mpio.sys
18:04:03.0274 4132 mpio - ok
18:04:03.0368 4132 MpKsl2c3f1dd6 - ok
18:04:03.0399 4132 MpKsla9b6fdab - ok
18:04:03.0461 4132 MpKslb94702ba - ok
18:04:03.0477 4132 MpKslf81cf681 - ok
18:04:03.0524 4132 [ ad2723a7b53dd1aacae6ad8c0bfbf4d0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:04:03.0524 4132 mpsdrv - ok
18:04:03.0617 4132 [ 9835584e999d25004e1ee8e5f3e3b881 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:04:03.0633 4132 MpsSvc - ok
18:04:03.0711 4132 [ ceb46ab7c01c9f825f8cc6babc18166a ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:04:03.0711 4132 MRxDAV - ok
18:04:03.0758 4132 [ 5d16c921e3671636c0eba3bbaac5fd25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:04:03.0758 4132 mrxsmb - ok
18:04:03.0820 4132 [ 6d17a4791aca19328c685d256349fefc ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:04:03.0820 4132 mrxsmb10 - ok
18:04:03.0836 4132 [ b81f204d146000be76651a50670a5e9e ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:04:03.0836 4132 mrxsmb20 - ok
18:04:03.0867 4132 [ 012c5f4e9349e711e11e0f19a8589f0a ] msahci C:\Windows\system32\drivers\msahci.sys
18:04:03.0867 4132 msahci - ok
18:04:03.0914 4132 [ 55055f8ad8be27a64c831322a780a228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:04:03.0914 4132 msdsm - ok
18:04:03.0945 4132 [ e1bce74a3bd9902b72599c0192a07e27 ] MSDTC C:\Windows\System32\msdtc.exe
18:04:03.0945 4132 MSDTC - ok
18:04:04.0007 4132 [ daefb28e3af5a76abcc2c3078c07327f ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:04:04.0007 4132 Msfs - ok
18:04:04.0023 4132 [ 3e1e5767043c5af9367f0056295e9f84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:04:04.0023 4132 mshidkmdf - ok
18:04:04.0054 4132 [ 0a4e5757ae09fa9622e3158cc1aef114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:04:04.0054 4132 msisadrv - ok
18:04:04.0101 4132 [ 90f7d9e6b6f27e1a707d4a297f077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:04:04.0101 4132 MSiSCSI - ok
18:04:04.0116 4132 msiserver - ok
18:04:04.0163 4132 [ 8c0860d6366aaffb6c5bb9df9448e631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:04:04.0163 4132 MSKSSRV - ok
18:04:04.0179 4132 [ 3ea8b949f963562cedbb549eac0c11ce ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:04:04.0179 4132 MSPCLOCK - ok
18:04:04.0210 4132 [ f456e973590d663b1073e9c463b40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:04:04.0210 4132 MSPQM - ok
18:04:04.0272 4132 [ 0e008fc4819d238c51d7c93e7b41e560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:04:04.0288 4132 MsRPC - ok
18:04:04.0335 4132 [ fc6b9ff600cc585ea38b12589bd4e246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:04:04.0335 4132 mssmbios - ok
18:04:04.0350 4132 [ b42c6b921f61a6e55159b8be6cd54a36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:04:04.0366 4132 MSTEE - ok
18:04:04.0382 4132 [ 33599130f44e1f34631cea241de8ac84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:04:04.0382 4132 MTConfig - ok
18:04:04.0397 4132 [ 159fad02f64e6381758c990f753bcc80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:04:04.0397 4132 Mup - ok
18:04:04.0444 4132 [ 61d57a5d7c6d9afe10e77dae6e1b445e ] napagent C:\Windows\system32\qagentRT.dll
18:04:04.0444 4132 napagent - ok
18:04:04.0491 4132 [ 26384429fcd85d83746f63e798ab1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:04:04.0491 4132 NativeWifiP - ok
18:04:04.0569 4132 [ e7c54812a2aaf43316eb6930c1ffa108 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:04:04.0584 4132 NDIS - ok
18:04:04.0616 4132 [ 0e1787aa6c9191d3d319e8bafe86f80c ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:04:04.0616 4132 NdisCap - ok
18:04:04.0631 4132 [ e4a8aec125a2e43a9e32afeea7c9c888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:04:04.0631 4132 NdisTapi - ok
18:04:04.0678 4132 [ d8a65dafb3eb41cbb622745676fcd072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:04:04.0678 4132 Ndisuio - ok
18:04:04.0709 4132 [ 38fbe267e7e6983311179230facb1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:04:04.0709 4132 NdisWan - ok
18:04:04.0725 4132 [ a4bdc541e69674fbff1a8ff00be913f2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:04:04.0725 4132 NDProxy - ok
18:04:04.0787 4132 [ a081cb6fb9a12668f233eb5414be3a0e ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:04:04.0787 4132 Net Driver HPZ12 - ok
18:04:04.0818 4132 [ 80b275b1ce3b0e79909db7b39af74d51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:04:04.0818 4132 NetBIOS - ok
18:04:04.0881 4132 [ 280122ddcf04b378edd1ad54d71c1e54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:04:04.0881 4132 NetBT - ok
18:04:04.0896 4132 [ 81951f51e318aecc2d68559e47485cc4 ] Netlogon C:\Windows\system32\lsass.exe
18:04:04.0896 4132 Netlogon - ok
18:04:04.0943 4132 [ 7cccfca7510684768da22092d1fa4db2 ] Netman C:\Windows\System32\netman.dll
18:04:04.0943 4132 Netman - ok
18:04:04.0974 4132 [ 8c338238c16777a802d6a9211eb2ba50 ] netprofm C:\Windows\System32\netprofm.dll
18:04:04.0974 4132 netprofm - ok
18:04:05.0021 4132 [ f476ec40033cdb91efbe73eb99b8362d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:04:05.0021 4132 NetTcpPortSharing - ok
18:04:05.0052 4132 [ 1d85c4b390b0ee09c7a46b91efb2c097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:04:05.0052 4132 nfrd960 - ok
18:04:05.0099 4132 [ 912084381d30d8b89ec4e293053f4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:04:05.0115 4132 NlaSvc - ok
18:04:05.0130 4132 [ 1db262a9f8c087e8153d89bef3d2235f ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:04:05.0130 4132 Npfs - ok
18:04:05.0162 4132 [ ba387e955e890c8a88306d9b8d06bf17 ] nsi C:\Windows\system32\nsisvc.dll
18:04:05.0162 4132 nsi - ok
18:04:05.0177 4132 [ e9a0a4d07e53d8fea2bb8387a3293c58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:04:05.0177 4132 nsiproxy - ok
18:04:05.0240 4132 [ 81189c3d7763838e55c397759d49007a ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:04:05.0286 4132 Ntfs - ok
18:04:05.0349 4132 [ f9756a98d69098dca8945d62858a812c ] Null C:\Windows\system32\drivers\Null.sys
18:04:05.0349 4132 Null - ok
18:04:05.0364 4132 [ b3e25ee28883877076e0e1ff877d02e0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:04:05.0364 4132 nvraid - ok
18:04:05.0411 4132 [ 4380e59a170d88c4f1022eff6719a8a4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:04:05.0411 4132 nvstor - ok
18:04:05.0442 4132 [ 5a0983915f02bae73267cc2a041f717d ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:04:05.0442 4132 nv_agp - ok
18:04:05.0520 4132 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:04:05.0536 4132 odserv - ok
18:04:05.0583 4132 [ 08a70a1f2cdde9bb49b885cb817a66eb ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:04:05.0583 4132 ohci1394 - ok
18:04:05.0614 4132 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:04:05.0614 4132 ose - ok
18:04:05.0661 4132 [ 82a8521ddc60710c3d3d3e7325209bec ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:04:05.0676 4132 p2pimsvc - ok
18:04:05.0708 4132 [ 59c3ddd501e39e006dac31bf55150d91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:04:05.0723 4132 p2psvc - ok
18:04:05.0739 4132 [ 2ea877ed5dd9713c5ac74e8ea7348d14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:04:05.0739 4132 Parport - ok
18:04:05.0786 4132 [ 3f34a1b4c5f6475f320c275e63afce9b ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:04:05.0786 4132 partmgr - ok
18:04:05.0801 4132 [ eb0a59f29c19b86479d36b35983daadc ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:04:05.0801 4132 Parvdm - ok
18:04:05.0817 4132 [ 358ab7956d3160000726574083dfc8a6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:04:05.0832 4132 PcaSvc - ok
18:04:05.0832 4132 [ 673e55c3498eb970088e812ea820aa8f ] pci C:\Windows\system32\drivers\pci.sys
18:04:05.0848 4132 pci - ok
18:04:05.0879 4132 [ afe86f419014db4e5593f69ffe26ce0a ] pciide C:\Windows\system32\drivers\pciide.sys
18:04:05.0879 4132 pciide - ok
18:04:05.0926 4132 [ f396431b31693e71e8a80687ef523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:04:05.0926 4132 pcmcia - ok
18:04:06.0004 4132 [ 56e916d31fbc2d811d69c25e230f8f7e ] PCSUService C:\Program Files\PC Speed Up\PCSUService.exe
18:04:06.0004 4132 PCSUService - ok
18:04:06.0035 4132 [ 250f6b43d2b613172035c6747aeeb19f ] pcw C:\Windows\system32\drivers\pcw.sys
18:04:06.0035 4132 pcw - ok
18:04:06.0082 4132 [ 9e0104ba49f4e6973749a02bf41344ed ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:04:06.0082 4132 PEAUTH - ok
18:04:06.0191 4132 [ 414bba67a3ded1d28437eb66aeb8a720 ] pla C:\Windows\system32\pla.dll
18:04:06.0238 4132 pla - ok
18:04:06.0316 4132 [ ec7bc28d207da09e79b3e9faf8b232ca ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:04:06.0316 4132 PlugPlay - ok
18:04:06.0378 4132 [ 65bc271f337637731d3c71455ae1f476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:04:06.0378 4132 Pml Driver HPZ12 - ok
18:04:06.0410 4132 [ 63ff8572611249931eb16bb8eed6afc8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:04:06.0410 4132 PNRPAutoReg - ok
18:04:06.0441 4132 [ 82a8521ddc60710c3d3d3e7325209bec ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:04:06.0441 4132 PNRPsvc - ok
18:04:06.0472 4132 [ 53946b69ba0836bd95b03759530c81ec ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:04:06.0488 4132 PolicyAgent - ok
18:04:06.0534 4132 [ f87d30e72e03d579a5199ccb3831d6ea ] Power C:\Windows\system32\umpo.dll
18:04:06.0550 4132 Power - ok
18:04:06.0581 4132 [ 631e3e205ad6d86f2aed6a4a8e69f2db ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:04:06.0581 4132 PptpMiniport - ok
18:04:06.0597 4132 [ 85b1e3a0c7585bc4aae6899ec6fcf011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:04:06.0597 4132 Processor - ok
18:04:06.0628 4132 [ cadefac453040e370a1bdff3973be00d ] ProfSvc C:\Windows\system32\profsvc.dll
18:04:06.0644 4132 ProfSvc - ok
18:04:06.0659 4132 [ 81951f51e318aecc2d68559e47485cc4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:04:06.0659 4132 ProtectedStorage - ok
18:04:06.0706 4132 [ 6270ccae2a86de6d146529fe55b3246a ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:04:06.0706 4132 Psched - ok
18:04:06.0753 4132 [ ab95ecf1f6659a60ddc166d8315b0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:04:06.0784 4132 ql2300 - ok
18:04:06.0815 4132 [ b4dd51dd25182244b86737dc51af2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:04:06.0815 4132 ql40xx - ok
18:04:06.0846 4132 [ 31ac809e7707eb580b2bdb760390765a ] QWAVE C:\Windows\system32\qwave.dll
18:04:06.0862 4132 QWAVE - ok
18:04:06.0878 4132 [ 584078ca1b95ca72df2a27c336f9719d ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:04:06.0878 4132 QWAVEdrv - ok
18:04:06.0956 4132 [ 30a81b53c766d0133bb86d234e5556ab ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:04:06.0956 4132 RasAcd - ok
18:04:06.0987 4132 [ 57ec4aef73660166074d8f7f31c0d4fd ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:04:06.0987 4132 RasAgileVpn - ok
18:04:07.0034 4132 [ a60f1839849c0c00739787fd5ec03f13 ] RasAuto C:\Windows\System32\rasauto.dll
18:04:07.0034 4132 RasAuto - ok
18:04:07.0049 4132 [ d9f91eafec2815365cbe6d167e4e332a ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:04:07.0049 4132 Rasl2tp - ok
18:04:07.0096 4132 [ cb9e04dc05eacf5b9a36ca276d475006 ] RasMan C:\Windows\System32\rasmans.dll
18:04:07.0112 4132 RasMan - ok
18:04:07.0143 4132 [ 0fe8b15916307a6ac12bfb6a63e45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:04:07.0143 4132 RasPppoe - ok
18:04:07.0158 4132 [ 44101f495a83ea6401d886e7fd70096b ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:04:07.0174 4132 RasSstp - ok
18:04:07.0221 4132 [ d528bc58a489409ba40334ebf96a311b ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:04:07.0221 4132 rdbss - ok
18:04:07.0252 4132 [ 0d8f05481cb76e70e1da06ee9f0da9df ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:04:07.0252 4132 rdpbus - ok
18:04:07.0330 4132 [ 23dae03f29d253ae74c44f99e515f9a1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:04:07.0330 4132 RDPCDD - ok
18:04:07.0346 4132 [ 5a53ca1598dd4156d44196d200c94b8a ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:04:07.0346 4132 RDPENCDD - ok
18:04:07.0361 4132 [ 44b0a53cd4f27d50ed461dae0c0b4e1f ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:04:07.0361 4132 RDPREFMP - ok
18:04:07.0408 4132 [ f031683e6d1fea157abb2ff260b51e61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:04:07.0408 4132 RDPWD - ok
18:04:07.0470 4132 [ 518395321dc96fe2c9f0e96ac743b656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:04:07.0470 4132 rdyboost - ok
18:04:07.0517 4132 [ 7b5e1419717fac363a31cc302895217a ] RemoteAccess C:\Windows\System32\mprdim.dll
18:04:07.0517 4132 RemoteAccess - ok
18:04:07.0564 4132 [ cb9a8683f4ef2bf99e123d79950d7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:04:07.0564 4132 RemoteRegistry - ok
18:04:07.0595 4132 [ 78d072f35bc45d9e4e1b61895c152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:04:07.0595 4132 RpcEptMapper - ok
18:04:07.0626 4132 [ 94d36c0e44677dd26981d2bfeef2a29d ] RpcLocator C:\Windows\system32\locator.exe
18:04:07.0642 4132 RpcLocator - ok
18:04:07.0658 4132 [ 7660f01d3b38aca1747e397d21d790af ] RpcSs C:\Windows\system32\rpcss.dll
18:04:07.0673 4132 RpcSs - ok
18:04:07.0704 4132 [ 032b0d36ad92b582d869879f5af5b928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:04:07.0704 4132 rspndr - ok
18:04:07.0767 4132 [ ab771b512804aa85959e9da8ca55165b ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
18:04:07.0782 4132 rtl8192se - ok
18:04:07.0829 4132 [ 81951f51e318aecc2d68559e47485cc4 ] SamSs C:\Windows\system32\lsass.exe
18:04:07.0829 4132 SamSs - ok
18:04:07.0876 4132 [ 05d860da1040f111503ac416ccef2bca ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:04:07.0876 4132 sbp2port - ok
18:04:07.0907 4132 [ 8fc518ffe9519c2631d37515a68009c4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:04:07.0907 4132 SCardSvr - ok
18:04:07.0938 4132 [ 0693b5ec673e34dc147e195779a4dcf6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:04:07.0938 4132 scfilter - ok
18:04:07.0985 4132 [ a04bb13f8a72f8b6e8b4071723e4e336 ] Schedule C:\Windows\system32\schedsvc.dll
18:04:08.0016 4132 Schedule - ok
18:04:08.0063 4132 [ 319c6b309773d063541d01df8ac6f55f ] SCPolicySvc C:\Windows\System32\certprop.dll
18:04:08.0063 4132 SCPolicySvc - ok
18:04:08.0094 4132 [ 0328be1c7f1cba23848179f8762e391c ] sdbus C:\Windows\system32\drivers\sdbus.sys
18:04:08.0094 4132 sdbus - ok
18:04:08.0141 4132 [ 08236c4bce5edd0a0318a438af28e0f7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:04:08.0141 4132 SDRSVC - ok
18:04:08.0188 4132 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:04:08.0204 4132 secdrv - ok
18:04:08.0219 4132 [ a59b3a4442c52060cc7a85293aa3546f ] seclogon C:\Windows\system32\seclogon.dll
18:04:08.0235 4132 seclogon - ok
18:04:08.0282 4132 [ dcb7fcdcc97f87360f75d77425b81737 ] SENS C:\Windows\system32\sens.dll
18:04:08.0282 4132 SENS - ok
18:04:08.0297 4132 [ 50087fe1ee447009c9cc2997b90de53f ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:04:08.0313 4132 SensrSvc - ok
18:04:08.0328 4132 [ 9ad8b8b515e3df6acd4212ef465de2d1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:04:08.0328 4132 Serenum - ok
18:04:08.0344 4132 [ 5fb7fcea0490d821f26f39cc5ea3d1e2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:04:08.0360 4132 Serial - ok
18:04:08.0391 4132 [ 79bffb520327ff916a582dfea17aa813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:04:08.0391 4132 sermouse - ok
18:04:08.0453 4132 [ 4ae380f39a0032eab7dd953030b26d28 ] SessionEnv C:\Windows\system32\sessenv.dll
18:04:08.0469 4132 SessionEnv - ok
18:04:08.0516 4132 [ 9f976e1eb233df46fce808d9dea3eb9c ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:04:08.0516 4132 sffdisk - ok
18:04:08.0531 4132 [ 932a68ee27833cfd57c1639d375f2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:04:08.0531 4132 sffp_mmc - ok
18:04:08.0547 4132 [ 6d4ccaedc018f1cf52866bbbaa235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:04:08.0547 4132 sffp_sd - ok
18:04:08.0578 4132 [ db96666cc8312ebc45032f30b007a547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:04:08.0578 4132 sfloppy - ok
18:04:08.0687 4132 [ d1a079a0de2ea524513b6930c24527a2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:04:08.0687 4132 SharedAccess - ok
18:04:08.0750 4132 [ 414da952a35bf5d50192e28263b40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:04:08.0750 4132 ShellHWDetection - ok
18:04:08.0812 4132 [ 2565cac0dc9fe0371bdce60832582b2e ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:04:08.0812 4132 sisagp - ok
18:04:08.0843 4132 [ a9f0486851becb6dda1d89d381e71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:04:08.0843 4132 SiSRaid2 - ok
18:04:08.0859 4132 [ 3727097b55738e2f554972c3be5bc1aa ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:04:08.0859 4132 SiSRaid4 - ok
18:04:08.0890 4132 [ 3e21c083b8a01cb70ba1f09303010fce ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:04:08.0890 4132 Smb - ok
18:04:08.0968 4132 [ 6a984831644eca1a33ffeae4126f4f37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:04:08.0984 4132 SNMPTRAP - ok
18:04:09.0015 4132 [ 6a06e33b9c2502d315c23731401358bf ] SoilIO C:\Windows\system32\drivers\SoilIO.sys
18:04:09.0015 4132 SoilIO - ok
18:04:09.0062 4132 [ 4125ae13e301edd3e0ffd57a7ac00258 ] soilkbc C:\Windows\system32\drivers\soilkbc.sys
18:04:09.0062 4132 soilkbc - ok
18:04:09.0093 4132 [ f0e973c24c9dfece8853588918e62055 ] SoilMC C:\Windows\system32\drivers\SoilMC.sys
18:04:09.0093 4132 SoilMC - ok
18:04:09.0108 4132 [ 95cf1ae7527fb70f7816563cbc09d942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:04:09.0108 4132 spldr - ok
18:04:09.0155 4132 [ 866a43013535dc8587c258e43579c764 ] Spooler C:\Windows\System32\spoolsv.exe
18:04:09.0155 4132 Spooler - ok
18:04:09.0280 4132 [ cf87a1de791347e75b98885214ced2b8 ] sppsvc C:\Windows\system32\sppsvc.exe
18:04:09.0405 4132 sppsvc - ok
18:04:09.0452 4132 [ b0180b20b065d89232a78a40fe56eaa6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:04:09.0452 4132 sppuinotify - ok
18:04:09.0498 4132 [ e4c2764065d66ea1d2d3ebc28fe99c46 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:04:09.0498 4132 srv - ok
18:04:09.0530 4132 [ 03f0545bd8d4c77fa0ae1ceedfcc71ab ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:04:09.0545 4132 srv2 - ok
18:04:09.0561 4132 [ be6bd660caa6f291ae06a718a4fa8abc ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:04:09.0561 4132 srvnet - ok
18:04:09.0623 4132 [ d887c9fd02ac9fa880f6e5027a43e118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:04:09.0623 4132 SSDPSRV - ok
18:04:09.0639 4132 [ d318f23be45d5e3a107469eb64815b50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:04:09.0639 4132 SstpSvc - ok
18:04:09.0764 4132 [ a41f8321d64fd1cbc8df7dc29f785a4b ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ca4025c68f96926d\STacSV.exe
18:04:09.0764 4132 STacSV - ok
18:04:09.0810 4132 [ db32d325c192b801df274bfd12a7e72b ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:04:09.0810 4132 stexstor - ok
18:04:09.0857 4132 [ 1dfdb2910eaa4df8ed02b41f4aa2925f ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
18:04:09.0873 4132 STHDA - ok
18:04:09.0935 4132 [ edb05bd63148796f23ea78506404a538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
18:04:09.0935 4132 StillCam - ok
18:04:09.0982 4132 [ e1fb3706030fb4578a0d72c2fc3689e4 ] StiSvc C:\Windows\System32\wiaservc.dll
18:04:09.0982 4132 StiSvc - ok
18:04:10.0029 4132 [ e58c78a848add9610a4db6d214af5224 ] swenum C:\Windows\system32\drivers\swenum.sys
18:04:10.0029 4132 swenum - ok
18:04:10.0076 4132 [ a28bd92df340e57b024ba433165d34d7 ] swprv C:\Windows\System32\swprv.dll
18:04:10.0091 4132 swprv - ok
18:04:10.0169 4132 [ 36650d618ca34c9d357dfd3d89b2c56f ] SysMain C:\Windows\system32\sysmain.dll
18:04:10.0200 4132 SysMain - ok
18:04:10.0232 4132 [ 763fecdc3d30c815fe72dd57936c6cd1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:04:10.0247 4132 TabletInputService - ok
18:04:10.0278 4132 [ 613bf4820361543956909043a265c6ac ] TapiSrv C:\Windows\System32\tapisrv.dll
18:04:10.0294 4132 TapiSrv - ok
18:04:10.0325 4132 [ b799d9fdb26111737f58288d8dc172d9 ] TBS C:\Windows\System32\tbssvc.dll
18:04:10.0341 4132 TBS - ok
18:04:10.0403 4132 [ 7fa2e0f8b072bd04b77b421480b6cc22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:04:10.0450 4132 Tcpip - ok
18:04:10.0481 4132 [ 7fa2e0f8b072bd04b77b421480b6cc22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:04:10.0497 4132 TCPIP6 - ok
18:04:10.0544 4132 [ cca24162e055c3714ce5a88b100c64ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:04:10.0544 4132 tcpipreg - ok
18:04:10.0590 4132 [ 1cb91b2bd8f6dd367dfc2ef26fd751b2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:04:10.0590 4132 TDPIPE - ok
18:04:10.0622 4132 [ 2c2c5afe7ee4f620d69c23c0617651a8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:04:10.0622 4132 TDTCP - ok
18:04:10.0668 4132 [ b459575348c20e8121d6039da063c704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:04:10.0668 4132 tdx - ok
18:04:10.0715 4132 [ 04dbf4b01ea4bf25a9a3e84affac9b20 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:04:10.0715 4132 TermDD - ok
18:04:10.0762 4132 [ 382c804c92811be57829d8e550a900e2 ] TermService C:\Windows\System32\termsrv.dll
18:04:10.0762 4132 TermService - ok
18:04:10.0793 4132 [ 42fb6afd6b79d9fe07381609172e7ca4 ] Themes C:\Windows\system32\themeservice.dll
18:04:10.0809 4132 Themes - ok
18:04:10.0824 4132 [ 146b6f43a673379a3c670e86d89be5ea ] THREADORDER C:\Windows\system32\mmcss.dll
18:04:10.0824 4132 THREADORDER - ok
18:04:10.0840 4132 [ 4792c0378db99a9bc2ae2de6cfff0c3a ] TrkWks C:\Windows\System32\trkwks.dll
18:04:10.0840 4132 TrkWks - ok
18:04:10.0902 4132 [ 2c49b175aee1d4364b91b531417fe583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:04:10.0902 4132 TrustedInstaller - ok
18:04:10.0965 4132 [ 254bb140eee3c59d6114c1a86b636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:04:10.0965 4132 tssecsrv - ok
18:04:11.0027 4132 [ fd1d6c73e6333be727cbcc6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:04:11.0027 4132 TsUsbFlt - ok
18:04:11.0058 4132 [ b2fa25d9b17a68bb93d58b0556e8c90d ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:04:11.0058 4132 tunnel - ok
18:04:11.0090 4132 [ 750fbcb269f4d7dd2e420c56b795db6d ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:04:11.0090 4132 uagp35 - ok
18:04:11.0121 4132 [ ee43346c7e4b5e63e54f927babbb32ff ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:04:11.0136 4132 udfs - ok
18:04:11.0168 4132 [ 8344fd4fce927880aa1aa7681d4927e5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:04:11.0168 4132 UI0Detect - ok
18:04:11.0183 4132 [ 44e8048ace47befbfdc2e9be4cbc8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:04:11.0183 4132 uliagpkx - ok
18:04:11.0199 4132 [ d295bed4b898f0fd999fcfa9b32b071b ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:04:11.0199 4132 umbus - ok
18:04:11.0230 4132 [ 7550ad0c6998ba1cb4843e920ee0feac ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:04:11.0230 4132 UmPass - ok
18:04:11.0277 4132 [ 833fbb672460efce8011d262175fad33 ] upnphost C:\Windows\System32\upnphost.dll
18:04:11.0277 4132 upnphost - ok
18:04:11.0308 4132 [ bd9c55d7023c5de374507acc7a14e2ac ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:04:11.0324 4132 usbccgp - ok
18:04:11.0355 4132 [ 04ec7cec62ec3b6d9354eee93327fc82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:04:11.0355 4132 usbcir - ok
18:04:11.0386 4132 [ f92de757e4b7ce9c07c5e65423f3ae3b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:04:11.0386 4132 usbehci - ok
18:04:11.0433 4132 [ 8dc94aec6a7e644a06135ae7506dc2e9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:04:11.0433 4132 usbhub - ok
18:04:11.0448 4132 [ e185d44fac515a18d9deddc23c2cdf44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:04:11.0448 4132 usbohci - ok
18:04:11.0495 4132 [ 797d862fe0875e75c7cc4c1ad7b30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:04:11.0495 4132 usbprint - ok
18:04:11.0526 4132 [ 576096ccbc07e7c4ea4f5e6686d6888f ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:04:11.0526 4132 usbscan - ok
18:04:11.0589 4132 [ f991ab9cc6b908db552166768176896a ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:04:11.0589 4132 USBSTOR - ok
18:04:11.0620 4132 [ 68df884cf41cdada664beb01daf67e3d ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:04:11.0620 4132 usbuhci - ok
18:04:11.0636 4132 [ 45f4e7bf43db40a6c6b4d92c76cbc3f2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:04:11.0651 4132 usbvideo - ok
18:04:11.0667 4132 [ 081e6e1c91aec36758902a9f727cd23c ] UxSms C:\Windows\System32\uxsms.dll
18:04:11.0682 4132 UxSms - ok
18:04:11.0698 4132 [ 81951f51e318aecc2d68559e47485cc4 ] VaultSvc C:\Windows\system32\lsass.exe
18:04:11.0698 4132 VaultSvc - ok
18:04:11.0714 4132 [ a059c4c3edb09e07d21a8e5c0aabd3cb ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:04:11.0714 4132 vdrvroot - ok
18:04:11.0760 4132 [ c3cd30495687c2a2f66a65ca6fd89be9 ] vds C:\Windows\System32\vds.exe
18:04:11.0776 4132 vds - ok
18:04:11.0823 4132 [ 17c408214ea61696cec9c66e388b14f3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:04:11.0823 4132 vga - ok
18:04:11.0838 4132 [ 8e38096ad5c8570a6f1570a61e251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:04:11.0838 4132 VgaSave - ok
18:04:11.0870 4132 [ 5461686cca2fda57b024547733ab42e3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:04:11.0870 4132 vhdmp - ok
18:04:11.0901 4132 [ c829317a37b4bea8f39735d4b076e923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:04:11.0901 4132 viaagp - ok
18:04:11.0916 4132 [ e02f079a6aa107f06b16549c6e5c7b74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
18:04:11.0916 4132 ViaC7 - ok
18:04:11.0948 4132 [ e43574f6a56a0ee11809b48c09e4fd3c ] viaide C:\Windows\system32\drivers\viaide.sys
18:04:11.0948 4132 viaide - ok
18:04:11.0963 4132 [ 4c63e00f2f4b5f86ab48a58cd990f212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:04:11.0963 4132 volmgr - ok
18:04:11.0979 4132 [ b5bb72067ddddbbfb04b2f89ff8c3c87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:04:11.0994 4132 volmgrx - ok
18:04:12.0041 4132 [ f497f67932c6fa693d7de2780631cfe7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:04:12.0041 4132 volsnap - ok
18:04:12.0057 4132 [ 9dfa0cc2f8855a04816729651175b631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:04:12.0072 4132 vsmraid - ok
18:04:12.0119 4132 [ 209a3b1901b83aeb8527ed211cce9e4c ] VSS C:\Windows\system32\vssvc.exe
18:04:12.0166 4132 VSS - ok
18:04:12.0213 4132 [ 90567b1e658001e79d7c8bbd3dde5aa6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:04:12.0213 4132 vwifibus - ok
18:04:12.0260 4132 [ 7090d3436eeb4e7da3373090a23448f7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:04:12.0260 4132 vwififlt - ok
18:04:12.0306 4132 [ 55187fd710e27d5095d10a472c8baf1c ] W32Time C:\Windows\system32\w32time.dll
18:04:12.0306 4132 W32Time - ok
18:04:12.0338 4132 [ de3721e89c653aa281428c8a69745d90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:04:12.0338 4132 WacomPen - ok
18:04:12.0369 4132 [ 3c3c78515f5ab448b022bdf5b8ffdd2e ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:04:12.0369 4132 WANARP - ok
18:04:12.0384 4132 [ 3c3c78515f5ab448b022bdf5b8ffdd2e ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:04:12.0384 4132 Wanarpv6 - ok
18:04:12.0462 4132 [ 353a04c273ec58475d8633e75ccd5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:04:12.0494 4132 WatAdminSvc - ok
18:04:12.0587 4132 [ 691e3285e53dca558e1a84667f13e15a ] wbengine C:\Windows\system32\wbengine.exe
18:04:12.0634 4132 wbengine - ok
18:04:12.0696 4132 [ 9614b5d29dc76ac3c29f6d2d3aa70e67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:04:12.0712 4132 WbioSrvc - ok
18:04:12.0743 4132 [ 34eee0dfaadb4f691d6d5308a51315dc ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:04:12.0743 4132 wcncsvc - ok
18:04:12.0774 4132 [ 5d930b6357a6d2af4d7653bdabbf352f ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:04:12.0774 4132 WcsPlugInService - ok
18:04:12.0806 4132 [ 1112a9badacb47b7c0bb0392e3158dff ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:04:12.0806 4132 Wd - ok
18:04:12.0837 4132 [ 9950e3d0f08141c7e89e64456ae7dc73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:04:12.0837 4132 Wdf01000 - ok
18:04:12.0852 4132 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:04:12.0868 4132 WdiServiceHost - ok
18:04:12.0868 4132 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:04:12.0884 4132 WdiSystemHost - ok
18:04:12.0915 4132 [ a9d880f97530d5b8fee278923349929d ] WebClient C:\Windows\System32\webclnt.dll
18:04:12.0930 4132 WebClient - ok
18:04:12.0962 4132 [ 760f0afe937a77cff27153206534f275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:04:12.0962 4132 Wecsvc - ok
18:04:12.0993 4132 [ ac804569bb2364fb6017370258a4091b ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:04:12.0993 4132 wercplsupport - ok
18:04:13.0008 4132 [ 08e420d873e4fd85241ee2421b02c4a4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:04:13.0024 4132 WerSvc - ok
18:04:13.0055 4132 [ 8b9a943f3b53861f2bfaf6c186168f79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:04:13.0055 4132 WfpLwf - ok
18:04:13.0118 4132 [ 5cf95b35e59e2a38023836fff31be64c ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:04:13.0118 4132 WIMMount - ok
18:04:13.0242 4132 [ 3fae8f94296001c32eab62cd7d82e0fd ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:04:13.0242 4132 WinDefend - ok
18:04:13.0258 4132 WinHttpAutoProxySvc - ok
18:04:13.0352 4132 [ f62e510b6ad4c21eb9fe8668ed251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:04:13.0352 4132 Winmgmt - ok
18:04:13.0430 4132 [ 1b91cd34ea3a90ab6a4ef0550174f4cc ] WinRM C:\Windows\system32\WsmSvc.dll
18:04:13.0476 4132 WinRM - ok
18:04:13.0586 4132 [ 16935c98ff639d185086a3529b1f2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:04:13.0632 4132 Wlansvc - ok
18:04:13.0679 4132 [ 0217679b8fca58714c3bf2726d2ca84e ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:04:13.0679 4132 WmiAcpi - ok
18:04:13.0726 4132 [ 6eb6b66517b048d87dc1856ddf1f4c3f ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:04:13.0726 4132 wmiApSrv - ok
18:04:13.0820 4132 [ 3b40d3a61aa8c21b88ae57c58ab3122e ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:04:13.0851 4132 WMPNetworkSvc - ok
18:04:13.0913 4132 [ a2f0ec770a92f2b3f9de6d518e11409c ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:04:13.0913 4132 WPCSvc - ok
18:04:13.0960 4132 [ aa53356d60af47eacc85bc617a4f3f66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:04:13.0960 4132 WPDBusEnum - ok
18:04:13.0991 4132 [ 6db3276587b853bf886b69528fdb048c ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:04:13.0991 4132 ws2ifsl - ok
18:04:14.0085 4132 [ 6f5d49efe0e7164e03ae773a3fe25340 ] wscsvc C:\Windows\system32\wscsvc.dll
18:04:14.0100 4132 wscsvc - ok
18:04:14.0147 4132 [ 553f6ccd7c58eb98d4a8fbdaf283d7a9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
18:04:14.0147 4132 WSDPrintDevice - ok
18:04:14.0163 4132 WSearch - ok
18:04:14.0272 4132 [ fc3ec24fce372c89423e015a2ac1a31e ] wuauserv C:\Windows\system32\wuaueng.dll
18:04:14.0334 4132 wuauserv - ok
18:04:14.0381 4132 [ e714a1c0354636837e20ccbf00888ee7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:04:14.0381 4132 WudfPf - ok
18:04:14.0412 4132 [ 1023ee888c9b47178c5293ed5336ab69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:04:14.0428 4132 WUDFRd - ok
18:04:14.0459 4132 [ 8d1e1e529a2c9e9b6a85b55a345f7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:04:14.0475 4132 wudfsvc - ok
18:04:14.0506 4132 [ ff2d745b560f7c71b31f30f4d49f73d2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:04:14.0522 4132 WwanSvc - ok
18:04:14.0553 4132 ================ Scan global ===============================
18:04:14.0600 4132 (dab748ae0439955ed2fa22357533dddb) C:\Windows\system32\basesrv.dll
18:04:14.0646 4132 (183b4188d5d91b271613ec3efd1b3cef) C:\Windows\system32\winsrv.dll
18:04:14.0662 4132 (183b4188d5d91b271613ec3efd1b3cef) C:\Windows\system32\winsrv.dll
18:04:14.0678 4132 (364455805e64882844ee9acb72522830) C:\Windows\system32\sxssrv.dll
18:04:14.0740 4132 (5f1b6a9c35d3d5ca72d6d6fdef9747d6) C:\Windows\system32\services.exe
18:04:14.0740 4132 [Global] - ok
18:04:14.0740 4132 ================ Scan MBR ==================================
18:04:14.0771 4132 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:04:15.0021 4132 \Device\Harddisk0\DR0 - ok
18:04:15.0021 4132 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:04:15.0021 4132 \Device\Harddisk1\DR1 - ok
18:04:15.0021 4132 ================ Scan VBR ==================================
18:04:15.0036 4132 Boot (0x1200) (70322ae3e01582b5df82d2a161fed57b) \Device\Harddisk0\DR0\Partition1
18:04:15.0036 4132 \Device\Harddisk0\DR0\Partition1 - ok
18:04:15.0052 4132 Boot (0x1200) (ac324823240a64fdce6f6aa05716bbac) \Device\Harddisk0\DR0\Partition2
18:04:15.0068 4132 \Device\Harddisk0\DR0\Partition2 - ok
18:04:15.0068 4132 Boot (0x1200) (b71e13663ae1ad7898f152bdda4d9f79) \Device\Harddisk1\DR1\Partition1
18:04:15.0083 4132 \Device\Harddisk1\DR1\Partition1 - ok
18:04:15.0083 4132 ============================================================
18:04:15.0083 4132 Scan finished
18:04:15.0083 4132 ============================================================
18:04:15.0099 5640 Detected object count: 0
18:04:15.0099 5640 Actual detected object count: 0

Then I download and ran aswMBR. I allowed it to download a lot of Avast definitions and let it do its scan. The log file is:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-16 19:09:59
-----------------------------
19:09:59.565 OS Version: Windows 6.1.7601 Service Pack 1
19:09:59.565 Number of processors: 2 586 0x170A
19:09:59.565 ComputerName: MOT2UGLOUCESTER UserName:
19:10:04.401 Initialize success
19:10:15.898 AVAST engine defs: 12081600
19:10:28.425 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:10:28.440 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
19:10:28.456 Disk 0 MBR read successfully
19:10:28.456 Disk 0 MBR scan
19:10:28.471 Disk 0 Windows 7 default MBR code
19:10:28.471 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 5739 MB offset 2048
19:10:28.503 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 299504 MB offset 11755520
19:10:28.518 Disk 0 scanning sectors +625139712
19:10:28.596 Disk 0 scanning C:\Windows\system32\drivers
19:10:42.948 Service scanning
19:11:26.519 Modules scanning
19:11:38.453 Disk 0 trace - called modules:
19:11:38.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
19:11:38.999 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e1aa38]
19:11:38.999 3 CLASSPNP.SYS[8999659e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862ef028]
19:11:40.044 AVAST engine scan C:\Windows
19:11:43.866 AVAST engine scan C:\Windows\system32
19:16:20.816 AVAST engine scan C:\Windows\system32\drivers
19:16:42.391 AVAST engine scan C:\Users\MOT2U Gloucester
19:51:08.240 AVAST engine scan C:\ProgramData
19:53:03.353 File: C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll **INFECTED** Win32:Adware-gen [Adw]
19:53:04.461 Scan finished successfully
19:55:24.908 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
19:55:24.923 The log file has been saved successfully to "E:\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 AM

Posted 16 August 2012 - 02:32 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\ProgramData\Tarma Installer

File::
c:\windows\system32\drivers\xnrvytti.sys
c:\windows\Installer\{4A65DAD2-E914-4923-9C2A-81B968A68CE2}\_A685CC3126A7CC37D335DE.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Oggadon

Oggadon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 16 August 2012 - 03:09 PM

Bonjouro again!

I created the CFScript.txt as instructed and dragged and dropped it onto the ComboFix.exe file on the desktop. It went off and did its stuff with no problems (no reboots,

ComboFix 12-08-16.01 - MOT2U Gloucester 16/08/2012 20:41:59.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2013.908 [GMT 1:00]
Running from: E:\ComboFix.exe
Command switches used :: c:\users\MOT2U Gloucester\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Installer\{4A65DAD2-E914-4923-9C2A-81B968A68CE2}\_A685CC3126A7CC37D335DE.exe"
"c:\windows\system32\drivers\xnrvytti.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico
c:\windows\Installer\{4A65DAD2-E914-4923-9C2A-81B968A68CE2}\_A685CC3126A7CC37D335DE.exe
c:\windows\system32\drivers\xnrvytti.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 19:53 . 2012-08-16 19:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 21:40 . 2012-08-16 19:53 -------- d-----w- c:\users\MOT2U Gloucester\AppData\Local\temp
2012-08-14 05:22 . 2012-08-14 05:22 -------- d-----w- C:\FRST
2012-07-29 21:10 . 2012-07-29 21:10 -------- d-----w- C:\NBRT
2012-07-29 16:45 . 2012-07-30 08:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-29 15:48 . 2012-07-29 15:48 -------- d--h--w- c:\programdata\Common Files
2012-07-29 15:48 . 2012-07-29 15:48 -------- d-----w- c:\programdata\MFAData
2012-07-29 15:27 . 2012-07-29 15:27 -------- d-----w- c:\users\MOT2U Gloucester\AppData\Roaming\Malwarebytes
2012-07-29 15:25 . 2012-07-29 15:25 -------- d-----w- c:\programdata\Malwarebytes
2012-07-21 08:43 . 2012-07-25 08:05 -------- d-----w- c:\users\MOT2U Gloucester\AppData\Roaming\.techniclauncher
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 18:32 . 2012-03-30 19:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-16 18:32 . 2011-05-16 09:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-12 02:40 . 2012-07-11 08:19 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-11 04:45 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 04:45 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 04:45 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-23 04:56 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 04:56 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 04:56 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 04:56 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 04:56 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-23 04:56 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-23 04:56 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-23 04:55 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12 . 2012-06-23 04:55 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-11 08:23 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-11 08:23 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-11 08:23 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 08:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 08:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-11 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 04:45 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 04:45 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 04:45 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-17 08:25 . 2011-05-06 08:54 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_21.42.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-15 09:00 . 2012-08-16 16:55 53904 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2012-07-29 16:36 . 2012-08-16 18:07 4850 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3040229334-3837323868-500192520-1000_UserData.bin
+ 2012-08-16 16:56 . 2012-08-16 16:56 9560 c:\windows\System32\NetworkList\Icons\{1D3CC044-F844-46FF-A06F-90613A9EB044}_48.bin
+ 2012-08-16 16:56 . 2012-08-16 16:56 4280 c:\windows\System32\NetworkList\Icons\{1D3CC044-F844-46FF-A06F-90613A9EB044}_32.bin
+ 2012-08-16 16:56 . 2012-08-16 16:56 2456 c:\windows\System32\NetworkList\Icons\{1D3CC044-F844-46FF-A06F-90613A9EB044}_24.bin
+ 2012-08-16 16:53 . 2012-08-16 18:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 21:21 . 2012-08-15 21:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 21:21 . 2012-08-15 21:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-16 16:53 . 2012-08-16 18:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:55 . 2012-08-16 18:07 139380 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-08-16 18:32 . 2012-08-16 18:32 686792 c:\windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe
+ 2012-08-16 17:29 . 2012-08-16 17:29 686792 c:\windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-16 17:29 . 2012-08-16 17:29 466632 c:\windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
- 2012-03-30 19:24 . 2012-07-12 15:30 250056 c:\windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-03-30 19:24 . 2012-08-16 18:32 250056 c:\windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2009-08-03 08:16 . 2012-08-15 21:41 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-08-03 08:16 . 2012-08-16 18:05 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-07-08 11:04 . 2012-08-16 18:06 540672 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-08 11:04 . 2012-08-15 21:41 540672 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:47 . 2012-08-15 22:06 394648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2012-08-15 21:20 394648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-16 18:32 . 2012-08-16 18:32 9465032 c:\windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll
+ 2012-08-16 18:32 . 2012-08-16 18:32 1536712 c:\windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
- 2010-07-08 11:04 . 2012-08-15 21:41 2129920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-08 11:04 . 2012-08-16 18:06 2129920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-15 10:42 . 2012-08-15 21:20 1964256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-03-15 10:42 . 2012-08-15 22:06 1964256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 04:41 . 2012-08-15 21:41 10829824 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2012-08-16 18:06 10829824 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="c:\program files\TTG\Reminder\Reminder.exe" [2010-03-15 3599360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-11-06 495708]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"O2Start"="c:\program files\O2CM-CE\O2 Connection Manager\tscui.exe" [2009-10-20 2998272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\MOT2U Gloucester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Launch.lnk - c:\windows\Installer\{4A65DAD2-E914-4923-9C2A-81B968A68CE2}\_A685CC3126A7CC37D335DE.exe [N/A]
OSD.lnk - c:\windows\Installer\{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}\_693B294D31BEF0AFC52D71.exe [2010-3-17 4286]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 MpKsl2c3f1dd6;MpKsl2c3f1dd6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19CA82DA-60BB-42BA-9E0B-C254C68494C6}\MpKsl2c3f1dd6.sys [x]
R1 MpKsla9b6fdab;MpKsla9b6fdab;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19CA82DA-60BB-42BA-9E0B-C254C68494C6}\MpKsla9b6fdab.sys [x]
R1 MpKslb94702ba;MpKslb94702ba;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19CA82DA-60BB-42BA-9E0B-C254C68494C6}\MpKslb94702ba.sys [x]
R1 MpKslf81cf681;MpKslf81cf681;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19CA82DA-60BB-42BA-9E0B-C254C68494C6}\MpKslf81cf681.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 JME;JMicron Ethernet Adapter NDIS6 Driver;c:\windows\system32\DRIVERS\JME.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PCSUService;PC Speed Up Service;c:\program files\PC Speed Up\PCSUService.exe [x]
S2 SoilIO;SoilIO; [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 soilkbc;soilkbc; [x]
S3 SoilMC;SoilMC; [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:32]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 09:50]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 09:50]
.
2010-07-17 c:\windows\Tasks\Install.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-07-17 13:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=DSGK&bmod=DSGK;
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 192.168.1.1
FF - ProfilePath - c:\users\MOT2U Gloucester\AppData\Roaming\Mozilla\Firefox\Profiles\mb4c6so7.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 12463cd6-88d6-4925-80a0-1cc1ac504662
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-16 21:01:06
ComboFix-quarantined-files.txt 2012-08-16 20:01
ComboFix2.txt 2012-08-15 21:51
.
Pre-Run: 261,076,418,560 bytes free
Post-Run: 261,047,689,216 bytes free
.
- - End Of File - - 9F01CFEDECC640135D172A457F690A86



The laptop is not exhibiting any strange behaviour that I can see, although there is a lot of crap on it that I need to uninstall and of course I'm going to put MSE back on too.

I await your instruction.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 AM

Posted 17 August 2012 - 01:27 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Oggadon

Oggadon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 17 August 2012 - 12:03 PM

Hi-de-hi!

Here is the logfile from c:\qoobox\Add-Remove Programs.txt

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
BBC iPlayer Desktop
BlackBerry Connect Desktop for Nokia
BufferChm
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Copy
Destinations
DeviceDiscovery
DJ_AIO_06_F4500_SW_MIN
Driver 1.2
DSG OSD 1.01
F4500
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMyPC
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
HP Customer Participation Program 13.0
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
IDT Audio
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Intel® TV Wizard
Java Auto Updater
Java™ 6 Update 32
Java™ 7 Update 3
JMicron Ethernet Adapter NDIS Driver
JMicron Flash Media Controller Driver
Launch
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 13.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
O2 Connection Manager
OGA Notifier 2.0.0048.0
Pando Media Booster
PC Speed Up - Complete uninstall
PlayReady PC Runtime x86
PrimoPDF -- by Nitro PDF Software
REALTEK Wireless LAN Driver
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Shop for HP Supplies
Skype Click to Call
SmartWebPrinting
SolutionCenter
Status
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.1
WebReg
Yontoo Layers Runtime 1.10.01

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 AM

Posted 17 August 2012 - 05:41 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
Java™ 6 Update 32
Java™ 7 Update 3
Yontoo Layers Runtime 1.10.01
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Oggadon

Oggadon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 18 August 2012 - 10:01 AM

Another day, another hi there!

I installed Revo Uninstaller Free and uninstalled Adobe reader and the two Java installations. However, the Yontoo Layers Runtime thing did not appear in the list of uninstallable applications. The Yontoo Layers Runtime also does not appear in the normal Windows 7 Programs and Features list.

Crap cleaner ran fine, except it seemed to get a little confused about how many cookies it had to remove. This number simply cannot be accurate:

Posted Image



I re-ran MBAM and its log file is below:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.18.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
MOT2U Gloucester :: MOT2UGLOUCESTER [administrator]

18/08/2012 15:43:31
mbam-log-2012-08-18 (15-43-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194841
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




I ran HiJack this as instructed and this is its logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:52:16, on 18/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\MOT2U Gloucester\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [O2Start] C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe /s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Reminder] C:\Program Files\TTG\Reminder\Reminder.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: BBC iPlayer Desktop.lnk = ?
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Launch.lnk = ?
O4 - Global Startup: OSD.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files\PC Speed Up\PCSUService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ca4025c68f96926d\STacSV.exe

--
End of file - 7264 bytes


Edit: The laptop seems to be doing fine and is showing no strangeness that I can see.

Edited by Oggadon, 18 August 2012 - 10:09 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users