Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with zero access? Avast unable to remove files.


  • This topic is locked This topic is locked
20 replies to this topic

#1 Keith Walton

Keith Walton

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 09 September 2012 - 12:45 AM

Avast keeps trying to quaratine files from this folder every few minutes:

C:\WINDOWS\Installer\{b113edb6-ca52-7a7f-f8c1-4542512cbdc3}\U

DDS.txt, Attach.txt, and ark.txt attached

Avast is reporting Win32:Sirefef-AO and Win64:Sirefef-A

Thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 AM

Posted 09 September 2012 - 01:59 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Keith Walton

Keith Walton
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 09 September 2012 - 12:38 PM

Thanks, Gringo

I'll post what you requested as I go:

Security Check output

Results of screen317's Security Check version 0.99.50
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 33
Java™ SE Runtime Environment 6
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (3.6.13) Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

#4 Keith Walton

Keith Walton
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 09 September 2012 - 01:48 PM

Gringo,

ComboFix gave me this message in a popup:
"ComboFix - ZeroAccess
You are infected with Rootkit.Zeroaccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection."

After that, ComboFix appeared to run fine. Avast is not displaying any quarantine messages, but it had stopped doing that anyway before I started this process (even though I have no reason to believe the rootkit went away on it's own). This folder is now empty:
C:\WINDOWS\Installer\{b113edb6-ca52-7a7f-f8c1-4542512cbdc3}\U
Nothing new is being written to it. The computer appears to be operating normally. Is there anything I should do to verify that it is clean now?

Log:
ComboFix 12-09-09.02 - BZB Administrator 09/09/2012 11:05:21.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.1285 [GMT -7:00]
Running from: c:\users\BZB Administrator\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\BZB Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\mootools.svn.js
c:\users\BZB Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffCenter.js
c:\users\BZB Administrator\Documents\~WRL0003.tmp
c:\users\BZB Administrator\Documents\~WRL0245.tmp
c:\users\BZB Administrator\Documents\~WRL0525.tmp
c:\users\BZB Administrator\Documents\~WRL2454.tmp
c:\users\BZB Administrator\Documents\~WRL2745.tmp
c:\users\BZB Administrator\Documents\~WRL3280.tmp
c:\users\BZB Administrator\Documents\~WRL4089.tmp
c:\windows\Installer\{b113edb6-ca52-7a7f-f8c1-4542512cbdc3}\@
c:\windows\Installer\{b113edb6-ca52-7a7f-f8c1-4542512cbdc3}\n
c:\windows\Installer\{b113edb6-ca52-7a7f-f8c1-4542512cbdc3}\U\00000001.@
c:\windows\Installer\{b113edb6-ca52-7a7f-f8c1-4542512cbdc3}\U\trz74A7.tmp
c:\windows\Installer\{b113edb6-ca52-7a7f-f8c1-4542512cbdc3}\U\trz86EA.tmp
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-08-16 13:12 . 2012-06-29 00:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-16 13:09 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 00:48 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 22:24 . 2012-05-17 17:42 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-31 22:24 . 2011-07-26 16:39 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 09:13 . 2012-06-08 00:27 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-06-08 00:27 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-06-08 00:27 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-06-08 00:27 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-06-08 00:27 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-06-08 00:27 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-06-08 00:26 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-06-08 00:26 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-08 22:40 . 2012-08-08 22:41 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-08 22:40 . 2011-11-04 16:22 472880 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-03 167936]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-08-31 996616]
"DpTsClnt"="c:\program files\DigitalPersona\Bin\DpTsClnt.dll" [2010-08-17 214384]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"QuickTime Task"="d:\program file\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-05 296056]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-2 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-3 1153824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 22:24]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-05 17:39]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-05 17:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
IE: E&xport to Microsoft Excel - d:\progra~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\BZB Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jh4erf8x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKCU-Run-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HKCU-Run-Rnizegigu - c:\users\BZB Administrator\AppData\Local\wlpntat.dll
HKCU-Run-AROReminder - c:\program files\ARO 2011\ARO.exe
AddRemove-AOL Emergency Connect Utility 1.0 - c:\program files\Common Files\AOL\ECU\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-09 11:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Procare\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Procare\Server\Procare.Licensing.Service.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Completion time: 2012-09-09 11:28:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-09 18:28
.
Pre-Run: 3,608,403,968 bytes free
Post-Run: 4,165,537,792 bytes free
.
- - End Of File - - CA4AA0DE782F8ABB795D40C1755C9470

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 AM

Posted 09 September 2012 - 02:04 PM

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Keith Walton

Keith Walton
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 09 September 2012 - 02:17 PM

RogueKiller opened a web page titled "[Rootkit] ZeroAccess (Max++)". It included a video with instructions with removal. I'm not watching it, since I assume your instructions are more reliable.

LOG:
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : BZB Administrator [Admin rights]
Mode : Scan -- Date : 09/09/2012 12:13:25

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[FILEASSO] HKLM\[...]\command : ("C:\Users\BZB Administrator\AppData\Local\tal.exe" -a "D:\Program File\firefox.exe" -safe-mode) -> FOLDER NOT FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{b113edb6-ca52-7a7f-f8c1-4542512cbdc3}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{b113edb6-ca52-7a7f-f8c1-4542512cbdc3}\L --> FOUND
[ZeroAccess][FILE] @ : C:\Users\BZB Administrator\AppData\Local\{b113edb6-ca52-7a7f-f8c1-4542512cbdc3}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\BZB Administrator\AppData\Local\{b113edb6-ca52-7a7f-f8c1-4542512cbdc3}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\BZB Administrator\AppData\Local\{b113edb6-ca52-7a7f-f8c1-4542512cbdc3}\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9100827AS ATA Device +++++
--- User ---
[MBR] 49579b837c539040ea6649bb61d26237
[BSP] 4d204507e598686e347bd051240f79bf : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 40000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81922048 | Size: 49721 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 183751470 | Size: 5671 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 AM

Posted 09 September 2012 - 02:27 PM

Greetings

We are going to run RougeKiller again but this time we are going to allow it to fix what it finds

--Run RogueKiller--

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator" to start
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Keith Walton

Keith Walton
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 09 September 2012 - 02:36 PM

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : BZB Administrator [Admin rights]
Mode : Remove -- Date : 09/09/2012 12:34:43

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILEASSO] HKLM\[...]\command : ("C:\Users\BZB Administrator\AppData\Local\tal.exe" -a "D:\Program File\firefox.exe" -safe-mode) -> FOLDER NOT FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{b113edb6-ca52-7a7f-f8c1-4542512cbdc3}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{b113edb6-ca52-7a7f-f8c1-4542512cbdc3}\L --> REMOVED
[ZeroAccess][FILE] @ : C:\Users\BZB Administrator\AppData\Local\{b113edb6-ca52-7a7f-f8c1-4542512cbdc3}\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\BZB Administrator\AppData\Local\{b113edb6-ca52-7a7f-f8c1-4542512cbdc3}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\BZB Administrator\AppData\Local\{b113edb6-ca52-7a7f-f8c1-4542512cbdc3}\L --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9100827AS ATA Device +++++
--- User ---
[MBR] 49579b837c539040ea6649bb61d26237
[BSP] 4d204507e598686e347bd051240f79bf : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 40000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81922048 | Size: 49721 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 183751470 | Size: 5671 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 AM

Posted 09 September 2012 - 02:49 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 AM

Posted 09 September 2012 - 02:52 PM

double post

Edited by gringo_pr, 09 September 2012 - 02:53 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Keith Walton

Keith Walton
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 09 September 2012 - 03:29 PM

12:52:59.0688 4656 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
12:53:00.0359 4656 ============================================================
12:53:00.0359 4656 Current date / time: 2012/09/09 12:53:00.0359
12:53:00.0359 4656 SystemInfo:
12:53:00.0359 4656
12:53:00.0359 4656 OS Version: 6.0.6002 ServicePack: 2.0
12:53:00.0359 4656 Product type: Workstation
12:53:00.0359 4656 ComputerName: OFFICELAPTOP
12:53:00.0359 4656 UserName: BZB Administrator
12:53:00.0359 4656 Windows directory: C:\Windows
12:53:00.0359 4656 System windows directory: C:\Windows
12:53:00.0359 4656 Processor architecture: Intel x86
12:53:00.0359 4656 Number of processors: 1
12:53:00.0359 4656 Page size: 0x1000
12:53:00.0359 4656 Boot type: Normal boot
12:53:00.0359 4656 ============================================================
12:53:01.0295 4656 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:53:01.0295 4656 ============================================================
12:53:01.0295 4656 \Device\Harddisk0\DR0:
12:53:01.0295 4656 MBR partitions:
12:53:01.0295 4656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E202E8
12:53:01.0295 4656 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E20800, BlocksNum 0x611C800
12:53:01.0295 4656 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAF3D32E, BlocksNum 0xB13B13
12:53:01.0295 4656 ============================================================
12:53:01.0341 4656 C: <-> \Device\Harddisk0\DR0\Partition1
12:53:01.0404 4656 D: <-> \Device\Harddisk0\DR0\Partition2
12:53:01.0451 4656 E: <-> \Device\Harddisk0\DR0\Partition3
12:53:01.0451 4656 ============================================================
12:53:01.0451 4656 Initialize success
12:53:01.0451 4656 ============================================================
12:53:12.0080 4728 ============================================================
12:53:12.0080 4728 Scan started
12:53:12.0080 4728 Mode: Manual;
12:53:12.0080 4728 ============================================================
12:53:12.0563 4728 ================ Scan system memory ========================
12:53:12.0563 4728 System memory - ok
12:53:12.0563 4728 ================ Scan services =============================
12:53:12.0938 4728 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
12:53:12.0938 4728 ACPI - ok
12:53:13.0000 4728 AddFiltr - ok
12:53:13.0094 4728 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:53:13.0094 4728 AdobeFlashPlayerUpdateSvc - ok
12:53:13.0172 4728 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:53:13.0172 4728 adp94xx - ok
12:53:13.0234 4728 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:53:13.0234 4728 adpahci - ok
12:53:13.0265 4728 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
12:53:13.0281 4728 adpu160m - ok
12:53:13.0297 4728 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:53:13.0297 4728 adpu320 - ok
12:53:13.0343 4728 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:53:13.0343 4728 AeLookupSvc - ok
12:53:13.0406 4728 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
12:53:13.0406 4728 AFD - ok
12:53:13.0453 4728 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:53:13.0453 4728 agp440 - ok
12:53:13.0531 4728 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:53:13.0531 4728 aic78xx - ok
12:53:13.0562 4728 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
12:53:13.0562 4728 ALG - ok
12:53:13.0624 4728 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
12:53:13.0624 4728 aliide - ok
12:53:13.0702 4728 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:53:13.0702 4728 amdagp - ok
12:53:13.0749 4728 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
12:53:13.0749 4728 amdide - ok
12:53:13.0780 4728 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
12:53:13.0780 4728 AmdK7 - ok
12:53:13.0811 4728 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:53:13.0811 4728 AmdK8 - ok
12:53:13.0874 4728 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
12:53:13.0874 4728 Appinfo - ok
12:53:13.0967 4728 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
12:53:13.0967 4728 arc - ok
12:53:13.0999 4728 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:53:13.0999 4728 arcsas - ok
12:53:14.0061 4728 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
12:53:14.0061 4728 aswFsBlk - ok
12:53:14.0092 4728 [ F76E51561562AC4105DBBE53FC99BC10 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
12:53:14.0108 4728 aswMonFlt - ok
12:53:14.0123 4728 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
12:53:14.0123 4728 AswRdr - ok
12:53:14.0201 4728 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
12:53:14.0201 4728 aswSnx - ok
12:53:14.0248 4728 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\Windows\system32\drivers\aswSP.sys
12:53:14.0264 4728 aswSP - ok
12:53:14.0279 4728 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
12:53:14.0295 4728 aswTdi - ok
12:53:14.0342 4728 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:53:14.0342 4728 AsyncMac - ok
12:53:14.0373 4728 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
12:53:14.0373 4728 atapi - ok
12:53:14.0435 4728 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:53:14.0451 4728 AudioEndpointBuilder - ok
12:53:14.0467 4728 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:53:14.0467 4728 Audiosrv - ok
12:53:14.0591 4728 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:53:14.0591 4728 avast! Antivirus - ok
12:53:14.0669 4728 [ 509F672686AF40F95859FDE67108449B ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
12:53:14.0669 4728 BCM43XV - ok
12:53:14.0701 4728 [ 509F672686AF40F95859FDE67108449B ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
12:53:14.0716 4728 BCM43XX - ok
12:53:14.0841 4728 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
12:53:14.0841 4728 Beep - ok
12:53:14.0919 4728 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
12:53:14.0935 4728 BFE - ok
12:53:15.0013 4728 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
12:53:15.0044 4728 BITS - ok
12:53:15.0059 4728 blbdrive - ok
12:53:15.0106 4728 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:53:15.0106 4728 bowser - ok
12:53:15.0169 4728 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
12:53:15.0169 4728 BrFiltLo - ok
12:53:15.0184 4728 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
12:53:15.0184 4728 BrFiltUp - ok
12:53:15.0231 4728 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
12:53:15.0231 4728 Browser - ok
12:53:15.0262 4728 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
12:53:15.0262 4728 Brserid - ok
12:53:15.0293 4728 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
12:53:15.0293 4728 BrSerWdm - ok
12:53:15.0325 4728 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
12:53:15.0325 4728 BrUsbMdm - ok
12:53:15.0356 4728 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
12:53:15.0356 4728 BrUsbSer - ok
12:53:15.0387 4728 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:53:15.0387 4728 BTHMODEM - ok
12:53:15.0418 4728 BW2NDIS5 - ok
12:53:15.0527 4728 catchme - ok
12:53:15.0574 4728 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:53:15.0574 4728 cdfs - ok
12:53:15.0621 4728 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:53:15.0621 4728 cdrom - ok
12:53:15.0699 4728 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
12:53:15.0699 4728 CertPropSvc - ok
12:53:15.0730 4728 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
12:53:15.0730 4728 circlass - ok
12:53:15.0777 4728 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
12:53:15.0777 4728 CLFS - ok
12:53:15.0871 4728 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:53:15.0871 4728 clr_optimization_v2.0.50727_32 - ok
12:53:15.0997 4728 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:53:16.0001 4728 clr_optimization_v4.0.30319_32 - ok
12:53:16.0068 4728 CLTNetCnService - ok
12:53:16.0109 4728 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:53:16.0110 4728 CmBatt - ok
12:53:16.0144 4728 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:53:16.0146 4728 cmdide - ok
12:53:16.0180 4728 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:53:16.0181 4728 Compbatt - ok
12:53:16.0194 4728 COMSysApp - ok
12:53:16.0208 4728 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:53:16.0209 4728 crcdisk - ok
12:53:16.0242 4728 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
12:53:16.0243 4728 Crusoe - ok
12:53:16.0305 4728 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:53:16.0309 4728 CryptSvc - ok
12:53:16.0375 4728 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:53:16.0408 4728 DcomLaunch - ok
12:53:16.0433 4728 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:53:16.0434 4728 DfsC - ok
12:53:16.0570 4728 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
12:53:16.0645 4728 DFSR - ok
12:53:16.0702 4728 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
12:53:16.0708 4728 Dhcp - ok
12:53:16.0763 4728 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
12:53:16.0764 4728 disk - ok
12:53:16.0842 4728 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:53:16.0846 4728 Dnscache - ok
12:53:16.0905 4728 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:53:16.0911 4728 dot3svc - ok
12:53:16.0978 4728 [ A1EBB409E265DF9061F7995D5A3F2A97 ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe
12:53:16.0982 4728 DpHost - ok
12:53:17.0048 4728 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
12:53:17.0053 4728 DPS - ok
12:53:17.0168 4728 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:53:17.0168 4728 drmkaud - ok
12:53:17.0215 4728 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:53:17.0231 4728 DXGKrnl - ok
12:53:17.0277 4728 [ C0B00E55CF82D122D25983C7A6A53DEA ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
12:53:17.0277 4728 E100B - ok
12:53:17.0324 4728 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
12:53:17.0324 4728 E1G60 - ok
12:53:17.0355 4728 [ A6476585B4FEFEE46A9F42E4D2BFDFA4 ] eabfiltr C:\Windows\system32\DRIVERS\eabfiltr.sys
12:53:17.0355 4728 eabfiltr - ok
12:53:17.0402 4728 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
12:53:17.0402 4728 EapHost - ok
12:53:17.0465 4728 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
12:53:17.0465 4728 Ecache - ok
12:53:17.0574 4728 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:53:17.0574 4728 elxstor - ok
12:53:17.0621 4728 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
12:53:17.0636 4728 EMDMgmt - ok
12:53:17.0714 4728 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
12:53:17.0714 4728 EventSystem - ok
12:53:17.0761 4728 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
12:53:17.0777 4728 exfat - ok
12:53:17.0808 4728 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:53:17.0808 4728 fastfat - ok
12:53:17.0870 4728 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:53:17.0870 4728 fdc - ok
12:53:17.0901 4728 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
12:53:17.0901 4728 fdPHost - ok
12:53:17.0933 4728 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
12:53:17.0948 4728 FDResPub - ok
12:53:17.0979 4728 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:53:17.0979 4728 FileInfo - ok
12:53:18.0011 4728 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:53:18.0011 4728 Filetrace - ok
12:53:18.0104 4728 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:53:18.0151 4728 FLEXnet Licensing Service - ok
12:53:18.0323 4728 [ 1C8401072E39784CDA54E1BA8D8EE845 ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
12:53:18.0323 4728 FlipShare Service - ok
12:53:18.0369 4728 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:53:18.0369 4728 flpydisk - ok
12:53:18.0401 4728 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:53:18.0416 4728 FltMgr - ok
12:53:18.0479 4728 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
12:53:18.0525 4728 FontCache - ok
12:53:18.0588 4728 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:53:18.0588 4728 FontCache3.0.0.0 - ok
12:53:18.0635 4728 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:53:18.0635 4728 Fs_Rec - ok
12:53:18.0666 4728 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:53:18.0666 4728 gagp30kx - ok
12:53:18.0744 4728 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
12:53:18.0775 4728 gpsvc - ok
12:53:18.0884 4728 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:53:18.0884 4728 gupdate - ok
12:53:18.0900 4728 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:53:18.0900 4728 gupdatem - ok
12:53:18.0947 4728 [ DE15777902A5D9121857D155873A1D1B ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
12:53:18.0947 4728 HBtnKey - ok
12:53:19.0009 4728 [ DE4020F928A2F8A6327F5687F36D361B ] HdAudAddService C:\Windows\system32\drivers\CHDART.sys
12:53:19.0009 4728 HdAudAddService - ok
12:53:19.0071 4728 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:53:19.0071 4728 HDAudBus - ok
12:53:19.0103 4728 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:53:19.0118 4728 HidBth - ok
12:53:19.0134 4728 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
12:53:19.0134 4728 HidIr - ok
12:53:19.0165 4728 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
12:53:19.0165 4728 hidserv - ok
12:53:19.0212 4728 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:53:19.0212 4728 HidUsb - ok
12:53:19.0259 4728 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:53:19.0259 4728 hkmsvc - ok
12:53:19.0321 4728 [ 6D23619A883BF87E0DFA6658FDDECEC0 ] HP Health Check Service C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
12:53:19.0321 4728 HP Health Check Service - ok
12:53:19.0368 4728 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
12:53:19.0368 4728 HpCISSs - ok
12:53:19.0446 4728 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
12:53:19.0446 4728 hpqwmiex - ok
12:53:19.0493 4728 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
12:53:19.0508 4728 HSFHWAZL - ok
12:53:19.0571 4728 [ 53229DCF431D76434816CD29251168A0 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
12:53:19.0586 4728 HSF_DPV - ok
12:53:19.0617 4728 [ 31F949D452201F2F0AF0C88D7DB512CD ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
12:53:19.0633 4728 HSXHWAZL - ok
12:53:19.0664 4728 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:53:19.0680 4728 HTTP - ok
12:53:19.0711 4728 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
12:53:19.0711 4728 i2omp - ok
12:53:19.0758 4728 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:53:19.0758 4728 i8042prt - ok
12:53:19.0867 4728 [ 0215E1204D5410E50A5EA9D442FE7DA3 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
12:53:19.0867 4728 ialm - ok
12:53:19.0914 4728 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
12:53:19.0929 4728 iaStorV - ok
12:53:20.0007 4728 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:53:20.0007 4728 IDriverT - ok
12:53:20.0101 4728 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:53:20.0132 4728 idsvc - ok
12:53:20.0210 4728 [ 0215E1204D5410E50A5EA9D442FE7DA3 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
12:53:20.0226 4728 igfx - ok
12:53:20.0257 4728 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:53:20.0257 4728 iirsp - ok
12:53:20.0319 4728 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
12:53:20.0335 4728 IKEEXT - ok
12:53:20.0382 4728 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
12:53:20.0382 4728 intelide - ok
12:53:20.0413 4728 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:53:20.0429 4728 intelppm - ok
12:53:20.0460 4728 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:53:20.0460 4728 IPBusEnum - ok
12:53:20.0522 4728 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:53:20.0522 4728 IpFilterDriver - ok
12:53:20.0631 4728 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:53:20.0631 4728 iphlpsvc - ok
12:53:20.0647 4728 IpInIp - ok
12:53:20.0678 4728 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
12:53:20.0678 4728 IPMIDRV - ok
12:53:20.0725 4728 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
12:53:20.0725 4728 IPNAT - ok
12:53:20.0756 4728 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:53:20.0756 4728 IRENUM - ok
12:53:20.0787 4728 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:53:20.0787 4728 isapnp - ok
12:53:20.0850 4728 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:53:20.0850 4728 iScsiPrt - ok
12:53:20.0881 4728 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
12:53:20.0881 4728 iteatapi - ok
12:53:20.0912 4728 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
12:53:20.0912 4728 iteraid - ok
12:53:20.0943 4728 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:53:20.0943 4728 kbdclass - ok
12:53:20.0975 4728 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:53:20.0990 4728 kbdhid - ok
12:53:21.0006 4728 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
12:53:21.0006 4728 KeyIso - ok
12:53:21.0069 4728 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:53:21.0073 4728 KSecDD - ok
12:53:21.0142 4728 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
12:53:21.0165 4728 KtmRm - ok
12:53:21.0206 4728 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
12:53:21.0214 4728 LanmanServer - ok
12:53:21.0251 4728 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:53:21.0265 4728 LanmanWorkstation - ok
12:53:21.0313 4728 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:53:21.0314 4728 lltdio - ok
12:53:21.0347 4728 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:53:21.0355 4728 lltdsvc - ok
12:53:21.0393 4728 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:53:21.0397 4728 lmhosts - ok
12:53:21.0440 4728 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:53:21.0441 4728 LSI_FC - ok
12:53:21.0469 4728 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:53:21.0471 4728 LSI_SAS - ok
12:53:21.0510 4728 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:53:21.0511 4728 LSI_SCSI - ok
12:53:21.0553 4728 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
12:53:21.0554 4728 luafv - ok
12:53:21.0802 4728 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe
12:53:21.0814 4728 McComponentHostService - ok
12:53:21.0859 4728 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:53:21.0860 4728 mdmxsdk - ok
12:53:21.0898 4728 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
12:53:21.0900 4728 megasas - ok
12:53:21.0950 4728 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
12:53:21.0969 4728 MMCSS - ok
12:53:22.0014 4728 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
12:53:22.0047 4728 Modem - ok
12:53:22.0229 4728 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:53:22.0230 4728 monitor - ok
12:53:22.0261 4728 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:53:22.0304 4728 mouclass - ok
12:53:22.0349 4728 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:53:22.0350 4728 mouhid - ok
12:53:22.0465 4728 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
12:53:22.0467 4728 MountMgr - ok
12:53:22.0535 4728 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
12:53:22.0537 4728 mpio - ok
12:53:22.0609 4728 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:53:22.0625 4728 mpsdrv - ok
12:53:22.0770 4728 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
12:53:23.0006 4728 MpsSvc - ok
12:53:23.0070 4728 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
12:53:23.0071 4728 Mraid35x - ok
12:53:23.0125 4728 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:53:23.0127 4728 MRxDAV - ok
12:53:23.0169 4728 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:53:23.0171 4728 mrxsmb - ok
12:53:23.0205 4728 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:53:23.0207 4728 mrxsmb10 - ok
12:53:23.0246 4728 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:53:23.0248 4728 mrxsmb20 - ok
12:53:23.0289 4728 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
12:53:23.0290 4728 msahci - ok
12:53:23.0321 4728 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:53:23.0323 4728 msdsm - ok
12:53:23.0360 4728 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
12:53:23.0366 4728 MSDTC - ok
12:53:23.0422 4728 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:53:23.0423 4728 Msfs - ok
12:53:23.0467 4728 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:53:23.0469 4728 msisadrv - ok
12:53:23.0508 4728 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:53:23.0513 4728 MSiSCSI - ok
12:53:23.0527 4728 msiserver - ok
12:53:23.0572 4728 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:53:23.0574 4728 MSKSSRV - ok
12:53:23.0626 4728 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:53:23.0628 4728 MSPCLOCK - ok
12:53:23.0652 4728 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:53:23.0653 4728 MSPQM - ok
12:53:23.0698 4728 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:53:23.0700 4728 MsRPC - ok
12:53:23.0756 4728 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:53:23.0758 4728 mssmbios - ok
12:53:23.0890 4728 MSSQL$PROCARE - ok
12:53:23.0971 4728 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:53:23.0973 4728 MSSQLServerADHelper - ok
12:53:24.0019 4728 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:53:24.0020 4728 MSTEE - ok
12:53:24.0068 4728 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
12:53:24.0069 4728 Mup - ok
12:53:24.0152 4728 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
12:53:24.0168 4728 napagent - ok
12:53:24.0234 4728 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:53:24.0236 4728 NativeWifiP - ok
12:53:24.0302 4728 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:53:24.0307 4728 NDIS - ok
12:53:24.0347 4728 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:53:24.0348 4728 NdisTapi - ok
12:53:24.0387 4728 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:53:24.0389 4728 Ndisuio - ok
12:53:24.0413 4728 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:53:24.0416 4728 NdisWan - ok
12:53:24.0478 4728 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:53:24.0479 4728 NDProxy - ok
12:53:24.0516 4728 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:53:24.0518 4728 NetBIOS - ok
12:53:24.0566 4728 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
12:53:24.0569 4728 netbt - ok
12:53:24.0592 4728 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
12:53:24.0597 4728 Netlogon - ok
12:53:24.0638 4728 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
12:53:24.0648 4728 Netman - ok
12:53:24.0703 4728 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
12:53:24.0713 4728 netprofm - ok
12:53:24.0793 4728 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:53:24.0797 4728 NetTcpPortSharing - ok
12:53:24.0839 4728 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:53:24.0841 4728 nfrd960 - ok
12:53:24.0883 4728 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:53:24.0891 4728 NlaSvc - ok
12:53:24.0929 4728 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:53:24.0931 4728 Npfs - ok
12:53:24.0983 4728 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
12:53:24.0988 4728 nsi - ok
12:53:25.0039 4728 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:53:25.0040 4728 nsiproxy - ok
12:53:25.0105 4728 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:53:25.0114 4728 Ntfs - ok
12:53:25.0232 4728 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
12:53:25.0236 4728 ntrigdigi - ok
12:53:25.0324 4728 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
12:53:25.0325 4728 Null - ok
12:53:25.0368 4728 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:53:25.0370 4728 nvraid - ok
12:53:25.0408 4728 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:53:25.0410 4728 nvstor - ok
12:53:25.0435 4728 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:53:25.0437 4728 nv_agp - ok
12:53:25.0449 4728 NwlnkFlt - ok
12:53:25.0469 4728 NwlnkFwd - ok
12:53:25.0507 4728 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:53:25.0510 4728 ohci1394 - ok
12:53:25.0578 4728 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:53:25.0581 4728 ose - ok
12:53:25.0663 4728 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
12:53:25.0707 4728 p2pimsvc - ok
12:53:25.0732 4728 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
12:53:25.0741 4728 p2psvc - ok
12:53:25.0780 4728 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
12:53:25.0782 4728 Parport - ok
12:53:25.0829 4728 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:53:25.0831 4728 partmgr - ok
12:53:25.0861 4728 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
12:53:25.0862 4728 Parvdm - ok
12:53:25.0916 4728 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
12:53:25.0922 4728 PcaSvc - ok
12:53:25.0987 4728 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
12:53:25.0990 4728 pci - ok
12:53:26.0069 4728 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
12:53:26.0070 4728 pciide - ok
12:53:26.0087 4728 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:53:26.0089 4728 pcmcia - ok
12:53:26.0152 4728 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:53:26.0160 4728 PEAUTH - ok
12:53:26.0271 4728 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
12:53:26.0326 4728 pla - ok
12:53:26.0365 4728 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:53:26.0375 4728 PlugPlay - ok
12:53:26.0438 4728 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
12:53:26.0447 4728 PNRPAutoReg - ok
12:53:26.0513 4728 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
12:53:26.0513 4728 PNRPsvc - ok
12:53:26.0591 4728 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:53:26.0591 4728 PolicyAgent - ok
12:53:26.0669 4728 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:53:26.0669 4728 PptpMiniport - ok
12:53:26.0747 4728 [ AB1BEAEFA520CCE8E5AD249E66D866E0 ] ProcareLicensing C:\Program Files\Procare\Server\Procare.Licensing.Service.exe
12:53:26.0747 4728 ProcareLicensing - ok
12:53:26.0778 4728 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
12:53:26.0794 4728 Processor - ok
12:53:26.0825 4728 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
12:53:26.0841 4728 ProfSvc - ok
12:53:26.0872 4728 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
12:53:26.0872 4728 ProtectedStorage - ok
12:53:26.0919 4728 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
12:53:26.0919 4728 PSched - ok
12:53:26.0934 4728 [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
12:53:26.0934 4728 PxHelp20 - ok
12:53:27.0028 4728 [ 35DD92AF8B4EC79162A6A013884797AF ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
12:53:27.0028 4728 QBCFMonitorService - ok
12:53:27.0075 4728 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
12:53:27.0075 4728 QBFCService - ok
12:53:27.0168 4728 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:53:27.0168 4728 ql2300 - ok
12:53:27.0184 4728 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:53:27.0184 4728 ql40xx - ok
12:53:27.0231 4728 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
12:53:27.0246 4728 QWAVE - ok
12:53:27.0277 4728 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:53:27.0277 4728 QWAVEdrv - ok
12:53:27.0324 4728 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:53:27.0324 4728 RasAcd - ok
12:53:27.0371 4728 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
12:53:27.0387 4728 RasAuto - ok
12:53:27.0449 4728 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:53:27.0449 4728 Rasl2tp - ok
12:53:27.0480 4728 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
12:53:27.0574 4728 RasMan - ok
12:53:27.0621 4728 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:53:27.0621 4728 RasPppoe - ok
12:53:27.0667 4728 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:53:27.0667 4728 RasSstp - ok
12:53:27.0777 4728 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:53:27.0777 4728 rdbss - ok
12:53:27.0808 4728 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:53:27.0808 4728 RDPCDD - ok
12:53:27.0870 4728 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
12:53:27.0870 4728 rdpdr - ok
12:53:27.0886 4728 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:53:27.0886 4728 RDPENCDD - ok
12:53:27.0933 4728 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:53:27.0933 4728 RDPWD - ok
12:53:27.0979 4728 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:53:27.0979 4728 RemoteAccess - ok
12:53:28.0011 4728 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:53:28.0026 4728 RemoteRegistry - ok
12:53:28.0135 4728 [ AD1411A7EA50F2F97A73A3F51153066E ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
12:53:28.0167 4728 RoxMediaDB9 - ok
12:53:28.0198 4728 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
12:53:28.0213 4728 RpcLocator - ok
12:53:28.0245 4728 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
12:53:28.0260 4728 RpcSs - ok
12:53:28.0307 4728 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:53:28.0307 4728 rspndr - ok
12:53:28.0354 4728 [ DDA0D5842335E78E375E96C308858A61 ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
12:53:28.0354 4728 RTL8023xp - ok
12:53:28.0369 4728 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
12:53:28.0369 4728 SamSs - ok
12:53:28.0416 4728 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:53:28.0416 4728 sbp2port - ok
12:53:28.0463 4728 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:53:28.0479 4728 SCardSvr - ok
12:53:28.0525 4728 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
12:53:28.0572 4728 Schedule - ok
12:53:28.0603 4728 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:53:28.0603 4728 SCPolicySvc - ok
12:53:28.0650 4728 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:53:28.0666 4728 SDRSVC - ok
12:53:28.0681 4728 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:53:28.0681 4728 secdrv - ok
12:53:28.0728 4728 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
12:53:28.0728 4728 seclogon - ok
12:53:28.0775 4728 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
12:53:28.0775 4728 SENS - ok
12:53:28.0791 4728 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
12:53:28.0791 4728 Serenum - ok
12:53:28.0837 4728 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
12:53:28.0837 4728 Serial - ok
12:53:28.0884 4728 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:53:28.0884 4728 sermouse - ok
12:53:28.0962 4728 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
12:53:28.0962 4728 SessionEnv - ok
12:53:29.0025 4728 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:53:29.0025 4728 sffdisk - ok
12:53:29.0040 4728 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:53:29.0040 4728 sffp_mmc - ok
12:53:29.0056 4728 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:53:29.0056 4728 sffp_sd - ok
12:53:29.0087 4728 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:53:29.0087 4728 sfloppy - ok
12:53:29.0134 4728 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:53:29.0149 4728 SharedAccess - ok
12:53:29.0212 4728 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:53:29.0212 4728 ShellHWDetection - ok
12:53:29.0243 4728 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:53:29.0243 4728 sisagp - ok
12:53:29.0259 4728 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
12:53:29.0259 4728 SiSRaid2 - ok
12:53:29.0274 4728 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:53:29.0274 4728 SiSRaid4 - ok
12:53:29.0430 4728 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
12:53:29.0477 4728 slsvc - ok
12:53:29.0508 4728 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
12:53:29.0508 4728 SLUINotify - ok
12:53:29.0539 4728 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:53:29.0539 4728 Smb - ok
12:53:29.0586 4728 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:53:29.0602 4728 SNMPTRAP - ok
12:53:29.0649 4728 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
12:53:29.0649 4728 spldr - ok
12:53:29.0664 4728 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
12:53:29.0664 4728 Spooler - ok
12:53:29.0727 4728 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:53:29.0727 4728 SQLBrowser - ok
12:53:29.0773 4728 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:53:29.0773 4728 SQLWriter - ok
12:53:29.0836 4728 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:53:29.0836 4728 srv - ok
12:53:29.0883 4728 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:53:29.0883 4728 srv2 - ok
12:53:29.0898 4728 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:53:29.0898 4728 srvnet - ok
12:53:29.0945 4728 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:53:29.0961 4728 SSDPSRV - ok
12:53:30.0023 4728 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:53:30.0039 4728 SstpSvc - ok
12:53:30.0132 4728 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
12:53:30.0132 4728 StillCam - ok
12:53:30.0195 4728 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
12:53:30.0210 4728 stisvc - ok
12:53:30.0273 4728 [ B254B1434208F280EDF3785613DCC41B ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
12:53:30.0273 4728 stllssvr - ok
12:53:30.0304 4728 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:53:30.0304 4728 swenum - ok
12:53:30.0351 4728 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
12:53:30.0366 4728 swprv - ok
12:53:30.0397 4728 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
12:53:30.0413 4728 Symc8xx - ok
12:53:30.0444 4728 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
12:53:30.0444 4728 Sym_hi - ok
12:53:30.0460 4728 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
12:53:30.0460 4728 Sym_u3 - ok
12:53:30.0507 4728 [ 81CF7AA63BB3CCA31E1D1944C0A45FC7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:53:30.0507 4728 SynTP - ok
12:53:30.0569 4728 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
12:53:30.0600 4728 SysMain - ok
12:53:30.0647 4728 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:53:30.0663 4728 TabletInputService - ok
12:53:30.0694 4728 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:53:30.0709 4728 TapiSrv - ok
12:53:30.0741 4728 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
12:53:30.0741 4728 TBS - ok
12:53:30.0834 4728 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:53:30.0834 4728 Tcpip - ok
12:53:30.0897 4728 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
12:53:30.0897 4728 Tcpip6 - ok
12:53:30.0943 4728 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:53:30.0943 4728 tcpipreg - ok
12:53:30.0990 4728 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:53:30.0990 4728 TDPIPE - ok
12:53:31.0021 4728 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:53:31.0021 4728 TDTCP - ok
12:53:31.0068 4728 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:53:31.0068 4728 tdx - ok
12:53:31.0099 4728 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:53:31.0099 4728 TermDD - ok
12:53:31.0146 4728 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
12:53:31.0162 4728 TermService - ok
12:53:31.0240 4728 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
12:53:31.0240 4728 Themes - ok
12:53:31.0271 4728 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
12:53:31.0287 4728 THREADORDER - ok
12:53:31.0333 4728 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
12:53:31.0333 4728 TrkWks - ok
12:53:31.0411 4728 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:53:31.0411 4728 TrustedInstaller - ok
12:53:31.0443 4728 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:53:31.0458 4728 tssecsrv - ok
12:53:31.0505 4728 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
12:53:31.0505 4728 tunmp - ok
12:53:31.0536 4728 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:53:31.0536 4728 tunnel - ok
12:53:31.0583 4728 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:53:31.0583 4728 uagp35 - ok
12:53:31.0630 4728 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:53:31.0630 4728 udfs - ok
12:53:31.0708 4728 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:53:31.0708 4728 UI0Detect - ok
12:53:31.0755 4728 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:53:31.0755 4728 uliagpkx - ok
12:53:31.0801 4728 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
12:53:31.0801 4728 uliahci - ok
12:53:31.0833 4728 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
12:53:31.0848 4728 UlSata - ok
12:53:31.0879 4728 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
12:53:31.0879 4728 ulsata2 - ok
12:53:31.0911 4728 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:53:31.0911 4728 umbus - ok
12:53:31.0957 4728 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
12:53:31.0973 4728 upnphost - ok
12:53:32.0035 4728 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:53:32.0035 4728 usbaudio - ok
12:53:32.0082 4728 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:53:32.0082 4728 usbccgp - ok
12:53:32.0129 4728 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:53:32.0129 4728 usbcir - ok
12:53:32.0176 4728 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:53:32.0176 4728 usbehci - ok
12:53:32.0223 4728 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:53:32.0223 4728 usbhub - ok
12:53:32.0238 4728 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:53:32.0238 4728 usbohci - ok
12:53:32.0285 4728 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:53:32.0285 4728 usbprint - ok
12:53:32.0316 4728 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:53:32.0332 4728 usbscan - ok
12:53:32.0363 4728 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:53:32.0363 4728 USBSTOR - ok
12:53:32.0441 4728 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:53:32.0441 4728 usbuhci - ok
12:53:32.0488 4728 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
12:53:32.0488 4728 UxSms - ok
12:53:32.0566 4728 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
12:53:32.0706 4728 vds - ok
12:53:32.0800 4728 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:53:32.0800 4728 vga - ok
12:53:32.0831 4728 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
12:53:32.0831 4728 VgaSave - ok
12:53:32.0847 4728 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:53:32.0847 4728 viaagp - ok
12:53:32.0862 4728 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
12:53:32.0862 4728 ViaC7 - ok
12:53:32.0878 4728 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
12:53:32.0878 4728 viaide - ok
12:53:32.0893 4728 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:53:32.0909 4728 volmgr - ok
12:53:32.0940 4728 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:53:32.0940 4728 volmgrx - ok
12:53:32.0987 4728 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:53:32.0987 4728 volsnap - ok
12:53:33.0018 4728 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:53:33.0018 4728 vsmraid - ok
12:53:33.0096 4728 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
12:53:33.0174 4728 VSS - ok
12:53:33.0221 4728 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
12:53:33.0252 4728 W32Time - ok
12:53:33.0299 4728 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:53:33.0299 4728 WacomPen - ok
12:53:33.0346 4728 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:53:33.0346 4728 Wanarp - ok
12:53:33.0361 4728 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:53:33.0361 4728 Wanarpv6 - ok
12:53:33.0393 4728 wanatw - ok
12:53:33.0439 4728 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:53:33.0439 4728 wcncsvc - ok
12:53:33.0471 4728 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:53:33.0486 4728 WcsPlugInService - ok
12:53:33.0517 4728 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
12:53:33.0517 4728 Wd - ok
12:53:33.0580 4728 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:53:33.0580 4728 Wdf01000 - ok
12:53:33.0627 4728 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:53:33.0658 4728 WdiServiceHost - ok
12:53:33.0673 4728 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:53:33.0673 4728 WdiSystemHost - ok
12:53:33.0720 4728 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
12:53:33.0736 4728 WebClient - ok
12:53:33.0767 4728 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:53:33.0783 4728 Wecsvc - ok
12:53:33.0829 4728 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:53:33.0829 4728 wercplsupport - ok
12:53:33.0892 4728 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
12:53:33.0892 4728 WerSvc - ok
12:53:33.0939 4728 [ 6D2350BB6E77E800FC4BE4E5B7A2E89A ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:53:33.0939 4728 winachsf - ok
12:53:34.0032 4728 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:53:34.0032 4728 WinDefend - ok
12:53:34.0048 4728 WinHttpAutoProxySvc - ok
12:53:34.0126 4728 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:53:34.0126 4728 Winmgmt - ok
12:53:34.0204 4728 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
12:53:34.0251 4728 WinRM - ok
12:53:34.0313 4728 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:53:34.0329 4728 Wlansvc - ok
12:53:34.0375 4728 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:53:34.0375 4728 WmiAcpi - ok
12:53:34.0438 4728 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:53:34.0438 4728 wmiApSrv - ok
12:53:34.0531 4728 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:53:34.0547 4728 WMPNetworkSvc - ok
12:53:34.0594 4728 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:53:34.0594 4728 WPCSvc - ok
12:53:34.0625 4728 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:53:34.0641 4728 WPDBusEnum - ok
12:53:34.0687 4728 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
12:53:34.0687 4728 WpdUsb - ok
12:53:34.0812 4728 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:53:34.0859 4728 WPFFontCache_v0400 - ok
12:53:34.0921 4728 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:53:34.0921 4728 ws2ifsl - ok
12:53:34.0953 4728 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
12:53:34.0968 4728 wscsvc - ok
12:53:34.0984 4728 WSearch - ok
12:53:35.0093 4728 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:53:35.0171 4728 wuauserv - ok
12:53:35.0202 4728 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:53:35.0218 4728 WUDFRd - ok
12:53:35.0249 4728 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:53:35.0249 4728 wudfsvc - ok
12:53:35.0296 4728 [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
12:53:35.0296 4728 XAudio - ok
12:53:35.0343 4728 [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
12:53:35.0343 4728 XAudioService - ok
12:53:35.0374 4728 ================ Scan global ===============================
12:53:35.0405 4728 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
12:53:35.0467 4728 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:53:35.0499 4728 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:53:35.0561 4728 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
12:53:35.0561 4728 [Global] - ok
12:53:35.0577 4728 ================ Scan MBR ==================================
12:53:35.0592 4728 [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
12:53:36.0216 4728 \Device\Harddisk0\DR0 - ok
12:53:36.0232 4728 ================ Scan VBR ==================================
12:53:36.0232 4728 [ C68FDF7C2C1E63AA1B6BD99E546F394E ] \Device\Harddisk0\DR0\Partition1
12:53:36.0232 4728 \Device\Harddisk0\DR0\Partition1 - ok
12:53:36.0247 4728 [ 840191D539E997E9FE635BAD192AE600 ] \Device\Harddisk0\DR0\Partition2
12:53:36.0263 4728 \Device\Harddisk0\DR0\Partition2 - ok
12:53:36.0279 4728 [ 9F827F35B4065318C891AE0E84F92553 ] \Device\Harddisk0\DR0\Partition3
12:53:36.0279 4728 \Device\Harddisk0\DR0\Partition3 - ok
12:53:36.0294 4728 ============================================================
12:53:36.0294 4728 Scan finished
12:53:36.0294 4728 ============================================================
12:53:36.0310 4776 Detected object count: 0
12:53:36.0310 4776 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-09 12:56:04
-----------------------------
12:56:04.101 OS Version: Windows 6.0.6002 Service Pack 2
12:56:04.101 Number of processors: 1 586 0xE0C
12:56:04.101 ComputerName: OFFICELAPTOP UserName:
12:56:05.255 Initialize success
12:56:05.692 AVAST engine defs: 12090900
12:56:14.943 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
12:56:14.943 Disk 0 Vendor: ST9100827AS 3.BHD Size: 95396MB BusType: 3
12:56:14.974 Disk 0 MBR read successfully
12:56:14.974 Disk 0 MBR scan
12:56:14.974 Disk 0 unknown MBR code
12:56:15.021 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 40000 MB offset 63
12:56:15.037 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 49721 MB offset 81922048
12:56:15.083 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 5671 MB offset 183751470
12:56:15.130 Disk 0 scanning sectors +195366465
12:56:15.208 Disk 0 scanning C:\Windows\system32\drivers
12:56:26.830 Service scanning
12:56:53.537 Modules scanning
12:57:03.022 Disk 0 trace - called modules:
12:57:03.615 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
12:57:03.631 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8594d918]
12:57:03.631 3 CLASSPNP.SYS[82fa18b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x84667030]
12:57:04.052 AVAST engine scan C:\Windows
12:57:06.629 AVAST engine scan C:\Windows\system32
13:00:00.513 AVAST engine scan C:\Windows\system32\drivers
13:00:15.754 AVAST engine scan C:\Users\BZB Administrator
13:03:10.476 AVAST engine scan C:\ProgramData
13:28:09.611 Scan finished successfully
13:28:28.187 Disk 0 MBR has been saved successfully to "C:\Users\BZB Administrator\Desktop\MBR.dat"
13:28:28.203 The log file has been saved successfully to "C:\Users\BZB Administrator\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 AM

Posted 09 September 2012 - 03:40 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Keith Walton

Keith Walton
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 09 September 2012 - 05:23 PM

My computer seems to be running fine.


ComboFix 12-09-09.02 - BZB Administrator 09/09/2012 14:51:34.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.918 [GMT -7:00]
Running from: c:\users\BZB Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\BZB Administrator\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-09 22:14 . 2012-09-09 22:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-09 18:28 . 2012-09-09 22:14 -------- d-----w- c:\users\BZB Administrator\AppData\Local\temp
2012-08-16 13:12 . 2012-06-29 00:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-16 13:09 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 00:48 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 22:24 . 2012-05-17 17:42 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-31 22:24 . 2011-07-26 16:39 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 09:13 . 2012-06-08 00:27 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-06-08 00:27 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-06-08 00:27 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-06-08 00:27 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-06-08 00:27 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-06-08 00:27 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-06-08 00:26 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-06-08 00:26 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-08 22:40 . 2012-08-08 22:41 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-08 22:40 . 2011-11-04 16:22 472880 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-03 167936]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-08-31 996616]
"DpTsClnt"="c:\program files\DigitalPersona\Bin\DpTsClnt.dll" [2010-08-17 214384]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"QuickTime Task"="d:\program file\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-05 296056]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-2 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-3 1153824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 04685202
*NewlyCreated* - ASWMBR
*NewlyCreated* - TRUESIGHT
*Deregistered* - 04685202
*Deregistered* - aswMBR
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 22:24]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-05 17:39]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-05 17:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
IE: E&xport to Microsoft Excel - d:\progra~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\BZB Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jh4erf8x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-09 15:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-09-09 15:19:46
ComboFix-quarantined-files.txt 2012-09-09 22:19
ComboFix2.txt 2012-09-09 18:28
.
Pre-Run: 4,062,916,608 bytes free
Post-Run: 6,877,327,360 bytes free
.
- - End Of File - - 66787D72DE7DFED22D4CE75421272B8F

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 AM

Posted 09 September 2012 - 06:14 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 8.3.1
Java™ 6 Update 33
Java™ SE Runtime Environment 6
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Keith Walton

Keith Walton
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 10 September 2012 - 01:01 AM

I had no problems with the previous steps. The system is running fine.



Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.10.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
BZB Administrator :: OFFICELAPTOP [administrator]

Protection: Enabled

9/9/2012 10:48:30 PM
mbam-log-2012-09-09 (22-48-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198881
Time elapsed: 6 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\BZB Administrator\AppData\Local\tal.exe" -a "D:\Program File\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:59:48 PM, on 9/9/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\notepad.exe
C:\Users\BZB Administrator\Desktop\HijackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program File\AVG\avgssie.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [DpTsClnt] Regsvr32.exe /s "C:\Program Files\DigitalPersona\Bin\DpTsClnt.dll"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program File\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AddFiltr - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Procare Licensing (ProcareLicensing) - Procare Software - C:\Program Files\Procare\Server\Procare.Licensing.Service.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8244 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users