View Full Version : Possible Trojan infection - FakeMoz.ED
Hit a problem with one of the family laptops that looks like it could be a Trojan.FakeMoz.ED infection. When the computer booted up, we got a security message saying that the firewall wasn't running. So I reactivated the firewall manually and all seemed well. Next boot-up, not only did it say that the firewall wasn't running, it also reported a problem with AVG. The firewall apparently activated manually again and checking AVG showed that Resident Shield wasn't running and couldn't be activated manually (the box at the bottom of the screen was greyed out).
Suspecting a malware issue, I ran Mbam and it located and quarantined an infection - below is the extract from the log detailing what it found:
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSHOST32, Quarantined, [81cb3ffca3d94bebc848c8948f75916f],
Registry Values: 1
Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSHOST32|ImagePath, "C:\WINDOWS\Installer\{86EF14D4-A6DF-EBFD-96D2-93387672418F}\syshost.exe" /service, Quarantined, [81cb3ffca3d94bebc848c8948f75916f]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
Trojan.FakeMoz.ED, C:\WINDOWS\Installer\{86EF14D4-A6DF-EBFD-96D2-93387672418F}\syshost.exe, Quarantined, [3517b685572542f4a06b81601be6ed13],
Physical Sectors: 0
(No malicious items detected)
Running Mbam seemed to fix the firewall issue, as two subsequent reboots have reported no issue with it, but the problem with AVG is still there. Apart from the AVG issue, the machine seems to be running fine, as I'm using it to do this post, but obviously not having AVG running properly does leave it vulnerable.
So I've followed the instructions and run the required scans - although I did hit one issue as, because this was a second-hand ex-business machine, we've never had any admin password, so couldn't run the scans as the admin. However, the only user profile on the machine has always been able to do all admin-level tasks OK in the past, so I'm hoping that it won't have made any difference.
(Also, I know that some programs are a little out-of-date, but the machine is so old and low spec that it can't run the newer versions...)
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2014 01
Ran by IBM (administrator) on THINKPAD on 14-11-2014 15:33:55
Running from C:\Documents and Settings\IBM\Desktop
Loaded Profile: IBM (Available profiles: IBM & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\WINDOWS\system32\ibmpmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
() C:\WINDOWS\system32\ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\WINDOWS\system32\QCONSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(IBM Corporation) C:\WINDOWS\system32\tp4serv.exe
(IBM Corp.) C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
() C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
() C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG9\avgtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgemc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ATIModeChange] => C:\WINDOWS\system32\Ati2mdxx.exe [28672 2002-06-12] (ATI Technologies, Inc.)
HKLM\...\Run: [TrackPointSrv] => C:\WINDOWS\system32\tp4serv.exe [179200 2002-03-20] (IBM Corporation)
HKLM\...\Run: [TPTRAY] => C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE [48128 2002-03-26] (IBM Corp.)
HKLM\...\Run: [BMMGAG] => RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
HKLM\...\Run: [QCTRAY] => C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE [491520 2002-07-15] ()
HKLM\...\Run: [QCWLICON] => C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE [49152 2002-07-15] ()
HKLM\...\Run: [TP4EX] => C:\WINDOWS\system32\tp4ex.exe [40960 2002-02-22] (IBM Corporation)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [69632 2002-05-30] ()
HKLM\...\Run: [UC_SMB] => [X]
HKLM\...\Run: [Tgcmd] => C:\Program Files\Support.com\bin\tgcmd.exe [1519616 2001-11-07] (Support.com, Inc.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2003-06-27] (Agere Systems)
HKLM\...\Run: [NeroCheck] => C:\WINDOWS\system32\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\...\Run: [updateMgr] => "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\...\MountPoints2: {9e452150-6d2a-11dd-b2de-0018e7297566} - E:\LaunchU3.exe -a
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk
ShortcutTarget: Wireless Configuration Utility HW.15.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe ()
Startup: C:\Documents and Settings\IBM\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk
ShortcutTarget: Microsoft Office Fast Start.lnk -> C:\MSOffice\Office\FASTBOOT.EXE ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents/Links_07.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
SearchScopes: HKCU - DefaultScope {2737D436-02AF-442D-87F4-70874E2A19E8} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {2737D436-02AF-442D-87F4-70874E2A19E8} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer211.dll (Copernic Technologies Inc.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166184064923
DPF: {74FFE28D-2378-11D5-990C-006094235084} https://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BE415DD9-C50D-46AA-9B5D-37F2EEBBBFE6} https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default
FF Homepage: file:///C:/Documents/Links_07.htm
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: British English Dictionary - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2010-12-10]
FF Extension: external IP - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\externalip@erik.morlin [2010-01-25]
FF Extension: printpdf - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\printpdf@pavlov.net [2010-08-10]
FF Extension: YouTube Unblocker - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\youtubeunblocker@unblocker.yt [2013-06-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF Extension: Media Converter - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2009-04-07]
FF Extension: DownloadHelper - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: RightToClick - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e} [2012-01-23]
FF Extension: Adblock Plus - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012-01-06]
FF Extension: Block site - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2013-08-12]
FF Extension: DownThemAll! - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2013-04-03]
FF Extension: Web2PDF converter - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66} [2011-07-07]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009-03-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-04-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009-06-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009-08-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009-11-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-04-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-10-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-02-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-20]
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG9\Firefox [2009-11-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
Chrome:
=======
CHR HomePage: Default -> file:///C:/Documents/Links_07.htm
CHR StartupUrls: Default -> "file:///C:/Documents/Links_07.htm"
CHR Profile: C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-12]
CHR Extension: (Google Search) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-12]
CHR Extension: (Google Wallet) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Adblock Pro) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-01-19]
CHR Extension: (Gmail) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
Locked "13c0aa386e2175ba" service could not be unlocked. <===== ATTENTION
R2 Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [131072 2002-06-12] ()
R2 avg9emc; C:\Program Files\AVG\AVG9\avgemc.exe [921952 2010-07-21] (AVG Technologies CZ, s.r.o.)
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-07-21] (AVG Technologies CZ, s.r.o.)
R2 IBMPMSVC; C:\WINDOWS\system32\ibmpmsvc.exe [57344 2003-07-03] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
R2 QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [40960 2002-07-15] () [File not signed]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2007-10-22] (Meetinghouse Data Communications) [File not signed]
R1 AvgLdx86; C:\WINDOWS\System32\Drivers\avgldx86.sys [226016 2013-01-15] (AVG Technologies CZ, s.r.o.)
S1 AvgMfx86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [29712 2011-09-13] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\WINDOWS\System32\Drivers\avgtdix.sys [243152 2011-05-06] (AVG Technologies CZ, s.r.o.)
R1 DSMBATT; C:\WINDOWS\System32\drivers\DSMBATT.SYS [9888 2002-04-05] () [File not signed]
R2 EGATHDRV; C:\WINDOWS\system32\EGATHDRV.SYS [11712 2006-06-29] (IBM Corporation)
R3 IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [11344 2003-07-03] (IBM Corp.)
R1 IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2295 2002-07-15] () [File not signed]
R2 PMEM; C:\WINDOWS\system32\drivers\PMEMNT.SYS [7012 2001-09-13] (Microsoft Corporation) [File not signed]
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 rtl8185; C:\WINDOWS\System32\DRIVERS\rtl8185.sys [306304 2007-01-29] (Realtek Semiconductor Corporation ) [File not signed]
R1 Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [13824 2002-03-26] (Microsoft Corporation) [File not signed]
R1 TDSMAPI; C:\WINDOWS\System32\Drivers\TDSMAPI.SYS [7168 2002-03-26] () [File not signed]
R3 Tp4Track; C:\WINDOWS\System32\DRIVERS\tp4track.sys [14175 2002-03-20] (IBM Corporation)
R1 TPHKDRV; C:\WINDOWS\system32\Drivers\TPHKDRV.sys [11550 2002-01-28] (IBM Corporation) [File not signed]
R1 TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [12288 2002-03-26] (IBM Corp.) [File not signed]
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [7168 2002-03-26] () [File not signed]
U5 13c0aa386e2175ba; C:\Windows\System32\Drivers\13c0aa386e2175ba.sys [70528 2014-11-13] () <===== ATTENTION Necurs Rootkit?
S4 hpt3xx; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-14 15:33 - 2014-11-14 15:34 - 00019360 _____ () C:\Documents and Settings\IBM\Desktop\FRST.txt
2014-11-14 15:33 - 2014-11-14 15:34 - 00000000 ____D () C:\FRST
2014-11-14 15:28 - 2014-11-14 15:28 - 00000000 ____D () C:\RegBackup
2014-11-14 15:26 - 2014-11-14 15:26 - 00001887 _____ () C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-14 15:26 - 2014-11-14 15:26 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-11-14 15:26 - 2014-11-14 15:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-11-14 15:15 - 2014-11-14 15:15 - 05198336 _____ (AVAST Software) C:\Documents and Settings\IBM\Desktop\aswMBR.exe
2014-11-14 15:15 - 2014-11-14 15:15 - 01108480 _____ (Farbar) C:\Documents and Settings\IBM\Desktop\FRST.exe
2014-11-14 15:14 - 2014-11-14 15:14 - 04215584 _____ () C:\Documents and Settings\IBM\Desktop\tweaking.com_registry_backup_setup.exe
2014-11-14 03:04 - 2014-11-14 03:04 - 00001434 _____ () C:\Documents and Settings\IBM\Desktop\mbam_scan.txt
2014-11-14 03:01 - 2014-11-14 03:01 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\46EE46CA.sys
2014-11-14 00:27 - 2014-11-14 00:27 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\34C750CB.sys
2014-11-13 20:19 - 2014-11-13 20:19 - 00070528 _____ () C:\WINDOWS\system32\Drivers\13c0aa386e2175ba.sys
2014-11-10 16:36 - 2014-11-10 16:36 - 00242592 _____ () C:\Documents and Settings\IBM\Desktop\separate+-0.5.7.zip
2014-10-24 23:32 - 2014-10-24 23:33 - 00000000 ____D () C:\Program Files\GUMF.tmp
2014-10-19 00:19 - 2014-11-13 00:45 - 00016896 _____ () C:\Documents and Settings\IBM\Desktop\2015 Tour.xls
2014-10-18 16:36 - 2014-10-18 16:36 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-18 16:35 - 2014-10-18 16:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-10-18 16:35 - 2014-10-18 16:34 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-10-18 16:35 - 2014-10-18 16:34 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-10-18 16:35 - 2014-10-18 16:34 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-10-18 16:35 - 2014-10-18 16:34 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-10-18 16:35 - 2014-10-18 16:34 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-14 15:34 - 2006-12-15 18:03 - 00000000 ____D () C:\Documents and Settings\IBM\Local Settings\Temp
2014-11-14 15:29 - 2010-01-14 11:19 - 00256041 _____ () C:\WINDOWS\setupapi.log
2014-11-14 15:28 - 2006-12-04 23:46 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-14 15:28 - 2006-12-04 23:37 - 00000000 ____D () C:\WINDOWS\repair
2014-11-14 15:25 - 2009-11-15 02:09 - 00000000 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\prvlcl.dat
2014-11-14 15:20 - 2008-06-22 14:05 - 00000000 ____D () C:\WINDOWS\system32\Drivers\Avg
2014-11-14 15:11 - 2007-10-22 13:22 - 00007356 _____ () C:\WINDOWS\RTacDbg.txt
2014-11-14 15:08 - 2012-12-12 16:25 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-14 15:08 - 2006-12-04 23:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-14 15:08 - 2006-12-04 23:44 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-11-14 15:08 - 2006-12-04 23:44 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-14 15:08 - 1980-01-01 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-14 03:17 - 2006-12-15 19:17 - 01076008 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-14 03:17 - 2006-12-15 18:03 - 00000178 ___SH () C:\Documents and Settings\IBM\ntuser.ini
2014-11-14 03:17 - 2006-12-05 00:15 - 00031988 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-14 03:13 - 2006-12-05 00:21 - 00000314 _____ () C:\WINDOWS\Tasks\BMMTask.job
2014-11-14 02:43 - 2012-12-12 16:25 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-14 01:34 - 2012-01-11 17:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2646524$
2014-11-13 20:25 - 2014-08-06 14:25 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-13 20:24 - 2014-08-06 14:24 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-13 20:24 - 2014-08-06 14:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-13 20:24 - 2014-08-06 14:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-13 02:15 - 2007-12-02 16:46 - 00000551 _____ () C:\WINDOWS\IBM.xlb
2014-11-08 18:23 - 2013-06-02 14:26 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\Derbyshire Heritage Walks
2014-11-08 00:12 - 2010-07-30 07:13 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\Desktop cleanup
2014-11-08 00:11 - 2014-08-17 12:54 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\2014
2014-10-27 15:49 - 2007-09-24 10:58 - 00131584 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-26 13:54 - 2006-12-04 23:40 - 00509652 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-25 22:40 - 2010-07-30 07:51 - 00000000 ____D () C:\Documents and Settings\IBM\Application Data\vlc
2014-10-25 21:53 - 2011-01-14 01:00 - 00000000 ____D () C:\Documents and Settings\IBM\Application Data\dvdcss
2014-10-18 16:34 - 2007-09-24 13:27 - 00000000 ____D () C:\Program Files\Java
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\hhupd.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ntfsfix.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Shockwave_Installer_Full-8-5.exe
C:\Documents and Settings\Default User\Local Settings\Temp\hhupd.exe
C:\Documents and Settings\Default User\Local Settings\Temp\ntfsfix.exe
C:\Documents and Settings\Default User\Local Settings\Temp\Shockwave_Installer_Full-8-5.exe
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\{1ACB7F4D-5850-43BD-917E-D317FFF39891}-37.0.2062.124_37.0.2062.120_chrome_updater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-11-2014 01
Ran by IBM at 2014-11-14 15:36:08
Running from C:\Documents and Settings\IBM\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Anti-Virus Free (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
802.11g Wireless Adapter HW.15 V.1.00 (HKLM\...\InstallShield_{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}) (Version: 1.00.0000 - )
802.11g Wireless Adapter HW.15 V.1.00 (Version: 1.00.0000 - ) Hidden
Access ThinkPad (HKLM\...\{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}) (Version: 3.5 - IBM Corporation)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader 8.1.7 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.7 - Adobe Systems Incorporated)
Agere Systems AC'97 Modem (HKLM\...\Agere Systems Soft Modem) (Version: 2.1.31 - )
ArcSoft PhotoStudio 5 (HKLM\...\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}) (Version: - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: - )
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
AVG Free 9.0 (HKLM\...\AVG9Uninstall) (Version: - AVG Technologies)
Bullzip PDF Printer 10.3.0.2191 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.3.0.2191 - Bullzip)
Canon CanoScan Toolbox 4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version: - )
CanoScan LiDE20,30 Manual (HKLM\...\{B360A8E5-C171-4AAE-9777-65B3CDB0072C}) (Version: - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
dBpoweramp FLAC Codec (HKLM\...\dBpoweramp FLAC Codec) (Version: Release 10 (FLAC 1.2.0) - Illustrate)
dBpoweramp m4a Codec (HKLM\...\dBpoweramp m4a Codec) (Version: Release 9 - Illustrate)
dBpoweramp Music Converter (HKLM\...\dBpoweramp Music Converter) (Version: Release 12.3 - )
dBpoweramp Shorten Codec (HKLM\...\dBpoweramp Shorten Codec) (Version: - )
dBpoweramp Windows Media Audio 10 Codec (HKLM\...\dBpoweramp Windows Media Audio 10 Codec) (Version: - )
DOOM Collector's Edition (HKLM\...\DOOM Collector's Edition) (Version: - )
FileZilla (remove only) (HKLM\...\FileZilla) (Version: - )
FLV Player (HKLM\...\FLV Player2.0 ) (Version: 2.0 - Applian Technologies Inc.)
FLV Player 2.0 (build 25) (HKLM\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
IBM Access Connections (HKLM\...\{22B71A00-4DED-11D4-A5E5-0004AC564F43}) (Version: - )
IBM Rapid Restore PC Setup (HKLM\...\{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}) (Version: 1.00.1100 - IBM Corporation)
IBM ThinkPad Access Support (HKLM\...\IBM Access Support) (Version: - )
IBM ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.25.01 - )
IBM TrackPoint Accessibility Features (HKLM\...\{EA664480-3844-11D5-8C25-444553540000}) (Version: - )
IBM TrackPoint Support (HKLM\...\TrackPoint) (Version: - )
Intel(R) PRO Ethernet Adapter and Software (HKLM\...\PROSet) (Version: - )
InterVideo WinDVD (HKLM\...\{C1939820-A945-11D4-86F6-0001031E5712}) (Version: - InterVideo Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
LightScribe 1.6.43.1 (Version: 1.6.43.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Excel 7.0 (HKLM\...\Excel) (Version: - )
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Word 97 (HKLM\...\Word8.0) (Version: - )
Mozilla Firefox (3.6.28) (HKLM\...\Mozilla Firefox (3.6.28)) (Version: 3.6.28 (en-US) - Mozilla)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Nero - Burning Rom (HKLM\...\{A4D7B764-4140-11D4-88EB-0050DA3579C0}) (Version: 5.5.9 - ahead software gmbh)
Orange Siemens Router (HKLM\...\OrangeSiemens) (Version: - )
Orange Toolbar (HKLM\...\OrangeToolbarUK) (Version: 1.0 - France Telecom SA)
PhotoFinish® 4.1 (HKLM\...\pfinish41) (Version: - )
Replay Converter 3 (HKLM\...\Replay Converter 3) (Version: 3.20 - Applian Technologies Inc.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Support.com Software (HKLM\...\Support.com) (Version: - )
ThinkPad Configuration (HKLM\...\ThinkPad Configuration) (Version: - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: - )
ThinkPad Software Installer (HKLM\...\ThinkPadSoftwareInstaller) (Version: - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Uninstall PC-Doctor (HKLM\...\PC-Doctor) (Version: - )
VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20061107.210142 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Rights Management Client Backwards Compatibility SP2 (HKLM\...\{EC905264-BCFE-423B-9C42-C3A106266790}) (Version: 5.2.70 - Microsoft)
Windows Rights Management Client with Service Pack 2 (HKLM\...\{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}) (Version: 5.2.70 - Microsoft)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
xp-AntiSpy 3.92 (HKLM\...\xp-AntiSpy) (Version: 3.92 - Christian Taubenheim)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
07-10-2014 22:22:27 System Checkpoint
10-10-2014 10:23:40 System Checkpoint
14-10-2014 16:56:13 System Checkpoint
17-10-2014 15:02:43 System Checkpoint
18-10-2014 16:32:57 Removed Java 7 Update 67
18-10-2014 16:34:15 Installed Java 7 Update 71
19-10-2014 17:18:02 System Checkpoint
21-10-2014 17:16:15 System Checkpoint
23-10-2014 17:02:34 System Checkpoint
25-10-2014 17:18:25 System Checkpoint
27-10-2014 18:08:20 System Checkpoint
28-10-2014 18:16:45 System Checkpoint
30-10-2014 18:02:37 System Checkpoint
02-11-2014 18:47:01 System Checkpoint
05-11-2014 14:49:57 Avg Update
06-11-2014 18:00:06 System Checkpoint
07-11-2014 18:44:35 System Checkpoint
11-11-2014 18:30:56 System Checkpoint
12-11-2014 18:35:17 System Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
1980-01-01 08:00 - 2014-05-29 16:41 - 00453965 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.139mm.com
127.0.0.1 139mm.com
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\BMMTask.job => C:\PROGRA~1\ThinkPad\UTILIT~1\Bmmtask.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
1980-01-01 08:00 - 2003-07-03 09:25 - 00057344 _____ () C:\WINDOWS\system32\ibmpmsvc.exe
1980-01-01 08:00 - 2002-06-12 21:27 - 00131072 _____ () C:\WINDOWS\System32\Ati2evxx.exe
2006-12-05 00:21 - 2002-07-15 10:20 - 00040960 _____ () C:\WINDOWS\System32\QCONSVC.EXE
1980-01-01 08:00 - 2002-03-20 11:05 - 00114688 _____ () C:\WINDOWS\system32\tp4uires.dll
2006-12-05 00:21 - 2002-07-15 10:20 - 00491520 _____ () C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
2006-12-05 00:21 - 2002-07-15 10:20 - 00376832 _____ () C:\Program Files\ThinkPad\ConnectUtilities\QCON.dll
2006-12-05 00:21 - 2002-07-15 10:20 - 00049152 _____ () C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
1980-01-01 08:00 - 2002-05-30 05:01 - 00069632 _____ () C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
1980-01-01 08:00 - 2001-11-14 01:16 - 00024576 _____ () C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll
2006-11-19 22:04 - 2006-11-19 22:04 - 00634880 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe
2007-10-22 13:20 - 2006-11-19 22:02 - 00049152 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanDll.dll
2007-10-22 13:20 - 2006-07-29 03:05 - 00979035 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\acAuth.dll
1980-01-01 08:00 - 2008-04-14 00:11 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
1980-01-01 08:00 - 2008-04-14 00:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-10-28 19:45 - 2014-10-22 04:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 19:45 - 2014-10-22 04:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-247674877-3848448594-3852255402-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-247674877-3848448594-3852255402-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-247674877-3848448594-3852255402-1003 - Limited - Disabled)
IBM (S-1-5-21-247674877-3848448594-3852255402-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\IBM
SUPPORT_388945a0 (S-1-5-21-247674877-3848448594-3852255402-1002 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/08/2014 07:42:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 38.0.2125.111, faulting module chrome.dll, version 38.0.2125.111, fault address 0x00007d42.
Processing media-specific event for [chrome.exe!ws!]
Error: (11/04/2014 05:56:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 38.0.2125.111, faulting module chrome.dll, version 38.0.2125.111, fault address 0x00007d42.
Processing media-specific event for [chrome.exe!ws!]
Error: (10/27/2014 03:49:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module avisplitter.ax, version 1.0.0.7, fault address 0x000234e8.
Processing media-specific event for [explorer.exe!ws!]
Error: (10/20/2014 04:11:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 38.0.2125.104, faulting module chrome.dll, version 38.0.2125.104, fault address 0x00007d42.
Processing media-specific event for [chrome.exe!ws!]
Error: (10/19/2014 00:17:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 38.0.2125.104, faulting module chrome.dll, version 38.0.2125.104, fault address 0x00007d42.
Processing media-specific event for [chrome.exe!ws!]
Error: (10/04/2014 03:25:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 37.0.2062.124, faulting module chrome.dll, version 37.0.2062.124, fault address 0x00007f75.
Processing media-specific event for [chrome.exe!ws!]
Error: (09/23/2014 06:00:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 37.0.2062.120, faulting module chrome.dll, version 37.0.2062.120, fault address 0x00008ad8.
Processing media-specific event for [chrome.exe!ws!]
Error: (09/07/2014 03:30:18 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 478813462.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
Error: (09/07/2014 03:17:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 37.0.2062.103, faulting module chrome.dll, version 37.0.2062.103, fault address 0x002f07ed.
Processing media-specific event for [chrome.exe!ws!]
Error: (09/01/2014 11:33:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 36.0.1985.143, faulting module chrome.dll, version 36.0.1985.143, fault address 0x00007c31.
Processing media-specific event for [chrome.exe!ws!]
System errors:
=============
Error: (11/14/2014 03:11:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SjyPkt service failed to start due to the following error:
%%2
Error: (11/14/2014 03:08:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AvgMfx86
Error: (11/14/2014 02:59:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AvgMfx86
Error: (11/14/2014 02:53:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SjyPkt service failed to start due to the following error:
%%2
Error: (11/14/2014 01:36:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AvgMfx86
Error: (11/14/2014 00:23:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SjyPkt service failed to start due to the following error:
%%2
Error: (11/14/2014 00:23:53 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AvgMfx86
Error: (11/14/2014 00:18:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SjyPkt service failed to start due to the following error:
%%2
Error: (11/13/2014 08:36:54 PM) (Source: 0) (EventID: 1) (User: )
Description: \Device\ACPIEC
Error: (11/13/2014 08:19:57 PM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
Microsoft Office Sessions:
=========================
Error: (11/08/2014 07:42:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.111chrome.dll38.0.2125.11100007d42
Error: (11/04/2014 05:56:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.111chrome.dll38.0.2125.11100007d42
Error: (10/27/2014 03:49:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512avisplitter.ax1.0.0.7000234e8
Error: (10/20/2014 04:11:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.104chrome.dll38.0.2125.10400007d42
Error: (10/19/2014 00:17:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.104chrome.dll38.0.2125.10400007d42
Error: (10/04/2014 03:25:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe37.0.2062.124chrome.dll37.0.2062.12400007f75
Error: (09/23/2014 06:00:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe37.0.2062.120chrome.dll37.0.2062.12000008ad8
Error: (09/07/2014 03:30:18 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: 478813462
Error: (09/07/2014 03:17:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe37.0.2062.103chrome.dll37.0.2062.103002f07ed
Error: (09/01/2014 11:33:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe36.0.1985.143chrome.dll36.0.1985.14300007c31
==================== Memory info ===========================
Processor: Mobile Intel(R) Pentium(R) 4 - M CPU 1.70GHz
Percentage of memory in use: 50%
Total physical RAM: 1022.98 MB
Available physical RAM: 504.39 MB
Total Pagefile: 1311.25 MB
Available Pagefile: 555.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.28 MB
==================== Drives ================================
Drive c: (IBM_PRELOAD) (Fixed) (Total:17.22 GB) (Free:1.17 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 18.6 GB) (Disk ID: A266A266)
Partition 1: (Active) - (Size=17.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1.4 GB) - (Type=1C)
==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-11-14 15:37:49
-----------------------------
15:37:49.903 OS Version: Windows 5.1.2600 Service Pack 3
15:37:49.903 Number of processors: 1 586 0x207
15:37:49.903 ComputerName: THINKPAD UserName: IBM
15:37:50.744 Initialze error C0000001 - driver not loaded
15:43:41.990 AVAST engine defs: 14111301
15:44:14.897 Service scanning
15:44:21.837 Service 13c0aa386e2175ba C:\WINDOWS\System32\Drivers\13c0aa386e2175ba.sys **HIDDEN**
15:44:23.499 Service 13c0aa386e2175ba C:\WINDOWS\System32\Drivers\13c0aa386e2175ba.sys **LOCKED**
15:45:21.953 Modules scanning
15:45:21.953 Disk 0 trace - called modules:
15:45:21.963
15:45:24.217 AVAST engine scan C:\WINDOWS
15:46:16.271 AVAST engine scan C:\WINDOWS\system32
15:51:00.610 AVAST engine scan C:\WINDOWS\system32\drivers
15:51:25.246 AVAST engine scan C:\Documents and Settings\IBM
16:11:53.502 AVAST engine scan C:\Documents and Settings\All Users
16:16:24.732 Scan finished successfully
16:17:03.818 The log file has been saved successfully to "C:\Documents and Settings\IBM\Desktop\aswMBR.txt"
Hope you can help with this one as, while it may be an old and fairly slow machine, it is by far the most reliable computer I've ever had!!
Hi lather,
My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Please stay with this topic until I let you know that your system appears to be "All Clear"
Important: All tools MUST be run from the Desktop.
=========================
As you've stated in your intro you are well aware of the age of your computer. But please be mindful of the fact that Microsoft no longer offers updates for Windows XP. Even running a firewall and anti-virus your computer will still be very vulnerable to infection. You should really consider upgrading to a supported operating system.
With that said, you've managed to pick up a Necurs Rootkit. Let's see what we can do to remove it.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) RogueKiller
Download to your desktop RogueKiller (http://www.bleepingcomputer.com/download/roguekiller/) (by tigzy)
http://i1269.photobucket.com/albums/jj590/OCD-WTT/RogueKiller_zps5799200f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/RogueKiller_zps5799200f.gif.html)
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Quit all programs
Wait until Prescan has finished ...
Click on Scan, Do Not Fix Anything at this point.
Click the Report button, save the report to your desktop
=========================
In your next post please provide the following:
RogueKiller log
Hi, and thanks for the help. Looked up the details of Necurs and it looks nasty!
Here's the report:
RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : IBM [Administrator]
Mode : Scan -- Date : 11/16/2014 00:35:09
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 9 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312
-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[Root.Necurs] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\13c0aa386e2175ba -> Found
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\13c0aa386e2175ba -> Found
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\13c0aa386e2175ba -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet
Explorer\Main | Start Page : file:///C:/Documents/Links_07.htm -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet
Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004
\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Found
[PUM.DesktopIcons]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel |
{20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc0000001]) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] it92t6zv.default : user_pref("browser.startup.homepage",
"file:///C:/Documents/Links_07.htm"); -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: IC25N020ATCS04-0 +++++
--- User ---
[MBR] b6351a83af7db8b2b21a75bce7ef0bde
[BSP] 8ac2aeb576eb43be8ab59644d36fa76e : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 17637 MB
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 36121680 | Size: 1439 MB
User = LL1 ... OK
User = LL2 ... OK
Hi lather,
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run RogueKiller
Right click and select "Run as Administrator"
Quit all programs
Wait until Prescan has finished ...
Click on Scan.
After the scan has completed click on the Registry tab
Wait until the Status box shows "Scan Finished"
Click the Delete button
Wait until the Status box shows "Deleting Finished"
Click the Report button, save the report to your desktop
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) TDSSKiller
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) - Extract it to your desktop
or from here >> http://www.bleepingcomputer.com/download/tdsskiller/
TDSSKiller.exe
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================
In your next post please provide the following:
RogueKiller log
TDSSKiller log
new FRST.txt
OK, I've run the programs you asked for, and the results are included below. Things are definitely looking hopeful, as AVG is no longer reporting an error.
One thought that has struck me, and that may need a little additional attention, is that when the problems first started, we'd got a second hard drive in the machine in a caddy in place of the DVD drive. As this was removed and the DVD drive re-installed before the issue was identified as being something more than a typical Windows start-up glitch, it hasn't been scanned by any of the programs used up to now. Is it possible that the infection could also have hit this drive (set up as a non-bootable D: drive containing an archive of data files like Word documents, pictures, videos and music tracks, plus archived software in zip files), and if so, what's going to be the best way of checking it to make sure its OK?
Anyway, here's the reports you asked for. Two TDSSkiller reports were generated - looks like one before and one after the reboot. The second one looks like it was just a partial one, but I've included both, just in case:
RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : IBM [Administrator]
Mode : Delete -- Date : 11/16/2014 15:24:10
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 9 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Not selected
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Not selected
[Root.Necurs] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\13c0aa386e2175ba -> ERROR [4001]
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\13c0aa386e2175ba -> ERROR [4001]
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\13c0aa386e2175ba -> ERROR [4001]
[PUM.HomePage] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main | Start Page : file:///C:/Documents/Links_07.htm -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc0000001]) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] it92t6zv.default : user_pref("browser.startup.homepage", "file:///C:/Documents/Links_07.htm"); -> Not selected
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: IC25N020ATCS04-0 +++++
--- User ---
[MBR] b6351a83af7db8b2b21a75bce7ef0bde
[BSP] 8ac2aeb576eb43be8ab59644d36fa76e : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 17637 MB
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 36121680 | Size: 1439 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_11162014_003509.log - RKreport_SCN_11162014_152242.log
15:25:52.0396 0x0bcc TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
15:26:05.0765 0x0bcc ============================================================
15:26:05.0765 0x0bcc Current date / time: 2014/11/16 15:26:05.0765
15:26:05.0765 0x0bcc SystemInfo:
15:26:05.0765 0x0bcc
15:26:05.0765 0x0bcc OS Version: 5.1.2600 ServicePack: 3.0
15:26:05.0765 0x0bcc Product type: Workstation
15:26:05.0765 0x0bcc ComputerName: THINKPAD
15:26:05.0765 0x0bcc UserName: IBM
15:26:05.0765 0x0bcc Windows directory: C:\WINDOWS
15:26:05.0765 0x0bcc System windows directory: C:\WINDOWS
15:26:05.0765 0x0bcc Processor architecture: Intel x86
15:26:05.0765 0x0bcc Number of processors: 1
15:26:05.0765 0x0bcc Page size: 0x1000
15:26:05.0765 0x0bcc Boot type: Normal boot
15:26:05.0765 0x0bcc ============================================================
15:26:10.0021 0x0bcc KLMD registered as C:\WINDOWS\system32\drivers\58266890.sys
15:26:42.0839 0x0bcc System UUID: {65C7A9CC-C291-863E-FB8C-E2EA3E48D80E}
15:26:45.0202 0x0bcc !crdlk
15:26:45.0232 0x0bcc Drive \Device\Harddisk0\DR0 - Size: 0x4A8530000 ( 18.63 Gb ), SectorSize: 0x200, Cylinders: 0xA18, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'A'
15:26:45.0292 0x0bcc ============================================================
15:26:45.0292 0x0bcc \Device\Harddisk0\DR0:
15:26:45.0292 0x0bcc MBR partitions:
15:26:45.0292 0x0bcc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2272C11
15:26:45.0292 0x0bcc ============================================================
15:26:45.0322 0x0bcc C: <-> \Device\Harddisk0\DR0\Partition1
15:26:45.0502 0x0bcc ============================================================
15:26:45.0502 0x0bcc Initialize success
15:26:45.0502 0x0bcc ============================================================
15:26:58.0281 0x0734 ============================================================
15:26:58.0281 0x0734 Scan started
15:26:58.0281 0x0734 Mode: Manual;
15:26:58.0281 0x0734 ============================================================
15:26:58.0281 0x0734 KSN ping started
15:27:03.0118 0x0734 KSN ping finished: true
15:27:05.0011 0x0734 ================ Scan system memory ========================
15:27:05.0011 0x0734 System memory - ok
15:27:05.0031 0x0734 ================ Scan services =============================
15:27:05.0161 0x0734 Suspicious service (NoAccess): 13c0aa386e2175ba
15:27:05.0481 0x0734 [ FBF43299719DF340CF426A96CD5DD8F1, 55C8A2762DB4C0E56A09F1F473C699767D079D3B1B9656A58E6066FBA28AAF6F ] 13c0aa386e2175ba C:\WINDOWS\System32\Drivers\13c0aa386e2175ba.sys
15:27:05.0481 0x0734 Suspicious file ( NoAccess ): C:\WINDOWS\System32\Drivers\13c0aa386e2175ba.sys. md5: FBF43299719DF340CF426A96CD5DD8F1, sha256: 55C8A2762DB4C0E56A09F1F473C699767D079D3B1B9656A58E6066FBA28AAF6F
15:27:06.0282 0x0734 13c0aa386e2175ba - detected Rootkit.Win32.Necurs.gen ( 0 )
15:27:09.0146 0x0734 13c0aa386e2175ba ( Rootkit.Win32.Necurs.gen ) - infected
15:27:09.0146 0x0734 Force sending object to P2P due to detect: 13c0aa386e2175ba
15:27:11.0710 0x0734 Object send P2P result: true
15:27:17.0208 0x0734 Abiosdsk - ok
15:27:17.0268 0x0734 abp480n5 - ok
15:27:17.0418 0x0734 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:27:17.0428 0x0734 ACPI - ok
15:27:17.0559 0x0734 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:27:17.0559 0x0734 ACPIEC - ok
15:27:17.0609 0x0734 adpu160m - ok
15:27:17.0749 0x0734 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:27:17.0759 0x0734 aec - ok
15:27:17.0939 0x0734 [ 58A8273918EEF2BF9204B12ED171513A, 6C79AC93FBBD8B877DD71557A8B2A2B9C20277BBFCEDE6A1ECA7FFC650FC6143 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:27:17.0939 0x0734 AegisP - ok
15:27:18.0079 0x0734 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:27:18.0099 0x0734 AFD - ok
15:27:18.0410 0x0734 [ AFF071B6290776E1FA162837C35EAC78, 07F3CDB27C767BEDB9E8C82A4FE738AD408225C2A22428669F742EDF30410758 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:27:18.0550 0x0734 AgereSoftModem - ok
15:27:18.0820 0x0734 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
15:27:18.0820 0x0734 agp440 - ok
15:27:18.0870 0x0734 Aha154x - ok
15:27:18.0890 0x0734 aic78u2 - ok
15:27:18.0951 0x0734 aic78xx - ok
15:27:19.0041 0x0734 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:27:19.0041 0x0734 Alerter - ok
15:27:19.0111 0x0734 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
15:27:19.0121 0x0734 ALG - ok
15:27:19.0191 0x0734 AliIde - ok
15:27:19.0241 0x0734 amsint - ok
15:27:19.0421 0x0734 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:27:19.0431 0x0734 AppMgmt - ok
15:27:19.0501 0x0734 asc - ok
15:27:19.0561 0x0734 asc3350p - ok
15:27:19.0592 0x0734 asc3550 - ok
15:27:19.0862 0x0734 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:27:20.0092 0x0734 aspnet_state - ok
15:27:20.0232 0x0734 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:27:20.0232 0x0734 AsyncMac - ok
15:27:20.0353 0x0734 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:27:20.0363 0x0734 atapi - ok
15:27:20.0443 0x0734 Atdisk - ok
15:27:20.0563 0x0734 [ 418CDC2888D01E1CD5CE297AF00807A3, 1DE3277683E0D3D2B1B83FF9D718C125E3D542477C1505063DDE8145C408391D ] Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe
15:27:20.0573 0x0734 Ati HotKey Poller - ok
15:27:20.0783 0x0734 [ D1F804642C627782C6D213BCE0604F09, 43DB2A74835B5E5C796509990E0FCB4A4897A027D0117F5B6C8ECD37E80F7F28 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:27:20.0823 0x0734 ati2mtag - ok
15:27:20.0984 0x0734 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:27:20.0984 0x0734 Atmarpc - ok
15:27:21.0094 0x0734 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:27:21.0104 0x0734 AudioSrv - ok
15:27:21.0224 0x0734 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:27:21.0224 0x0734 audstub - ok
15:27:21.0594 0x0734 [ AA054CD537357F03D5BA6ABA7562B35F, F331D929920D38B53FEA464AF54DB59224882D386C55689CDDF6C6DC1473284E ] avg9emc C:\Program Files\AVG\AVG9\avgemc.exe
15:27:21.0685 0x0734 avg9emc - ok
15:27:21.0915 0x0734 [ C4D15594DB5BE042D3346EA58DF87D89, 8E24868518DE53F28C92C473A415BED613665287F338B815FEDE21D151F01962 ] avg9wd C:\Program Files\AVG\AVG9\avgwdsvc.exe
15:27:21.0945 0x0734 avg9wd - ok
15:27:22.0135 0x0734 [ A9F4D19DE72C738759330D10D35C4398, 46D760EBFBABF3FDCD02F4AC38180FBFFEFFA36F68C18602695A9FCB6C4C13DE ] AvgLdx86 C:\WINDOWS\System32\Drivers\avgldx86.sys
15:27:22.0145 0x0734 AvgLdx86 - ok
15:27:22.0285 0x0734 [ 80FF2B1B7EEDA966394F0BAA895BBF4B, D8F5C111837707DC37975C1E315FCD33BF96AB21D89874CB0290134A44C46BEF ] AvgMfx86 C:\WINDOWS\System32\Drivers\avgmfx86.sys
15:27:22.0295 0x0734 AvgMfx86 - ok
15:27:22.0416 0x0734 [ 9A7A93388F503A34E7339AE7F9997449, 9549146C19EAF65DB98314A7CCB0AB27503DC812B521444CBEA5493998ADAA80 ] AvgTdiX C:\WINDOWS\System32\Drivers\avgtdix.sys
15:27:22.0446 0x0734 AvgTdiX - ok
15:27:22.0606 0x0734 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:27:22.0616 0x0734 Beep - ok
15:27:22.0796 0x0734 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
15:27:23.0097 0x0734 BITS - ok
15:27:23.0287 0x0734 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
15:27:23.0297 0x0734 Browser - ok
15:27:23.0387 0x0734 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:27:23.0397 0x0734 cbidf2k - ok
15:27:23.0477 0x0734 cd20xrnt - ok
15:27:23.0567 0x0734 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:27:23.0567 0x0734 Cdaudio - ok
15:27:23.0667 0x0734 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:27:23.0677 0x0734 Cdfs - ok
15:27:24.0038 0x0734 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:27:24.0038 0x0734 Cdrom - ok
15:27:24.0088 0x0734 Changer - ok
15:27:24.0178 0x0734 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] cisvc C:\WINDOWS\System32\cisvc.exe
15:27:24.0188 0x0734 cisvc - ok
15:27:24.0298 0x0734 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:27:24.0308 0x0734 ClipSrv - ok
15:27:24.0428 0x0734 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:27:24.0719 0x0734 clr_optimization_v2.0.50727_32 - ok
15:27:24.0899 0x0734 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:27:24.0899 0x0734 CmBatt - ok
15:27:24.0949 0x0734 CmdIde - ok
15:27:24.0999 0x0734 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:27:25.0009 0x0734 Compbatt - ok
15:27:25.0089 0x0734 COMSysApp - ok
15:27:25.0180 0x0734 Cpqarray - ok
15:27:25.0350 0x0734 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:27:25.0350 0x0734 CryptSvc - ok
15:27:25.0430 0x0734 dac2w2k - ok
15:27:25.0470 0x0734 dac960nt - ok
15:27:25.0660 0x0734 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:27:25.0690 0x0734 DcomLaunch - ok
15:27:25.0991 0x0734 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:27:26.0001 0x0734 Dhcp - ok
15:27:26.0151 0x0734 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:27:26.0161 0x0734 Disk - ok
15:27:26.0211 0x0734 dmadmin - ok
15:27:26.0491 0x0734 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:27:26.0552 0x0734 dmboot - ok
15:27:26.0712 0x0734 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:27:26.0722 0x0734 dmio - ok
15:27:26.0902 0x0734 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:27:26.0902 0x0734 dmload - ok
15:27:27.0062 0x0734 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
15:27:27.0062 0x0734 dmserver - ok
15:27:27.0202 0x0734 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:27:27.0202 0x0734 DMusic - ok
15:27:27.0363 0x0734 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:27:27.0373 0x0734 Dnscache - ok
15:27:27.0473 0x0734 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:27:27.0483 0x0734 Dot3svc - ok
15:27:27.0563 0x0734 dpti2o - ok
15:27:27.0663 0x0734 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:27:27.0673 0x0734 drmkaud - ok
15:27:27.0803 0x0734 [ 816AC73D056626333DD1D8F759F0AFAA, E41A12680088D927D011F84F1F173DB9D47444A7C7F701BCC39E7165A313B5A8 ] DSMBATT C:\WINDOWS\system32\drivers\DSMBATT.SYS
15:27:27.0803 0x0734 DSMBATT - ok
15:27:27.0944 0x0734 [ 81459BD6D8FEAADF2848AE88B3D02EC3, 240CEBFD1CDF824C43748362B3BDCE1B9D9CA238EDDC1E14051D006C6CCDFCF5 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:27:27.0954 0x0734 E100B - ok
15:27:28.0054 0x0734 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:27:28.0064 0x0734 EapHost - ok
15:27:28.0234 0x0734 [ 938F1EC77BA35858248E584B2D2E9776, E48E7C363F4AAF8601016E3AAAD50C5C99E83747733C6339D9E21D3C8DDDE7B5 ] EGATHDRV C:\WINDOWS\system32\EGATHDRV.SYS
15:27:28.0234 0x0734 EGATHDRV - ok
15:27:28.0444 0x0734 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:27:28.0444 0x0734 ERSvc - ok
15:27:28.0604 0x0734 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
15:27:28.0614 0x0734 Eventlog - ok
15:27:28.0775 0x0734 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\System32\es.dll
15:27:28.0795 0x0734 EventSystem - ok
15:27:29.0045 0x0734 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:27:29.0055 0x0734 Fastfat - ok
15:27:29.0235 0x0734 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:27:29.0245 0x0734 FastUserSwitchingCompatibility - ok
15:27:29.0356 0x0734 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:27:29.0366 0x0734 Fdc - ok
15:27:29.0456 0x0734 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:27:29.0456 0x0734 Fips - ok
15:27:29.0536 0x0734 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:27:29.0536 0x0734 Flpydisk - ok
15:27:29.0716 0x0734 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:27:29.0736 0x0734 FltMgr - ok
15:27:29.0976 0x0734 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:27:30.0006 0x0734 FontCache3.0.0.0 - ok
15:27:30.0087 0x0734 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:27:30.0087 0x0734 Fs_Rec - ok
15:27:30.0237 0x0734 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:27:30.0247 0x0734 Ftdisk - ok
15:27:30.0387 0x0734 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:27:30.0387 0x0734 Gpc - ok
15:27:30.0637 0x0734 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:27:30.0647 0x0734 gupdate - ok
15:27:30.0768 0x0734 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:27:30.0778 0x0734 gupdatem - ok
15:27:31.0008 0x0734 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:27:31.0008 0x0734 helpsvc - ok
15:27:31.0098 0x0734 HidServ - ok
15:27:31.0198 0x0734 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:27:31.0198 0x0734 hidusb - ok
15:27:31.0318 0x0734 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:27:31.0328 0x0734 hkmsvc - ok
15:27:31.0398 0x0734 hpn - ok
15:27:31.0449 0x0734 hpt3xx - ok
15:27:31.0619 0x0734 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:27:31.0649 0x0734 HTTP - ok
15:27:31.0729 0x0734 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:27:31.0799 0x0734 HTTPFilter - ok
15:27:31.0879 0x0734 i2omgmt - ok
15:27:31.0909 0x0734 i2omp - ok
15:27:32.0039 0x0734 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:27:32.0039 0x0734 i8042prt - ok
15:27:32.0130 0x0734 [ 293131C1DA5F53CB05F75D637739D79C, F5F1A03FB012101FA143A288BCBC048A652A285F7DF533D1D08279E3A4D24326 ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
15:27:32.0130 0x0734 IBMPMDRV - ok
15:27:32.0220 0x0734 [ 91FA023C5203503776BCCC9CF96A0C59, A47C788A26E4D2A282DE2EC8A75E1544CAB17A2C5F4CF867026D3B95B3651D1D ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
15:27:32.0230 0x0734 IBMPMSVC - ok
15:27:32.0350 0x0734 [ 28DEEBA2E29CB0E91B641CA95F7740FD, 3E4D92E7211AA0CCD38561DB5F7CDC583C141A40D9077AA7D482336D3080369B ] IBMTPCHK C:\WINDOWS\system32\drivers\IBMBLDID.SYS
15:27:32.0350 0x0734 IBMTPCHK - ok
15:27:32.0600 0x0734 [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:27:32.0600 0x0734 IDriverT - ok
15:27:32.0991 0x0734 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:27:33.0231 0x0734 idsvc - ok
15:27:33.0411 0x0734 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:27:33.0421 0x0734 Imapi - ok
15:27:33.0522 0x0734 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\System32\imapi.exe
15:27:33.0532 0x0734 ImapiService - ok
15:27:33.0652 0x0734 ini910u - ok
15:27:33.0782 0x0734 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:27:33.0792 0x0734 IntelIde - ok
15:27:33.0902 0x0734 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:27:33.0902 0x0734 intelppm - ok
15:27:33.0962 0x0734 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:27:33.0962 0x0734 ip6fw - ok
15:27:34.0112 0x0734 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:27:34.0122 0x0734 IpFilterDriver - ok
15:27:34.0172 0x0734 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:27:34.0172 0x0734 IpInIp - ok
15:27:34.0323 0x0734 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:27:34.0343 0x0734 IpNat - ok
15:27:34.0453 0x0734 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:27:34.0463 0x0734 IPSec - ok
15:27:34.0553 0x0734 [ ACA5E7B54409F9CB5EED97ED0C81120E, 1E22F442EA77596F58D133F1A5887CDC4F3325DD0836D24A665E1D31287ABFF7 ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
15:27:34.0573 0x0734 irda - ok
15:27:34.0663 0x0734 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:27:34.0673 0x0734 IRENUM - ok
15:27:34.0793 0x0734 [ 49CC4533CE897CB2E93C1E84A818FDE5, F2AC81CDB971F630699616509748DCE133874EFC79B9D6230517B5A4DFBE193D ] Irmon C:\WINDOWS\System32\irmon.dll
15:27:34.0803 0x0734 Irmon - ok
15:27:35.0014 0x0734 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:27:35.0024 0x0734 isapnp - ok
15:27:35.0364 0x0734 [ DBDB1A25291B2D18C614F5CA963156A8, C8EA730A6A5BCBE7952AAA22F212C244014F206D2F4A274E29384C09F1F10A66 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
15:27:35.0384 0x0734 JavaQuickStarterService - ok
15:27:35.0534 0x0734 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:27:35.0534 0x0734 Kbdclass - ok
15:27:35.0635 0x0734 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:27:35.0655 0x0734 kmixer - ok
15:27:35.0865 0x0734 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:27:35.0875 0x0734 KSecDD - ok
15:27:36.0055 0x0734 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:27:36.0065 0x0734 lanmanserver - ok
15:27:36.0255 0x0734 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:27:36.0265 0x0734 lanmanworkstation - ok
15:27:36.0316 0x0734 lbrtfdc - ok
15:27:36.0526 0x0734 [ 31D8B705DCD5F2366186E731F87C7A71, D73DC732EF74C3C0EADD650B65BC6EEB44EA2C4E86BFD5BE989971A34FBA160A ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:27:36.0536 0x0734 LightScribeService - ok
15:27:36.0716 0x0734 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:27:36.0716 0x0734 LmHosts - ok
15:27:36.0786 0x0734 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:27:36.0786 0x0734 Messenger - ok
15:27:36.0946 0x0734 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:27:36.0946 0x0734 mnmdd - ok
15:27:37.0077 0x0734 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
15:27:37.0077 0x0734 mnmsrvc - ok
15:27:37.0247 0x0734 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:27:37.0257 0x0734 Modem - ok
15:27:37.0337 0x0734 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:27:37.0337 0x0734 Mouclass - ok
15:27:37.0507 0x0734 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:27:37.0517 0x0734 mouhid - ok
15:27:37.0607 0x0734 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:27:37.0607 0x0734 MountMgr - ok
15:27:37.0698 0x0734 mraid35x - ok
15:27:37.0768 0x0734 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:27:37.0788 0x0734 MRxDAV - ok
15:27:37.0978 0x0734 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:27:38.0018 0x0734 MRxSmb - ok
15:27:38.0178 0x0734 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\System32\msdtc.exe
15:27:38.0178 0x0734 MSDTC - ok
15:27:38.0288 0x0734 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:27:38.0288 0x0734 Msfs - ok
15:27:38.0389 0x0734 MSIServer - ok
15:27:38.0439 0x0734 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:27:38.0449 0x0734 MSKSSRV - ok
15:27:38.0539 0x0734 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:27:38.0539 0x0734 MSPCLOCK - ok
15:27:38.0639 0x0734 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:27:38.0649 0x0734 MSPQM - ok
15:27:38.0729 0x0734 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:27:38.0739 0x0734 mssmbios - ok
15:27:38.0839 0x0734 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:27:38.0849 0x0734 Mup - ok
15:27:39.0029 0x0734 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:27:39.0049 0x0734 napagent - ok
15:27:39.0150 0x0734 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:27:39.0170 0x0734 NDIS - ok
15:27:39.0320 0x0734 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:27:39.0320 0x0734 NdisTapi - ok
15:27:39.0480 0x0734 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:27:39.0480 0x0734 Ndisuio - ok
15:27:39.0570 0x0734 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:27:39.0580 0x0734 NdisWan - ok
15:27:39.0720 0x0734 [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:27:39.0720 0x0734 NDProxy - ok
15:27:39.0851 0x0734 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:27:39.0851 0x0734 NetBIOS - ok
15:27:39.0981 0x0734 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:27:40.0001 0x0734 NetBT - ok
15:27:40.0111 0x0734 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
15:27:40.0121 0x0734 NetDDE - ok
15:27:40.0231 0x0734 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:27:40.0241 0x0734 NetDDEdsdm - ok
15:27:40.0341 0x0734 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\System32\lsass.exe
15:27:40.0341 0x0734 Netlogon - ok
15:27:40.0542 0x0734 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
15:27:40.0572 0x0734 Netman - ok
15:27:40.0772 0x0734 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:27:40.0782 0x0734 NetTcpPortSharing - ok
15:27:41.0032 0x0734 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
15:27:41.0052 0x0734 Nla - ok
15:27:41.0263 0x0734 NMIndexingService - ok
15:27:41.0363 0x0734 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:27:41.0363 0x0734 Npfs - ok
15:27:41.0493 0x0734 [ 2ADC0CA9945C65284B3D19BC18765974, A8E2B848E85A3B38350F4134DE9CA6749854B988F9A0087C60D97E19D474CBF3 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
15:27:41.0493 0x0734 NSCIRDA - ok
15:27:41.0623 0x0734 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:27:41.0693 0x0734 Ntfs - ok
15:27:41.0833 0x0734 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
15:27:41.0833 0x0734 NtLmSsp - ok
15:27:42.0064 0x0734 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:27:42.0144 0x0734 NtmsSvc - ok
15:27:42.0444 0x0734 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
15:27:42.0454 0x0734 Null - ok
15:27:42.0615 0x0734 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:27:42.0615 0x0734 NwlnkFlt - ok
15:27:42.0675 0x0734 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:27:42.0675 0x0734 NwlnkFwd - ok
15:27:43.0005 0x0734 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:27:43.0015 0x0734 Parport - ok
15:27:43.0266 0x0734 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:27:43.0276 0x0734 PartMgr - ok
15:27:43.0486 0x0734 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:27:43.0486 0x0734 ParVdm - ok
15:27:43.0846 0x0734 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:27:43.0856 0x0734 PCI - ok
15:27:43.0997 0x0734 PCIDump - ok
15:27:44.0047 0x0734 PCIIde - ok
15:27:44.0347 0x0734 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:27:44.0357 0x0734 Pcmcia - ok
15:27:44.0507 0x0734 PDCOMP - ok
15:27:44.0557 0x0734 PDFRAME - ok
15:27:44.0628 0x0734 PDRELI - ok
15:27:44.0658 0x0734 PDRFRAME - ok
15:27:44.0718 0x0734 perc2 - ok
15:27:44.0788 0x0734 perc2hib - ok
15:27:45.0369 0x0734 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
15:27:45.0379 0x0734 PlugPlay - ok
15:27:45.0459 0x0734 [ FA292805788528C083F416E151B60AB6, CF47525D15FF3FF98768FF5AE8A8F0C01AE6300C249D24E518D2A02100D5A68A ] PMEM C:\WINDOWS\system32\drivers\PMEMNT.SYS
15:27:45.0469 0x0734 PMEM - ok
15:27:45.0719 0x0734 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
15:27:45.0719 0x0734 PolicyAgent - ok
15:27:46.0050 0x0734 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:27:46.0050 0x0734 PptpMiniport - ok
15:27:46.0420 0x0734 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
15:27:46.0420 0x0734 Processor - ok
15:27:46.0640 0x0734 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:27:46.0650 0x0734 ProtectedStorage - ok
15:27:46.0841 0x0734 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:27:46.0851 0x0734 PSched - ok
15:27:46.0961 0x0734 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:27:46.0961 0x0734 Ptilink - ok
15:27:47.0141 0x0734 [ 1BCFED0946F9460D6272F85B70B87A52, 6EDE283D9B5173D9F91C969E5F97A21282395769C989F609B1EFDE7B5E40EA97 ] QCONSVC C:\WINDOWS\system32\QCONSVC.EXE
15:27:47.0151 0x0734 QCONSVC - ok
15:27:47.0191 0x0734 ql1080 - ok
15:27:47.0241 0x0734 Ql10wnt - ok
15:27:47.0281 0x0734 ql12160 - ok
15:27:47.0351 0x0734 ql1240 - ok
15:27:47.0391 0x0734 ql1280 - ok
15:27:47.0472 0x0734 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:27:47.0472 0x0734 RasAcd - ok
15:27:47.0642 0x0734 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:27:47.0652 0x0734 RasAuto - ok
15:27:47.0832 0x0734 [ 0207D26DDF796A193CCD9F83047BB5FC, 13613036BCB869FBD7229A0FE25D324710308385D8C35E5D990A40E52BE040DF ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
15:27:47.0842 0x0734 Rasirda - ok
15:27:47.0892 0x0734 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:27:47.0892 0x0734 Rasl2tp - ok
15:27:48.0082 0x0734 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:27:48.0113 0x0734 RasMan - ok
15:27:48.0183 0x0734 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:27:48.0193 0x0734 RasPppoe - ok
15:27:48.0363 0x0734 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:27:48.0373 0x0734 Raspti - ok
15:27:48.0513 0x0734 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:27:48.0533 0x0734 Rdbss - ok
15:27:48.0653 0x0734 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:27:48.0653 0x0734 RDPCDD - ok
15:27:48.0743 0x0734 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:27:48.0763 0x0734 rdpdr - ok
15:27:48.0984 0x0734 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:27:48.0994 0x0734 RDPWD - ok
15:27:49.0174 0x0734 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:27:49.0194 0x0734 RDSessMgr - ok
15:27:49.0304 0x0734 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:27:49.0314 0x0734 redbook - ok
15:27:49.0434 0x0734 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:27:49.0454 0x0734 RemoteAccess - ok
15:27:49.0625 0x0734 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:27:49.0635 0x0734 RemoteRegistry - ok
15:27:49.0735 0x0734 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\System32\locator.exe
15:27:49.0745 0x0734 RpcLocator - ok
15:27:49.0975 0x0734 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:27:50.0015 0x0734 RpcSs - ok
15:27:50.0296 0x0734 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\System32\rsvp.exe
15:27:50.0316 0x0734 RSVP - ok
15:27:50.0526 0x0734 [ 88B63F291AE10C1B66D2B9ED6921A7DF, A0174FC75459CE38028B1436BD46234062A3FCBE164E139F53BE49BAB3B8F95F ] rtl8185 C:\WINDOWS\system32\DRIVERS\rtl8185.sys
15:27:50.0566 0x0734 rtl8185 - ok
15:27:50.0676 0x0734 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
15:27:50.0676 0x0734 SamSs - ok
15:27:50.0806 0x0734 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:27:50.0816 0x0734 SCardSvr - ok
15:27:51.0067 0x0734 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:27:51.0097 0x0734 Schedule - ok
15:27:51.0297 0x0734 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:27:51.0297 0x0734 Secdrv - ok
15:27:51.0437 0x0734 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:27:51.0447 0x0734 seclogon - ok
15:27:51.0577 0x0734 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
15:27:51.0588 0x0734 SENS - ok
15:27:51.0688 0x0734 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:27:51.0698 0x0734 serenum - ok
15:27:51.0838 0x0734 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:27:51.0838 0x0734 Serial - ok
15:27:52.0028 0x0734 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:27:52.0028 0x0734 Sfloppy - ok
15:27:52.0198 0x0734 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:27:52.0228 0x0734 SharedAccess - ok
15:27:52.0359 0x0734 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:27:52.0369 0x0734 ShellHWDetection - ok
15:27:52.0429 0x0734 Simbad - ok
15:27:52.0509 0x0734 SjyPkt - ok
15:27:52.0619 0x0734 [ E061A9A43C80BE5AA5D94F1EF4A713C1, 334CD9E8C4A57C2BF43A0D3895D18832C7EB0C5A6455CF3361A09F7A28DF4A6F ] Smapint C:\WINDOWS\system32\drivers\Smapint.sys
15:27:52.0619 0x0734 Smapint - ok
15:27:52.0879 0x0734 [ 7B06A22F16B64C23C41E0278B8DC90BF, 02867493783DAC96A90B6CD14B358C05C63FE0862A98BD71CD54F34E31632C54 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
15:27:52.0929 0x0734 smwdm - ok
15:27:53.0010 0x0734 Sparrow - ok
15:27:53.0140 0x0734 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:27:53.0140 0x0734 splitter - ok
15:27:53.0320 0x0734 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:27:53.0330 0x0734 Spooler - ok
15:27:53.0430 0x0734 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:27:53.0440 0x0734 sr - ok
15:27:53.0600 0x0734 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\System32\srsvc.dll
15:27:53.0620 0x0734 srservice - ok
15:27:53.0801 0x0734 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:27:53.0831 0x0734 Srv - ok
15:27:54.0011 0x0734 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:27:54.0021 0x0734 SSDPSRV - ok
15:27:54.0251 0x0734 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:27:54.0281 0x0734 stisvc - ok
15:27:54.0402 0x0734 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:27:54.0402 0x0734 swenum - ok
15:27:54.0532 0x0734 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:27:54.0532 0x0734 swmidi - ok
15:27:54.0602 0x0734 SwPrv - ok
15:27:54.0672 0x0734 symc810 - ok
15:27:54.0732 0x0734 symc8xx - ok
15:27:54.0772 0x0734 sym_hi - ok
15:27:54.0822 0x0734 sym_u3 - ok
15:27:54.0942 0x0734 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:27:54.0952 0x0734 sysaudio - ok
15:27:55.0093 0x0734 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:27:55.0103 0x0734 SysmonLog - ok
15:27:55.0293 0x0734 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:27:55.0323 0x0734 TapiSrv - ok
15:27:55.0503 0x0734 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:27:55.0543 0x0734 Tcpip - ok
15:27:55.0623 0x0734 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:27:55.0623 0x0734 TDPIPE - ok
15:27:55.0723 0x0734 [ 0353AC9D91E28D936E4227539B1B2393, 8B31C2F496C446DF69B898B9B585A1097DDCA3EE50ACD31B5E09D8B1CD68DF94 ] TDSMAPI C:\WINDOWS\system32\Drivers\TDSMAPI.SYS
15:27:55.0723 0x0734 TDSMAPI - ok
15:27:55.0824 0x0734 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:27:55.0824 0x0734 TDTCP - ok
15:27:55.0924 0x0734 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:27:55.0934 0x0734 TermDD - ok
15:27:56.0194 0x0734 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
15:27:56.0224 0x0734 TermService - ok
15:27:56.0384 0x0734 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
15:27:56.0404 0x0734 Themes - ok
15:27:56.0515 0x0734 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
15:27:56.0525 0x0734 TlntSvr - ok
15:27:56.0605 0x0734 TosIde - ok
15:27:56.0695 0x0734 [ 90579B74E1E110C2F379117047BDB356, EDD255C1A104DA6469846A4B4CDBFC5CB40DCD69DDE5207D799FB7DC850A014A ] Tp4Track C:\WINDOWS\system32\DRIVERS\tp4track.sys
15:27:56.0695 0x0734 Tp4Track - ok
15:27:56.0725 0x0734 [ 47F23B26F771765FD8CAC0EBAE4545E9, 2AFE4C57FE833F18E65F959DAF8879823CE8BEB13B1BA34A61E6806AF609EDC5 ] TPHKDRV C:\WINDOWS\system32\drivers\TPHKDRV.sys
15:27:56.0745 0x0734 TPHKDRV - ok
15:27:56.0845 0x0734 [ C10B74CF569D39594E170734DB590661, 134890D6FAE83FA38F8EEA3B72EC0E12778D6E15C7605758D9933AA4A945E755 ] TPPWR C:\WINDOWS\system32\drivers\Tppwr.sys
15:27:56.0845 0x0734 TPPWR - ok
15:27:56.0985 0x0734 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:27:57.0005 0x0734 TrkWks - ok
15:27:57.0166 0x0734 [ A1965DFC0CD91E7CFC42925F8F597274, 7478D7DACD94F0C3D4F0CDAC9CD71CB03CB45C503DE6B1207A51F989844CB1F3 ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
15:27:57.0176 0x0734 TrueSight - ok
15:27:57.0306 0x0734 [ 76F0A07D83FA24478C07250F4FC8B128, 4894CD9ABDDC9712D3D9938A66B9CD83485AEA7F0D351769D58AC80FA5885412 ] TSMAPIP C:\WINDOWS\system32\drivers\TSMAPIP.SYS
15:27:57.0306 0x0734 TSMAPIP - ok
15:27:57.0386 0x0734 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:27:57.0396 0x0734 Udfs - ok
15:27:57.0446 0x0734 ultra - ok
15:27:57.0596 0x0734 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:27:57.0636 0x0734 Update - ok
15:27:57.0796 0x0734 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
15:27:57.0816 0x0734 upnphost - ok
15:27:57.0897 0x0734 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
15:27:57.0907 0x0734 UPS - ok
15:27:58.0007 0x0734 [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:27:58.0007 0x0734 usbehci - ok
15:27:58.0167 0x0734 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:27:58.0177 0x0734 usbhub - ok
15:27:58.0337 0x0734 [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:27:58.0357 0x0734 usbscan - ok
15:27:58.0538 0x0734 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:27:58.0538 0x0734 USBSTOR - ok
15:27:58.0658 0x0734 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:27:58.0668 0x0734 usbuhci - ok
15:27:58.0768 0x0734 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:27:58.0778 0x0734 VgaSave - ok
15:27:58.0908 0x0734 ViaIde - ok
15:27:59.0018 0x0734 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:27:59.0018 0x0734 VolSnap - ok
15:27:59.0188 0x0734 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
15:27:59.0208 0x0734 VSS - ok
15:27:59.0429 0x0734 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\System32\w32time.dll
15:27:59.0449 0x0734 W32Time - ok
15:27:59.0579 0x0734 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:27:59.0579 0x0734 Wanarp - ok
15:27:59.0629 0x0734 WDICA - ok
15:27:59.0729 0x0734 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:27:59.0739 0x0734 wdmaud - ok
15:27:59.0849 0x0734 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
15:27:59.0859 0x0734 WebClient - ok
15:28:00.0090 0x0734 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:28:00.0100 0x0734 winmgmt - ok
15:28:00.0360 0x0734 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:28:00.0360 0x0734 WmdmPmSN - ok
15:28:00.0570 0x0734 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:28:00.0631 0x0734 Wmi - ok
15:28:00.0781 0x0734 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
15:28:00.0791 0x0734 WmiApSrv - ok
15:28:01.0051 0x0734 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:28:01.0131 0x0734 WMPNetworkSvc - ok
15:28:01.0392 0x0734 [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:28:01.0402 0x0734 WpdUsb - ok
15:28:01.0562 0x0734 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:28:01.0572 0x0734 wscsvc - ok
15:28:01.0632 0x0734 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:28:01.0642 0x0734 wuauserv - ok
15:28:01.0792 0x0734 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:28:01.0802 0x0734 WudfPf - ok
15:28:02.0103 0x0734 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:28:02.0113 0x0734 WudfRd - ok
15:28:02.0233 0x0734 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:28:02.0243 0x0734 WudfSvc - ok
15:28:02.0453 0x0734 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:28:02.0503 0x0734 WZCSVC - ok
15:28:02.0643 0x0734 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:28:02.0663 0x0734 xmlprov - ok
15:28:02.0724 0x0734 ================ Scan global ===============================
15:28:02.0994 0x0734 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
15:28:03.0114 0x0734 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
15:28:03.0194 0x0734 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
15:28:03.0264 0x0734 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
15:28:03.0274 0x0734 [ Global ] - ok
15:28:03.0274 0x0734 ================ Scan MBR ==================================
15:28:03.0324 0x0734 [ AB67D479E4EE1CCAD757294B60DDB98F ] \Device\Harddisk0\DR0
15:28:03.0615 0x0734 \Device\Harddisk0\DR0 - ok
15:28:03.0625 0x0734 ================ Scan VBR ==================================
15:28:03.0645 0x0734 [ 4FDC23B120F0EC5F80AE98557F4D9DCB ] \Device\Harddisk0\DR0\Partition1
15:28:03.0645 0x0734 \Device\Harddisk0\DR0\Partition1 - ok
15:28:03.0655 0x0734 ================ Scan generic autorun ======================
15:28:03.0705 0x0734 [ FAE95D6D7651B5629C4E19ADBC9A3863, 8209A13B8C845D8EFB1B1C21135B5119E6E2AC5694B982E2103E53D0CBAA080C ] C:\WINDOWS\system32\Ati2mdxx.exe
15:28:03.0705 0x0734 ATIModeChange - ok
15:28:03.0825 0x0734 [ 97826CB927E0E7F4500879D99DE6D3C5, 0FB04C5AA4C1BE2E35BBDE474916DF00E223A41D6E0C590FF0C5132EBBA69051 ] C:\WINDOWS\system32\tp4serv.exe
15:28:03.0845 0x0734 TrackPointSrv - ok
15:28:04.0025 0x0734 [ 71E256D5C8FB8FD1933968DCCFD967A0, 92481C790B092CC363BABEA16B0252BEEE1A7CBC1C6FF55F93030DD4AB92FA66 ] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
15:28:04.0035 0x0734 TPTRAY - ok
15:28:04.0055 0x0734 BMMGAG - ok
15:28:04.0176 0x0734 [ 6C2CF216C460BED0D4B83AF07980A761, B8BF59F1F5937558B73F1D6728E92AE8B07CB38AD529357A4E16663A969A81BE ] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
15:28:04.0216 0x0734 QCTRAY - ok
15:28:04.0276 0x0734 [ 8633F1E7AA1912AD962E5A656D264045, BB17957ECE5EC9ED25E9B58315AD436C76B2FF1B5A1C5D8397FC7950CC65F126 ] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
15:28:04.0276 0x0734 QCWLICON - ok
15:28:04.0366 0x0734 [ AA3B957AF3F3B4AA9047D5531696AB0E, BA826D7A0B56C04528C4A8EDA498173C533BA3CDD75E1C73E224AFD712F06680 ] C:\WINDOWS\system32\tp4ex.exe
15:28:04.0376 0x0734 TP4EX - ok
15:28:04.0456 0x0734 [ 6CE63001262FB82D746E1DEEBF00B43B, B660ECA6989ABFC3B97FCEB8D692A11F77B9D4A81D5FC34759462D2EC37A2F63 ] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
15:28:04.0466 0x0734 TPHOTKEY - ok
15:28:04.0526 0x0734 Tgcmd - ok
15:28:04.0576 0x0734 [ C0041BB27E2E5B0550C179ECF53425CD, 82EB1BF88B1D93F4AEC5EB6A1DB790E6EFA0379DD771251707BE9F67266D3547 ] C:\WINDOWS\AGRSMMSG.exe
15:28:06.0329 0x0734 AGRSMMSG - ok
15:28:06.0439 0x0734 [ 3E4C03CEFAD8DE135263236B61A49C90, 243201B64F4B60D55CDB1A3BF4B9AA60BC22EB8ACA88E95042EE48AC5DF5F397 ] C:\WINDOWS\system32\\NeroCheck.exe
15:28:06.0459 0x0734 NeroCheck - ok
15:28:06.0569 0x0734 [ E284188C5CF416378CC740EB13059A50, 0E0863D84B29662B3EEE0602742CAE8F966CE043E690C62BC3A00244B7D35D04 ] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
15:28:06.0579 0x0734 Adobe Reader Speed Launcher - ok
15:28:06.0879 0x0734 [ 29FB6EF1EFB1357E2883FE297F1EBC31, A6F465EA84277D88771BE6438CAC32D8E2C73A6EEC809CB38E1090FFFB27804E ] C:\PROGRA~1\AVG\AVG9\avgtray.exe
15:28:07.0090 0x0734 AVG9_TRAY - ok
15:28:07.0410 0x0734 [ 3103FE27C967675B019E880AA6DA3D6D, 515E750ACD28C3CFD8174B7F213E2AA741D8942FB68E57F701EBCBB92EC3F537 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
15:28:07.0681 0x0734 Adobe ARM - ok
15:28:07.0901 0x0734 [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
15:28:07.0921 0x0734 SunJavaUpdateSched - ok
15:28:07.0991 0x0734 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
15:28:07.0991 0x0734 ctfmon.exe - ok
15:28:08.0021 0x0734 updateMgr - ok
15:28:08.0051 0x0734 MSMSGS - ok
15:28:08.0071 0x0734 NeroHomeFirstStart - ok
15:28:08.0191 0x0734 [ 269AFE2F2E2957DF8F7A5F82B2B092DB, 37B8B913090A01EC5C656214F9081AC93ADE8682582327366A7F76EDBDC98A39 ] C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe
15:28:08.0231 0x0734 avg_spchecker - ok
15:28:08.0241 0x0734 Waiting for KSN requests completion. In queue: 252
15:28:09.0243 0x0734 Waiting for KSN requests completion. In queue: 252
15:28:10.0244 0x0734 Waiting for KSN requests completion. In queue: 252
15:28:11.0246 0x0734 Waiting for KSN requests completion. In queue: 252
15:28:12.0247 0x0734 Waiting for KSN requests completion. In queue: 252
15:28:13.0639 0x0734 AV detected via SS1: AVG Anti-Virus Free, 9.0, disabled, updated
15:28:13.0649 0x0734 Win FW state via NFM: enabled
15:28:16.0113 0x0734 ============================================================
15:28:16.0113 0x0734 Scan finished
15:28:16.0113 0x0734 ============================================================
15:28:16.0163 0x0188 Detected object count: 1
15:28:16.0163 0x0188 Actual detected object count: 1
15:28:56.0170 0x0188 C:\WINDOWS\System32\Drivers\13c0aa386e2175ba.sys - copied to quarantine
15:28:56.0311 0x0188 HKLM\SYSTEM\ControlSet002\services\13c0aa386e2175ba - will be deleted on reboot
15:28:56.0511 0x0188 HKLM\SYSTEM\ControlSet003\services\13c0aa386e2175ba - will be deleted on reboot
15:28:56.0941 0x0188 C:\WINDOWS\System32\Drivers\13c0aa386e2175ba.sys - will be deleted on reboot
15:28:56.0941 0x0188 13c0aa386e2175ba ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
15:28:58.0984 0x0188 KLMD registered as C:\WINDOWS\system32\drivers\15012141.sys
15:29:08.0368 0x0250 Deinitialize success
15:33:47.0974 0x017c TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
15:33:49.0986 0x017c ============================================================
15:33:49.0986 0x017c Current date / time: 2014/11/16 15:33:49.0986
15:33:49.0986 0x017c SystemInfo:
15:33:49.0986 0x017c
15:33:49.0986 0x017c OS Version: 5.1.2600 ServicePack: 3.0
15:33:49.0986 0x017c Product type: Workstation
15:33:49.0986 0x017c ComputerName: THINKPAD
15:33:49.0986 0x017c UserName: IBM
15:33:49.0986 0x017c Windows directory: C:\WINDOWS
15:33:49.0986 0x017c System windows directory: C:\WINDOWS
15:33:49.0986 0x017c Processor architecture: Intel x86
15:33:49.0986 0x017c Number of processors: 1
15:33:49.0986 0x017c Page size: 0x1000
15:33:49.0986 0x017c Boot type: Normal boot
15:33:49.0986 0x017c ============================================================
15:33:49.0996 0x017c BG loaded
15:34:04.0768 0x017c System UUID: {65C7A9CC-C291-863E-FB8C-E2EA3E48D80E}
15:34:43.0974 0x017c Drive \Device\Harddisk0\DR0 - Size: 0x4A8530000 ( 18.63 Gb ), SectorSize: 0x200, Cylinders: 0xA18, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000044
15:34:44.0054 0x017c ============================================================
15:34:44.0054 0x017c \Device\Harddisk0\DR0:
15:34:45.0016 0x017c MBR partitions:
15:34:45.0016 0x017c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2272C11
15:34:45.0016 0x017c ============================================================
15:34:47.0018 0x017c C: <-> \Device\Harddisk0\DR0\Partition1
15:34:47.0018 0x017c ============================================================
15:34:47.0018 0x017c Initialize success
15:34:47.0018 0x017c ============================================================
15:37:17.0675 0x0dd4 Deinitialize success
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-11-2014 01
Ran by IBM (administrator) on THINKPAD on 16-11-2014 15:42:07
Running from C:\Documents and Settings\IBM\Desktop
Loaded Profile: IBM (Available profiles: IBM & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\WINDOWS\system32\ibmpmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
() C:\WINDOWS\system32\ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\WINDOWS\system32\QCONSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgemc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(IBM Corporation) C:\WINDOWS\system32\tp4serv.exe
(IBM Corp.) C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
() C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
() C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG9\avgtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ATIModeChange] => C:\WINDOWS\system32\Ati2mdxx.exe [28672 2002-06-12] (ATI Technologies, Inc.)
HKLM\...\Run: [TrackPointSrv] => C:\WINDOWS\system32\tp4serv.exe [179200 2002-03-20] (IBM Corporation)
HKLM\...\Run: [TPTRAY] => C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE [48128 2002-03-26] (IBM Corp.)
HKLM\...\Run: [BMMGAG] => RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
HKLM\...\Run: [QCTRAY] => C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE [491520 2002-07-15] ()
HKLM\...\Run: [QCWLICON] => C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE [49152 2002-07-15] ()
HKLM\...\Run: [TP4EX] => C:\WINDOWS\system32\tp4ex.exe [40960 2002-02-22] (IBM Corporation)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [69632 2002-05-30] ()
HKLM\...\Run: [UC_SMB] => [X]
HKLM\...\Run: [Tgcmd] => C:\Program Files\Support.com\bin\tgcmd.exe [1519616 2001-11-07] (Support.com, Inc.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2003-06-27] (Agere Systems)
HKLM\...\Run: [NeroCheck] => C:\WINDOWS\system32\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\...\Run: [updateMgr] => "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\...\MountPoints2: {9e452150-6d2a-11dd-b2de-0018e7297566} - E:\LaunchU3.exe -a
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk
ShortcutTarget: Wireless Configuration Utility HW.15.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe ()
Startup: C:\Documents and Settings\IBM\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk
ShortcutTarget: Microsoft Office Fast Start.lnk -> C:\MSOffice\Office\FASTBOOT.EXE ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
SearchScopes: HKCU - DefaultScope {2737D436-02AF-442D-87F4-70874E2A19E8} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {2737D436-02AF-442D-87F4-70874E2A19E8} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer211.dll (Copernic Technologies Inc.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166184064923
DPF: {74FFE28D-2378-11D5-990C-006094235084} https://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BE415DD9-C50D-46AA-9B5D-37F2EEBBBFE6} https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default
FF Homepage: file:///C:/Documents/Links_07.htm
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: British English Dictionary - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2010-12-10]
FF Extension: external IP - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\externalip@erik.morlin [2010-01-25]
FF Extension: printpdf - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\printpdf@pavlov.net [2010-08-10]
FF Extension: YouTube Unblocker - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\youtubeunblocker@unblocker.yt [2013-06-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF Extension: Media Converter - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2009-04-07]
FF Extension: DownloadHelper - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: RightToClick - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e} [2012-01-23]
FF Extension: Adblock Plus - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012-01-06]
FF Extension: Block site - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2013-08-12]
FF Extension: DownThemAll! - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2013-04-03]
FF Extension: Web2PDF converter - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66} [2011-07-07]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009-03-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-04-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009-06-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009-08-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009-11-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-04-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-10-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-02-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-20]
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG9\Firefox [2009-11-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
Chrome:
=======
CHR HomePage: Default -> file:///C:/Documents/Links_07.htm
CHR StartupUrls: Default -> "file:///C:/Documents/Links_07.htm"
CHR Profile: C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-12]
CHR Extension: (Google Search) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-12]
CHR Extension: (Google Wallet) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Adblock Pro) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-01-19]
CHR Extension: (Gmail) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [131072 2002-06-12] ()
R2 avg9emc; C:\Program Files\AVG\AVG9\avgemc.exe [921952 2010-07-21] (AVG Technologies CZ, s.r.o.)
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-07-21] (AVG Technologies CZ, s.r.o.)
R2 IBMPMSVC; C:\WINDOWS\system32\ibmpmsvc.exe [57344 2003-07-03] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
R2 QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [40960 2002-07-15] () [File not signed]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2007-10-22] (Meetinghouse Data Communications) [File not signed]
R1 AvgLdx86; C:\WINDOWS\System32\Drivers\avgldx86.sys [226016 2013-01-15] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [29712 2011-09-13] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\WINDOWS\System32\Drivers\avgtdix.sys [243152 2011-05-06] (AVG Technologies CZ, s.r.o.)
R1 DSMBATT; C:\WINDOWS\System32\drivers\DSMBATT.SYS [9888 2002-04-05] () [File not signed]
R2 EGATHDRV; C:\WINDOWS\system32\EGATHDRV.SYS [11712 2006-06-29] (IBM Corporation)
R3 IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [11344 2003-07-03] (IBM Corp.)
R1 IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2295 2002-07-15] () [File not signed]
R2 PMEM; C:\WINDOWS\system32\drivers\PMEMNT.SYS [7012 2001-09-13] (Microsoft Corporation) [File not signed]
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 rtl8185; C:\WINDOWS\System32\DRIVERS\rtl8185.sys [306304 2007-01-29] (Realtek Semiconductor Corporation ) [File not signed]
R1 Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [13824 2002-03-26] (Microsoft Corporation) [File not signed]
R1 TDSMAPI; C:\WINDOWS\System32\Drivers\TDSMAPI.SYS [7168 2002-03-26] () [File not signed]
R3 Tp4Track; C:\WINDOWS\System32\DRIVERS\tp4track.sys [14175 2002-03-20] (IBM Corporation)
R1 TPHKDRV; C:\WINDOWS\system32\Drivers\TPHKDRV.sys [11550 2002-01-28] (IBM Corporation) [File not signed]
R1 TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [12288 2002-03-26] (IBM Corp.) [File not signed]
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [34808 2014-11-16] ()
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [7168 2002-03-26] () [File not signed]
S4 hpt3xx; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-16 15:42 - 2014-11-16 15:43 - 00018465 _____ () C:\Documents and Settings\IBM\Desktop\FRST.txt
2014-11-16 15:41 - 2014-11-16 15:41 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\FRST-OlderVersion
2014-11-16 15:28 - 2014-11-16 15:28 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-11-16 15:24 - 2014-11-16 15:24 - 00002602 _____ () C:\Documents and Settings\IBM\Desktop\RKreport_DEL_11162014_152357.log
2014-11-16 15:09 - 2014-11-16 15:10 - 04163057 _____ () C:\Documents and Settings\IBM\Desktop\tdsskiller.zip
2014-11-16 00:23 - 2014-11-16 15:14 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-11-16 00:23 - 2014-11-16 00:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-11-16 00:20 - 2014-11-16 00:20 - 14678104 _____ () C:\Documents and Settings\IBM\Desktop\RogueKiller.exe
2014-11-14 15:33 - 2014-11-16 15:42 - 00000000 ____D () C:\FRST
2014-11-14 15:28 - 2014-11-14 15:28 - 00000000 ____D () C:\RegBackup
2014-11-14 15:26 - 2014-11-14 15:26 - 00001887 _____ () C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-14 15:26 - 2014-11-14 15:26 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-11-14 15:26 - 2014-11-14 15:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-11-14 15:15 - 2014-11-16 15:41 - 01108992 _____ (Farbar) C:\Documents and Settings\IBM\Desktop\FRST.exe
2014-11-14 15:15 - 2014-11-14 15:15 - 05198336 _____ (AVAST Software) C:\Documents and Settings\IBM\Desktop\aswMBR.exe
2014-11-14 15:14 - 2014-11-14 15:14 - 04215584 _____ () C:\Documents and Settings\IBM\Desktop\tweaking.com_registry_backup_setup.exe
2014-11-14 03:04 - 2014-11-14 03:04 - 00001434 _____ () C:\Documents and Settings\IBM\Desktop\mbam_scan.txt
2014-11-14 03:01 - 2014-11-14 03:01 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\46EE46CA.sys
2014-11-14 00:27 - 2014-11-14 00:27 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\34C750CB.sys
2014-11-10 16:36 - 2014-11-10 16:36 - 00242592 _____ () C:\Documents and Settings\IBM\Desktop\separate+-0.5.7.zip
2014-10-28 18:00 - 2014-11-16 15:13 - 04184008 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\IBM\Desktop\TDSSKiller.exe
2014-10-24 23:32 - 2014-10-24 23:33 - 00000000 ____D () C:\Program Files\GUMF.tmp
2014-10-19 00:19 - 2014-11-13 00:45 - 00016896 _____ () C:\Documents and Settings\IBM\Desktop\2015 Tour.xls
2014-10-18 16:36 - 2014-10-18 16:36 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-18 16:35 - 2014-10-18 16:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-10-18 16:35 - 2014-10-18 16:34 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-10-18 16:35 - 2014-10-18 16:34 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-10-18 16:35 - 2014-10-18 16:34 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-10-18 16:35 - 2014-10-18 16:34 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-10-18 16:35 - 2014-10-18 16:34 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-16 15:43 - 2012-12-12 16:25 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-16 15:43 - 2006-12-15 18:03 - 00000000 ____D () C:\Documents and Settings\IBM\Local Settings\Temp
2014-11-16 15:36 - 2007-09-26 13:10 - 00086528 ___SH () C:\WINDOWS\Thumbs.db
2014-11-16 15:34 - 2007-10-22 13:22 - 00006918 _____ () C:\WINDOWS\RTacDbg.txt
2014-11-16 15:34 - 2006-12-15 19:17 - 01080749 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-16 15:33 - 1980-01-01 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-16 15:32 - 2012-12-12 16:25 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-16 15:32 - 2006-12-04 23:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-16 15:32 - 2006-12-04 23:44 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-16 15:32 - 2006-12-04 23:44 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-16 15:29 - 2006-12-15 18:03 - 00000178 ___SH () C:\Documents and Settings\IBM\ntuser.ini
2014-11-16 15:29 - 2006-12-05 00:15 - 00031988 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-16 15:22 - 2006-12-05 00:21 - 00000314 _____ () C:\WINDOWS\Tasks\BMMTask.job
2014-11-16 15:07 - 2008-06-22 14:05 - 00000000 ____D () C:\WINDOWS\system32\Drivers\Avg
2014-11-14 15:29 - 2010-01-14 11:19 - 00256041 _____ () C:\WINDOWS\setupapi.log
2014-11-14 15:28 - 2006-12-04 23:46 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-14 15:28 - 2006-12-04 23:37 - 00000000 ____D () C:\WINDOWS\repair
2014-11-14 15:25 - 2009-11-15 02:09 - 00000000 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\prvlcl.dat
2014-11-14 01:34 - 2012-01-11 17:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2646524$
2014-11-13 20:25 - 2014-08-06 14:25 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-13 20:24 - 2014-08-06 14:24 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-13 20:24 - 2014-08-06 14:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-13 20:24 - 2014-08-06 14:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-13 02:15 - 2007-12-02 16:46 - 00000551 _____ () C:\WINDOWS\IBM.xlb
2014-11-08 18:23 - 2013-06-02 14:26 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\Derbyshire Heritage Walks
2014-11-08 00:12 - 2010-07-30 07:13 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\Desktop cleanup
2014-11-08 00:11 - 2014-08-17 12:54 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\2014
2014-10-27 15:49 - 2007-09-24 10:58 - 00131584 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-26 13:54 - 2006-12-04 23:40 - 00509652 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-25 22:40 - 2010-07-30 07:51 - 00000000 ____D () C:\Documents and Settings\IBM\Application Data\vlc
2014-10-25 21:53 - 2011-01-14 01:00 - 00000000 ____D () C:\Documents and Settings\IBM\Application Data\dvdcss
2014-10-18 16:34 - 2007-09-24 13:27 - 00000000 ____D () C:\Program Files\Java
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\hhupd.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ntfsfix.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Shockwave_Installer_Full-8-5.exe
C:\Documents and Settings\Default User\Local Settings\Temp\hhupd.exe
C:\Documents and Settings\Default User\Local Settings\Temp\ntfsfix.exe
C:\Documents and Settings\Default User\Local Settings\Temp\Shockwave_Installer_Full-8-5.exe
C:\Documents and Settings\IBM\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\{1ACB7F4D-5850-43BD-917E-D317FFF39891}-37.0.2062.124_37.0.2062.120_chrome_updater.exe
C:\Documents and Settings\IBM\Local Settings\Temp\{E56C9BA8-3DB2-4B17-91DF-80BB3AA87C80}.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Hi lather,
Is it possible that the infection could also have hit this drive (set up as a non-bootable D: drive containing an archive of data files like Word documents, pictures, videos and music tracks, plus archived software in zip files), and if so, what's going to be the best way of checking it to make sure its OK?
Yes it is possible. How do you access this drive?
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run RogueKiller
Right click and select "Run as Administrator"
Quit all programs
Wait until Prescan has finished ...
Click on Scan, Do Not Fix Anything at this point.
Click the Report button, save the report to your desktop
=========================
In your next post please provide the following:
RogueKiller log
OK, the second hard drive is in a caddy that slips into the computer itself in place of the internal DVD drive, so it is not a USB connection, but connects direct to the system board via what appears to be a direct IDE/PATA connection (the connector on the outside of the caddy isn't a standard IDE connector, but I think it just goes straight through from the IDE socket inside the caddy to the socket on the outside of it without any other circuitry inbetween). In 'My Computer', the drive appears as drive D:, next to the normal C: drive, and is accessed in exactly the same way. A full system scan in AVG also scans the drive, and I think it is the same in Mbam too. So the drive is essentially seen by Windows as an integral part of the system, not an external peripheral.
If it makes it easier to check it and see if it is OK, I do have an IDE to USB connector, which I can use to temporarily turn the drive into an external USB drive.
As per your instructions, I re-ran RogueKiller - I'm assuming that, as you made no mention of the D: drive that you didn't want me to insert it before running the scan. When I launched the program, I got an unexpected bit during the initialisation process when a Windows error message popped up about drive A: no being ready - unexpected as there is no A: drive on the machine! (It is on a docking station that allows you to connect an external floppy, but no such drive is connected, and I didn't get the error message before, so thought I'd better mention it as newly-seen anomalous behavior.) I was able to cancel it and, after the scan had finished and I'd saved the report, I exited and re-loaded RogueKiller to see if the error message came up again. It did, so I took a screen cap for you to see exactly what it said.
11859
I'm hoping that its some sort of Windows glitch, and not a symptom of something nasty!
Anyway, here's the requested log:
RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : IBM [Administrator]
Mode : Scan -- Date : 11/17/2014 14:09:08
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main | Start Page : file:///C:/Documents/Links_07.htm -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] it92t6zv.default : user_pref("browser.startup.homepage", "file:///C:/Documents/Links_07.htm"); -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: IC25N020ATCS04-0 +++++
--- User ---
[MBR] b6351a83af7db8b2b21a75bce7ef0bde
[BSP] 8ac2aeb576eb43be8ab59644d36fa76e : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 17637 MB
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 36121680 | Size: 1439 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_11162014_152357.log - RKreport_SCN_11162014_003509.log - RKreport_SCN_11162014_152242.log
Hi lather,
OK, it seems I was a little confused at first at how the second drive was connected to your system. I thought you connected it, backed up any necessary files, then disconnected it.
That is not the case correct? It is always connected via the cables, it just occupies the DVD slot in the case.
To date, has the second drive been connected during the previous scans?
If not, then please connect it, (be sure the D drive shows in "My Computer") and run a new RogueKiller scan.
No, the second drive wasn't in place for any of the previous scans, so I've re-installed it and run RogueKiller again.
RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : IBM [Administrator]
Mode : Scan -- Date : 11/17/2014 19:25:00
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main | Start Page : file:///C:/Documents/Links_07.htm -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] it92t6zv.default : user_pref("browser.startup.homepage", "file:///C:/Documents/Links_07.htm"); -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: IC25N020ATCS04-0 +++++
--- User ---
[MBR] b6351a83af7db8b2b21a75bce7ef0bde
[BSP] 8ac2aeb576eb43be8ab59644d36fa76e : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 17637 MB
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 36121680 | Size: 1439 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: SAMSUNG HM160HC +++++
--- User ---
[MBR] 0eab729657d325cc560e0cc412daff46
[BSP] b9c8f0477e8a5bf36e966c1e3ec93e3f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_11162014_152357.log - RKreport_SCN_11162014_003509.log - RKreport_SCN_11162014_152242.log - RKreport_SCN_11172014_140902.log
Hi lather,
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run RogueKiller
Right click and select "Run as Administrator"
Quit all programs
Wait until Prescan has finished ...
Click on Scan.
After the scan has completed click on the Registry tab, and make sure all items found are selected for removal.
Do the same for the Web Browser tab, and make sure all items found are selected for removal.
Wait until the Status box shows "Scan Finished"
Click the Delete button
Wait until the Status box shows "Deleting Finished"
Click the Report button, save the report to your desktop
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot
=========================
And run new scans with the following tools: (in the order listed)
TDSSKiller
FRST
=========================
In your next post please provide the following:
RogueKiller report
TDSSKiller log
new FRST.txt
How is the computer running and issues?
OK, scans run and reports posted below.
As for how the computer is running etc, it seems fine, and maybe even a little quicker than before. AVG is now fully active and not reporting a problem with Resident Shield, and the firewall is fine too. The only negative change is that Firefox no longer uses my local home page as its default start-up home page (I have a HTML page set up with links to all of the sites I visit regularly, and use it as the home page for all of my browsers). OK, I usually use Chrome as my main browser now, but still use Firefox occasionally when I want to make use of specific add-ons. Apart from that, everything seems OK so far.
RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : IBM [Administrator]
Mode : Delete -- Date : 11/18/2014 01:31:06
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Deleted
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Deleted
[PUM.HomePage] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main | Start Page : file:///C:/Documents/Links_07.htm -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Replaced (1)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 2 ¤¤¤
[IE:Addon] System : Orange Toolbar [{E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12}] -> Deleted
[PUM.HomePage][FIREFX:Config] it92t6zv.default : user_pref("browser.startup.homepage", "file:///C:/Documents/Links_07.htm"); -> Replaced (about:home)
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: IC25N020ATCS04-0 +++++
--- User ---
[MBR] b6351a83af7db8b2b21a75bce7ef0bde
[BSP] 8ac2aeb576eb43be8ab59644d36fa76e : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 17637 MB
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 36121680 | Size: 1439 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: SAMSUNG HM160HC +++++
--- User ---
[MBR] 0eab729657d325cc560e0cc412daff46
[BSP] b9c8f0477e8a5bf36e966c1e3ec93e3f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_11162014_152357.log - RKreport_SCN_11162014_003509.log - RKreport_SCN_11162014_152242.log - RKreport_SCN_11172014_140902.log
RKreport_SCN_11172014_192455.log - RKreport_SCN_11182014_012722.log
01:38:39.0509 0x083c TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
01:38:49.0013 0x083c ============================================================
01:38:49.0013 0x083c Current date / time: 2014/11/18 01:38:49.0013
01:38:49.0013 0x083c SystemInfo:
01:38:49.0013 0x083c
01:38:49.0013 0x083c OS Version: 5.1.2600 ServicePack: 3.0
01:38:49.0033 0x083c Product type: Workstation
01:38:49.0033 0x083c ComputerName: THINKPAD
01:38:49.0033 0x083c UserName: IBM
01:38:49.0033 0x083c Windows directory: C:\WINDOWS
01:38:49.0033 0x083c System windows directory: C:\WINDOWS
01:38:49.0033 0x083c Processor architecture: Intel x86
01:38:49.0033 0x083c Number of processors: 1
01:38:49.0033 0x083c Page size: 0x1000
01:38:49.0033 0x083c Boot type: Normal boot
01:38:49.0033 0x083c ============================================================
01:38:54.0240 0x083c KLMD registered as C:\WINDOWS\system32\drivers\78927779.sys
01:38:55.0122 0x083c System UUID: {65C7A9CC-C291-863E-FB8C-E2EA3E48D80E}
01:38:57.0144 0x083c Drive \Device\Harddisk0\DR0 - Size: 0x4A8530000 ( 18.63 Gb ), SectorSize: 0x200, Cylinders: 0xA18, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
01:38:57.0765 0x083c Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
01:38:57.0785 0x083c ============================================================
01:38:57.0785 0x083c \Device\Harddisk0\DR0:
01:38:57.0785 0x083c MBR partitions:
01:38:57.0785 0x083c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2272C11
01:38:57.0785 0x083c \Device\Harddisk1\DR1:
01:38:57.0785 0x083c MBR partitions:
01:38:57.0785 0x083c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
01:38:57.0785 0x083c ============================================================
01:38:57.0825 0x083c C: <-> \Device\Harddisk0\DR0\Partition1
01:38:57.0845 0x083c D: <-> \Device\Harddisk1\DR1\Partition1
01:38:57.0845 0x083c ============================================================
01:38:57.0845 0x083c Initialize success
01:38:57.0845 0x083c ============================================================
01:39:02.0572 0x0b80 ============================================================
01:39:02.0572 0x0b80 Scan started
01:39:02.0572 0x0b80 Mode: Manual;
01:39:02.0572 0x0b80 ============================================================
01:39:02.0572 0x0b80 KSN ping started
01:39:07.0289 0x0b80 KSN ping finished: true
01:39:08.0831 0x0b80 ================ Scan system memory ========================
01:39:08.0831 0x0b80 System memory - ok
01:39:08.0851 0x0b80 ================ Scan services =============================
01:39:09.0212 0x0b80 Abiosdsk - ok
01:39:09.0242 0x0b80 abp480n5 - ok
01:39:09.0352 0x0b80 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:39:09.0372 0x0b80 ACPI - ok
01:39:09.0702 0x0b80 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
01:39:09.0702 0x0b80 ACPIEC - ok
01:39:09.0733 0x0b80 adpu160m - ok
01:39:09.0843 0x0b80 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
01:39:09.0863 0x0b80 aec - ok
01:39:09.0943 0x0b80 [ 58A8273918EEF2BF9204B12ED171513A, 6C79AC93FBBD8B877DD71557A8B2A2B9C20277BBFCEDE6A1ECA7FFC650FC6143 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
01:39:09.0953 0x0b80 AegisP - ok
01:39:10.0073 0x0b80 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
01:39:10.0083 0x0b80 AFD - ok
01:39:10.0323 0x0b80 [ AFF071B6290776E1FA162837C35EAC78, 07F3CDB27C767BEDB9E8C82A4FE738AD408225C2A22428669F742EDF30410758 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
01:39:10.0434 0x0b80 AgereSoftModem - ok
01:39:10.0534 0x0b80 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
01:39:10.0534 0x0b80 agp440 - ok
01:39:10.0564 0x0b80 Aha154x - ok
01:39:10.0604 0x0b80 aic78u2 - ok
01:39:10.0634 0x0b80 aic78xx - ok
01:39:10.0774 0x0b80 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
01:39:10.0784 0x0b80 Alerter - ok
01:39:10.0834 0x0b80 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
01:39:10.0844 0x0b80 ALG - ok
01:39:10.0874 0x0b80 AliIde - ok
01:39:10.0914 0x0b80 amsint - ok
01:39:11.0064 0x0b80 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
01:39:11.0084 0x0b80 AppMgmt - ok
01:39:11.0115 0x0b80 asc - ok
01:39:11.0145 0x0b80 asc3350p - ok
01:39:11.0195 0x0b80 asc3550 - ok
01:39:11.0375 0x0b80 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
01:39:11.0615 0x0b80 aspnet_state - ok
01:39:11.0685 0x0b80 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:39:11.0695 0x0b80 AsyncMac - ok
01:39:11.0735 0x0b80 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
01:39:11.0745 0x0b80 atapi - ok
01:39:11.0765 0x0b80 Atdisk - ok
01:39:11.0876 0x0b80 [ 418CDC2888D01E1CD5CE297AF00807A3, 1DE3277683E0D3D2B1B83FF9D718C125E3D542477C1505063DDE8145C408391D ] Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe
01:39:11.0886 0x0b80 Ati HotKey Poller - ok
01:39:12.0106 0x0b80 [ D1F804642C627782C6D213BCE0604F09, 43DB2A74835B5E5C796509990E0FCB4A4897A027D0117F5B6C8ECD37E80F7F28 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
01:39:12.0146 0x0b80 ati2mtag - ok
01:39:12.0226 0x0b80 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:39:12.0226 0x0b80 Atmarpc - ok
01:39:12.0306 0x0b80 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
01:39:12.0316 0x0b80 AudioSrv - ok
01:39:12.0376 0x0b80 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
01:39:12.0376 0x0b80 audstub - ok
01:39:12.0737 0x0b80 [ AA054CD537357F03D5BA6ABA7562B35F, F331D929920D38B53FEA464AF54DB59224882D386C55689CDDF6C6DC1473284E ] avg9emc C:\Program Files\AVG\AVG9\avgemc.exe
01:39:12.0827 0x0b80 avg9emc - ok
01:39:12.0967 0x0b80 [ C4D15594DB5BE042D3346EA58DF87D89, 8E24868518DE53F28C92C473A415BED613665287F338B815FEDE21D151F01962 ] avg9wd C:\Program Files\AVG\AVG9\avgwdsvc.exe
01:39:12.0997 0x0b80 avg9wd - ok
01:39:13.0117 0x0b80 [ A9F4D19DE72C738759330D10D35C4398, 46D760EBFBABF3FDCD02F4AC38180FBFFEFFA36F68C18602695A9FCB6C4C13DE ] AvgLdx86 C:\WINDOWS\System32\Drivers\avgldx86.sys
01:39:13.0137 0x0b80 AvgLdx86 - ok
01:39:13.0228 0x0b80 [ 80FF2B1B7EEDA966394F0BAA895BBF4B, D8F5C111837707DC37975C1E315FCD33BF96AB21D89874CB0290134A44C46BEF ] AvgMfx86 C:\WINDOWS\System32\Drivers\avgmfx86.sys
01:39:13.0238 0x0b80 AvgMfx86 - ok
01:39:13.0348 0x0b80 [ 9A7A93388F503A34E7339AE7F9997449, 9549146C19EAF65DB98314A7CCB0AB27503DC812B521444CBEA5493998ADAA80 ] AvgTdiX C:\WINDOWS\System32\Drivers\avgtdix.sys
01:39:13.0378 0x0b80 AvgTdiX - ok
01:39:13.0528 0x0b80 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
01:39:13.0528 0x0b80 Beep - ok
01:39:13.0668 0x0b80 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
01:39:14.0109 0x0b80 BITS - ok
01:39:14.0239 0x0b80 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
01:39:14.0249 0x0b80 Browser - ok
01:39:14.0349 0x0b80 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
01:39:14.0349 0x0b80 cbidf2k - ok
01:39:14.0389 0x0b80 cd20xrnt - ok
01:39:14.0449 0x0b80 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
01:39:14.0459 0x0b80 Cdaudio - ok
01:39:14.0549 0x0b80 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
01:39:14.0559 0x0b80 Cdfs - ok
01:39:14.0620 0x0b80 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:39:14.0630 0x0b80 Cdrom - ok
01:39:14.0650 0x0b80 Changer - ok
01:39:14.0730 0x0b80 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] cisvc C:\WINDOWS\System32\cisvc.exe
01:39:14.0730 0x0b80 cisvc - ok
01:39:14.0790 0x0b80 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
01:39:14.0790 0x0b80 ClipSrv - ok
01:39:14.0860 0x0b80 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:39:15.0200 0x0b80 clr_optimization_v2.0.50727_32 - ok
01:39:15.0260 0x0b80 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
01:39:15.0260 0x0b80 CmBatt - ok
01:39:15.0301 0x0b80 CmdIde - ok
01:39:15.0351 0x0b80 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
01:39:15.0351 0x0b80 Compbatt - ok
01:39:15.0391 0x0b80 COMSysApp - ok
01:39:15.0471 0x0b80 Cpqarray - ok
01:39:15.0561 0x0b80 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
01:39:15.0571 0x0b80 CryptSvc - ok
01:39:15.0591 0x0b80 dac2w2k - ok
01:39:15.0621 0x0b80 dac960nt - ok
01:39:15.0751 0x0b80 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
01:39:15.0771 0x0b80 DcomLaunch - ok
01:39:15.0881 0x0b80 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
01:39:15.0891 0x0b80 Dhcp - ok
01:39:15.0961 0x0b80 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
01:39:15.0961 0x0b80 Disk - ok
01:39:16.0002 0x0b80 dmadmin - ok
01:39:16.0132 0x0b80 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
01:39:16.0192 0x0b80 dmboot - ok
01:39:16.0272 0x0b80 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
01:39:16.0282 0x0b80 dmio - ok
01:39:16.0342 0x0b80 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
01:39:16.0352 0x0b80 dmload - ok
01:39:16.0432 0x0b80 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
01:39:16.0442 0x0b80 dmserver - ok
01:39:16.0532 0x0b80 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
01:39:16.0542 0x0b80 DMusic - ok
01:39:16.0642 0x0b80 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
01:39:16.0642 0x0b80 Dnscache - ok
01:39:16.0733 0x0b80 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
01:39:16.0743 0x0b80 Dot3svc - ok
01:39:16.0783 0x0b80 dpti2o - ok
01:39:16.0833 0x0b80 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
01:39:16.0833 0x0b80 drmkaud - ok
01:39:16.0923 0x0b80 [ 816AC73D056626333DD1D8F759F0AFAA, E41A12680088D927D011F84F1F173DB9D47444A7C7F701BCC39E7165A313B5A8 ] DSMBATT C:\WINDOWS\system32\drivers\DSMBATT.SYS
01:39:16.0923 0x0b80 DSMBATT - ok
01:39:16.0993 0x0b80 [ 81459BD6D8FEAADF2848AE88B3D02EC3, 240CEBFD1CDF824C43748362B3BDCE1B9D9CA238EDDC1E14051D006C6CCDFCF5 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
01:39:17.0073 0x0b80 E100B - ok
01:39:17.0163 0x0b80 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
01:39:17.0173 0x0b80 EapHost - ok
01:39:17.0243 0x0b80 [ 938F1EC77BA35858248E584B2D2E9776, E48E7C363F4AAF8601016E3AAAD50C5C99E83747733C6339D9E21D3C8DDDE7B5 ] EGATHDRV C:\WINDOWS\system32\EGATHDRV.SYS
01:39:17.0243 0x0b80 EGATHDRV - ok
01:39:17.0323 0x0b80 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
01:39:17.0333 0x0b80 ERSvc - ok
01:39:17.0434 0x0b80 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
01:39:17.0454 0x0b80 Eventlog - ok
01:39:17.0554 0x0b80 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\System32\es.dll
01:39:17.0574 0x0b80 EventSystem - ok
01:39:17.0684 0x0b80 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
01:39:17.0694 0x0b80 Fastfat - ok
01:39:17.0794 0x0b80 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
01:39:17.0844 0x0b80 FastUserSwitchingCompatibility - ok
01:39:17.0894 0x0b80 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
01:39:17.0904 0x0b80 Fdc - ok
01:39:17.0954 0x0b80 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
01:39:17.0954 0x0b80 Fips - ok
01:39:18.0044 0x0b80 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
01:39:18.0054 0x0b80 Flpydisk - ok
01:39:18.0155 0x0b80 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
01:39:18.0175 0x0b80 FltMgr - ok
01:39:18.0305 0x0b80 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:39:18.0315 0x0b80 FontCache3.0.0.0 - ok
01:39:18.0375 0x0b80 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:39:18.0385 0x0b80 Fs_Rec - ok
01:39:18.0445 0x0b80 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:39:18.0455 0x0b80 Ftdisk - ok
01:39:18.0535 0x0b80 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:39:18.0545 0x0b80 Gpc - ok
01:39:18.0685 0x0b80 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
01:39:18.0695 0x0b80 gupdate - ok
01:39:18.0735 0x0b80 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
01:39:18.0745 0x0b80 gupdatem - ok
01:39:18.0876 0x0b80 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:39:18.0876 0x0b80 helpsvc - ok
01:39:18.0926 0x0b80 HidServ - ok
01:39:19.0046 0x0b80 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:39:19.0056 0x0b80 hidusb - ok
01:39:19.0136 0x0b80 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
01:39:19.0156 0x0b80 hkmsvc - ok
01:39:19.0196 0x0b80 hpn - ok
01:39:19.0226 0x0b80 hpt3xx - ok
01:39:19.0346 0x0b80 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
01:39:19.0366 0x0b80 HTTP - ok
01:39:19.0416 0x0b80 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
01:39:19.0527 0x0b80 HTTPFilter - ok
01:39:19.0557 0x0b80 i2omgmt - ok
01:39:19.0587 0x0b80 i2omp - ok
01:39:19.0647 0x0b80 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:39:19.0657 0x0b80 i8042prt - ok
01:39:19.0727 0x0b80 [ 293131C1DA5F53CB05F75D637739D79C, F5F1A03FB012101FA143A288BCBC048A652A285F7DF533D1D08279E3A4D24326 ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
01:39:19.0727 0x0b80 IBMPMDRV - ok
01:39:19.0777 0x0b80 [ 91FA023C5203503776BCCC9CF96A0C59, A47C788A26E4D2A282DE2EC8A75E1544CAB17A2C5F4CF867026D3B95B3651D1D ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
01:39:19.0787 0x0b80 IBMPMSVC - ok
01:39:19.0867 0x0b80 [ 28DEEBA2E29CB0E91B641CA95F7740FD, 3E4D92E7211AA0CCD38561DB5F7CDC583C141A40D9077AA7D482336D3080369B ] IBMTPCHK C:\WINDOWS\system32\drivers\IBMBLDID.SYS
01:39:19.0867 0x0b80 IBMTPCHK - ok
01:39:20.0097 0x0b80 [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
01:39:20.0107 0x0b80 IDriverT - ok
01:39:20.0388 0x0b80 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:39:20.0648 0x0b80 idsvc - ok
01:39:20.0768 0x0b80 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
01:39:20.0778 0x0b80 Imapi - ok
01:39:20.0859 0x0b80 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\System32\imapi.exe
01:39:20.0879 0x0b80 ImapiService - ok
01:39:20.0929 0x0b80 ini910u - ok
01:39:21.0039 0x0b80 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
01:39:21.0049 0x0b80 IntelIde - ok
01:39:21.0129 0x0b80 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:39:21.0129 0x0b80 intelppm - ok
01:39:21.0179 0x0b80 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
01:39:21.0179 0x0b80 ip6fw - ok
01:39:21.0239 0x0b80 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:39:21.0249 0x0b80 IpFilterDriver - ok
01:39:21.0299 0x0b80 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:39:21.0299 0x0b80 IpInIp - ok
01:39:21.0409 0x0b80 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:39:21.0419 0x0b80 IpNat - ok
01:39:21.0519 0x0b80 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:39:21.0529 0x0b80 IPSec - ok
01:39:21.0590 0x0b80 [ ACA5E7B54409F9CB5EED97ED0C81120E, 1E22F442EA77596F58D133F1A5887CDC4F3325DD0836D24A665E1D31287ABFF7 ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
01:39:21.0600 0x0b80 irda - ok
01:39:21.0650 0x0b80 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
01:39:21.0660 0x0b80 IRENUM - ok
01:39:21.0730 0x0b80 [ 49CC4533CE897CB2E93C1E84A818FDE5, F2AC81CDB971F630699616509748DCE133874EFC79B9D6230517B5A4DFBE193D ] Irmon C:\WINDOWS\System32\irmon.dll
01:39:21.0730 0x0b80 Irmon - ok
01:39:21.0820 0x0b80 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:39:21.0820 0x0b80 isapnp - ok
01:39:22.0090 0x0b80 [ DBDB1A25291B2D18C614F5CA963156A8, C8EA730A6A5BCBE7952AAA22F212C244014F206D2F4A274E29384C09F1F10A66 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
01:39:22.0110 0x0b80 JavaQuickStarterService - ok
01:39:22.0190 0x0b80 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:39:22.0200 0x0b80 Kbdclass - ok
01:39:22.0271 0x0b80 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
01:39:22.0281 0x0b80 kmixer - ok
01:39:22.0371 0x0b80 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
01:39:22.0381 0x0b80 KSecDD - ok
01:39:22.0471 0x0b80 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
01:39:22.0491 0x0b80 lanmanserver - ok
01:39:22.0601 0x0b80 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
01:39:22.0611 0x0b80 lanmanworkstation - ok
01:39:22.0651 0x0b80 lbrtfdc - ok
01:39:22.0821 0x0b80 [ 31D8B705DCD5F2366186E731F87C7A71, D73DC732EF74C3C0EADD650B65BC6EEB44EA2C4E86BFD5BE989971A34FBA160A ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
01:39:22.0821 0x0b80 LightScribeService - ok
01:39:22.0901 0x0b80 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
01:39:22.0911 0x0b80 LmHosts - ok
01:39:22.0972 0x0b80 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
01:39:22.0992 0x0b80 Messenger - ok
01:39:23.0072 0x0b80 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
01:39:23.0072 0x0b80 mnmdd - ok
01:39:23.0152 0x0b80 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
01:39:23.0162 0x0b80 mnmsrvc - ok
01:39:23.0242 0x0b80 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
01:39:23.0242 0x0b80 Modem - ok
01:39:23.0302 0x0b80 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:39:23.0322 0x0b80 Mouclass - ok
01:39:23.0402 0x0b80 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:39:23.0402 0x0b80 mouhid - ok
01:39:23.0462 0x0b80 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
01:39:23.0472 0x0b80 MountMgr - ok
01:39:23.0512 0x0b80 mraid35x - ok
01:39:23.0552 0x0b80 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:39:23.0592 0x0b80 MRxDAV - ok
01:39:23.0733 0x0b80 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:39:23.0763 0x0b80 MRxSmb - ok
01:39:23.0833 0x0b80 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\System32\msdtc.exe
01:39:23.0843 0x0b80 MSDTC - ok
01:39:23.0903 0x0b80 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
01:39:23.0913 0x0b80 Msfs - ok
01:39:23.0943 0x0b80 MSIServer - ok
01:39:23.0993 0x0b80 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:39:24.0003 0x0b80 MSKSSRV - ok
01:39:24.0093 0x0b80 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:39:24.0093 0x0b80 MSPCLOCK - ok
01:39:24.0133 0x0b80 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
01:39:24.0133 0x0b80 MSPQM - ok
01:39:24.0183 0x0b80 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:39:24.0183 0x0b80 mssmbios - ok
01:39:24.0273 0x0b80 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
01:39:24.0283 0x0b80 Mup - ok
01:39:24.0414 0x0b80 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
01:39:24.0434 0x0b80 napagent - ok
01:39:24.0544 0x0b80 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
01:39:24.0554 0x0b80 NDIS - ok
01:39:24.0634 0x0b80 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:39:24.0644 0x0b80 NdisTapi - ok
01:39:24.0714 0x0b80 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:39:24.0724 0x0b80 Ndisuio - ok
01:39:24.0784 0x0b80 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:39:24.0794 0x0b80 NdisWan - ok
01:39:24.0884 0x0b80 [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
01:39:24.0884 0x0b80 NDProxy - ok
01:39:24.0924 0x0b80 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
01:39:24.0934 0x0b80 NetBIOS - ok
01:39:25.0004 0x0b80 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
01:39:25.0025 0x0b80 NetBT - ok
01:39:25.0115 0x0b80 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
01:39:25.0135 0x0b80 NetDDE - ok
01:39:25.0175 0x0b80 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
01:39:25.0185 0x0b80 NetDDEdsdm - ok
01:39:25.0265 0x0b80 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\System32\lsass.exe
01:39:25.0265 0x0b80 Netlogon - ok
01:39:25.0335 0x0b80 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
01:39:25.0355 0x0b80 Netman - ok
01:39:25.0485 0x0b80 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:39:25.0495 0x0b80 NetTcpPortSharing - ok
01:39:25.0595 0x0b80 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
01:39:25.0635 0x0b80 Nla - ok
01:39:25.0736 0x0b80 NMIndexingService - ok
01:39:25.0816 0x0b80 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
01:39:25.0826 0x0b80 Npfs - ok
01:39:25.0866 0x0b80 [ 2ADC0CA9945C65284B3D19BC18765974, A8E2B848E85A3B38350F4134DE9CA6749854B988F9A0087C60D97E19D474CBF3 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
01:39:25.0896 0x0b80 NSCIRDA - ok
01:39:26.0016 0x0b80 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
01:39:26.0156 0x0b80 Ntfs - ok
01:39:26.0216 0x0b80 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
01:39:26.0216 0x0b80 NtLmSsp - ok
01:39:26.0376 0x0b80 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
01:39:26.0417 0x0b80 NtmsSvc - ok
01:39:26.0527 0x0b80 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
01:39:26.0527 0x0b80 Null - ok
01:39:26.0577 0x0b80 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:39:26.0587 0x0b80 NwlnkFlt - ok
01:39:26.0627 0x0b80 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:39:26.0627 0x0b80 NwlnkFwd - ok
01:39:26.0717 0x0b80 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
01:39:26.0737 0x0b80 Parport - ok
01:39:26.0787 0x0b80 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
01:39:26.0787 0x0b80 PartMgr - ok
01:39:26.0837 0x0b80 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
01:39:26.0847 0x0b80 ParVdm - ok
01:39:26.0887 0x0b80 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
01:39:26.0897 0x0b80 PCI - ok
01:39:26.0927 0x0b80 PCIDump - ok
01:39:26.0977 0x0b80 PCIIde - ok
01:39:27.0067 0x0b80 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
01:39:27.0077 0x0b80 Pcmcia - ok
01:39:27.0108 0x0b80 PDCOMP - ok
01:39:27.0138 0x0b80 PDFRAME - ok
01:39:27.0168 0x0b80 PDRELI - ok
01:39:27.0208 0x0b80 PDRFRAME - ok
01:39:27.0248 0x0b80 perc2 - ok
01:39:27.0278 0x0b80 perc2hib - ok
01:39:27.0398 0x0b80 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
01:39:27.0408 0x0b80 PlugPlay - ok
01:39:27.0458 0x0b80 [ FA292805788528C083F416E151B60AB6, CF47525D15FF3FF98768FF5AE8A8F0C01AE6300C249D24E518D2A02100D5A68A ] PMEM C:\WINDOWS\system32\drivers\PMEMNT.SYS
01:39:27.0458 0x0b80 PMEM - ok
01:39:27.0528 0x0b80 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
01:39:27.0528 0x0b80 PolicyAgent - ok
01:39:27.0608 0x0b80 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:39:27.0618 0x0b80 PptpMiniport - ok
01:39:27.0658 0x0b80 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
01:39:27.0658 0x0b80 Processor - ok
01:39:27.0698 0x0b80 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
01:39:27.0698 0x0b80 ProtectedStorage - ok
01:39:27.0748 0x0b80 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
01:39:27.0758 0x0b80 PSched - ok
01:39:27.0849 0x0b80 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:39:27.0859 0x0b80 Ptilink - ok
01:39:27.0929 0x0b80 [ 1BCFED0946F9460D6272F85B70B87A52, 6EDE283D9B5173D9F91C969E5F97A21282395769C989F609B1EFDE7B5E40EA97 ] QCONSVC C:\WINDOWS\system32\QCONSVC.EXE
01:39:27.0939 0x0b80 QCONSVC - ok
01:39:27.0969 0x0b80 ql1080 - ok
01:39:27.0999 0x0b80 Ql10wnt - ok
01:39:28.0039 0x0b80 ql12160 - ok
01:39:28.0069 0x0b80 ql1240 - ok
01:39:28.0099 0x0b80 ql1280 - ok
01:39:28.0149 0x0b80 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:39:28.0159 0x0b80 RasAcd - ok
01:39:28.0239 0x0b80 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
01:39:28.0259 0x0b80 RasAuto - ok
01:39:28.0329 0x0b80 [ 0207D26DDF796A193CCD9F83047BB5FC, 13613036BCB869FBD7229A0FE25D324710308385D8C35E5D990A40E52BE040DF ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
01:39:28.0339 0x0b80 Rasirda - ok
01:39:28.0389 0x0b80 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:39:28.0389 0x0b80 Rasl2tp - ok
01:39:28.0500 0x0b80 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
01:39:28.0530 0x0b80 RasMan - ok
01:39:28.0600 0x0b80 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:39:28.0600 0x0b80 RasPppoe - ok
01:39:28.0690 0x0b80 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
01:39:28.0690 0x0b80 Raspti - ok
01:39:28.0800 0x0b80 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:39:28.0820 0x0b80 Rdbss - ok
01:39:28.0860 0x0b80 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:39:28.0870 0x0b80 RDPCDD - ok
01:39:28.0960 0x0b80 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:39:28.0980 0x0b80 rdpdr - ok
01:39:29.0070 0x0b80 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
01:39:29.0080 0x0b80 RDPWD - ok
01:39:29.0160 0x0b80 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
01:39:29.0180 0x0b80 RDSessMgr - ok
01:39:29.0251 0x0b80 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
01:39:29.0251 0x0b80 redbook - ok
01:39:29.0351 0x0b80 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
01:39:29.0361 0x0b80 RemoteAccess - ok
01:39:29.0451 0x0b80 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
01:39:29.0461 0x0b80 RemoteRegistry - ok
01:39:29.0541 0x0b80 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\System32\locator.exe
01:39:29.0561 0x0b80 RpcLocator - ok
01:39:29.0691 0x0b80 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
01:39:29.0721 0x0b80 RpcSs - ok
01:39:29.0811 0x0b80 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\System32\rsvp.exe
01:39:29.0831 0x0b80 RSVP - ok
01:39:29.0972 0x0b80 [ 88B63F291AE10C1B66D2B9ED6921A7DF, A0174FC75459CE38028B1436BD46234062A3FCBE164E139F53BE49BAB3B8F95F ] rtl8185 C:\WINDOWS\system32\DRIVERS\rtl8185.sys
01:39:30.0002 0x0b80 rtl8185 - ok
01:39:30.0062 0x0b80 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
01:39:30.0062 0x0b80 SamSs - ok
01:39:30.0142 0x0b80 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
01:39:30.0162 0x0b80 SCardSvr - ok
01:39:30.0262 0x0b80 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
01:39:30.0282 0x0b80 Schedule - ok
01:39:30.0382 0x0b80 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:39:30.0392 0x0b80 Secdrv - ok
01:39:30.0452 0x0b80 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
01:39:30.0462 0x0b80 seclogon - ok
01:39:30.0552 0x0b80 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
01:39:30.0562 0x0b80 SENS - ok
01:39:30.0653 0x0b80 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
01:39:30.0653 0x0b80 serenum - ok
01:39:30.0693 0x0b80 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
01:39:30.0703 0x0b80 Serial - ok
01:39:30.0783 0x0b80 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
01:39:30.0793 0x0b80 Sfloppy - ok
01:39:30.0913 0x0b80 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
01:39:30.0933 0x0b80 SharedAccess - ok
01:39:31.0013 0x0b80 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
01:39:31.0023 0x0b80 ShellHWDetection - ok
01:39:31.0053 0x0b80 Simbad - ok
01:39:31.0083 0x0b80 SjyPkt - ok
01:39:31.0133 0x0b80 [ E061A9A43C80BE5AA5D94F1EF4A713C1, 334CD9E8C4A57C2BF43A0D3895D18832C7EB0C5A6455CF3361A09F7A28DF4A6F ] Smapint C:\WINDOWS\system32\drivers\Smapint.sys
01:39:31.0143 0x0b80 Smapint - ok
01:39:31.0304 0x0b80 [ 7B06A22F16B64C23C41E0278B8DC90BF, 02867493783DAC96A90B6CD14B358C05C63FE0862A98BD71CD54F34E31632C54 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
01:39:31.0334 0x0b80 smwdm - ok
01:39:31.0364 0x0b80 Sparrow - ok
01:39:31.0414 0x0b80 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
01:39:31.0424 0x0b80 splitter - ok
01:39:31.0514 0x0b80 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
01:39:31.0524 0x0b80 Spooler - ok
01:39:31.0604 0x0b80 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
01:39:31.0614 0x0b80 sr - ok
01:39:31.0734 0x0b80 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\System32\srsvc.dll
01:39:31.0744 0x0b80 srservice - ok
01:39:31.0874 0x0b80 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
01:39:31.0904 0x0b80 Srv - ok
01:39:31.0975 0x0b80 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
01:39:31.0985 0x0b80 SSDPSRV - ok
01:39:32.0135 0x0b80 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
01:39:32.0165 0x0b80 stisvc - ok
01:39:32.0215 0x0b80 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
01:39:32.0225 0x0b80 swenum - ok
01:39:32.0305 0x0b80 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
01:39:32.0315 0x0b80 swmidi - ok
01:39:32.0355 0x0b80 SwPrv - ok
01:39:32.0405 0x0b80 symc810 - ok
01:39:32.0455 0x0b80 symc8xx - ok
01:39:32.0495 0x0b80 sym_hi - ok
01:39:32.0525 0x0b80 sym_u3 - ok
01:39:32.0595 0x0b80 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
01:39:32.0605 0x0b80 sysaudio - ok
01:39:32.0696 0x0b80 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
01:39:32.0706 0x0b80 SysmonLog - ok
01:39:32.0786 0x0b80 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
01:39:32.0806 0x0b80 TapiSrv - ok
01:39:32.0936 0x0b80 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:39:32.0976 0x0b80 Tcpip - ok
01:39:33.0076 0x0b80 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
01:39:33.0076 0x0b80 TDPIPE - ok
01:39:33.0136 0x0b80 [ 0353AC9D91E28D936E4227539B1B2393, 8B31C2F496C446DF69B898B9B585A1097DDCA3EE50ACD31B5E09D8B1CD68DF94 ] TDSMAPI C:\WINDOWS\system32\Drivers\TDSMAPI.SYS
01:39:33.0136 0x0b80 TDSMAPI - ok
01:39:33.0196 0x0b80 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
01:39:33.0216 0x0b80 TDTCP - ok
01:39:33.0276 0x0b80 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
01:39:33.0276 0x0b80 TermDD - ok
01:39:33.0407 0x0b80 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
01:39:33.0437 0x0b80 TermService - ok
01:39:33.0557 0x0b80 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
01:39:33.0567 0x0b80 Themes - ok
01:39:33.0667 0x0b80 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
01:39:33.0677 0x0b80 TlntSvr - ok
01:39:33.0697 0x0b80 TosIde - ok
01:39:33.0747 0x0b80 [ 90579B74E1E110C2F379117047BDB356, EDD255C1A104DA6469846A4B4CDBFC5CB40DCD69DDE5207D799FB7DC850A014A ] Tp4Track C:\WINDOWS\system32\DRIVERS\tp4track.sys
01:39:33.0747 0x0b80 Tp4Track - ok
01:39:33.0787 0x0b80 [ 47F23B26F771765FD8CAC0EBAE4545E9, 2AFE4C57FE833F18E65F959DAF8879823CE8BEB13B1BA34A61E6806AF609EDC5 ] TPHKDRV C:\WINDOWS\system32\drivers\TPHKDRV.sys
01:39:33.0787 0x0b80 TPHKDRV - ok
01:39:33.0827 0x0b80 [ C10B74CF569D39594E170734DB590661, 134890D6FAE83FA38F8EEA3B72EC0E12778D6E15C7605758D9933AA4A945E755 ] TPPWR C:\WINDOWS\system32\drivers\Tppwr.sys
01:39:33.0837 0x0b80 TPPWR - ok
01:39:33.0927 0x0b80 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
01:39:33.0937 0x0b80 TrkWks - ok
01:39:34.0007 0x0b80 [ 76F0A07D83FA24478C07250F4FC8B128, 4894CD9ABDDC9712D3D9938A66B9CD83485AEA7F0D351769D58AC80FA5885412 ] TSMAPIP C:\WINDOWS\system32\drivers\TSMAPIP.SYS
01:39:34.0007 0x0b80 TSMAPIP - ok
01:39:34.0068 0x0b80 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
01:39:34.0078 0x0b80 Udfs - ok
01:39:34.0108 0x0b80 ultra - ok
01:39:34.0238 0x0b80 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
01:39:34.0278 0x0b80 Update - ok
01:39:34.0378 0x0b80 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
01:39:34.0398 0x0b80 upnphost - ok
01:39:34.0468 0x0b80 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
01:39:34.0468 0x0b80 UPS - ok
01:39:34.0528 0x0b80 [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:39:34.0538 0x0b80 usbehci - ok
01:39:34.0628 0x0b80 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:39:34.0628 0x0b80 usbhub - ok
01:39:34.0708 0x0b80 [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:39:34.0708 0x0b80 usbscan - ok
01:39:34.0789 0x0b80 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:39:34.0829 0x0b80 USBSTOR - ok
01:39:34.0889 0x0b80 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:39:34.0899 0x0b80 usbuhci - ok
01:39:34.0939 0x0b80 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
01:39:34.0949 0x0b80 VgaSave - ok
01:39:34.0989 0x0b80 ViaIde - ok
01:39:35.0059 0x0b80 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
01:39:35.0069 0x0b80 VolSnap - ok
01:39:35.0159 0x0b80 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
01:39:35.0189 0x0b80 VSS - ok
01:39:35.0289 0x0b80 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\System32\w32time.dll
01:39:35.0309 0x0b80 W32Time - ok
01:39:35.0379 0x0b80 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:39:35.0389 0x0b80 Wanarp - ok
01:39:35.0419 0x0b80 WDICA - ok
01:39:35.0470 0x0b80 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
01:39:35.0480 0x0b80 wdmaud - ok
01:39:35.0550 0x0b80 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
01:39:35.0570 0x0b80 WebClient - ok
01:39:35.0720 0x0b80 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
01:39:35.0730 0x0b80 winmgmt - ok
01:39:35.0860 0x0b80 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
01:39:35.0870 0x0b80 WmdmPmSN - ok
01:39:36.0030 0x0b80 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
01:39:36.0080 0x0b80 Wmi - ok
01:39:36.0181 0x0b80 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
01:39:36.0201 0x0b80 WmiApSrv - ok
01:39:36.0441 0x0b80 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
01:39:36.0501 0x0b80 WMPNetworkSvc - ok
01:39:36.0551 0x0b80 [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
01:39:36.0561 0x0b80 WpdUsb - ok
01:39:36.0631 0x0b80 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
01:39:36.0641 0x0b80 wscsvc - ok
01:39:36.0711 0x0b80 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
01:39:36.0731 0x0b80 wuauserv - ok
01:39:36.0821 0x0b80 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:39:36.0831 0x0b80 WudfPf - ok
01:39:36.0892 0x0b80 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:39:36.0902 0x0b80 WudfRd - ok
01:39:36.0972 0x0b80 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
01:39:36.0982 0x0b80 WudfSvc - ok
01:39:37.0142 0x0b80 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
01:39:37.0202 0x0b80 WZCSVC - ok
01:39:37.0362 0x0b80 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
01:39:37.0382 0x0b80 xmlprov - ok
01:39:37.0432 0x0b80 ================ Scan global ===============================
01:39:37.0502 0x0b80 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
01:39:37.0633 0x0b80 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
01:39:37.0723 0x0b80 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
01:39:37.0773 0x0b80 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
01:39:37.0783 0x0b80 [ Global ] - ok
01:39:37.0803 0x0b80 ================ Scan MBR ==================================
01:39:37.0843 0x0b80 [ AB67D479E4EE1CCAD757294B60DDB98F ] \Device\Harddisk0\DR0
01:39:38.0163 0x0b80 \Device\Harddisk0\DR0 - ok
01:39:38.0193 0x0b80 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
01:39:38.0213 0x0b80 \Device\Harddisk1\DR1 - ok
01:39:38.0223 0x0b80 ================ Scan VBR ==================================
01:39:38.0244 0x0b80 [ 4FDC23B120F0EC5F80AE98557F4D9DCB ] \Device\Harddisk0\DR0\Partition1
01:39:38.0244 0x0b80 \Device\Harddisk0\DR0\Partition1 - ok
01:39:38.0274 0x0b80 [ BDF83EFF05C13F2D4DA35EC086A7BB23 ] \Device\Harddisk1\DR1\Partition1
01:39:38.0955 0x0b80 \Device\Harddisk1\DR1\Partition1 - ok
01:39:38.0975 0x0b80 ================ Scan generic autorun ======================
01:39:39.0025 0x0b80 [ FAE95D6D7651B5629C4E19ADBC9A3863, 8209A13B8C845D8EFB1B1C21135B5119E6E2AC5694B982E2103E53D0CBAA080C ] C:\WINDOWS\system32\Ati2mdxx.exe
01:39:39.0025 0x0b80 ATIModeChange - ok
01:39:39.0185 0x0b80 [ 97826CB927E0E7F4500879D99DE6D3C5, 0FB04C5AA4C1BE2E35BBDE474916DF00E223A41D6E0C590FF0C5132EBBA69051 ] C:\WINDOWS\system32\tp4serv.exe
01:39:39.0195 0x0b80 TrackPointSrv - ok
01:39:39.0315 0x0b80 [ 71E256D5C8FB8FD1933968DCCFD967A0, 92481C790B092CC363BABEA16B0252BEEE1A7CBC1C6FF55F93030DD4AB92FA66 ] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
01:39:39.0325 0x0b80 TPTRAY - ok
01:39:39.0345 0x0b80 BMMGAG - ok
01:39:39.0495 0x0b80 [ 6C2CF216C460BED0D4B83AF07980A761, B8BF59F1F5937558B73F1D6728E92AE8B07CB38AD529357A4E16663A969A81BE ] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
01:39:39.0545 0x0b80 QCTRAY - ok
01:39:39.0605 0x0b80 [ 8633F1E7AA1912AD962E5A656D264045, BB17957ECE5EC9ED25E9B58315AD436C76B2FF1B5A1C5D8397FC7950CC65F126 ] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
01:39:39.0605 0x0b80 QCWLICON - ok
01:39:39.0696 0x0b80 [ AA3B957AF3F3B4AA9047D5531696AB0E, BA826D7A0B56C04528C4A8EDA498173C533BA3CDD75E1C73E224AFD712F06680 ] C:\WINDOWS\system32\tp4ex.exe
01:39:39.0706 0x0b80 TP4EX - ok
01:39:39.0866 0x0b80 [ 6CE63001262FB82D746E1DEEBF00B43B, B660ECA6989ABFC3B97FCEB8D692A11F77B9D4A81D5FC34759462D2EC37A2F63 ] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
01:39:39.0866 0x0b80 TPHOTKEY - ok
01:39:39.0906 0x0b80 Tgcmd - ok
01:39:39.0996 0x0b80 [ C0041BB27E2E5B0550C179ECF53425CD, 82EB1BF88B1D93F4AEC5EB6A1DB790E6EFA0379DD771251707BE9F67266D3547 ] C:\WINDOWS\AGRSMMSG.exe
01:39:44.0442 0x0b80 AGRSMMSG - ok
01:39:44.0573 0x0b80 [ 3E4C03CEFAD8DE135263236B61A49C90, 243201B64F4B60D55CDB1A3BF4B9AA60BC22EB8ACA88E95042EE48AC5DF5F397 ] C:\WINDOWS\system32\\NeroCheck.exe
01:39:44.0593 0x0b80 NeroCheck - ok
01:39:44.0723 0x0b80 [ E284188C5CF416378CC740EB13059A50, 0E0863D84B29662B3EEE0602742CAE8F966CE043E690C62BC3A00244B7D35D04 ] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
01:39:44.0723 0x0b80 Adobe Reader Speed Launcher - ok
01:39:45.0063 0x0b80 [ 29FB6EF1EFB1357E2883FE297F1EBC31, A6F465EA84277D88771BE6438CAC32D8E2C73A6EEC809CB38E1090FFFB27804E ] C:\PROGRA~1\AVG\AVG9\avgtray.exe
01:39:45.0274 0x0b80 AVG9_TRAY - ok
01:39:45.0604 0x0b80 [ 3103FE27C967675B019E880AA6DA3D6D, 515E750ACD28C3CFD8174B7F213E2AA741D8942FB68E57F701EBCBB92EC3F537 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
01:39:45.0864 0x0b80 Adobe ARM - ok
01:39:46.0045 0x0b80 [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
01:39:46.0065 0x0b80 SunJavaUpdateSched - ok
01:39:46.0155 0x0b80 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
01:39:46.0155 0x0b80 ctfmon.exe - ok
01:39:46.0185 0x0b80 updateMgr - ok
01:39:46.0225 0x0b80 MSMSGS - ok
01:39:46.0245 0x0b80 NeroHomeFirstStart - ok
01:39:46.0385 0x0b80 [ 269AFE2F2E2957DF8F7A5F82B2B092DB, 37B8B913090A01EC5C656214F9081AC93ADE8682582327366A7F76EDBDC98A39 ] C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe
01:39:46.0435 0x0b80 avg_spchecker - ok
01:39:46.0455 0x0b80 Waiting for KSN requests completion. In queue: 8
01:39:47.0457 0x0b80 Waiting for KSN requests completion. In queue: 8
01:39:48.0458 0x0b80 Waiting for KSN requests completion. In queue: 8
01:39:49.0460 0x0b80 Waiting for KSN requests completion. In queue: 8
01:39:50.0631 0x0b80 AV detected via SS1: AVG Anti-Virus Free, 9.0, enabled, updated
01:39:50.0641 0x0b80 Win FW state via NFM: enabled
01:39:53.0055 0x0b80 ============================================================
01:39:53.0055 0x0b80 Scan finished
01:39:53.0055 0x0b80 ============================================================
01:39:53.0105 0x0b60 Detected object count: 0
01:39:53.0105 0x0b60 Actual detected object count: 0
01:41:51.0605 0x0ee8 Deinitialize success
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-11-2014 01
Ran by IBM (administrator) on THINKPAD on 18-11-2014 01:42:27
Running from C:\Documents and Settings\IBM\Desktop
Loaded Profile: IBM (Available profiles: IBM & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\WINDOWS\system32\ibmpmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
() C:\WINDOWS\system32\ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\WINDOWS\system32\QCONSVC.EXE
(IBM Corporation) C:\WINDOWS\system32\tp4serv.exe
(IBM Corp.) C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
() C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
() C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgemc.exe
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG9\avgtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ATIModeChange] => C:\WINDOWS\system32\Ati2mdxx.exe [28672 2002-06-12] (ATI Technologies, Inc.)
HKLM\...\Run: [TrackPointSrv] => C:\WINDOWS\system32\tp4serv.exe [179200 2002-03-20] (IBM Corporation)
HKLM\...\Run: [TPTRAY] => C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE [48128 2002-03-26] (IBM Corp.)
HKLM\...\Run: [BMMGAG] => RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
HKLM\...\Run: [QCTRAY] => C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE [491520 2002-07-15] ()
HKLM\...\Run: [QCWLICON] => C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE [49152 2002-07-15] ()
HKLM\...\Run: [TP4EX] => C:\WINDOWS\system32\tp4ex.exe [40960 2002-02-22] (IBM Corporation)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [69632 2002-05-30] ()
HKLM\...\Run: [UC_SMB] => [X]
HKLM\...\Run: [Tgcmd] => C:\Program Files\Support.com\bin\tgcmd.exe [1519616 2001-11-07] (Support.com, Inc.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2003-06-27] (Agere Systems)
HKLM\...\Run: [NeroCheck] => C:\WINDOWS\system32\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\...\Run: [updateMgr] => "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\...\MountPoints2: {9e452150-6d2a-11dd-b2de-0018e7297566} - E:\LaunchU3.exe -a
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk
ShortcutTarget: Wireless Configuration Utility HW.15.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe ()
Startup: C:\Documents and Settings\IBM\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk
ShortcutTarget: Microsoft Office Fast Start.lnk -> C:\MSOffice\Office\FASTBOOT.EXE ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
SearchScopes: HKCU - DefaultScope {2737D436-02AF-442D-87F4-70874E2A19E8} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {2737D436-02AF-442D-87F4-70874E2A19E8} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166184064923
DPF: {74FFE28D-2378-11D5-990C-006094235084} https://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BE415DD9-C50D-46AA-9B5D-37F2EEBBBFE6} https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default
FF Homepage: user_pref("browser.startup.homepage", "about:home"about:home);
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: British English Dictionary - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2010-12-10]
FF Extension: external IP - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\externalip@erik.morlin [2010-01-25]
FF Extension: printpdf - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\printpdf@pavlov.net [2010-08-10]
FF Extension: YouTube Unblocker - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\youtubeunblocker@unblocker.yt [2013-06-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF Extension: Media Converter - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2009-04-07]
FF Extension: DownloadHelper - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: RightToClick - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e} [2012-01-23]
FF Extension: Adblock Plus - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012-01-06]
FF Extension: Block site - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2013-08-12]
FF Extension: DownThemAll! - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2013-04-03]
FF Extension: Web2PDF converter - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66} [2011-07-07]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009-03-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-04-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009-06-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009-08-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009-11-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-04-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-10-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-02-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-20]
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG9\Firefox [2009-11-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
Chrome:
=======
CHR HomePage: Default -> file:///C:/Documents/Links_07.htm
CHR StartupUrls: Default -> "file:///C:/Documents/Links_07.htm"
CHR Profile: C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-12]
CHR Extension: (Google Search) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-12]
CHR Extension: (Google Wallet) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Adblock Pro) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-01-19]
CHR Extension: (Gmail) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [131072 2002-06-12] ()
R2 avg9emc; C:\Program Files\AVG\AVG9\avgemc.exe [921952 2010-07-21] (AVG Technologies CZ, s.r.o.)
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-07-21] (AVG Technologies CZ, s.r.o.)
R2 IBMPMSVC; C:\WINDOWS\system32\ibmpmsvc.exe [57344 2003-07-03] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
R2 QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [40960 2002-07-15] () [File not signed]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2007-10-22] (Meetinghouse Data Communications) [File not signed]
R1 AvgLdx86; C:\WINDOWS\System32\Drivers\avgldx86.sys [226016 2013-01-15] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [29712 2011-09-13] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\WINDOWS\System32\Drivers\avgtdix.sys [243152 2011-05-06] (AVG Technologies CZ, s.r.o.)
R1 DSMBATT; C:\WINDOWS\System32\drivers\DSMBATT.SYS [9888 2002-04-05] () [File not signed]
R2 EGATHDRV; C:\WINDOWS\system32\EGATHDRV.SYS [11712 2006-06-29] (IBM Corporation)
R3 IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [11344 2003-07-03] (IBM Corp.)
R1 IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2295 2002-07-15] () [File not signed]
R2 PMEM; C:\WINDOWS\system32\drivers\PMEMNT.SYS [7012 2001-09-13] (Microsoft Corporation) [File not signed]
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 rtl8185; C:\WINDOWS\System32\DRIVERS\rtl8185.sys [306304 2007-01-29] (Realtek Semiconductor Corporation ) [File not signed]
R1 Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [13824 2002-03-26] (Microsoft Corporation) [File not signed]
R1 TDSMAPI; C:\WINDOWS\System32\Drivers\TDSMAPI.SYS [7168 2002-03-26] () [File not signed]
R3 Tp4Track; C:\WINDOWS\System32\DRIVERS\tp4track.sys [14175 2002-03-20] (IBM Corporation)
R1 TPHKDRV; C:\WINDOWS\system32\Drivers\TPHKDRV.sys [11550 2002-01-28] (IBM Corporation) [File not signed]
R1 TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [12288 2002-03-26] (IBM Corp.) [File not signed]
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [7168 2002-03-26] () [File not signed]
S4 hpt3xx; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-18 01:42 - 2014-11-18 01:43 - 00018117 _____ () C:\Documents and Settings\IBM\Desktop\FRST.txt
2014-11-18 01:32 - 2014-11-18 01:32 - 00002900 _____ () C:\Documents and Settings\IBM\Desktop\RKreport_DEL_11182014_013106.log
2014-11-16 15:41 - 2014-11-16 15:41 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\FRST-OlderVersion
2014-11-16 15:28 - 2014-11-16 15:28 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-11-16 15:09 - 2014-11-16 15:10 - 04163057 _____ () C:\Documents and Settings\IBM\Desktop\tdsskiller.zip
2014-11-16 00:23 - 2014-11-18 01:19 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-11-16 00:23 - 2014-11-16 00:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-11-16 00:20 - 2014-11-16 00:20 - 14678104 _____ () C:\Documents and Settings\IBM\Desktop\RogueKiller.exe
2014-11-14 15:33 - 2014-11-18 01:42 - 00000000 ____D () C:\FRST
2014-11-14 15:28 - 2014-11-14 15:28 - 00000000 ____D () C:\RegBackup
2014-11-14 15:26 - 2014-11-14 15:26 - 00001887 _____ () C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-14 15:26 - 2014-11-14 15:26 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-11-14 15:26 - 2014-11-14 15:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-11-14 15:15 - 2014-11-16 15:41 - 01108992 _____ (Farbar) C:\Documents and Settings\IBM\Desktop\FRST.exe
2014-11-14 15:15 - 2014-11-14 15:15 - 05198336 _____ (AVAST Software) C:\Documents and Settings\IBM\Desktop\aswMBR.exe
2014-11-14 15:14 - 2014-11-14 15:14 - 04215584 _____ () C:\Documents and Settings\IBM\Desktop\tweaking.com_registry_backup_setup.exe
2014-11-14 03:04 - 2014-11-14 03:04 - 00001434 _____ () C:\Documents and Settings\IBM\Desktop\mbam_scan.txt
2014-11-14 03:01 - 2014-11-14 03:01 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\46EE46CA.sys
2014-11-14 00:27 - 2014-11-14 00:27 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\34C750CB.sys
2014-11-10 16:36 - 2014-11-10 16:36 - 00242592 _____ () C:\Documents and Settings\IBM\Desktop\separate+-0.5.7.zip
2014-10-28 18:00 - 2014-11-16 15:13 - 04184008 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\IBM\Desktop\TDSSKiller.exe
2014-10-24 23:32 - 2014-10-24 23:33 - 00000000 ____D () C:\Program Files\GUMF.tmp
2014-10-19 00:19 - 2014-11-13 00:45 - 00016896 _____ () C:\Documents and Settings\IBM\Desktop\2015 Tour.xls
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-18 01:43 - 2012-12-12 16:25 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-18 01:43 - 2006-12-15 18:03 - 00000000 ____D () C:\Documents and Settings\IBM\Local Settings\Temp
2014-11-18 01:37 - 2007-10-22 13:22 - 00007357 _____ () C:\WINDOWS\RTacDbg.txt
2014-11-18 01:37 - 2006-12-15 19:17 - 01096053 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-18 01:36 - 2012-12-12 16:25 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-18 01:36 - 2006-12-04 23:44 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-18 01:36 - 2006-12-04 23:44 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-18 01:36 - 1980-01-01 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-18 01:35 - 2006-12-04 23:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-18 01:33 - 2006-12-15 18:03 - 00000178 ___SH () C:\Documents and Settings\IBM\ntuser.ini
2014-11-18 01:33 - 2006-12-05 00:15 - 00031988 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-18 01:26 - 2006-12-05 00:21 - 00000314 _____ () C:\WINDOWS\Tasks\BMMTask.job
2014-11-17 14:10 - 2009-11-15 02:09 - 00000000 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\prvlcl.dat
2014-11-17 13:57 - 2008-06-22 14:05 - 00000000 ____D () C:\WINDOWS\system32\Drivers\Avg
2014-11-16 15:36 - 2007-09-26 13:10 - 00086528 ___SH () C:\WINDOWS\Thumbs.db
2014-11-14 15:29 - 2010-01-14 11:19 - 00256041 _____ () C:\WINDOWS\setupapi.log
2014-11-14 15:28 - 2006-12-04 23:46 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-14 15:28 - 2006-12-04 23:37 - 00000000 ____D () C:\WINDOWS\repair
2014-11-14 01:34 - 2012-01-11 17:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2646524$
2014-11-13 20:25 - 2014-08-06 14:25 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-13 20:24 - 2014-08-06 14:24 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-13 20:24 - 2014-08-06 14:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-13 20:24 - 2014-08-06 14:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-13 02:15 - 2007-12-02 16:46 - 00000551 _____ () C:\WINDOWS\IBM.xlb
2014-11-08 18:23 - 2013-06-02 14:26 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\Derbyshire Heritage Walks
2014-11-08 00:12 - 2010-07-30 07:13 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\Desktop cleanup
2014-11-08 00:11 - 2014-08-17 12:54 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\2014
2014-10-27 15:49 - 2007-09-24 10:58 - 00131584 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-26 13:54 - 2006-12-04 23:40 - 00509652 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-25 22:40 - 2010-07-30 07:51 - 00000000 ____D () C:\Documents and Settings\IBM\Application Data\vlc
2014-10-25 21:53 - 2011-01-14 01:00 - 00000000 ____D () C:\Documents and Settings\IBM\Application Data\dvdcss
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\hhupd.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ntfsfix.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Shockwave_Installer_Full-8-5.exe
C:\Documents and Settings\Default User\Local Settings\Temp\hhupd.exe
C:\Documents and Settings\Default User\Local Settings\Temp\ntfsfix.exe
C:\Documents and Settings\Default User\Local Settings\Temp\Shockwave_Installer_Full-8-5.exe
C:\Documents and Settings\IBM\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\{1ACB7F4D-5850-43BD-917E-D317FFF39891}-37.0.2062.124_37.0.2062.120_chrome_updater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Hi lather,
Reset Firefox Homepage
Click on the Firefox drop down arrow in the upper left corner of your browser.
Select Options.
On the General tab, locate the Home Page field.
Enter the URL you would like to use as your home page (ie: file:///C:/Documents/Links_07.htm), or select the Restore to Default button.
Note: you might need to tweak the above path to get your page of links to load.
Click OK
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) AdwCleaner v3: Scan & Clean (http://www.bleepingcomputer.com/download/adwcleaner/)
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Junkware Removal Tool
Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) (save it to your desktop).
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Select Scan tab.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)
Select type of scan to perform:
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMScanTab_zps2c5e74bd.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMScanTab_zps2c5e74bd.gif.html)
Threat Scan < --- Select this type of scan
Custom Scan
Hyper Scan
Next click the Scan button.
When the scan is complete, if no malicious items are found you can close the program.
If malicious items are found be sure that everything is checked, and click Quarantine .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ESET Online Scanner
*Note:
It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".
= = = = = = = = = = = = = = = = = = = =
Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)
(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply
Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.
=========================
In your next post please provide the following:
AdwCleaner[S0].txt
JRT.txt
MBAM log
ESET's log.txt
Followed the instructions for adwCleaner and it has totally messed up the system! AVG is now reporting a problem with e-mail scanner, the firewall is inactive again and can't be restarted as ICS can't be started, and the computer is completely incapable of accessing the internet. I normally use a WiFi card, and that started reporting limited or no connectivity when the computer rebooted after the scan, so I removed it and switched to a direct Ethernet cable to the modem, but can't even connect that way! Tried a reboot to see if that restarted things, but no luck, so I'm unable to do any of the other steps you asked for - I'm having to use an android tablet to write this...
The adwCleaner log says it deleted four files including C:\windows\launcher.exe and C:\windows\system32\QCONSVC.EXE. It also deleted two folders including C:\Program Files\Registry Mechanic.
Was this expected, and what's the next step?
Hi lather,
AdwCleaner just targets adware, it should not of had such an extreme effect on your computer. Please post the AdwCleaner log for review.
Just booted the computer up again to get the log, and the problem is still there - firewall still down, AVG reporting an error, and unable to get online. I know that an adware cleaner shouldn't have such an extreme effect on the computer as a whole, but whatever has happened did so at the same time as the AdwCleaner re-boot.
# AdwCleaner v4.101 - Report created 18/11/2014 at 16:19:26
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : IBM - THINKPAD
# Running from : C:\Documents and Settings\IBM\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : QCONSVC
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\registry mechanic
Folder Deleted : C:\Documents and Settings\IBM\Favorites\Search
File Deleted : C:\WINDOWS\launcher.exe
File Deleted : C:\WINDOWS\system32\QCONSVC.EXE
File Deleted : C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\invalidprefs.js
File Deleted : C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
File Deleted : C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.21352
-\\ Mozilla Firefox v3.6.28 (en-US)
-\\ Google Chrome v38.0.2125.111
[C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [2117 octets] - [18/11/2014 16:10:32]
AdwCleaner[S0].txt - [2072 octets] - [18/11/2014 16:19:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2132 octets] ##########
Hi lather,
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) How to use System Restore to restore Windows XP to a previous state
Log on to Windows as an administrator.
Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. (The screen shot for this step is listed below).
http://i1269.photobucket.com/albums/jj590/OCD-WTT/systemrestorexp1_zps00c7a108.png (http://s1269.photobucket.com/user/OCD-WTT/media/systemrestorexp1_zps00c7a108.png.html)
On the Welcome to System Restore page, click to select the Restore my computer to an earlier time option, and then click Next. (The screen shot for this step is listed below).
http://i1269.photobucket.com/albums/jj590/OCD-WTT/systemrestorexp2_zpsa86fe0e3.png (http://s1269.photobucket.com/user/OCD-WTT/media/systemrestorexp2_zpsa86fe0e3.png.html)
On the Select a Restore Point page, click the most recent system restore point in the On this list, click a restore point list, and then click Next.
Select a Restore Point prior to running AdwCleaner
Note A System Restore message may appear that lists configuration changes that System Restore will make. Click OK. (The screen shot for this step is listed below).
http://i1269.photobucket.com/albums/jj590/OCD-WTT/systemrestorexp3_zps5122cdf5.png (http://s1269.photobucket.com/user/OCD-WTT/media/systemrestorexp3_zps5122cdf5.png.html)
On the Confirm Restore Point Selection page, click Next. System Restore restores the previous Windows XP configuration, and then restarts the computer.
Log on to the computer as an administrator. Then, click OK on the System Restore Restoration Complete page. (The screen shot for this step is listed below).
http://i1269.photobucket.com/albums/jj590/OCD-WTT/systemrestorexp4_zps6ebec5be.png (http://s1269.photobucket.com/user/OCD-WTT/media/systemrestorexp4_zps6ebec5be.png.html)
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot
=========================
Report back with the results. Let me know what restore date your picked and run a new scan with FRST.
System restored back to November 12th, 18:35, and everything now working OK again.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-11-2014
Ran by IBM (administrator) on THINKPAD on 19-11-2014 11:25:59
Running from C:\Documents and Settings\IBM\Desktop
Loaded Profile: IBM (Available profiles: IBM & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\WINDOWS\system32\ibmpmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
() C:\WINDOWS\system32\ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\WINDOWS\system32\QCONSVC.EXE
(IBM Corporation) C:\WINDOWS\system32\tp4serv.exe
(IBM Corp.) C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
() C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
() C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG9\avgtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgemc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ATIModeChange] => C:\WINDOWS\system32\Ati2mdxx.exe [28672 2002-06-12] (ATI Technologies, Inc.)
HKLM\...\Run: [TrackPointSrv] => C:\WINDOWS\system32\tp4serv.exe [179200 2002-03-20] (IBM Corporation)
HKLM\...\Run: [TPTRAY] => C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE [48128 2002-03-26] (IBM Corp.)
HKLM\...\Run: [BMMGAG] => RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
HKLM\...\Run: [QCTRAY] => C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE [491520 2002-07-15] ()
HKLM\...\Run: [QCWLICON] => C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE [49152 2002-07-15] ()
HKLM\...\Run: [TP4EX] => C:\WINDOWS\system32\tp4ex.exe [40960 2002-02-22] (IBM Corporation)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [69632 2002-05-30] ()
HKLM\...\Run: [UC_SMB] => [X]
HKLM\...\Run: [Tgcmd] => C:\Program Files\Support.com\bin\tgcmd.exe [1519616 2001-11-07] (Support.com, Inc.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2003-06-27] (Agere Systems)
HKLM\...\Run: [NeroCheck] => C:\WINDOWS\system32\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\...\Run: [updateMgr] => "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\...\MountPoints2: {9e452150-6d2a-11dd-b2de-0018e7297566} - E:\LaunchU3.exe -a
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk
ShortcutTarget: Wireless Configuration Utility HW.15.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe ()
Startup: C:\Documents and Settings\IBM\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk
ShortcutTarget: Microsoft Office Fast Start.lnk -> C:\MSOffice\Office\FASTBOOT.EXE ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents/Links_07.htm
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
SearchScopes: HKU\S-1-5-21-247674877-3848448594-3852255402-1004 -> DefaultScope {2737D436-02AF-442D-87F4-70874E2A19E8} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-247674877-3848448594-3852255402-1004 -> {2737D436-02AF-442D-87F4-70874E2A19E8} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer211.dll (Copernic Technologies Inc.)
Toolbar: HKU\S-1-5-21-247674877-3848448594-3852255402-1004 -> Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer211.dll (Copernic Technologies Inc.)
Toolbar: HKU\S-1-5-21-247674877-3848448594-3852255402-1004 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166184064923
DPF: {74FFE28D-2378-11D5-990C-006094235084} https://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BE415DD9-C50D-46AA-9B5D-37F2EEBBBFE6} https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default
FF Homepage: file:///C:/Documents/Links_07.htm
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-247674877-3848448594-3852255402-1004: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: British English Dictionary - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2010-12-10]
FF Extension: external IP - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\externalip@erik.morlin [2010-01-25]
FF Extension: printpdf - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\printpdf@pavlov.net [2010-08-10]
FF Extension: YouTube Unblocker - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\youtubeunblocker@unblocker.yt [2013-06-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF Extension: Media Converter - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2009-04-07]
FF Extension: DownloadHelper - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: RightToClick - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e} [2012-01-23]
FF Extension: Adblock Plus - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012-01-06]
FF Extension: Block site - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2013-08-12]
FF Extension: DownThemAll! - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2013-04-03]
FF Extension: Web2PDF converter - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66} [2011-07-07]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009-03-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-04-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009-06-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009-08-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009-11-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-04-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-10-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-02-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-20]
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG9\Firefox [2009-11-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
Chrome:
=======
CHR HomePage: Default -> file:///C:/Documents/Links_07.htm
CHR StartupUrls: Default -> "file:///C:/Documents/Links_07.htm"
CHR Profile: C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-12]
CHR Extension: (Google Search) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-12]
CHR Extension: (Google Wallet) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Adblock Pro) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-01-19]
CHR Extension: (Gmail) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [131072 2002-06-12] ()
R2 avg9emc; C:\Program Files\AVG\AVG9\avgemc.exe [921952 2010-07-21] (AVG Technologies CZ, s.r.o.)
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-07-21] (AVG Technologies CZ, s.r.o.)
R2 IBMPMSVC; C:\WINDOWS\system32\ibmpmsvc.exe [57344 2003-07-03] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
R2 QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [40960 2002-07-15] () [File not signed]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2007-10-22] (Meetinghouse Data Communications) [File not signed]
R1 AvgLdx86; C:\WINDOWS\System32\Drivers\avgldx86.sys [226016 2013-01-15] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [29712 2011-09-13] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\WINDOWS\System32\Drivers\avgtdix.sys [243152 2011-05-06] (AVG Technologies CZ, s.r.o.)
R1 DSMBATT; C:\WINDOWS\System32\drivers\DSMBATT.SYS [9888 2002-04-05] () [File not signed]
R2 EGATHDRV; C:\WINDOWS\system32\EGATHDRV.SYS [11712 2006-06-29] (IBM Corporation)
R3 IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [11344 2003-07-03] (IBM Corp.)
R1 IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2295 2002-07-15] () [File not signed]
R2 PMEM; C:\WINDOWS\system32\drivers\PMEMNT.SYS [7012 2001-09-13] (Microsoft Corporation) [File not signed]
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 rtl8185; C:\WINDOWS\System32\DRIVERS\rtl8185.sys [306304 2007-01-29] (Realtek Semiconductor Corporation ) [File not signed]
R1 Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [13824 2002-03-26] (Microsoft Corporation) [File not signed]
R1 TDSMAPI; C:\WINDOWS\System32\Drivers\TDSMAPI.SYS [7168 2002-03-26] () [File not signed]
R3 Tp4Track; C:\WINDOWS\System32\DRIVERS\tp4track.sys [14175 2002-03-20] (IBM Corporation)
R1 TPHKDRV; C:\WINDOWS\system32\Drivers\TPHKDRV.sys [11550 2002-01-28] (IBM Corporation) [File not signed]
R1 TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [12288 2002-03-26] (IBM Corp.) [File not signed]
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [7168 2002-03-26] () [File not signed]
S4 hpt3xx; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-19 11:25 - 2014-11-19 11:26 - 00019380 _____ () C:\Documents and Settings\IBM\Desktop\FRST.txt
2014-11-19 11:09 - 2014-11-19 11:10 - 01108992 _____ (Farbar) C:\Documents and Settings\IBM\Desktop\FRST.exe
2014-11-19 10:50 - 2014-11-19 10:50 - 00000000 ____D () C:\Program Files\Registry Mechanic
2014-11-18 17:06 - 2014-11-18 17:06 - 00170084 _____ () C:\Documents and Settings\IBM\Desktop\chrome bookmarks_11_18_14.html
2014-11-18 16:24 - 2014-11-18 16:24 - 00002212 _____ () C:\Documents and Settings\IBM\Desktop\AdwCleaner[S0].txt
2014-11-18 16:10 - 2014-11-18 16:19 - 00000000 ____D () C:\AdwCleaner
2014-11-16 15:41 - 2014-11-16 15:41 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\FRST-OlderVersion
2014-11-16 15:28 - 2014-11-16 15:28 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-11-16 15:09 - 2014-11-16 15:10 - 04163057 _____ () C:\Documents and Settings\IBM\Desktop\tdsskiller.zip
2014-11-16 00:23 - 2014-11-19 10:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-11-14 15:33 - 2014-11-19 11:26 - 00000000 ____D () C:\FRST
2014-11-14 15:28 - 2014-11-14 15:28 - 00000000 ____D () C:\RegBackup
2014-11-14 15:26 - 2014-11-14 15:26 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-11-14 03:04 - 2014-11-14 03:04 - 00001434 _____ () C:\Documents and Settings\IBM\Desktop\mbam_scan.txt
2014-11-10 16:36 - 2014-11-10 16:36 - 00242592 _____ () C:\Documents and Settings\IBM\Desktop\separate+-0.5.7.zip
2014-10-24 23:32 - 2014-10-24 23:33 - 00000000 ____D () C:\Program Files\GUMF.tmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-19 11:26 - 2006-12-15 18:03 - 00000000 ____D () C:\Documents and Settings\IBM\Local Settings\Temp
2014-11-19 11:25 - 2009-11-15 02:09 - 00000000 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\prvlcl.dat
2014-11-19 11:20 - 2006-12-05 00:21 - 00000314 _____ () C:\WINDOWS\Tasks\BMMTask.job
2014-11-19 11:14 - 2008-06-22 14:05 - 00000000 ____D () C:\WINDOWS\system32\Drivers\Avg
2014-11-19 11:04 - 2007-10-22 13:22 - 00008011 _____ () C:\WINDOWS\RTacDbg.txt
2014-11-19 11:02 - 2006-12-15 19:17 - 01121905 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-19 11:02 - 1980-01-01 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-19 11:01 - 2012-12-12 16:25 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-19 11:01 - 2006-12-04 23:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-19 11:01 - 2006-12-04 23:44 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-11-19 11:01 - 2006-12-04 23:44 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-19 10:59 - 2006-12-15 18:03 - 00000178 ___SH () C:\Documents and Settings\IBM\ntuser.ini
2014-11-19 10:59 - 2006-12-05 00:15 - 00031938 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-19 10:53 - 2006-12-05 00:15 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-11-19 10:52 - 2006-12-15 18:03 - 00000000 ____D () C:\Documents and Settings\IBM
2014-11-19 10:52 - 2006-12-05 00:15 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-19 10:52 - 2006-12-05 00:15 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-11-19 10:52 - 2006-12-04 23:46 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-19 10:51 - 2014-08-06 14:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-19 10:50 - 2014-08-06 14:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-19 10:49 - 2006-12-04 23:47 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-11-19 10:43 - 2012-12-12 16:25 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-16 15:36 - 2007-09-26 13:10 - 00086528 ___SH () C:\WINDOWS\Thumbs.db
2014-11-14 15:29 - 2010-01-14 11:19 - 00256041 _____ () C:\WINDOWS\setupapi.log
2014-11-14 15:28 - 2006-12-04 23:37 - 00000000 ____D () C:\WINDOWS\repair
2014-11-14 01:34 - 2012-01-11 17:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2646524$
2014-11-13 02:15 - 2007-12-02 16:46 - 00000551 _____ () C:\WINDOWS\IBM.xlb
2014-11-13 00:45 - 2014-10-19 00:19 - 00016896 _____ () C:\Documents and Settings\IBM\Desktop\2015 Tour.xls
2014-11-08 18:23 - 2013-06-02 14:26 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\Derbyshire Heritage Walks
2014-11-08 00:12 - 2010-07-30 07:13 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\Desktop cleanup
2014-11-08 00:11 - 2014-08-17 12:54 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\2014
2014-10-27 15:49 - 2007-09-24 10:58 - 00131584 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-26 13:54 - 2006-12-04 23:40 - 00509652 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-25 22:40 - 2010-07-30 07:51 - 00000000 ____D () C:\Documents and Settings\IBM\Application Data\vlc
2014-10-25 21:53 - 2011-01-14 01:00 - 00000000 ____D () C:\Documents and Settings\IBM\Application Data\dvdcss
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\hhupd.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ntfsfix.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Shockwave_Installer_Full-8-5.exe
C:\Documents and Settings\Default User\Local Settings\Temp\hhupd.exe
C:\Documents and Settings\Default User\Local Settings\Temp\ntfsfix.exe
C:\Documents and Settings\Default User\Local Settings\Temp\Shockwave_Installer_Full-8-5.exe
C:\Documents and Settings\IBM\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\IBM\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\IBM\Local Settings\Temp\{1ACB7F4D-5850-43BD-917E-D317FFF39891}-37.0.2062.124_37.0.2062.120_chrome_updater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Hi lather,
OK, we are going to run AdwCleaner again, but this time we are just doing a scan, NO CLEANING. So we can see what we can remove without effecting the performance of your system.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re- run AdwCleaner
It should be on your desktop
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a log file (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that log file in your next reply.
A copy of all log files are saved in the C:\AdwCleaner folder which was created when running the tool.
=========================
Then continue on with the steps from post #12 (http://forums.spybot.info/showthread.php?71440-Possible-Trojan-infection-FakeMoz-ED&p=459065&viewfull=1#post459065)
In your next post please provide the following:
AdwCleaner[R0].txt
JRT.txt
MBAM log
ESET log
OK, been able to run everything except ESET, which was unable to load the virus definitions database. Tried both IE and Firefox multiple times, and got the same result each time. I took a screen cap of the error message, so you can see exactly what it said:
11867
Apart from that, everything went OK, and I even re-booted the computer to make sure there were no problems there, and all was fine. Apart from the ESET log which I couldn't get, here's everything else you asked for.
# AdwCleaner v4.101 - Report created 18/11/2014 at 16:10:32
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : IBM - THINKPAD
# Running from : C:\Documents and Settings\IBM\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : QCONSVC
***** [ Files / Folders ] *****
File Found : C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\invalidprefs.js
File Found : C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
File Found : C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal
File Found : C:\WINDOWS\launcher.exe
File Found : C:\WINDOWS\system32\QCONSVC.EXE
Folder Found : C:\Documents and Settings\IBM\Favorites\Search
Folder Found : C:\Program Files\registry mechanic
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.21352
-\\ Mozilla Firefox v3.6.28 (en-US)
-\\ Google Chrome v38.0.2125.111
[C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [1977 octets] - [18/11/2014 16:10:32]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2037 octets] ##########
# AdwCleaner v4.101 - Report created 19/11/2014 at 17:49:01
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : IBM - THINKPAD
# Running from : C:\Documents and Settings\IBM\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : QCONSVC
***** [ Files / Folders ] *****
File Found : C:\WINDOWS\launcher.exe
File Found : C:\WINDOWS\system32\QCONSVC.EXE
Folder Found : C:\Program Files\registry mechanic
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.21352
-\\ Mozilla Firefox v3.6.28 (en-US)
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [3625 octets] - [18/11/2014 16:10:32]
AdwCleaner[S0].txt - [2212 octets] - [18/11/2014 16:19:26]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3745 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Microsoft Windows XP x86
Ran by IBM on 19/11/2014 at 18:03:29.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\WINDOWS\launcher.exe"
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\IBM\Application Data\getrighttogo"
Successfully deleted: [Folder] "C:\Program Files\registry mechanic"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/11/2014 at 18:10:52.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 19/11/2014
Scan Time: 18:16:00
Logfile: Mbam.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.19.06
Rootkit Database: v2014.11.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: IBM
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351289
Time Elapsed: 1 hr, 31 min, 39 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Having scanned the AdwCleaner log, the only useful program that is mentioned there is FLV Player, so I don't want to do anything that would stop or uninstall that if that's what any of the changes would do.
Hi lather,
Try this online scanner in place of ESET. I will review your AdwCleaner log and have instructions on how to proceed in a few minutes.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) TrendMicro HouseCall Online Scanner
Go to http://housecall.trendmicro.com/
Download HouseCall - Free Online Scanner
Select get HouseCall Now, save the file to your computer.
Double-click to launch HouseCall
Click Yes for the UAC
Click the Scan Now button
Fix any problems found
Copy and paste the results in your next reply
=========================
In your next post please provide the following:
HouseCall results
Hi lather,
Be sure to remove the check marks from these items before clicking the Clean button.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re- run AdwCleaner
It should be on your desktop
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click each tab and remove the check mark from the items you wish to keep.
Services Tab:
QCONSVC
Files Tab:
C:\WINDOWS\system32\QCONSVC.EXE
Registry Tab:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Then click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S1].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================
In your next post please provide the following:
AdwCleaner[S1].txt
HouseCall run and didn't detect anything. Couldn't copy and paste a log because it didn't produce one, but I grabbed a screen cap of the results page and can post it if you want to see it.
AdwCleaner run as instructed and didn't screw the computer up on the reboot this time! Rather than producing an [S1].txt file as you said, it actually added the new results onto the end of the older [S0].txt file, so that's what I've posted below & why it looks a bit odd at the start of the log.
# AdwCleaner v4.101 - Report created 18/11/2014 at 16:19:26
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : IBM - THINKPAD
# Running from : C:\Documents and Settings\IBM\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : QCONSVC
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\registry mechanic
Folder Deleted : C:\Documents and Settings\IBM\Favorites\Search
File Deleted : C:\WINDOWS\launcher.exe
File Deleted : C:\WINDOWS\system32\QCONSVC.EXE
File Deleted : C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\invalidprefs.js
File Deleted : C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
File Deleted : C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.21352
-\\ Mozilla Firefox v3.6.28 (en-US)
-\\ Google Chrome v38.0.2125.111
[C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [2117 octets] - [18/11/2014 16:10:32]
AdwCleaner[S0].txt - [2072 octets] - [18/11/2014 16:19:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2132 octets] ##########
# AdwCleaner v4.101 - Report created 20/11/2014 at 02:00:59
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : IBM - THINKPAD
# Running from : C:\Documents and Settings\IBM\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[x] Not Deleted : QCONSVC
***** [ Files / Folders ] *****
[x] Not Deleted : C:\WINDOWS\system32\QCONSVC.EXE
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\YahooPartnerToolbar
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.21352
-\\ Mozilla Firefox v3.6.28 (en-US)
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [3825 octets] - [18/11/2014 16:10:32]
AdwCleaner[R1].txt - [1679 octets] - [20/11/2014 01:53:10]
AdwCleaner[S0].txt - [3783 octets] - [18/11/2014 16:19:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3843 octets] ##########
Hi lather,
HouseCall run and didn't detect anything. Couldn't copy and paste a log because it didn't produce one, but I grabbed a screen cap of the results page and can post it if you want to see it.
No need to see the screen shot.
AdwCleaner looks like it targeted only what we wanted.
How is the computer running, any remaining issues?
Everything seems fine now. It boots up OK, AVG and the firewall don't report any problems, and I've just gone through all of the main programs and they all seem to launch OK, so nothing appears to be broken. Speed-wise, it's maybe a little faster than before, although a machine this old will never break any speed records.
So everything looks OK, and I can't find any issues with how its running now.
Hi lather,
Your log appears to be clean.
We have a few items to take care of before we get to the All Clean Speech.
= = = = = = = = = = = = = = = = = = = =
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Remove Disinfection Tools
Download Delfix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Tick the following boxes:
Remove disinfection tools
Create registry backup
Purge system restore
http://i1269.photobucket.com/albums/jj590/OCD-WTT/Delfix_zpsbce6c60b.gif (http://s1269.photobucket.com/user/OCD-WTT/media/Delfix_zpsbce6c60b.gif.html)
Click Run
Any other tools and files found can simply be deleted or uninstall via the Control Panel.
= = = = = = = = = = = = = = = = = = = =
With the above items taken care of let's move on to the All Clean part of the process.
The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
Here are some tips to reduce the potential for spyware infection in the future:
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate windows and frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:
NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)
Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
Free Anti-Virus
Avast Free Antivirus (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html)
Avira Free Antivirus 2013 (http://download.cnet.com/Avira-Free-Antivirus-2013/3000-2239_4-10322935.html)
PC Tools AntiVirus Free (http://download.cnet.com/PC-Tools-AntiVirus-Free/3000-2239_4-10625067.html)
Ad-Aware Free Antivirus + (http://download.cnet.com/Ad-Aware-Free-Antivirus/3000-8022_4-10045910.html)
Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/).
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
Comodo Firewall (http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html)
= = = = = = = = = = = = = = = = = = = =
Be prepared for CryptoLocker:
Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)
CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)
to help protect your computer in the future I recommend that you get the following free program:
CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this program to lock down and prevent crypto-ransomeware
http://i1269.photobucket.com/albums/jj590/OCD-WTT/CryptoPrevent_zps7ddc3ebd.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/CryptoPrevent_zps7ddc3ebd.jpg.html)
= = = = = = = = = = = = = = = = = = = =
COMPUTER SECURITY (http://www.malwareremoval.com/forum/viewtopic.php?p=557960#p557960) - a short guide to staying safer online
= = = = = = = = = = = = = = = = = = = =
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
Green should be good to go
Yellow for caution
Red to stop
= = = = = = = = = = = = = = = = = = = =
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.
Please read these short reports on the dangers of peer-2-peer programs and file sharing.
FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)
= = = = = = = = = = = = = = = = = = = =
Make sure you keep your Windows OS current.
Windows XP:
Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
If you are running Windows XP, please take the time to read the information provided at these links.
Windows XP - The Elephant In The Room (http://www.malwareremoval.com/forum/viewtopic.php?p=630064#p630064)
Windows XP - The end of the road (http://techpageone.dell.com/technology/windows-xp-end-road/?dgc=BA&cid=272099&lid=5049884&acd=12309189674467600#.UxUoP4W9Is3)
Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.
Without these you are leaving the back door open.
= = = = = = = = = = = = = = = = = = = =
Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
= = = = = = = = = = = = = = = = = = = =
Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
OK, everything cleaned from the system, and I've tried a re-boot to make sure the removal hasn't caused any unforeseen problems, which it hasn't, so all's fine.
Had a look at your suggestions, and working on getting some of them implemented on all of the family PCs - already had some of them in place, so adding the other ones I think we'll need.
Thanks for all the help!
You're very welcome. Glad I was able to help. :bigthumb:
Since this issue appears to be resolved ... this Topic has been closed.
If you still require help, please start a new topic and include fresh FRST and aswMBR logs, along with a link to your previous thread.
Please do not add any logs that might have been requested previously, you would be starting fresh.
Applies only to the original poster, anyone else with similar problems please start your own topic.