Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91601 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I keep getting this pop up box message "Scan for Viruses" [Sol

message Scan for Viruses

  • This topic is locked This topic is locked
23 replies to this topic

#1 horse2004

horse2004

    Authentic Member

  • Authentic Member
  • PipPip
  • 43 posts

Posted 16 December 2013 - 03:05 PM

HI,

 

Please help me get rid of this pop up message box from my aunts computer that says "Scan for Viruses".

It can appear even if all the browsers are closed.

 

I scanned using the up to date AVG and Malwarebytes but no viruses or trojans were found.

 

 

 

 

 

 

Please see my HijackThis report:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:58:47, on 16/12/2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\progra~1\vision~1\paperp~1\pptd40nt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MyPC Backup\BackupStack.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\PROGRA~1\VISION~1\PAPERP~1\PPWebCap.exe
C:\Documents and Settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\PicPick\picpick.exe
C:\Documents and Settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Psion\PsiWin\Psconsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\MyPC Backup\MyPC Backup.exe
C:\PROGRA~1\Psion\PsiWin\Elogerr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\CCL.CCL-08D629D927E\My Documents\Downloads\HiJackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\vision~1\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\VISION~1\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [C7B7F310992EB8D31E86F817A760484A260F3B9B._service_run] "C:\Documents and Settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [PicPick Start] C:\Program Files\PicPick\picpick.exe /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O4 - Startup: MyPC Backup.lnk = C:\Program Files\MyPC Backup\MyPC Backup.exe
O4 - Global Startup: Configuration Wizard.lnk = C:\Program Files\Symantec\WinFax\WTNSETUP.EXE
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O4 - Global Startup: PsiWin 2.3 Connection Server.lnk = C:\Program Files\Psion\PsiWin\Psconsv.exe
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O16 - DPF: {3EA00DAB-812E-4894-A7D2-E9B0F80E94AE} (ARSign Class) - https://join.bankhap...abs/arpkcom.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files\MyPC Backup\BackupStack.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: Wyse PocketCloud (WysePocketCloud) - Unknown owner - C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
 
--
End of file - 8820 bytes
 

    Advertisements

Register to Remove


#2 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 18 December 2013 - 07:03 AM

Hi and Welcome!!   

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.


Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------
 
n3uobiT.jpg  Download CKScanner by askey127 from Here & save it to your Desktop.

  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

----------
 
weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------


Posted Image
 
 

#3 horse2004

horse2004

    Authentic Member

  • Authentic Member
  • PipPip
  • 43 posts

Posted 20 December 2013 - 06:26 AM

Hi Jeff,

 

 

Thank you for your reply.

I have done as you said, please see below the 3 log files:

 

 

 

 

Here is the dds.txt

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by CCL at 14:04:59 on 2013-12-20
Microsoft Windows XP Professional  5.1.2600.2.1255.972.1033.18.3319.2382 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\MyPC Backup\BackupStack.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\progra~1\vision~1\paperp~1\pptd40nt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\PROGRA~1\VISION~1\PAPERP~1\PPWebCap.exe
C:\Documents and Settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\PicPick\picpick.exe
C:\Documents and Settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\Psion\PsiWin\Psconsv.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\MyPC Backup\MyPC Backup.exe
C:\PROGRA~1\Psion\PsiWin\Elogerr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
dURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - c:\program files\internet explorer\iedvtool.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [PPWebCap] c:\progra~1\vision~1\paperp~1\PPWebCap.exe
uRun: [C7B7F310992EB8D31E86F817A760484A260F3B9B._service_run] "c:\documents and settings\ccl.ccl-08d629d927e\local settings\application data\google\chrome\application\chrome.exe" --type=service
uRun: [PicPick Start] c:\program files\picpick\picpick.exe /startup
uRun: [Google Update] "c:\documents and settings\ccl.ccl-08d629d927e\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Alcmtr] ALCMTR.EXE
mRun: [PaperPort PTD] c:\progra~1\vision~1\paperp~1\pptd40nt.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WinFaxAppPortStarter] wfxsnt40.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\ccl~1.ccl\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\ccl~1.ccl\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\config~1.lnk - c:\program files\symantec\winfax\WTNSETUP.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\contro~1.lnk - c:\program files\symantec\winfax\WFXCTL32.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\psiwin~1.lnk - c:\program files\psion\psiwin\Psconsv.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3EA00DAB-812E-4894-A7D2-E9B0F80E94AE} - hxxps://join.bankhapoalim.co.il/reg/pk/cabs/arpkcom.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{05F92E82-373A-4727-ACFF-9A257B5932D6} : DHCPNameServer = 194.90.1.5 199.203.1.20
TCP: Interfaces\{C660F4C8-6195-4F55-8E66-65EB1D00C541} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
SEH: WinFax PRO IShellExecuteHook - {A213B520-C6C2-11d0-AF9D-008029E1027E} - c:\program files\symantec\winfax\WFXSEH32.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-2-7 13560]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 302368]
R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2013-2-18 299208]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 207656]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-9-20 38440]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-4 418376]
R2 WysePocketCloud;Wyse PocketCloud;c:\program files\wyse\pocketcloud windows companion\PocketCloudService.exe [2012-5-11 177056]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-13 22856]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2013-10-16 5175856]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-13 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-12-10 1025352]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-8-13 245760]
S3 cpuz132;cpuz132;\??\c:\docume~1\ccl~1.ccl\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\ccl~1.ccl\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-5 34152]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-3-12 9040]
S3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [2010-3-12 19408]
.
=============== File Associations ===============
.
ShellExec: regsvr32.exe: RegDLL=regsvr32 %1
ShellExec: regsvr32.exe: UnRegDLL=regsvr32 /u %1
.
=============== Created Last 30 ================
.
2013-12-12 20:25:27 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-10 12:08:45 -------- d-----w- c:\program files\Free FreeCell Solitaire
2013-12-10 12:05:30 -------- d-----w- c:\documents and settings\all users.windows\application data\TreeCardGames
2013-12-10 12:04:42 -------- d-----w- c:\documents and settings\ccl.ccl-08d629d927e\application data\TreeCardGames
2013-12-10 12:04:28 -------- d-----w- c:\program files\MyPC Backup
2013-12-10 12:04:27 -------- d-----w- c:\program files\Free Spider Solitaire
2013-12-05 18:00:36 -------- d-----w- c:\program files\Citrix
2013-12-05 18:00:12 -------- d-----w- c:\documents and settings\ccl.ccl-08d629d927e\local settings\application data\Citrix
2013-12-05 13:28:59 -------- d-----w- c:\documents and settings\ccl.ccl-08d629d927e\local settings\application data\Cool_Mirage
.
==================== Find3M  ====================
.
2013-12-11 00:56:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 00:56:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-02 07:52:04 41 ----a-w- c:\windows\WFXDEL.BAT
.
============= FINISH: 14:05:56.32 ===============
 
 
 
 
 
 
 
 
 
 
 
 
Here is the attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 14/06/2009 23:42:49
System Uptime: 17/12/2013 12:01:17 (74 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | 8I945GZME-RH
Processor:              Intel® Pentium® D  CPU 2.66GHz | Socket 775 | 2660/133mhz
Processor:              Intel® Pentium® D  CPU 2.66GHz | Socket 775 | 2660/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 13.853 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 39 GiB total, 19.32 GiB free.
F: is FIXED (NTFS) - 39 GiB total, 19.818 GiB free.
G: is FIXED (NTFS) - 39 GiB total, 30.087 GiB free.
H: is FIXED (NTFS) - 24 GiB total, 12.823 GiB free.
I: is FIXED (NTFS) - 32 GiB total, 5.241 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N95
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP1653: 02/10/2013 09:50:48 - Printer Driver WinFax (Photo Quality) Installed
RP1654: 02/10/2013 09:52:41 - Printer Driver WinFax Installed
RP1655: 02/10/2013 09:52:49 - Printer Driver WinFax (Photo Quality) Installed
RP1656: 03/10/2013 10:49:44 - System Checkpoint
RP1657: 04/10/2013 11:48:39 - System Checkpoint
RP1658: 05/10/2013 11:49:44 - System Checkpoint
RP1659: 06/10/2013 13:16:56 - System Checkpoint
RP1660: 07/10/2013 13:46:25 - System Checkpoint
RP1661: 08/10/2013 14:46:25 - System Checkpoint
RP1662: 09/10/2013 15:45:41 - System Checkpoint
RP1663: 10/10/2013 15:46:46 - System Checkpoint
RP1664: 11/10/2013 05:00:14 - Software Distribution Service 3.0
RP1665: 12/10/2013 05:45:41 - System Checkpoint
RP1666: 13/10/2013 06:43:40 - System Checkpoint
RP1667: 14/10/2013 08:17:07 - System Checkpoint
RP1668: 15/10/2013 09:14:57 - System Checkpoint
RP1669: 16/10/2013 10:06:38 - System Checkpoint
RP1670: 17/10/2013 10:41:49 - System Checkpoint
RP1671: 18/10/2013 11:40:44 - System Checkpoint
RP1672: 19/10/2013 12:39:40 - System Checkpoint
RP1673: 20/10/2013 15:31:06 - System Checkpoint
RP1674: 21/10/2013 15:39:44 - System Checkpoint
RP1675: 22/10/2013 16:22:13 - System Checkpoint
RP1676: 23/10/2013 20:00:31 - System Checkpoint
RP1677: 24/10/2013 20:13:47 - System Checkpoint
RP1678: 25/10/2013 21:12:42 - System Checkpoint
RP1679: 26/10/2013 21:19:21 - System Checkpoint
RP1680: 27/10/2013 22:37:22 - System Checkpoint
RP1681: 28/10/2013 23:10:37 - System Checkpoint
RP1682: 30/10/2013 00:10:37 - System Checkpoint
RP1683: 31/10/2013 01:09:31 - System Checkpoint
RP1684: 01/11/2013 01:58:19 - System Checkpoint
RP1685: 02/11/2013 02:58:20 - System Checkpoint
RP1686: 03/11/2013 03:57:19 - System Checkpoint
RP1687: 04/11/2013 04:56:18 - System Checkpoint
RP1688: 05/11/2013 05:56:18 - System Checkpoint
RP1689: 06/11/2013 06:55:07 - System Checkpoint
RP1690: 07/11/2013 06:55:12 - System Checkpoint
RP1691: 08/11/2013 07:52:13 - System Checkpoint
RP1692: 09/11/2013 08:52:15 - System Checkpoint
RP1693: 10/11/2013 09:49:54 - System Checkpoint
RP1694: 11/11/2013 09:51:15 - System Checkpoint
RP1695: 12/11/2013 11:02:08 - System Checkpoint
RP1696: 13/11/2013 06:00:15 - Software Distribution Service 3.0
RP1697: 14/11/2013 06:57:04 - System Checkpoint
RP1698: 15/11/2013 07:39:59 - System Checkpoint
RP1699: 16/11/2013 08:59:40 - System Checkpoint
RP1700: 17/11/2013 10:01:50 - System Checkpoint
RP1701: 18/11/2013 11:46:28 - System Checkpoint
RP1702: 19/11/2013 13:14:35 - System Checkpoint
RP1703: 20/11/2013 16:43:51 - System Checkpoint
RP1704: 21/11/2013 17:34:17 - System Checkpoint
RP1705: 22/11/2013 18:33:43 - System Checkpoint
RP1706: 23/11/2013 19:20:15 - System Checkpoint
RP1707: 24/11/2013 19:29:16 - System Checkpoint
RP1708: 25/11/2013 20:28:13 - System Checkpoint
RP1709: 26/11/2013 21:51:06 - System Checkpoint
RP1710: 27/11/2013 22:26:04 - System Checkpoint
RP1711: 28/11/2013 23:23:35 - System Checkpoint
RP1712: 30/11/2013 00:20:24 - System Checkpoint
RP1713: 01/12/2013 01:08:24 - System Checkpoint
RP1714: 02/12/2013 02:04:54 - System Checkpoint
RP1715: 03/12/2013 02:59:55 - System Checkpoint
RP1716: 04/12/2013 03:57:50 - System Checkpoint
RP1717: 05/12/2013 04:56:35 - System Checkpoint
RP1718: 06/12/2013 05:22:09 - System Checkpoint
RP1719: 07/12/2013 06:20:02 - System Checkpoint
RP1720: 08/12/2013 06:23:06 - System Checkpoint
RP1721: 09/12/2013 07:15:49 - System Checkpoint
RP1722: 10/12/2013 08:13:52 - System Checkpoint
RP1723: 11/12/2013 09:10:36 - System Checkpoint
RP1724: 12/12/2013 06:00:15 - Software Distribution Service 3.0
RP1725: 13/12/2013 07:23:54 - System Checkpoint
RP1726: 14/12/2013 19:53:10 - System Checkpoint
RP1727: 15/12/2013 20:45:45 - System Checkpoint
RP1728: 16/12/2013 20:46:03 - System Checkpoint
RP1729: 18/12/2013 16:24:40 - System Checkpoint
RP1730: 19/12/2013 20:27:54 - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Photoshop 6.0
Adobe Photoshop 7.0
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.5
Advertising Center
Auto Window Manager
AV210
AVG 2012
Canon MP Navigator EX 1.0
Canon MX300 series
Canon MX300 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
CD-Direct 3.22
Compatibility Pack for the 2007 Office system
Diamond Spider Solitaire
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Driver Whiz
eFax Messenger
ESWIN_USB 0.6j
Free FreeCell Solitaire 2012 v2.1
Free Spider Solitaire v4.0
Google Chrome
HijackThis 2.0.2
HL-2240D
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImagXpress
Intel® Graphics Media Accelerator Driver
Java 7 Update 25
Java Auto Updater
Java™ 6 Update 31
K-Lite Codec Pack 4.3.4 (Full)
Kies Air Discovery Service
LiveAdvisor (Symantec Corporation)
LiveUpdate
Malwarebytes Anti-Malware version 1.75.0.1300
Marvell Miniport Driver
Media Player Codec Pack 3.4.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Calculator Plus
Microsoft Flight Simulator X
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
MSVC80_x86
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
MyPC Backup 
Nero BurnRights
Nero CoverDesigner
Nero DriveSpeed
Nero InfoTool
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
Nokia PC Suite
OneTouch 4.0
Paint.NET v3.36
PC Connectivity Solution
PL-2303 USB-to-Serial
PocketCloud Windows Companion
PrimoPDF -- brought to you by Nitro PDF Software
PsiWin 2.3
PutLockerDownloader
Realtek High Definition Audio Driver
Samsung Kies
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Skype™ 6.3
SoundTrax
SpywareBlaster 5.0
Symantec WinFax PRO 10.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
VC80CRTRedist - 8.0.50727.6195
Visioneer PaperPort 6.1
WebFldrs XP
Windows Driver Package - Nokia Modem  (10/27/2008 3.9)
Windows Driver Package - Nokia Modem  (10/27/2008 7.01.0.1)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
Windows Internet Explorer 8
Windows Media ASF View 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
WinZip 12.1
WinZip Self-Extractor
.
==== Event Viewer Messages From Past Week ========
.
14/12/2013 19:25:26, error: ipnathlp [32003]  - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
14/12/2013 19:25:26, error: Dhcp [1002]  - The IP address lease 192.168.1.100 for the Network Card with network address 0016E66CA99C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 
 
 
 
 
 
 
Here is the CKfiles.txt
CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.DENAUZ
 ----- EOF ----- 
 
 
 
 
 
 
 
 
 
 
 
Here is the TDSSKiller log file
 
14:10:37.0718 7440  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:10:38.0140 7440  ============================================================
14:10:38.0140 7440  Current date / time: 2013/12/20 14:10:38.0140
14:10:38.0140 7440  SystemInfo:
14:10:38.0140 7440  
14:10:38.0140 7440  OS Version: 5.1.2600 ServicePack: 2.0
14:10:38.0140 7440  Product type: Workstation
14:10:38.0140 7440  ComputerName: 
14:10:38.0140 7440  UserName:
14:10:38.0140 7440  Windows directory: C:\WINDOWS
14:10:38.0140 7440  System windows directory: C:\WINDOWS
14:10:38.0140 7440  Processor architecture: Intel x86
14:10:38.0140 7440  Number of processors: 2
14:10:38.0140 7440  Page size: 0x1000
14:10:38.0140 7440  Boot type: Normal boot
14:10:38.0140 7440  ============================================================
14:10:39.0156 7440  Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:10:39.0156 7440  ============================================================
14:10:39.0156 7440  \Device\Harddisk0\DR0:
14:10:39.0156 7440  MBR partitions:
14:10:39.0156 7440  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x770EC5C
14:10:39.0171 7440  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x770ECDA, BlocksNum 0x4E1EDEC
14:10:39.0187 7440  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC52DB05, BlocksNum 0x4E1EDEC
14:10:39.0187 7440  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x1134C930, BlocksNum 0x4E1EDEC
14:10:39.0203 7440  \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x1616B75B, BlocksNum 0x30D3C74
14:10:39.0218 7440  \Device\Harddisk0\DR0\Partition6: MBR, Type 0x7, StartLBA 0x1923F40E, BlocksNum 0x3F85173
14:10:39.0218 7440  ============================================================
14:10:39.0250 7440  C: <-> \Device\Harddisk0\DR0\Partition1
14:10:39.0296 7440  E: <-> \Device\Harddisk0\DR0\Partition2
14:10:39.0343 7440  F: <-> \Device\Harddisk0\DR0\Partition3
14:10:39.0375 7440  G: <-> \Device\Harddisk0\DR0\Partition4
14:10:39.0406 7440  H: <-> \Device\Harddisk0\DR0\Partition5
14:10:39.0437 7440  I: <-> \Device\Harddisk0\DR0\Partition6
14:10:39.0437 7440  ============================================================
14:10:39.0437 7440  Initialize success
14:10:39.0437 7440  ============================================================
14:10:49.0281 8076  ============================================================
14:10:49.0281 8076  Scan started
14:10:49.0281 8076  Mode: Manual; 
14:10:49.0281 8076  ============================================================
14:10:50.0171 8076  ================ Scan system memory ========================
14:10:50.0187 8076  System memory - ok
14:10:50.0187 8076  ================ Scan services =============================
14:10:50.0281 8076  Abiosdsk - ok
14:10:50.0281 8076  abp480n5 - ok
14:10:50.0328 8076  [ A10C7534F7223F4A73A948967D00E69B ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:10:50.0328 8076  ACPI - ok
14:10:50.0359 8076  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:10:50.0359 8076  ACPIEC - ok
14:10:50.0421 8076  [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:10:50.0421 8076  AdobeFlashPlayerUpdateSvc - ok
14:10:50.0421 8076  adpu160m - ok
14:10:50.0468 8076  [ 1EE7B434BA961EF845DE136224C30FEC ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:10:50.0468 8076  aec - ok
14:10:50.0500 8076  [ 55E6E1C51B6D30E54335750955453702 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:10:50.0500 8076  AFD - ok
14:10:50.0515 8076  Aha154x - ok
14:10:50.0531 8076  aic78u2 - ok
14:10:50.0531 8076  aic78xx - ok
14:10:50.0562 8076  [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:10:50.0562 8076  Alerter - ok
14:10:50.0593 8076  [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG             C:\WINDOWS\System32\alg.exe
14:10:50.0593 8076  ALG - ok
14:10:50.0609 8076  AliIde - ok
14:10:50.0625 8076  amsint - ok
14:10:50.0656 8076  [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:10:50.0656 8076  AppMgmt - ok
14:10:50.0656 8076  asc - ok
14:10:50.0671 8076  asc3350p - ok
14:10:50.0687 8076  asc3550 - ok
14:10:50.0781 8076  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:10:50.0781 8076  aspnet_state - ok
14:10:50.0796 8076  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:10:50.0796 8076  AsyncMac - ok
14:10:50.0796 8076  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:10:50.0812 8076  atapi - ok
14:10:50.0812 8076  Atdisk - ok
14:10:50.0828 8076  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:10:50.0828 8076  Atmarpc - ok
14:10:50.0859 8076  [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:10:50.0859 8076  AudioSrv - ok
14:10:50.0890 8076  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:10:50.0890 8076  audstub - ok
14:10:51.0031 8076  [ 3A457C2F798CAD79CD30224E723E01FB ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
14:10:51.0062 8076  AVG Security Toolbar Service - ok
14:10:51.0250 8076  [ AB673BA95E8FA446E9C00AA7A34B96DA ] AVGIDSAgent     C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
14:10:51.0296 8076  AVGIDSAgent - ok
14:10:51.0328 8076  [ EF67527CC2AD77D22AB1405C6470407E ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
14:10:51.0328 8076  AVGIDSDriver - ok
14:10:51.0359 8076  [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter    C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
14:10:51.0359 8076  AVGIDSFilter - ok
14:10:51.0390 8076  [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
14:10:51.0390 8076  AVGIDSHX - ok
14:10:51.0421 8076  [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
14:10:51.0421 8076  AVGIDSShim - ok
14:10:51.0468 8076  [ 6671345A6E2669AF1966BAF68EC5620F ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
14:10:51.0468 8076  Avgldx86 - ok
14:10:51.0500 8076  [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
14:10:51.0500 8076  Avgmfx86 - ok
14:10:51.0515 8076  [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
14:10:51.0515 8076  Avgrkx86 - ok
14:10:51.0546 8076  [ 1647C720358DCC98ACF51E597C461C4D ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
14:10:51.0546 8076  Avgtdix - ok
14:10:51.0593 8076  [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd           C:\Program Files\AVG\AVG2012\avgwdsvc.exe
14:10:51.0593 8076  avgwd - ok
14:10:51.0640 8076  [ D466BAC7B0F83F075CB3A6D9D11BA799 ] BackupStack     C:\Program Files\MyPC Backup\BackupStack.exe
14:10:51.0640 8076  BackupStack - ok
14:10:51.0671 8076  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:10:51.0671 8076  Beep - ok
14:10:51.0718 8076  [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS            C:\WINDOWS\system32\qmgr.dll
14:10:51.0734 8076  BITS - ok
14:10:51.0765 8076  [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser         C:\WINDOWS\System32\browser.dll
14:10:51.0765 8076  Browser - ok
14:10:51.0796 8076  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
14:10:51.0812 8076  BrYNSvc - ok
14:10:51.0843 8076  [ E0AF4DE6D279185F45231F7EF06955BD ] cbfs3           C:\WINDOWS\system32\drivers\cbfs3.sys
14:10:51.0843 8076  cbfs3 - ok
14:10:51.0875 8076  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:10:51.0890 8076  cbidf2k - ok
14:10:51.0890 8076  cd20xrnt - ok
14:10:51.0921 8076  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:10:51.0921 8076  Cdaudio - ok
14:10:51.0937 8076  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:10:51.0937 8076  Cdfs - ok
14:10:51.0968 8076  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:10:51.0968 8076  Cdrom - ok
14:10:51.0968 8076  Changer - ok
14:10:51.0984 8076  [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:10:51.0984 8076  CiSvc - ok
14:10:52.0000 8076  [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:10:52.0000 8076  ClipSrv - ok
14:10:52.0031 8076  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:10:52.0031 8076  clr_optimization_v2.0.50727_32 - ok
14:10:52.0031 8076  CmdIde - ok
14:10:52.0046 8076  COMSysApp - ok
14:10:52.0078 8076  Cpqarray - ok
14:10:52.0203 8076  cpuz132 - ok
14:10:52.0234 8076  [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:10:52.0234 8076  CryptSvc - ok
14:10:52.0250 8076  dac2w2k - ok
14:10:52.0250 8076  dac960nt - ok
14:10:52.0296 8076  [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:10:52.0312 8076  DcomLaunch - ok
14:10:52.0343 8076  [ 1EC27A51A2F9DF052BC2B4C8376C8FEA ] DgiVecp         C:\WINDOWS\system32\Drivers\DgiVecp.sys
14:10:52.0343 8076  DgiVecp - ok
14:10:52.0390 8076  [ EF545E1A4B043DA4C84E230DD471C55F ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:10:52.0390 8076  Dhcp - ok
14:10:52.0406 8076  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:10:52.0406 8076  Disk - ok
14:10:52.0406 8076  dmadmin - ok
14:10:52.0453 8076  [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:10:52.0484 8076  dmboot - ok
14:10:52.0500 8076  [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio            C:\WINDOWS\system32\DRIVERS\dmio.sys
14:10:52.0500 8076  dmio - ok
14:10:52.0531 8076  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:10:52.0531 8076  dmload - ok
14:10:52.0546 8076  [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:10:52.0546 8076  dmserver - ok
14:10:52.0578 8076  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:10:52.0578 8076  DMusic - ok
14:10:52.0609 8076  [ AAC8FFBFD61E784FA3BAC851D4A0BD5F ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:10:52.0609 8076  Dnscache - ok
14:10:52.0625 8076  dpti2o - ok
14:10:52.0656 8076  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:10:52.0656 8076  drmkaud - ok
14:10:52.0687 8076  [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:10:52.0687 8076  ERSvc - ok
14:10:52.0718 8076  [ 37561F8D4160D62DA86D24AE41FAE8DE ] Eventlog        C:\WINDOWS\system32\services.exe
14:10:52.0734 8076  Eventlog - ok
14:10:52.0765 8076  [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem     C:\WINDOWS\system32\es.dll
14:10:52.0765 8076  EventSystem - ok
14:10:52.0781 8076  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:10:52.0796 8076  Fastfat - ok
14:10:52.0828 8076  [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:10:52.0828 8076  FastUserSwitchingCompatibility - ok
14:10:52.0859 8076  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
14:10:52.0859 8076  Fdc - ok
14:10:52.0890 8076  [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:10:52.0890 8076  Fips - ok
14:10:52.0906 8076  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:10:52.0906 8076  Flpydisk - ok
14:10:52.0953 8076  [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:10:52.0953 8076  FltMgr - ok
14:10:53.0015 8076  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:10:53.0015 8076  FontCache3.0.0.0 - ok
14:10:53.0015 8076  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:10:53.0015 8076  Fs_Rec - ok
14:10:53.0031 8076  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:10:53.0031 8076  Ftdisk - ok
14:10:53.0046 8076  [ 483924F92E55A5F9423201EC635E2CED ] gfibto          C:\WINDOWS\system32\drivers\gfibto.sys
14:10:53.0046 8076  gfibto - ok
14:10:53.0093 8076  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:10:53.0093 8076  Gpc - ok
14:10:53.0125 8076  [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:10:53.0125 8076  HDAudBus - ok
14:10:53.0187 8076  [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:10:53.0187 8076  helpsvc - ok
14:10:53.0218 8076  [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ         C:\WINDOWS\System32\hidserv.dll
14:10:53.0218 8076  HidServ - ok
14:10:53.0250 8076  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:10:53.0250 8076  HidUsb - ok
14:10:53.0265 8076  hpn - ok
14:10:53.0296 8076  [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:10:53.0296 8076  HTTP - ok
14:10:53.0343 8076  [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:10:53.0343 8076  HTTPFilter - ok
14:10:53.0343 8076  i2omgmt - ok
14:10:53.0359 8076  i2omp - ok
14:10:53.0390 8076  [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:10:53.0390 8076  i8042prt - ok
14:10:53.0453 8076  [ BC1F1FF8D5800398937966CDB0A97FDC ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:10:53.0500 8076  ialm - ok
14:10:53.0593 8076  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:10:53.0593 8076  IDriverT - ok
14:10:53.0671 8076  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:10:53.0687 8076  idsvc - ok
14:10:53.0718 8076  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:10:53.0718 8076  Imapi - ok
14:10:53.0750 8076  [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:10:53.0750 8076  ImapiService - ok
14:10:53.0765 8076  ini910u - ok
14:10:53.0906 8076  [ C4006AF18682FCA0D8A011A0A21070F8 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:10:53.0937 8076  IntcAzAudAddService - ok
14:10:53.0953 8076  IntelIde - ok
14:10:53.0984 8076  [ 279FB78702454DFF2BB445F238C048D2 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:10:53.0984 8076  intelppm - ok
14:10:54.0015 8076  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:10:54.0015 8076  Ip6Fw - ok
14:10:54.0031 8076  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:10:54.0031 8076  IpFilterDriver - ok
14:10:54.0062 8076  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:10:54.0062 8076  IpInIp - ok
14:10:54.0093 8076  [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:10:54.0093 8076  IpNat - ok
14:10:54.0109 8076  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:10:54.0109 8076  IPSec - ok
14:10:54.0140 8076  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:10:54.0140 8076  IRENUM - ok
14:10:54.0171 8076  [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:10:54.0171 8076  isapnp - ok
14:10:54.0250 8076  [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:10:54.0250 8076  JavaQuickStarterService - ok
14:10:54.0265 8076  [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:10:54.0265 8076  Kbdclass - ok
14:10:54.0296 8076  [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:10:54.0296 8076  kbdhid - ok
14:10:54.0343 8076  [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:10:54.0343 8076  kmixer - ok
14:10:54.0359 8076  [ 674D3E5A593475915DC6643317192403 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:10:54.0359 8076  KSecDD - ok
14:10:54.0390 8076  [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
14:10:54.0390 8076  lanmanserver - ok
14:10:54.0437 8076  [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:10:54.0437 8076  lanmanworkstation - ok
14:10:54.0453 8076  lbrtfdc - ok
14:10:54.0500 8076  [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:10:54.0500 8076  LmHosts - ok
14:10:54.0531 8076  [ 9EE18A5A45552673A67532EA37370377 ] ltmodem5        C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
14:10:54.0531 8076  ltmodem5 - ok
14:10:54.0562 8076  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
14:10:54.0562 8076  MBAMProtector - ok
14:10:54.0593 8076  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:10:54.0609 8076  MBAMScheduler - ok
14:10:54.0640 8076  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:10:54.0656 8076  MBAMService - ok
14:10:54.0687 8076  [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:10:54.0687 8076  Messenger - ok
14:10:54.0718 8076  [ F2AE6AF4817E612FC162DCC580B7A5CC ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
14:10:54.0718 8076  mfehidk - ok
14:10:54.0750 8076  [ DB75C83E3E57037390B7B4392BCA5481 ] mferkdk         C:\WINDOWS\system32\drivers\mferkdk.sys
14:10:54.0750 8076  mferkdk - ok
14:10:54.0781 8076  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:10:54.0781 8076  mnmdd - ok
14:10:54.0812 8076  [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:10:54.0812 8076  mnmsrvc - ok
14:10:54.0843 8076  [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:10:54.0843 8076  Modem - ok
14:10:54.0859 8076  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:10:54.0859 8076  MODEMCSA - ok
14:10:54.0875 8076  [ 34E1F0031153E491910E12551400192C ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:10:54.0875 8076  Mouclass - ok
14:10:54.0890 8076  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:10:54.0890 8076  mouhid - ok
14:10:54.0906 8076  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:10:54.0906 8076  MountMgr - ok
14:10:54.0906 8076  mraid35x - ok
14:10:54.0937 8076  [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:10:54.0953 8076  MRxDAV - ok
14:10:54.0984 8076  [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:10:55.0000 8076  MRxSmb - ok
14:10:55.0015 8076  [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:10:55.0015 8076  MSDTC - ok
14:10:55.0031 8076  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:10:55.0031 8076  Msfs - ok
14:10:55.0046 8076  MSIServer - ok
14:10:55.0078 8076  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:10:55.0078 8076  MSKSSRV - ok
14:10:55.0093 8076  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:10:55.0093 8076  MSPCLOCK - ok
14:10:55.0093 8076  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:10:55.0109 8076  MSPQM - ok
14:10:55.0125 8076  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:10:55.0125 8076  mssmbios - ok
14:10:55.0140 8076  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:10:55.0140 8076  Mup - ok
14:10:55.0156 8076  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:10:55.0156 8076  NDIS - ok
14:10:55.0171 8076  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:10:55.0171 8076  NdisTapi - ok
14:10:55.0187 8076  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:10:55.0187 8076  Ndisuio - ok
14:10:55.0187 8076  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:10:55.0187 8076  NdisWan - ok
14:10:55.0234 8076  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:10:55.0234 8076  NDProxy - ok
14:10:55.0328 8076  [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
14:10:55.0359 8076  Nero BackItUp Scheduler 4.0 - ok
14:10:55.0359 8076  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:10:55.0359 8076  NetBIOS - ok
14:10:55.0406 8076  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:10:55.0406 8076  NetBT - ok
14:10:55.0437 8076  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:10:55.0437 8076  NetDDE - ok
14:10:55.0437 8076  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:10:55.0437 8076  NetDDEdsdm - ok
14:10:55.0468 8076  [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:10:55.0484 8076  Netlogon - ok
14:10:55.0515 8076  [ 36739B39267914BA69AD0610A0299732 ] Netman          C:\WINDOWS\System32\netman.dll
14:10:55.0515 8076  Netman - ok
14:10:55.0546 8076  [ B128CCC0E4586628D5D6F6A8F1D0778D ] netrcacm        C:\WINDOWS\system32\DRIVERS\netrcacm.sys
14:10:55.0546 8076  netrcacm - ok
14:10:55.0578 8076  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:10:55.0578 8076  NetTcpPortSharing - ok
14:10:55.0609 8076  [ 097722F235A1FB698BF9234E01B52637 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:10:55.0625 8076  Nla - ok
14:10:55.0656 8076  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:10:55.0656 8076  Npfs - ok
14:10:55.0687 8076  [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:10:55.0703 8076  Ntfs - ok
14:10:55.0703 8076  [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:10:55.0703 8076  NtLmSsp - ok
14:10:55.0750 8076  [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:10:55.0765 8076  NtmsSvc - ok
14:10:55.0781 8076  [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr        C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
14:10:55.0781 8076  NuidFltr - ok
14:10:55.0828 8076  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:10:55.0828 8076  Null - ok
14:10:55.0859 8076  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:10:55.0859 8076  NwlnkFlt - ok
14:10:55.0875 8076  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:10:55.0875 8076  NwlnkFwd - ok
14:10:55.0921 8076  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:10:55.0921 8076  ose - ok
14:10:55.0953 8076  [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
14:10:55.0953 8076  Parport - ok
14:10:55.0968 8076  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:10:55.0968 8076  PartMgr - ok
14:10:56.0000 8076  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:10:56.0000 8076  ParVdm - ok
14:10:56.0031 8076  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
14:10:56.0031 8076  pccsmcfd - ok
14:10:56.0046 8076  [ 8086D9979234B603AD5BC2F5D890B234 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:10:56.0046 8076  PCI - ok
14:10:56.0046 8076  PCIDump - ok
14:10:56.0062 8076  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:10:56.0062 8076  PCIIde - ok
14:10:56.0093 8076  [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
14:10:56.0093 8076  Pcmcia - ok
14:10:56.0093 8076  PDCOMP - ok
14:10:56.0109 8076  PDFRAME - ok
14:10:56.0109 8076  PDRELI - ok
14:10:56.0125 8076  PDRFRAME - ok
14:10:56.0140 8076  perc2 - ok
14:10:56.0140 8076  perc2hib - ok
14:10:56.0187 8076  [ 37561F8D4160D62DA86D24AE41FAE8DE ] PlugPlay        C:\WINDOWS\system32\services.exe
14:10:56.0187 8076  PlugPlay - ok
14:10:56.0203 8076  [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:10:56.0203 8076  PolicyAgent - ok
14:10:56.0218 8076  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:10:56.0218 8076  PptpMiniport - ok
14:10:56.0234 8076  [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:10:56.0234 8076  ProtectedStorage - ok
14:10:56.0234 8076  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:10:56.0250 8076  PSched - ok
14:10:56.0250 8076  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:10:56.0250 8076  Ptilink - ok
14:10:56.0281 8076  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:10:56.0281 8076  PxHelp20 - ok
14:10:56.0281 8076  ql1080 - ok
14:10:56.0296 8076  Ql10wnt - ok
14:10:56.0312 8076  ql12160 - ok
14:10:56.0312 8076  ql1240 - ok
14:10:56.0328 8076  ql1280 - ok
14:10:56.0343 8076  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:10:56.0343 8076  RasAcd - ok
14:10:56.0375 8076  [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:10:56.0375 8076  RasAuto - ok
14:10:56.0406 8076  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:10:56.0406 8076  Rasl2tp - ok
14:10:56.0437 8076  [ 49B5EED5FB89D39456A2F616CCD8BA5D ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:10:56.0437 8076  RasMan - ok
14:10:56.0468 8076  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:10:56.0468 8076  RasPppoe - ok
14:10:56.0484 8076  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:10:56.0484 8076  Raspti - ok
14:10:56.0515 8076  [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:10:56.0515 8076  Rdbss - ok
14:10:56.0531 8076  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:10:56.0531 8076  RDPCDD - ok
14:10:56.0562 8076  [ A862A3A8D7D2D75BDC41B556325E9876 ] RDPDISPM        C:\WINDOWS\system32\DRIVERS\rdpdispm.sys
14:10:56.0562 8076  RDPDISPM - ok
14:10:56.0593 8076  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:10:56.0593 8076  rdpdr - ok
14:10:56.0625 8076  [ 95508469D4DA5C13BBFEF9C35F3E5C61 ] RDPVDD          C:\WINDOWS\system32\DRIVERS\rdpvmp.sys
14:10:56.0625 8076  RDPVDD - ok
14:10:56.0656 8076  [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:10:56.0656 8076  RDPWD - ok
14:10:56.0687 8076  [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:10:56.0687 8076  RDSessMgr - ok
14:10:56.0703 8076  [ B31B4588E4086D8D84ADBF9845C2402B ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:10:56.0718 8076  redbook - ok
14:10:56.0750 8076  [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:10:56.0750 8076  RemoteAccess - ok
14:10:56.0781 8076  [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:10:56.0781 8076  RemoteRegistry - ok
14:10:56.0828 8076  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
14:10:56.0828 8076  ROOTMODEM - ok
14:10:56.0843 8076  [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:10:56.0843 8076  RpcLocator - ok
14:10:56.0890 8076  [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
14:10:56.0890 8076  RpcSs - ok
14:10:56.0937 8076  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:10:56.0937 8076  RSVP - ok
14:10:56.0968 8076  [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:10:56.0984 8076  SamSs - ok
14:10:57.0015 8076  [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:10:57.0015 8076  SCardSvr - ok
14:10:57.0046 8076  [ 92360854316611F6CC471612213C3D92 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:10:57.0062 8076  Schedule - ok
14:10:57.0093 8076  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:10:57.0093 8076  Secdrv - ok
14:10:57.0109 8076  [ B1E0CE09895376871746F36DC5773B4F ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:10:57.0125 8076  seclogon - ok
14:10:57.0140 8076  [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS            C:\WINDOWS\system32\sens.dll
14:10:57.0140 8076  SENS - ok
14:10:57.0171 8076  [ 2EC41A96D0DC98BD119BF325E0B9F392 ] Ser2pl          C:\WINDOWS\system32\DRIVERS\ser2pl.sys
14:10:57.0171 8076  Ser2pl - ok
14:10:57.0187 8076  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
14:10:57.0187 8076  serenum - ok
14:10:57.0203 8076  [ CD9404D115A00D249F70A371B46D5A26 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:10:57.0203 8076  Serial - ok
14:10:57.0265 8076  [ 3EC8DE67B1C78C31E54C0F030E6BD7D5 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
14:10:57.0296 8076  ServiceLayer - ok
14:10:57.0312 8076  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:10:57.0312 8076  Sfloppy - ok
14:10:57.0359 8076  [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:10:57.0375 8076  SharedAccess - ok
14:10:57.0390 8076  [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:10:57.0390 8076  ShellHWDetection - ok
14:10:57.0390 8076  Simbad - ok
14:10:57.0453 8076  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
14:10:57.0453 8076  SkypeUpdate - ok
14:10:57.0468 8076  Sparrow - ok
14:10:57.0500 8076  [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:10:57.0500 8076  splitter - ok
14:10:57.0531 8076  [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:10:57.0531 8076  Spooler - ok
14:10:57.0546 8076  [ E41B6D037D6CD08461470AF04500DC24 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:10:57.0546 8076  sr - ok
14:10:57.0562 8076  [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:10:57.0578 8076  srservice - ok
14:10:57.0609 8076  [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:10:57.0625 8076  Srv - ok
14:10:57.0640 8076  [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:10:57.0640 8076  SSDPSRV - ok
14:10:57.0671 8076  [ B6763F8534AC547CF1AF98AFDFF2EDC8 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:10:57.0703 8076  stisvc - ok
14:10:57.0718 8076  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:10:57.0718 8076  swenum - ok
14:10:57.0750 8076  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:10:57.0750 8076  swmidi - ok
14:10:57.0750 8076  SwPrv - ok
14:10:57.0765 8076  symc810 - ok
14:10:57.0781 8076  symc8xx - ok
14:10:57.0781 8076  sym_hi - ok
14:10:57.0796 8076  sym_u3 - ok
14:10:57.0828 8076  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:10:57.0828 8076  sysaudio - ok
14:10:57.0859 8076  [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:10:57.0859 8076  SysmonLog - ok
14:10:57.0890 8076  [ FB78839B36025AA286A51289ED28B73E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:10:57.0906 8076  TapiSrv - ok
14:10:57.0953 8076  [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:10:57.0953 8076  Tcpip - ok
14:10:58.0000 8076  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:10:58.0000 8076  TDPIPE - ok
14:10:58.0015 8076  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:10:58.0015 8076  TDTCP - ok
14:10:58.0046 8076  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:10:58.0046 8076  TermDD - ok
14:10:58.0078 8076  [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService     C:\WINDOWS\System32\termsrv.dll
14:10:58.0093 8076  TermService - ok
14:10:58.0125 8076  [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:10:58.0125 8076  Themes - ok
14:10:58.0156 8076  [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
14:10:58.0156 8076  TlntSvr - ok
14:10:58.0156 8076  TosIde - ok
14:10:58.0187 8076  [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:10:58.0187 8076  TrkWks - ok
14:10:58.0218 8076  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:10:58.0218 8076  Udfs - ok
14:10:58.0218 8076  ultra - ok
14:10:58.0265 8076  [ CED744117E91BDC0BEB810F7D8608183 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:10:58.0281 8076  Update - ok
14:10:58.0312 8076  [ ACA5D98663D879C6BAAFCEA7E2F1B710 ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:10:58.0312 8076  upnphost - ok
14:10:58.0328 8076  upperdev - ok
14:10:58.0359 8076  [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS             C:\WINDOWS\System32\ups.exe
14:10:58.0359 8076  UPS - ok
14:10:58.0390 8076  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:10:58.0390 8076  usbccgp - ok
14:10:58.0406 8076  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:10:58.0406 8076  usbehci - ok
14:10:58.0421 8076  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:10:58.0421 8076  usbhub - ok
14:10:58.0421 8076  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:10:58.0421 8076  usbprint - ok
14:10:58.0453 8076  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:10:58.0453 8076  usbscan - ok
14:10:58.0468 8076  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:10:58.0468 8076  USBSTOR - ok
14:10:58.0484 8076  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:10:58.0484 8076  usbuhci - ok
14:10:58.0500 8076  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:10:58.0500 8076  VgaSave - ok
14:10:58.0500 8076  ViaIde - ok
14:10:58.0515 8076  [ EE4660083DEBA849FF6C485D944B379B ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:10:58.0515 8076  VolSnap - ok
14:10:58.0546 8076  [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS             C:\WINDOWS\System32\vssvc.exe
14:10:58.0546 8076  VSS - ok
14:10:58.0578 8076  [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time         C:\WINDOWS\system32\w32time.dll
14:10:58.0593 8076  W32Time - ok
14:10:58.0609 8076  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:10:58.0609 8076  Wanarp - ok
14:10:58.0656 8076  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
14:10:58.0671 8076  Wdf01000 - ok
14:10:58.0687 8076  WDICA - ok
14:10:58.0687 8076  [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:10:58.0687 8076  wdmaud - ok
14:10:58.0718 8076  [ 265F534EF76832435AFBF771EC97176D ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:10:58.0734 8076  WebClient - ok
14:10:58.0750 8076  [ EFACCE8DEB789DE9A0EC8655CA3075DA ] wfxsvc          C:\WINDOWS\system32\WFXSVC.EXE
14:10:58.0750 8076  wfxsvc - ok
14:10:58.0812 8076  [ F399242A80C4066FD155EFA4CF96658E ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:10:58.0812 8076  winmgmt - ok
14:10:58.0859 8076  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
14:10:58.0859 8076  WmdmPmSN - ok
14:10:58.0906 8076  [ 1081C185AED0660B2B5F173C3E023B23 ] Wmi             C:\WINDOWS\System32\advapi32.dll
14:10:58.0921 8076  Wmi - ok
14:10:58.0953 8076  [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:10:58.0953 8076  WmiApSrv - ok
14:10:59.0046 8076  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
14:10:59.0078 8076  WMPNetworkSvc - ok
14:10:59.0109 8076  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:10:59.0109 8076  WpdUsb - ok
14:10:59.0140 8076  [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
14:10:59.0140 8076  wscsvc - ok
14:10:59.0171 8076  [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:10:59.0171 8076  wuauserv - ok
14:10:59.0203 8076  [ 50EB9E21963B4F06FD010D007D54351B ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:10:59.0203 8076  WudfPf - ok
14:10:59.0218 8076  [ 6E209664BDEA8A15B5E8E480D6C607C2 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:10:59.0218 8076  WudfRd - ok
14:10:59.0250 8076  [ AE93084D2D236887BA56467AE42B4955 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
14:10:59.0250 8076  WudfSvc - ok
14:10:59.0281 8076  [ 3D47152CFBE400B1D2B9945164E0255D ] WysePocketCloud C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
14:10:59.0281 8076  WysePocketCloud - ok
14:10:59.0328 8076  [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:10:59.0343 8076  WZCSVC - ok
14:10:59.0359 8076  [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:10:59.0375 8076  xmlprov - ok
14:10:59.0406 8076  [ A5D4EAE27E68625296D685A786897491 ] yukonwxp        C:\WINDOWS\system32\DRIVERS\yk51x86.sys
14:10:59.0406 8076  yukonwxp - ok
14:10:59.0421 8076  ================ Scan global ===============================
14:10:59.0437 8076  [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
14:10:59.0484 8076  [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
14:10:59.0515 8076  [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
14:10:59.0531 8076  [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe
14:10:59.0531 8076  [Global] - ok
14:10:59.0531 8076  ================ Scan MBR ==================================
14:10:59.0546 8076  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:10:59.0671 8076  \Device\Harddisk0\DR0 - ok
14:10:59.0671 8076  ================ Scan VBR ==================================
14:10:59.0671 8076  [ 16B13E3DD6CD60A80DA5E512F75D3229 ] \Device\Harddisk0\DR0\Partition1
14:10:59.0687 8076  \Device\Harddisk0\DR0\Partition1 - ok
14:10:59.0703 8076  [ 9F6950A79804272791FFBE8BCF16A32D ] \Device\Harddisk0\DR0\Partition2
14:10:59.0703 8076  \Device\Harddisk0\DR0\Partition2 - ok
14:10:59.0718 8076  [ C9F09CE809E21A71CB358255BC7FEC36 ] \Device\Harddisk0\DR0\Partition3
14:10:59.0718 8076  \Device\Harddisk0\DR0\Partition3 - ok
14:10:59.0750 8076  [ 003C0279D2A6542EE4DD19FB34B174E5 ] \Device\Harddisk0\DR0\Partition4
14:10:59.0750 8076  \Device\Harddisk0\DR0\Partition4 - ok
14:10:59.0765 8076  [ 7558C8BCA4C9EB016CA0D97185A15DC1 ] \Device\Harddisk0\DR0\Partition5
14:10:59.0765 8076  \Device\Harddisk0\DR0\Partition5 - ok
14:10:59.0781 8076  [ C15DEE12779BBCE89235E383762A7948 ] \Device\Harddisk0\DR0\Partition6
14:10:59.0781 8076  \Device\Harddisk0\DR0\Partition6 - ok
14:10:59.0781 8076  ============================================================
14:10:59.0781 8076  Scan finished
14:10:59.0781 8076  ============================================================
14:10:59.0796 4424  Detected object count: 0
14:10:59.0796 4424  Actual detected object count: 0
14:11:26.0703 7520  ============================================================
14:11:26.0703 7520  Scan started
14:11:26.0703 7520  Mode: Manual; SigCheck; TDLFS; 
14:11:26.0703 7520  ============================================================
14:11:27.0531 7520  ================ Scan system memory ========================
14:11:27.0546 7520  System memory - ok
14:11:27.0546 7520  ================ Scan services =============================
14:11:27.0640 7520  Abiosdsk - ok
14:11:27.0656 7520  abp480n5 - ok
14:11:27.0687 7520  [ A10C7534F7223F4A73A948967D00E69B ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:11:27.0984 7520  ACPI - ok
14:11:28.0031 7520  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:11:28.0218 7520  ACPIEC - ok
14:11:28.0265 7520  [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:11:28.0296 7520  AdobeFlashPlayerUpdateSvc - ok
14:11:28.0296 7520  adpu160m - ok
14:11:28.0328 7520  [ 1EE7B434BA961EF845DE136224C30FEC ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:11:28.0890 7520  aec - ok
14:11:28.0921 7520  [ 55E6E1C51B6D30E54335750955453702 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:11:28.0953 7520  AFD - ok
14:11:28.0968 7520  Aha154x - ok
14:11:28.0968 7520  aic78u2 - ok
14:11:28.0984 7520  aic78xx - ok
14:11:29.0015 7520  [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:11:29.0187 7520  Alerter - ok
14:11:29.0203 7520  [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG             C:\WINDOWS\System32\alg.exe
14:11:29.0312 7520  ALG - ok
14:11:29.0328 7520  AliIde - ok
14:11:29.0328 7520  amsint - ok
14:11:29.0359 7520  [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:11:29.0453 7520  AppMgmt - ok
14:11:29.0453 7520  asc - ok
14:11:29.0468 7520  asc3350p - ok
14:11:29.0484 7520  asc3550 - ok
14:11:29.0578 7520  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:11:29.0593 7520  aspnet_state - ok
14:11:29.0609 7520  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:11:29.0796 7520  AsyncMac - ok
14:11:29.0812 7520  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:11:30.0000 7520  atapi - ok
14:11:30.0000 7520  Atdisk - ok
14:11:30.0046 7520  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:11:30.0234 7520  Atmarpc - ok
14:11:30.0265 7520  [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:11:30.0453 7520  AudioSrv - ok
14:11:30.0484 7520  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:11:30.0671 7520  audstub - ok
14:11:30.0781 7520  [ 3A457C2F798CAD79CD30224E723E01FB ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
14:11:30.0828 7520  AVG Security Toolbar Service - ok
14:11:31.0031 7520  [ AB673BA95E8FA446E9C00AA7A34B96DA ] AVGIDSAgent     C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
14:11:31.0203 7520  AVGIDSAgent - ok
14:11:31.0234 7520  [ EF67527CC2AD77D22AB1405C6470407E ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
14:11:31.0281 7520  AVGIDSDriver - ok
14:11:31.0312 7520  [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter    C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
14:11:31.0328 7520  AVGIDSFilter - ok
14:11:31.0343 7520  [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
14:11:31.0359 7520  AVGIDSHX - ok
14:11:31.0390 7520  [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
14:11:31.0390 7520  AVGIDSShim - ok
14:11:31.0437 7520  [ 6671345A6E2669AF1966BAF68EC5620F ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
14:11:31.0453 7520  Avgldx86 - ok
14:11:31.0468 7520  [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
14:11:31.0484 7520  Avgmfx86 - ok
14:11:31.0500 7520  [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
14:11:31.0500 7520  Avgrkx86 - ok
14:11:31.0546 7520  [ 1647C720358DCC98ACF51E597C461C4D ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
14:11:31.0562 7520  Avgtdix - ok
14:11:31.0593 7520  [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd           C:\Program Files\AVG\AVG2012\avgwdsvc.exe
14:11:31.0609 7520  avgwd - ok
14:11:31.0640 7520  [ D466BAC7B0F83F075CB3A6D9D11BA799 ] BackupStack     C:\Program Files\MyPC Backup\BackupStack.exe
14:11:31.0656 7520  BackupStack - ok
14:11:31.0687 7520  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:11:31.0859 7520  Beep - ok
14:11:31.0906 7520  [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS            C:\WINDOWS\system32\qmgr.dll
14:11:32.0093 7520  BITS - ok
14:11:32.0125 7520  [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser         C:\WINDOWS\System32\browser.dll
14:11:32.0296 7520  Browser - ok
14:11:32.0328 7520  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
14:11:32.0343 7520  BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
14:11:32.0343 7520  BrYNSvc - detected UnsignedFile.Multi.Generic (1)
14:11:32.0375 7520  [ E0AF4DE6D279185F45231F7EF06955BD ] cbfs3           C:\WINDOWS\system32\drivers\cbfs3.sys
14:11:32.0406 7520  cbfs3 - ok
14:11:32.0421 7520  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:11:32.0593 7520  cbidf2k - ok
14:11:32.0609 7520  cd20xrnt - ok
14:11:32.0625 7520  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:11:32.0796 7520  Cdaudio - ok
14:11:32.0812 7520  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:11:33.0000 7520  Cdfs - ok
14:11:33.0031 7520  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:11:33.0234 7520  Cdrom - ok
14:11:33.0250 7520  Changer - ok
14:11:33.0250 7520  [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:11:33.0421 7520  CiSvc - ok
14:11:33.0437 7520  [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:11:33.0625 7520  ClipSrv - ok
14:11:33.0656 7520  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:11:33.0671 7520  clr_optimization_v2.0.50727_32 - ok
14:11:33.0671 7520  CmdIde - ok
14:11:33.0687 7520  COMSysApp - ok
14:11:33.0703 7520  Cpqarray - ok
14:11:33.0843 7520  cpuz132 - ok
14:11:33.0875 7520  [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:11:34.0046 7520  CryptSvc - ok
14:11:34.0062 7520  dac2w2k - ok
14:11:34.0062 7520  dac960nt - ok
14:11:34.0109 7520  [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:11:34.0218 7520  DcomLaunch - ok
14:11:34.0250 7520  [ 1EC27A51A2F9DF052BC2B4C8376C8FEA ] DgiVecp         C:\WINDOWS\system32\Drivers\DgiVecp.sys
14:11:34.0265 7520  DgiVecp ( UnsignedFile.Multi.Generic ) - warning
14:11:34.0265 7520  DgiVecp - detected UnsignedFile.Multi.Generic (1)
14:11:34.0296 7520  [ EF545E1A4B043DA4C84E230DD471C55F ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:11:34.0875 7520  Dhcp - ok
14:11:34.0890 7520  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:11:35.0046 7520  Disk - ok
14:11:35.0062 7520  dmadmin - ok
14:11:35.0109 7520  [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:11:35.0281 7520  dmboot - ok
14:11:35.0312 7520  [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio            C:\WINDOWS\system32\DRIVERS\dmio.sys
14:11:35.0484 7520  dmio - ok
14:11:35.0500 7520  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:11:35.0656 7520  dmload - ok
14:11:35.0671 7520  [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:11:35.0828 7520  dmserver - ok
14:11:35.0859 7520  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:11:36.0046 7520  DMusic - ok
14:11:36.0078 7520  [ AAC8FFBFD61E784FA3BAC851D4A0BD5F ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:11:36.0671 7520  Dnscache - ok
14:11:36.0687 7520  dpti2o - ok
14:11:36.0734 7520  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:11:36.0906 7520  drmkaud - ok
14:11:36.0937 7520  [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:11:37.0593 7520  ERSvc - ok
14:11:37.0625 7520  [ 37561F8D4160D62DA86D24AE41FAE8DE ] Eventlog        C:\WINDOWS\system32\services.exe
14:11:37.0703 7520  Eventlog - ok
14:11:37.0734 7520  [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem     C:\WINDOWS\system32\es.dll
14:11:37.0765 7520  EventSystem - ok
14:11:37.0781 7520  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:11:37.0953 7520  Fastfat - ok
14:11:37.0984 7520  [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:11:38.0671 7520  FastUserSwitchingCompatibility - ok
14:11:38.0687 7520  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
14:11:38.0859 7520  Fdc - ok
14:11:38.0875 7520  [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:11:39.0046 7520  Fips - ok
14:11:39.0078 7520  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:11:39.0234 7520  Flpydisk - ok
14:11:39.0265 7520  [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:11:39.0921 7520  FltMgr - ok
14:11:39.0968 7520  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:11:39.0984 7520  FontCache3.0.0.0 - ok
14:11:40.0000 7520  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:11:40.0140 7520  Fs_Rec - ok
14:11:40.0156 7520  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:11:40.0328 7520  Ftdisk - ok
14:11:40.0343 7520  [ 483924F92E55A5F9423201EC635E2CED ] gfibto          C:\WINDOWS\system32\drivers\gfibto.sys
14:11:40.0359 7520  gfibto - ok
14:11:40.0375 7520  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:11:40.0531 7520  Gpc - ok
14:11:40.0562 7520  [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:11:40.0609 7520  HDAudBus - ok
14:11:40.0656 7520  [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:11:40.0828 7520  helpsvc - ok
14:11:40.0859 7520  [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ         C:\WINDOWS\System32\hidserv.dll
14:11:41.0015 7520  HidServ - ok
14:11:41.0031 7520  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:11:41.0187 7520  HidUsb - ok
14:11:41.0203 7520  hpn - ok
14:11:41.0234 7520  [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:11:41.0265 7520  HTTP - ok
14:11:41.0296 7520  [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:11:41.0453 7520  HTTPFilter - ok
14:11:41.0468 7520  i2omgmt - ok
14:11:41.0468 7520  i2omp - ok
14:11:41.0500 7520  [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:11:41.0671 7520  i8042prt - ok
14:11:41.0734 7520  [ BC1F1FF8D5800398937966CDB0A97FDC ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:11:41.0781 7520  ialm - ok
14:11:41.0859 7520  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:11:41.0859 7520  IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:11:41.0859 7520  IDriverT - detected UnsignedFile.Multi.Generic (1)
14:11:41.0937 7520  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:11:41.0968 7520  idsvc - ok
14:11:42.0015 7520  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:11:42.0156 7520  Imapi - ok
14:11:42.0187 7520  [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:11:42.0343 7520  ImapiService - ok
14:11:42.0359 7520  ini910u - ok
14:11:42.0500 7520  [ C4006AF18682FCA0D8A011A0A21070F8 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:11:42.0687 7520  IntcAzAudAddService - ok
14:11:42.0703 7520  IntelIde - ok
14:11:42.0734 7520  [ 279FB78702454DFF2BB445F238C048D2 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:11:42.0906 7520  intelppm - ok
14:11:42.0921 7520  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:11:43.0109 7520  Ip6Fw - ok
14:11:43.0125 7520  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:11:43.0281 7520  IpFilterDriver - ok
14:11:43.0312 7520  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:11:43.0484 7520  IpInIp - ok
14:11:43.0515 7520  [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:11:44.0109 7520  IpNat - ok
14:11:44.0156 7520  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:11:44.0296 7520  IPSec - ok
14:11:44.0328 7520  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:11:44.0421 7520  IRENUM - ok
14:11:44.0468 7520  [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:11:44.0625 7520  isapnp - ok
14:11:44.0703 7520  [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:11:44.0718 7520  JavaQuickStarterService - ok
14:11:44.0750 7520  [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:11:44.0906 7520  Kbdclass - ok
14:11:44.0953 7520  [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:11:45.0109 7520  kbdhid - ok
14:11:45.0140 7520  [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:11:45.0765 7520  kmixer - ok
14:11:45.0796 7520  [ 674D3E5A593475915DC6643317192403 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:11:45.0859 7520  KSecDD - ok
14:11:45.0890 7520  [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
14:11:46.0546 7520  lanmanserver - ok
14:11:46.0593 7520  [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:11:46.0625 7520  lanmanworkstation - ok
14:11:46.0625 7520  lbrtfdc - ok
14:11:46.0671 7520  [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:11:46.0828 7520  LmHosts - ok
14:11:46.0875 7520  [ 9EE18A5A45552673A67532EA37370377 ] ltmodem5        C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
14:11:47.0046 7520  ltmodem5 - ok
14:11:47.0062 7520  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
14:11:47.0078 7520  MBAMProtector - ok
14:11:47.0109 7520  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:11:47.0125 7520  MBAMScheduler - ok
14:11:47.0187 7520  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:11:47.0218 7520  MBAMService - ok
14:11:47.0234 7520  [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:11:47.0390 7520  Messenger - ok
14:11:47.0437 7520  [ F2AE6AF4817E612FC162DCC580B7A5CC ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
14:11:47.0453 7520  mfehidk - ok
14:11:47.0484 7520  [ DB75C83E3E57037390B7B4392BCA5481 ] mferkdk         C:\WINDOWS\system32\drivers\mferkdk.sys
14:11:47.0500 7520  mferkdk - ok
14:11:47.0531 7520  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:11:47.0687 7520  mnmdd - ok
14:11:47.0703 7520  [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:11:47.0875 7520  mnmsrvc - ok
14:11:47.0906 7520  [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:11:48.0078 7520  Modem - ok
14:11:48.0078 7520  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:11:48.0234 7520  MODEMCSA - ok
14:11:48.0250 7520  [ 34E1F0031153E491910E12551400192C ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:11:48.0406 7520  Mouclass - ok
14:11:48.0437 7520  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:11:48.0593 7520  mouhid - ok
14:11:48.0593 7520  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:11:48.0750 7520  MountMgr - ok
14:11:48.0765 7520  mraid35x - ok
14:11:48.0796 7520  [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:11:49.0453 7520  MRxDAV - ok
14:11:49.0500 7520  [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:11:49.0546 7520  MRxSmb - ok
14:11:49.0562 7520  [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:11:49.0703 7520  MSDTC - ok
14:11:49.0718 7520  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:11:49.0890 7520  Msfs - ok
14:11:49.0890 7520  MSIServer - ok
14:11:49.0921 7520  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:11:50.0093 7520  MSKSSRV - ok
14:11:50.0109 7520  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:11:50.0250 7520  MSPCLOCK - ok
14:11:50.0265 7520  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:11:50.0421 7520  MSPQM - ok
14:11:50.0437 7520  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:11:50.0593 7520  mssmbios - ok
14:11:50.0625 7520  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:11:50.0781 7520  Mup - ok
14:11:50.0781 7520  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:11:50.0953 7520  NDIS - ok
14:11:50.0953 7520  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:11:51.0109 7520  NdisTapi - ok
14:11:51.0156 7520  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:11:51.0312 7520  Ndisuio - ok
14:11:51.0328 7520  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:11:51.0468 7520  NdisWan - ok
14:11:51.0500 7520  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:11:51.0656 7520  NDProxy - ok
14:11:51.0734 7520  [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
14:11:51.0765 7520  Nero BackItUp Scheduler 4.0 - ok
14:11:51.0781 7520  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:11:51.0937 7520  NetBIOS - ok
14:11:51.0968 7520  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:11:52.0140 7520  NetBT - ok
14:11:52.0171 7520  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:11:52.0343 7520  NetDDE - ok
14:11:52.0359 7520  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:11:52.0515 7520  NetDDEdsdm - ok
14:11:52.0546 7520  [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:11:52.0703 7520  Netlogon - ok
14:11:52.0734 7520  [ 36739B39267914BA69AD0610A0299732 ] Netman          C:\WINDOWS\System32\netman.dll
14:11:53.0390 7520  Netman - ok
14:11:53.0421 7520  [ B128CCC0E4586628D5D6F6A8F1D0778D ] netrcacm        C:\WINDOWS\system32\DRIVERS\netrcacm.sys
14:11:53.0453 7520  netrcacm - ok
14:11:53.0484 7520  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:11:53.0500 7520  NetTcpPortSharing - ok
14:11:53.0531 7520  [ 097722F235A1FB698BF9234E01B52637 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:11:53.0625 7520  Nla - ok
14:11:53.0640 7520  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:11:53.0796 7520  Npfs - ok
14:11:53.0843 7520  [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:11:54.0453 7520  Ntfs - ok
14:11:54.0468 7520  [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:11:54.0609 7520  NtLmSsp - ok
14:11:54.0656 7520  [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:11:54.0812 7520  NtmsSvc - ok
14:11:54.0828 7520  [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr        C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
14:11:54.0843 7520  NuidFltr - ok
14:11:54.0875 7520  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:11:55.0031 7520  Null - ok
14:11:55.0046 7520  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:11:55.0203 7520  NwlnkFlt - ok
14:11:55.0234 7520  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:11:55.0375 7520  NwlnkFwd - ok
14:11:55.0406 7520  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:11:55.0421 7520  ose - ok
14:11:55.0468 7520  [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
14:11:55.0625 7520  Parport - ok
14:11:55.0625 7520  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:11:55.0781 7520  PartMgr - ok
14:11:55.0796 7520  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:11:55.0953 7520  ParVdm - ok
14:11:55.0984 7520  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
14:11:56.0015 7520  pccsmcfd - ok
14:11:56.0046 7520  [ 8086D9979234B603AD5BC2F5D890B234 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:11:56.0203 7520  PCI - ok
14:11:56.0203 7520  PCIDump - ok
14:11:56.0218 7520  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:11:56.0359 7520  PCIIde - ok
14:11:56.0375 7520  [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
14:11:56.0546 7520  Pcmcia - ok
14:11:56.0562 7520  PDCOMP - ok
14:11:56.0562 7520  PDFRAME - ok
14:11:56.0578 7520  PDRELI - ok
14:11:56.0578 7520  PDRFRAME - ok
14:11:56.0593 7520  perc2 - ok
14:11:56.0609 7520  perc2hib - ok
14:11:56.0640 7520  [ 37561F8D4160D62DA86D24AE41FAE8DE ] PlugPlay        C:\WINDOWS\system32\services.exe
14:11:56.0734 7520  PlugPlay - ok
14:11:56.0734 7520  [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:11:56.0890 7520  PolicyAgent - ok
14:11:56.0906 7520  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:11:57.0062 7520  PptpMiniport - ok
14:11:57.0078 7520  [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:11:57.0218 7520  ProtectedStorage - ok
14:11:57.0234 7520  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:11:57.0390 7520  PSched - ok
14:11:57.0390 7520  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:11:57.0546 7520  Ptilink - ok
14:11:57.0562 7520  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:11:57.0578 7520  PxHelp20 - ok
14:11:57.0578 7520  ql1080 - ok
14:11:57.0593 7520  Ql10wnt - ok
14:11:57.0609 7520  ql12160 - ok
14:11:57.0609 7520  ql1240 - ok
14:11:57.0625 7520  ql1280 - ok
14:11:57.0640 7520  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:11:57.0796 7520  RasAcd - ok
14:11:57.0828 7520  [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:11:57.0984 7520  RasAuto - ok
14:11:58.0000 7520  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:11:58.0156 7520  Rasl2tp - ok
14:11:58.0203 7520  [ 49B5EED5FB89D39456A2F616CCD8BA5D ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:11:58.0890 7520  RasMan - ok
14:11:58.0906 7520  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:11:59.0062 7520  RasPppoe - ok
14:11:59.0062 7520  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:11:59.0234 7520  Raspti - ok
14:11:59.0265 7520  [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:11:59.0906 7520  Rdbss - ok
14:11:59.0937 7520  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:12:00.0093 7520  RDPCDD - ok
14:12:00.0125 7520  [ A862A3A8D7D2D75BDC41B556325E9876 ] RDPDISPM        C:\WINDOWS\system32\DRIVERS\rdpdispm.sys
14:12:00.0140 7520  RDPDISPM - ok
14:12:00.0171 7520  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:12:00.0312 7520  rdpdr - ok
14:12:00.0343 7520  [ 95508469D4DA5C13BBFEF9C35F3E5C61 ] RDPVDD          C:\WINDOWS\system32\DRIVERS\rdpvmp.sys
14:12:00.0359 7520  RDPVDD - ok
14:12:00.0390 7520  [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:12:01.0093 7520  RDPWD - ok
14:12:01.0125 7520  [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:12:01.0281 7520  RDSessMgr - ok
14:12:01.0296 7520  [ B31B4588E4086D8D84ADBF9845C2402B ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:12:01.0437 7520  redbook - ok
14:12:01.0468 7520  [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:12:01.0625 7520  RemoteAccess - ok
14:12:01.0656 7520  [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:12:01.0828 7520  RemoteRegistry - ok
14:12:01.0843 7520  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
14:12:02.0000 7520  ROOTMODEM - ok
14:12:02.0015 7520  [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:12:02.0171 7520  RpcLocator - ok
14:12:02.0187 7520  [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
14:12:02.0265 7520  RpcSs - ok
14:12:02.0296 7520  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:12:02.0453 7520  RSVP - ok
14:12:02.0468 7520  [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:12:02.0625 7520  SamSs - ok
14:12:02.0656 7520  [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:12:02.0812 7520  SCardSvr - ok
14:12:02.0843 7520  [ 92360854316611F6CC471612213C3D92 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:12:03.0015 7520  Schedule - ok
14:12:03.0046 7520  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:12:03.0687 7520  Secdrv - ok
14:12:03.0703 7520  [ B1E0CE09895376871746F36DC5773B4F ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:12:03.0875 7520  seclogon - ok
14:12:03.0890 7520  [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS            C:\WINDOWS\system32\sens.dll
14:12:04.0046 7520  SENS - ok
14:12:04.0062 7520  [ 2EC41A96D0DC98BD119BF325E0B9F392 ] Ser2pl          C:\WINDOWS\system32\DRIVERS\ser2pl.sys
14:12:04.0093 7520  Ser2pl - ok
14:12:04.0109 7520  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
14:12:04.0281 7520  serenum - ok
14:12:04.0296 7520  [ CD9404D115A00D249F70A371B46D5A26 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:12:04.0453 7520  Serial - ok
14:12:04.0515 7520  [ 3EC8DE67B1C78C31E54C0F030E6BD7D5 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
14:12:04.0531 7520  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
14:12:04.0531 7520  ServiceLayer - detected UnsignedFile.Multi.Generic (1)
14:12:04.0546 7520  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:12:04.0718 7520  Sfloppy - ok
14:12:04.0750 7520  [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:12:04.0921 7520  SharedAccess - ok
14:12:04.0937 7520  [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:12:05.0625 7520  ShellHWDetection - ok
14:12:05.0640 7520  Simbad - ok
14:12:05.0687 7520  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
14:12:05.0703 7520  SkypeUpdate - ok
14:12:05.0718 7520  Sparrow - ok
14:12:05.0734 7520  [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:12:06.0375 7520  splitter - ok
14:12:06.0421 7520  [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:12:07.0093 7520  Spooler - ok
14:12:07.0125 7520  [ E41B6D037D6CD08461470AF04500DC24 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:12:07.0234 7520  sr - ok
14:12:07.0250 7520  [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:12:07.0375 7520  srservice - ok
14:12:07.0406 7520  [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:12:07.0437 7520  Srv - ok
14:12:07.0453 7520  [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:12:07.0562 7520  SSDPSRV - ok
14:12:07.0609 7520  [ B6763F8534AC547CF1AF98AFDFF2EDC8 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:12:08.0265 7520  stisvc - ok
14:12:08.0281 7520  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:12:08.0437 7520  swenum - ok
14:12:08.0468 7520  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:12:08.0625 7520  swmidi - ok
14:12:08.0625 7520  SwPrv - ok
14:12:08.0640 7520  symc810 - ok
14:12:08.0656 7520  symc8xx - ok
14:12:08.0656 7520  sym_hi - ok
14:12:08.0671 7520  sym_u3 - ok
14:12:08.0703 7520  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:12:08.0859 7520  sysaudio - ok
14:12:08.0875 7520  [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:12:09.0046 7520  SysmonLog - ok
14:12:09.0078 7520  [ FB78839B36025AA286A51289ED28B73E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:12:09.0781 7520  TapiSrv - ok
14:12:09.0828 7520  [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:12:09.0921 7520  Tcpip - ok
14:12:09.0953 7520  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:12:10.0109 7520  TDPIPE - ok
14:12:10.0125 7520  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:12:10.0281 7520  TDTCP - ok
14:12:10.0296 7520  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:12:10.0453 7520  TermDD - ok
14:12:10.0484 7520  [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService     C:\WINDOWS\System32\termsrv.dll
14:12:10.0656 7520  TermService - ok
14:12:10.0671 7520  [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:12:11.0343 7520  Themes - ok
14:12:11.0359 7520  [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
14:12:11.0484 7520  TlntSvr - ok
14:12:11.0484 7520  TosIde - ok
14:12:11.0515 7520  [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:12:11.0671 7520  TrkWks - ok
14:12:11.0687 7520  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:12:11.0843 7520  Udfs - ok
14:12:11.0859 7520  ultra - ok
14:12:11.0890 7520  [ CED744117E91BDC0BEB810F7D8608183 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:12:12.0578 7520  Update - ok
14:12:12.0609 7520  [ ACA5D98663D879C6BAAFCEA7E2F1B710 ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:12:13.0296 7520  upnphost - ok
14:12:13.0296 7520  upperdev - ok
14:12:13.0328 7520  [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS             C:\WINDOWS\System32\ups.exe
14:12:13.0484 7520  UPS - ok
14:12:13.0515 7520  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:12:13.0671 7520  usbccgp - ok
14:12:13.0687 7520  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:12:13.0843 7520  usbehci - ok
14:12:13.0859 7520  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:12:14.0015 7520  usbhub - ok
14:12:14.0031 7520  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:12:14.0187 7520  usbprint - ok
14:12:14.0218 7520  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:12:14.0375 7520  usbscan - ok
14:12:14.0406 7520  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:12:14.0562 7520  USBSTOR - ok
14:12:14.0578 7520  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:12:14.0734 7520  usbuhci - ok
14:12:14.0734 7520  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:12:14.0890 7520  VgaSave - ok
14:12:14.0890 7520  ViaIde - ok
14:12:14.0906 7520  [ EE4660083DEBA849FF6C485D944B379B ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:12:15.0062 7520  VolSnap - ok
14:12:15.0093 7520  [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS             C:\WINDOWS\System32\vssvc.exe
14:12:15.0187 7520  VSS - ok
14:12:15.0218 7520  [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time         C:\WINDOWS\system32\w32time.dll
14:12:15.0375 7520  W32Time - ok
14:12:15.0406 7520  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:12:15.0546 7520  Wanarp - ok
14:12:15.0593 7520  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
14:12:15.0625 7520  Wdf01000 - ok
14:12:15.0625 7520  WDICA - ok
14:12:15.0640 7520  [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:12:16.0296 7520  wdmaud - ok
14:12:16.0328 7520  [ 265F534EF76832435AFBF771EC97176D ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:12:17.0031 7520  WebClient - ok
14:12:17.0078 7520  [ EFACCE8DEB789DE9A0EC8655CA3075DA ] wfxsvc          C:\WINDOWS\system32\WFXSVC.EXE
14:12:17.0093 7520  wfxsvc ( UnsignedFile.Multi.Generic ) - warning
14:12:17.0093 7520  wfxsvc - detected UnsignedFile.Multi.Generic (1)
14:12:17.0140 7520  [ F399242A80C4066FD155EFA4CF96658E ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:12:17.0296 7520  winmgmt - ok
14:12:17.0343 7520  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
14:12:17.0375 7520  WmdmPmSN - ok
14:12:17.0406 7520  [ 1081C185AED0660B2B5F173C3E023B23 ] Wmi             C:\WINDOWS\System32\advapi32.dll
14:12:17.0500 7520  Wmi - ok
14:12:17.0531 7520  [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:12:17.0687 7520  WmiApSrv - ok
14:12:17.0765 7520  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
14:12:17.0796 7520  WMPNetworkSvc - ok
14:12:17.0843 7520  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:12:17.0859 7520  WpdUsb - ok
14:12:17.0906 7520  [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
14:12:18.0078 7520  wscsvc - ok
14:12:18.0078 7520  [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:12:18.0234 7520  wuauserv - ok
14:12:18.0265 7520  [ 50EB9E21963B4F06FD010D007D54351B ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:12:18.0312 7520  WudfPf - ok
14:12:18.0328 7520  [ 6E209664BDEA8A15B5E8E480D6C607C2 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:12:18.0343 7520  WudfRd - ok
14:12:18.0375 7520  [ AE93084D2D236887BA56467AE42B4955 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
14:12:18.0390 7520  WudfSvc - ok
14:12:18.0421 7520  [ 3D47152CFBE400B1D2B9945164E0255D ] WysePocketCloud C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
14:12:18.0453 7520  WysePocketCloud ( UnsignedFile.Multi.Generic ) - warning
14:12:18.0453 7520  WysePocketCloud - detected UnsignedFile.Multi.Generic (1)
14:12:18.0484 7520  [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:12:18.0656 7520  WZCSVC - ok
14:12:18.0687 7520  [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:12:18.0859 7520  xmlprov - ok
14:12:18.0906 7520  [ A5D4EAE27E68625296D685A786897491 ] yukonwxp        C:\WINDOWS\system32\DRIVERS\yk51x86.sys
14:12:18.0953 7520  yukonwxp - ok
14:12:18.0968 7520  ================ Scan global ===============================
14:12:19.0000 7520  [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
14:12:19.0031 7520  [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
14:12:19.0062 7520  [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
14:12:19.0078 7520  [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe
14:12:19.0093 7520  [Global] - ok
14:12:19.0093 7520  ================ Scan MBR ==================================
14:12:19.0109 7520  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:12:19.0328 7520  \Device\Harddisk0\DR0 - ok
14:12:19.0328 7520  ================ Scan VBR ==================================
14:12:19.0328 7520  [ 16B13E3DD6CD60A80DA5E512F75D3229 ] \Device\Harddisk0\DR0\Partition1
14:12:19.0328 7520  \Device\Harddisk0\DR0\Partition1 - ok
14:12:19.0375 7520  [ 9F6950A79804272791FFBE8BCF16A32D ] \Device\Harddisk0\DR0\Partition2
14:12:19.0375 7520  \Device\Harddisk0\DR0\Partition2 - ok
14:12:19.0406 7520  [ C9F09CE809E21A71CB358255BC7FEC36 ] \Device\Harddisk0\DR0\Partition3
14:12:19.0406 7520  \Device\Harddisk0\DR0\Partition3 - ok
14:12:19.0421 7520  [ 003C0279D2A6542EE4DD19FB34B174E5 ] \Device\Harddisk0\DR0\Partition4
14:12:19.0421 7520  \Device\Harddisk0\DR0\Partition4 - ok
14:12:19.0437 7520  [ 7558C8BCA4C9EB016CA0D97185A15DC1 ] \Device\Harddisk0\DR0\Partition5
14:12:19.0437 7520  \Device\Harddisk0\DR0\Partition5 - ok
14:12:19.0453 7520  [ C15DEE12779BBCE89235E383762A7948 ] \Device\Harddisk0\DR0\Partition6
14:12:19.0468 7520  \Device\Harddisk0\DR0\Partition6 - ok
14:12:19.0468 7520  ============================================================
14:12:19.0468 7520  Scan finished
14:12:19.0468 7520  ============================================================
14:12:19.0578 0584  Detected object count: 6
14:12:19.0578 0584  Actual detected object count: 6
14:13:07.0578 0584  BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:07.0578 0584  BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:13:07.0578 0584  DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:07.0578 0584  DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:13:07.0593 0584  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:07.0593 0584  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:13:07.0593 0584  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:07.0593 0584  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:13:07.0593 0584  wfxsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:07.0593 0584  wfxsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:13:07.0593 0584  WysePocketCloud ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:07.0593 0584  WysePocketCloud ( UnsignedFile.Multi.Generic ) - User select action: Skip 


#4 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 20 December 2013 - 06:38 AM

Your Windows Operating System is out of date...
You are currently running  Windows XP Service Pack 2. The latest service pack is service pack 3.  Download service pack 3 here and install it.  Be sure to continue downloading updates and installing them until there are no more and then I would like for you to run a new scan with DDS and post the new DDS.txt  :)


Posted Image
 
 

#5 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 22 December 2013 - 01:13 PM

Still need help?


Posted Image
 
 

#6 horse2004

horse2004

    Authentic Member

  • Authentic Member
  • PipPip
  • 43 posts

Posted 22 December 2013 - 05:18 PM

Hi Jeff,

 

 

I updated to Service Pack 3 and scanned with Windows Malicious Software Tool.

 

No threats were found, however the Pop up message asking me to scan for viruses hasn't been seen since.

 

 

 

Here is the dds.txt

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by CCL at 1:07:10 on 2013-12-23
Microsoft Windows XP Professional  5.1.2600.3.1255.972.1033.18.3319.2501 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\MyPC Backup\BackupStack.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\progra~1\vision~1\paperp~1\pptd40nt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\PROGRA~1\VISION~1\PAPERP~1\PPWebCap.exe
C:\Program Files\PicPick\picpick.exe
C:\Documents and Settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Psion\PsiWin\Psconsv.exe
C:\Program Files\MyPC Backup\MyPC Backup.exe
C:\PROGRA~1\Psion\PsiWin\Elogerr.exe
C:\Documents and Settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
dURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - c:\program files\internet explorer\iedvtool.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [PPWebCap] c:\progra~1\vision~1\paperp~1\PPWebCap.exe
uRun: [C7B7F310992EB8D31E86F817A760484A260F3B9B._service_run] "c:\documents and settings\ccl.ccl-08d629d927e\local settings\application data\google\chrome\application\chrome.exe" --type=service
uRun: [PicPick Start] c:\program files\picpick\picpick.exe /startup
uRun: [Google Update] "c:\documents and settings\ccl.ccl-08d629d927e\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Alcmtr] ALCMTR.EXE
mRun: [PaperPort PTD] c:\progra~1\vision~1\paperp~1\pptd40nt.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WinFaxAppPortStarter] wfxsnt40.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\ccl~1.ccl\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\ccl~1.ccl\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\config~1.lnk - c:\program files\symantec\winfax\WTNSETUP.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\contro~1.lnk - c:\program files\symantec\winfax\WFXCTL32.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\psiwin~1.lnk - c:\program files\psion\psiwin\Psconsv.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3EA00DAB-812E-4894-A7D2-E9B0F80E94AE} - hxxps://join.bankhapoalim.co.il/reg/pk/cabs/arpkcom.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{05F92E82-373A-4727-ACFF-9A257B5932D6} : DHCPNameServer = 194.90.1.5 199.203.1.20
TCP: Interfaces\{C660F4C8-6195-4F55-8E66-65EB1D00C541} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
SEH: WinFax PRO IShellExecuteHook - {A213B520-C6C2-11d0-AF9D-008029E1027E} - c:\program files\symantec\winfax\WFXSEH32.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-2-7 13560]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 302368]
R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2013-2-18 299208]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 207656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2013-10-16 5175856]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-9-20 38440]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-4 418376]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-13 22856]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-13 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-12-10 1025352]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-8-13 245760]
S3 cpuz132;cpuz132;\??\c:\docume~1\ccl~1.ccl\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\ccl~1.ccl\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-5 34152]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-3-12 9040]
S3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [2010-3-12 19408]
.
=============== File Associations ===============
.
ShellExec: regsvr32.exe: RegDLL=regsvr32 %1
ShellExec: regsvr32.exe: UnRegDLL=regsvr32 /u %1
.
=============== Created Last 30 ================
.
2013-12-21 07:24:44 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2013-12-21 07:23:55 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2013-12-21 07:22:58 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-12-21 07:22:32 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2013-12-21 07:22:20 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-12-21 07:22:20 14976 -c----w- c:\windows\system32\dllcache\usbscan.sys
2013-12-21 07:21:10 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2013-12-21 07:18:57 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-12-21 07:18:57 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-12-21 07:18:54 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2013-12-21 07:18:53 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2013-12-21 07:18:53 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2013-12-21 07:18:33 26240 -c----w- c:\windows\system32\dllcache\usbser.sys
2013-12-21 07:17:14 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2013-12-21 07:16:38 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2013-12-21 07:16:36 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2013-12-21 07:16:35 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-12-21 07:16:35 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2013-12-21 07:16:34 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2013-12-21 07:14:33 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-12-21 07:14:30 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-12-21 07:14:30 3072 ------w- c:\windows\system32\iacenc.dll
2013-12-21 07:12:10 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2013-12-20 17:48:33 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2013-12-20 17:48:14 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2013-12-20 17:48:05 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2013-12-20 17:46:33 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2013-12-20 17:45:08 337920 -c----w- c:\windows\system32\dllcache\netapi32.dll
2013-12-20 17:45:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-12-20 17:45:00 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2013-12-20 17:42:31 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-12-20 17:31:59 -------- d-----w- c:\windows\system32\en
2013-12-20 17:31:59 -------- d-----w- c:\windows\system32\bits
2013-12-20 17:21:59 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
2013-12-20 17:19:29 19569 ----a-w- c:\windows\003090_.tmp
2013-12-12 20:25:27 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-10 12:08:45 -------- d-----w- c:\program files\Free FreeCell Solitaire
2013-12-10 12:05:30 -------- d-----w- c:\documents and settings\all users.windows\application data\TreeCardGames
2013-12-10 12:04:42 -------- d-----w- c:\documents and settings\ccl.ccl-08d629d927e\application data\TreeCardGames
2013-12-10 12:04:28 -------- d-----w- c:\program files\MyPC Backup
2013-12-10 12:04:27 -------- d-----w- c:\program files\Free Spider Solitaire
2013-12-05 18:00:36 -------- d-----w- c:\program files\Citrix
2013-12-05 18:00:12 -------- d-----w- c:\documents and settings\ccl.ccl-08d629d927e\local settings\application data\Citrix
2013-12-05 13:28:59 -------- d-----w- c:\documents and settings\ccl.ccl-08d629d927e\local settings\application data\Cool_Mirage
.
==================== Find3M  ====================
.
2013-12-11 00:56:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 00:56:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-02 07:52:04 41 ----a-w- c:\windows\WFXDEL.BAT
.
============= FINISH:  1:07:53.48 ===============

 

 
 
 
 
 
Here is the attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 14/06/2009 23:42:49
System Uptime: 22/12/2013 07:24:20 (18 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | 8I945GZME-RH
Processor:              Intel® Pentium® D  CPU 2.66GHz | Socket 775 | 2660/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 23.389 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 39 GiB total, 19.309 GiB free.
F: is FIXED (NTFS) - 39 GiB total, 19.815 GiB free.
G: is FIXED (NTFS) - 39 GiB total, 29.891 GiB free.
H: is FIXED (NTFS) - 24 GiB total, 12.823 GiB free.
I: is FIXED (NTFS) - 32 GiB total, 5.241 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N95
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP1679: 26/10/2013 22:19:21 - System Checkpoint
RP1680: 27/10/2013 22:37:22 - System Checkpoint
RP1681: 28/10/2013 23:10:37 - System Checkpoint
RP1682: 30/10/2013 00:10:37 - System Checkpoint
RP1683: 31/10/2013 01:09:31 - System Checkpoint
RP1684: 01/11/2013 01:58:19 - System Checkpoint
RP1685: 02/11/2013 02:58:20 - System Checkpoint
RP1686: 03/11/2013 03:57:19 - System Checkpoint
RP1687: 04/11/2013 04:56:18 - System Checkpoint
RP1688: 05/11/2013 05:56:18 - System Checkpoint
RP1689: 06/11/2013 06:55:07 - System Checkpoint
RP1690: 07/11/2013 06:55:12 - System Checkpoint
RP1691: 08/11/2013 07:52:13 - System Checkpoint
RP1692: 09/11/2013 08:52:15 - System Checkpoint
RP1693: 10/11/2013 09:49:54 - System Checkpoint
RP1694: 11/11/2013 09:51:15 - System Checkpoint
RP1695: 12/11/2013 11:02:08 - System Checkpoint
RP1696: 13/11/2013 06:00:15 - Software Distribution Service 3.0
RP1697: 14/11/2013 06:57:04 - System Checkpoint
RP1698: 15/11/2013 07:39:59 - System Checkpoint
RP1699: 16/11/2013 08:59:40 - System Checkpoint
RP1700: 17/11/2013 10:01:50 - System Checkpoint
RP1701: 18/11/2013 11:46:28 - System Checkpoint
RP1702: 19/11/2013 13:14:35 - System Checkpoint
RP1703: 20/11/2013 16:43:51 - System Checkpoint
RP1704: 21/11/2013 17:34:17 - System Checkpoint
RP1705: 22/11/2013 18:33:43 - System Checkpoint
RP1706: 23/11/2013 19:20:15 - System Checkpoint
RP1707: 24/11/2013 19:29:16 - System Checkpoint
RP1708: 25/11/2013 20:28:13 - System Checkpoint
RP1709: 26/11/2013 21:51:06 - System Checkpoint
RP1710: 27/11/2013 22:26:04 - System Checkpoint
RP1711: 28/11/2013 23:23:35 - System Checkpoint
RP1712: 30/11/2013 00:20:24 - System Checkpoint
RP1713: 01/12/2013 01:08:24 - System Checkpoint
RP1714: 02/12/2013 02:04:54 - System Checkpoint
RP1715: 03/12/2013 02:59:55 - System Checkpoint
RP1716: 04/12/2013 03:57:50 - System Checkpoint
RP1717: 05/12/2013 04:56:35 - System Checkpoint
RP1718: 06/12/2013 05:22:09 - System Checkpoint
RP1719: 07/12/2013 06:20:02 - System Checkpoint
RP1720: 08/12/2013 06:23:06 - System Checkpoint
RP1721: 09/12/2013 07:15:49 - System Checkpoint
RP1722: 10/12/2013 08:13:52 - System Checkpoint
RP1723: 11/12/2013 09:10:36 - System Checkpoint
RP1724: 12/12/2013 06:00:15 - Software Distribution Service 3.0
RP1725: 13/12/2013 07:23:54 - System Checkpoint
RP1726: 14/12/2013 19:53:10 - System Checkpoint
RP1727: 15/12/2013 20:45:45 - System Checkpoint
RP1728: 16/12/2013 20:46:03 - System Checkpoint
RP1729: 18/12/2013 16:24:40 - System Checkpoint
RP1730: 19/12/2013 20:27:54 - System Checkpoint
RP1731: 20/12/2013 19:19:35 - Installed Windows XP Service Pack 3.
RP1732: 20/12/2013 19:35:33 - Installed Windows XP KB2229593.
RP1733: 21/12/2013 06:00:17 - Software Distribution Service 3.0
RP1734: 22/12/2013 06:00:16 - Software Distribution Service 3.0
RP1735: 23/12/2013 00:22:17 - Installed Windows XP KB2618444.
RP1736: 23/12/2013 00:30:28 - Configured Microsoft Flight Simulator X
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Photoshop 6.0
Adobe Photoshop 7.0
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.5
Advertising Center
Auto Window Manager
AV210
AVG 2012
Canon MP Navigator EX 1.0
Canon MX300 series
Canon MX300 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
CD-Direct 3.22
Compatibility Pack for the 2007 Office system
Diamond Spider Solitaire
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Driver Whiz
eFax Messenger
ESWIN_USB 0.6j
Free FreeCell Solitaire 2012 v2.1
Free Spider Solitaire v4.0
Google Chrome
HijackThis 2.0.2
HL-2240D
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImagXpress
Intel® Graphics Media Accelerator Driver
Java 7 Update 25
Java Auto Updater
Java™ 6 Update 31
K-Lite Codec Pack 4.3.4 (Full)
Kies Air Discovery Service
LiveAdvisor (Symantec Corporation)
LiveUpdate
Malwarebytes Anti-Malware version 1.75.0.1300
Marvell Miniport Driver
Media Player Codec Pack 3.4.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Calculator Plus
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
MSVC80_x86
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
MyPC Backup 
Nero BurnRights
Nero CoverDesigner
Nero DriveSpeed
Nero InfoTool
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
Nokia PC Suite
OneTouch 4.0
Paint.NET v3.36
PC Connectivity Solution
PL-2303 USB-to-Serial
PrimoPDF -- brought to you by Nitro PDF Software
PsiWin 2.3
Realtek High Definition Audio Driver
Samsung Kies
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2884256)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype™ 6.3
SoundTrax
SpywareBlaster 5.0
Symantec WinFax PRO 10.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951978)
Update for Windows XP (KB971029)
VC80CRTRedist - 8.0.50727.6195
Visioneer PaperPort 6.1
WebFldrs XP
Windows Driver Package - Nokia Modem  (10/27/2008 3.9)
Windows Driver Package - Nokia Modem  (10/27/2008 7.01.0.1)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
Windows Internet Explorer 8
Windows Media ASF View 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip 12.1
WinZip Self-Extractor
.
==== End Of File ===========================
 
 
 
 
Many thanks.


#7 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 22 December 2013 - 07:03 PM

Hi,
 
81mYIKe.jpg  AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


Posted Image
 
 

#8 horse2004

horse2004

    Authentic Member

  • Authentic Member
  • PipPip
  • 43 posts

Posted 24 December 2013 - 03:03 PM

Hi,

 

 

Please see both log files:

 

Thanks

:D

 

 

 

 

 

# AdwCleaner v3.016 - Report created 24/12/2013 at 22:53:45
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : 
# Running from : C:\Documents and Settings\CCL.CCL-08D629D927E\My Documents\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : BackupStack
 
***** [ Files / Folders ] *****
 
Folder Found C:\Documents and Settings\All Users.WINDOWS\Application Data\Ask
Folder Found C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
Folder Found C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverCure
Folder Found C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
Folder Found C:\Program Files\Free Offers from Freeze.com
Folder Found C:\Program Files\MyPC Backup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AVG Security Toolbar
Key Found : HKCU\Software\Freeze.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\MyPC Backup
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Uniblue
Key Found : HKCU\Software\Uniblue\DriverScanner
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\Software\Uniblue\DriverScanner
Key Found : HKLM\Software\Uniblue\SpeedUpMyPC
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v
 
*************************
 
AdwCleaner[R0].txt - [6904 octets] - [24/12/2013 22:53:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6964 octets] ##########
 
 
 
 
=======================================================================================
 
 
 
 
# AdwCleaner v3.016 - Report created 24/12/2013 at 22:56:16
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : 
# Running from : C:\Documents and Settings\CCL.CCL-08D629D927E\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[x] Not Deleted : BackupStack
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
[x] Not Deleted : C:\Program Files\MyPC Backup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Freeze.com
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Uniblue
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v
 
*************************
 
AdwCleaner[R0].txt - [7044 octets] - [24/12/2013 22:53:45]
AdwCleaner[S0].txt - [6979 octets] - [24/12/2013 22:56:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7039 octets] ##########
 

Edited by horse2004, 24 December 2013 - 03:04 PM.


#9 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 25 December 2013 - 12:23 PM

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



RCUpdate1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
----------


Posted Image
 
 

#10 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 27 December 2013 - 07:14 AM

Still here?


Posted Image
 
 

    Advertisements

Register to Remove


#11 horse2004

horse2004

    Authentic Member

  • Authentic Member
  • PipPip
  • 43 posts

Posted 27 December 2013 - 09:46 AM

Yes still here. :thumbup:

 

This is my aunts computer so I can't fix this as quickly as I would like. 



#12 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 27 December 2013 - 11:29 AM

No problem....just checking.  :)


Posted Image
 
 

#13 horse2004

horse2004

    Authentic Member

  • Authentic Member
  • PipPip
  • 43 posts

Posted 29 December 2013 - 05:59 PM

Hi Jeff,

 

Thanks for your patience.

 

Please see the ComboFix report:

 

 

 

 

 

ComboFix 13-12-29.01 - 12/30/2013   1:28.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1255.972.1033.18.3319.2572 [GMT 2:00]
Running from: c:\documents and settings\CCL.CCL-08D629D927E\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\CCL.CCL-08D629D927E\Application Data\Dealio
c:\documents and settings\CCL.CCL-08D629D927E\Application Data\Dealio\res\widgets.xml
c:\documents and settings\CCL.CCL-08D629D927E\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\CCL.CCL-08D629D927E\Local Settings\Application Data\assembly\tmp
c:\documents and settings\CCL.CCL-08D629D927E\Local Settings\Temporary Internet Files\SecretSauce_iels
c:\documents and settings\CCL.CCL-08D629D927E\WINDOWS
c:\documents and settings\user\WINDOWS
c:\windows\explorer(2).exe
c:\windows\system32\Cache
c:\windows\system32\Cache\028e43ae35a1139a.fb
c:\windows\system32\Cache\1e578a8347930df1.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\30f4eef7252161ae.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\44b8cee1d3aa6706.fb
c:\windows\system32\Cache\53f4fe7556d31f9b.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7b7d2e55f95652aa.fb
c:\windows\system32\Cache\97d1c2c55e4b4279.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\abb20a0c138508ed.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f3bfa02390d7f764.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\lpk(3).dll
c:\windows\system32\Temp
c:\windows\system32\usp10(3).dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-28 to 2013-12-29  )))))))))))))))))))))))))))))))
.
.
2013-12-24 14:07 . 2013-12-24 14:07 1600 ----a-w- c:\windows\wfxdrv01.tmp
2013-12-24 14:07 . 2013-12-24 14:07 12 ----a-w- c:\windows\wfxsem01.tmp
2013-12-21 07:24 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2013-12-21 07:23 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2013-12-21 07:22 . 2013-10-29 07:57 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-12-21 07:22 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2013-12-21 07:22 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-12-21 07:22 . 2013-07-03 01:59 14976 -c----w- c:\windows\system32\dllcache\usbscan.sys
2013-12-21 07:21 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2013-12-21 07:18 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-12-21 07:18 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-12-21 07:18 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2013-12-21 07:18 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2013-12-21 07:18 . 2013-07-17 00:58 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2013-12-21 07:18 . 2013-08-29 00:56 26240 -c----w- c:\windows\system32\dllcache\usbser.sys
2013-12-21 07:17 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2013-12-21 07:16 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2013-12-21 07:16 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2013-12-21 07:16 . 2013-08-09 00:55 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2013-12-21 07:16 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-12-21 07:16 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2013-12-21 07:14 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-12-21 07:14 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-12-21 07:14 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2013-12-21 07:12 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2013-12-20 17:48 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2013-12-20 17:48 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2013-12-20 17:48 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2013-12-20 17:46 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2013-12-20 17:45 . 2012-07-06 13:58 337920 -c----w- c:\windows\system32\dllcache\netapi32.dll
2013-12-20 17:45 . 2013-11-06 01:03 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-12-20 17:45 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2013-12-20 17:42 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-12-20 17:22 . 2008-04-14 03:41 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2013-12-20 17:21 . 2008-04-13 21:53 126686 ------w- c:\windows\system32\drivers\mtlmnt5.sys
2013-12-20 17:19 . 2006-12-28 22:31 19569 ----a-w- c:\windows\003090_.tmp
2013-12-12 20:25 . 2013-12-12 20:26 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-10 12:08 . 2013-12-10 12:08 -------- d-----w- c:\program files\Free FreeCell Solitaire
2013-12-10 12:05 . 2013-12-10 12:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\TreeCardGames
2013-12-10 12:04 . 2013-12-10 12:08 -------- d-----w- c:\documents and settings\CCL.CCL-08D629D927E\Application Data\TreeCardGames
2013-12-10 12:04 . 2013-12-12 18:24 -------- d-----w- c:\program files\MyPC Backup
2013-12-10 12:04 . 2013-12-10 12:04 -------- d-----w- c:\program files\Free Spider Solitaire
2013-12-05 18:00 . 2013-12-11 20:09 -------- d-----w- c:\program files\Citrix
2013-12-05 18:00 . 2013-12-11 20:07 -------- d-----w- c:\documents and settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Citrix
2013-12-05 13:28 . 2013-12-05 13:28 -------- d-----w- c:\documents and settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Cool_Mirage
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 00:56 . 2012-08-01 09:01 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 00:56 . 2011-05-15 08:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-13 02:59 . 2004-08-04 00:56 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2004-08-04 00:56 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-10-30 02:26 . 2004-08-03 23:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2004-08-04 00:56 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2004-08-04 00:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 07:57 . 2004-08-04 00:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2004-08-04 00:56 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 00:45 . 2004-08-03 22:59 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45 . 2004-08-04 00:56 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56 . 2004-08-04 00:56 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2004-08-04 00:56 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2004-08-04 00:56 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-02 07:52 . 2008-12-07 16:55 41 ----a-w- c:\windows\WFXDEL.BAT
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{5D5C7968-9895-4F32-A33B-63E90810D5B9}"
[HKEY_CLASSES_ROOT\CLSID\{5D5C7968-9895-4F32-A33B-63E90810D5B9}]
2012-08-06 10:41 158224 ----a-w- c:\windows\system32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-08-06 10:41 158224 ----a-w- c:\windows\system32\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"PPWebCap"="c:\progra~1\VISION~1\PAPERP~1\PPWebCap.exe" [1999-01-06 43008]
"C7B7F310992EB8D31E86F817A760484A260F3B9B._service_run"="c:\documents and settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013-12-04 863184]
"PicPick Start"="c:\program files\PicPick\picpick.exe" [2013-04-05 11479896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"PaperPort PTD"="c:\progra~1\vision~1\paperp~1\pptd40nt.exe" [1999-01-06 29184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2000-02-14 43008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\user\Start Menu\Programs\Startup\
Netvision Cable Connect.url [2008-6-19 97]
.
c:\documents and settings\CCL.CCL-08D629D927E\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
MyPC Backup.lnk - c:\program files\MyPC Backup\MyPC Backup.exe [2013-9-20 1953320]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Configuration Wizard.lnk - c:\program files\Symantec\WinFax\WTNSETUP.EXE /LC_OFF [2013-10-2 39424]
Controller.LNK - c:\program files\Symantec\WinFax\WFXCTL32.EXE -StartupGroup [2013-10-2 542208]
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
PsiWin 2.3 Connection Server.lnk - c:\program files\Psion\PsiWin\Psconsv.exe [2008-12-7 286720]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-01-30 03:34 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-02-03 15:50 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 03:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 31952]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [07/02/2013 16:46 13560]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 250080]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09/11/2010 22:20 302368]
R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [18/02/2013 09:23 299208]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 03:53 193288]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\MyPC Backup\BackupStack.exe [20/09/2013 00:45 38440]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [04/11/2012 15:05 418376]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12:32 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 12:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12:32 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13/03/2009 12:31 22856]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [16/10/2013 00:30 5175856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13/03/2009 12:31 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28/02/2013 17:45 161384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [10/12/2010 13:36 1025352]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [13/08/2012 15:30 245760]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [12/03/2010 21:17 9040]
S3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [12/03/2010 21:17 19408]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 00:56]
.
2013-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1767777339-839522115-1006Core.job
- c:\documents and settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-19 15:14]
.
2013-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1767777339-839522115-1006UA.job
- c:\documents and settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-19 15:14]
.
2013-12-29 c:\windows\Tasks\User_Feed_Synchronization-{E6ECACCF-6D60-459B-A4CC-50224CB1A333}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 01:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
DPF: {3EA00DAB-812E-4894-A7D2-E9B0F80E94AE} - hxxps://join.bankhapoalim.co.il/reg/pk/cabs/arpkcom.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-AROReminder - c:\program files\ARO 2013\aro.exe
MSConfigStartUp-PocketCloud Location - c:\program files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-30 01:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-12-30  01:39:04
ComboFix-quarantined-files.txt  2013-12-29 23:39
.
Pre-Run: 26,572,775,424 bytes free
Post-Run: 27,009,892,352 bytes free
.
- - End Of File - - 054C34E690078C81371A717919B7B0C3
8F558EB6672622401DA993E1E865C861


#14 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 29 December 2013 - 08:39 PM

Hi,
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::

    DDS::
    DPF: {3EA00DAB-812E-4894-A7D2-E9B0F80E94AE} - hxxps://join.bankhapoalim.co.il/reg/pk/cabs/arpkcom.cab

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1723:TCP"=-
    "1701:UDP"=-
    "500:UDP"=-

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
Post the new ComboFix log and let me know how your system is running.  :)


Posted Image
 
 

#15 horse2004

horse2004

    Authentic Member

  • Authentic Member
  • PipPip
  • 43 posts

Posted 30 December 2013 - 09:00 PM

Hello,

 

 

Please see the ComboFix second report below:

 

 

 

 

 

ComboFix 13-12-29.01 - 12/31/2013   0:54.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1255.972.1033.18.3319.2475 [GMT 2:00]
Running from: c:\documents and settings\CCL.CCL-08D629D927E\Desktop\HijackThis reports\ComboFix.exe
Command switches used :: c:\documents and settings\CCL.CCL-08D629D927E\Desktop\HijackThis reports\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-28 to 2013-12-30  )))))))))))))))))))))))))))))))
.
.
2013-12-24 14:07 . 2013-12-24 14:07 1600 ----a-w- c:\windows\wfxdrv01.tmp
2013-12-24 14:07 . 2013-12-24 14:07 12 ----a-w- c:\windows\wfxsem01.tmp
2013-12-21 07:24 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2013-12-21 07:23 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2013-12-21 07:22 . 2013-10-29 07:57 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-12-21 07:22 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2013-12-21 07:22 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-12-21 07:22 . 2013-07-03 01:59 14976 -c----w- c:\windows\system32\dllcache\usbscan.sys
2013-12-21 07:21 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2013-12-21 07:18 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-12-21 07:18 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-12-21 07:18 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2013-12-21 07:18 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2013-12-21 07:18 . 2013-07-17 00:58 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2013-12-21 07:18 . 2013-08-29 00:56 26240 -c----w- c:\windows\system32\dllcache\usbser.sys
2013-12-21 07:17 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2013-12-21 07:16 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2013-12-21 07:16 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2013-12-21 07:16 . 2013-08-09 00:55 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2013-12-21 07:16 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-12-21 07:16 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2013-12-21 07:14 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-12-21 07:14 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-12-21 07:14 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2013-12-21 07:12 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2013-12-20 17:48 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2013-12-20 17:48 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2013-12-20 17:48 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2013-12-20 17:46 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2013-12-20 17:45 . 2012-07-06 13:58 337920 -c----w- c:\windows\system32\dllcache\netapi32.dll
2013-12-20 17:45 . 2013-11-06 01:03 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-12-20 17:45 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2013-12-20 17:42 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-12-20 17:22 . 2008-04-14 03:41 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2013-12-20 17:21 . 2008-04-13 21:53 126686 ------w- c:\windows\system32\drivers\mtlmnt5.sys
2013-12-20 17:19 . 2006-12-28 22:31 19569 ----a-w- c:\windows\003090_.tmp
2013-12-12 20:25 . 2013-12-12 20:26 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-10 12:08 . 2013-12-10 12:08 -------- d-----w- c:\program files\Free FreeCell Solitaire
2013-12-10 12:05 . 2013-12-10 12:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\TreeCardGames
2013-12-10 12:04 . 2013-12-10 12:08 -------- d-----w- c:\documents and settings\CCL.CCL-08D629D927E\Application Data\TreeCardGames
2013-12-10 12:04 . 2013-12-12 18:24 -------- d-----w- c:\program files\MyPC Backup
2013-12-10 12:04 . 2013-12-10 12:04 -------- d-----w- c:\program files\Free Spider Solitaire
2013-12-05 18:00 . 2013-12-11 20:09 -------- d-----w- c:\program files\Citrix
2013-12-05 18:00 . 2013-12-11 20:07 -------- d-----w- c:\documents and settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Citrix
2013-12-05 13:28 . 2013-12-05 13:28 -------- d-----w- c:\documents and settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Cool_Mirage
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 00:56 . 2012-08-01 09:01 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 00:56 . 2011-05-15 08:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-13 02:59 . 2004-08-04 00:56 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2004-08-04 00:56 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-10-30 02:26 . 2004-08-03 23:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2004-08-04 00:56 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2004-08-04 00:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 07:57 . 2004-08-04 00:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2004-08-04 00:56 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 00:45 . 2004-08-03 22:59 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45 . 2004-08-04 00:56 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56 . 2004-08-04 00:56 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2004-08-04 00:56 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2004-08-04 00:56 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-02 07:52 . 2008-12-07 16:55 41 ----a-w- c:\windows\WFXDEL.BAT
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{5D5C7968-9895-4F32-A33B-63E90810D5B9}"
[HKEY_CLASSES_ROOT\CLSID\{5D5C7968-9895-4F32-A33B-63E90810D5B9}]
2012-08-06 10:41 158224 ----a-w- c:\windows\system32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-08-06 10:41 158224 ----a-w- c:\windows\system32\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"PPWebCap"="c:\progra~1\VISION~1\PAPERP~1\PPWebCap.exe" [1999-01-06 43008]
"C7B7F310992EB8D31E86F817A760484A260F3B9B._service_run"="c:\documents and settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013-12-04 863184]
"PicPick Start"="c:\program files\PicPick\picpick.exe" [2013-04-05 11479896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"PaperPort PTD"="c:\progra~1\vision~1\paperp~1\pptd40nt.exe" [1999-01-06 29184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2000-02-14 43008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\user\Start Menu\Programs\Startup\
Netvision Cable Connect.url [2008-6-19 97]
.
c:\documents and settings\CCL.CCL-08D629D927E\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
MyPC Backup.lnk - c:\program files\MyPC Backup\MyPC Backup.exe [2013-9-20 1953320]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Configuration Wizard.lnk - c:\program files\Symantec\WinFax\WTNSETUP.EXE /LC_OFF [2013-10-2 39424]
Controller.LNK - c:\program files\Symantec\WinFax\WFXCTL32.EXE -StartupGroup [2013-10-2 542208]
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
PsiWin 2.3 Connection Server.lnk - c:\program files\Psion\PsiWin\Psconsv.exe [2008-12-7 286720]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-01-30 03:34 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-02-03 15:50 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 03:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 31952]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [07/02/2013 16:46 13560]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 250080]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09/11/2010 22:20 302368]
R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [18/02/2013 09:23 299208]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 03:53 193288]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\MyPC Backup\BackupStack.exe [20/09/2013 00:45 38440]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [04/11/2012 15:05 418376]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12:32 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 12:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12:32 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13/03/2009 12:31 22856]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [16/10/2013 00:30 5175856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13/03/2009 12:31 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28/02/2013 17:45 161384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [10/12/2010 13:36 1025352]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [13/08/2012 15:30 245760]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [12/03/2010 21:17 9040]
S3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [12/03/2010 21:17 19408]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 00:56]
.
2013-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1767777339-839522115-1006Core.job
- c:\documents and settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-19 15:14]
.
2013-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1767777339-839522115-1006UA.job
- c:\documents and settings\CCL.CCL-08D629D927E\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-19 15:14]
.
2013-12-30 c:\windows\Tasks\User_Feed_Synchronization-{E6ECACCF-6D60-459B-A4CC-50224CB1A333}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 01:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-31 01:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2172)
c:\windows\system32\WININET.dll
c:\windows\system32\CbFsMntNtf3.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\CbFsNetRdr3.dll
.
Completion time: 2013-12-31  01:03:14
ComboFix-quarantined-files.txt  2013-12-30 23:03
ComboFix2.txt  2013-12-29 23:39
.
Pre-Run: 26,960,646,144 bytes free
Post-Run: 26,972,123,136 bytes free
.
- - End Of File - - A4887223ABEC4B2FC385A4752821048D
8F558EB6672622401DA993E1E865C861

Edited by horse2004, 30 December 2013 - 09:00 PM.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users