WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Driverwhiz.exe virus [Solved]

Started by mikej62 , Jan 05 2014 01:55 PM

This topic is locked

50 replies to this topic

#1 mikej62

Authentic Member

Authentic Member
84 posts

Posted 05 January 2014 - 01:55 PM

I have a virus on my computer thats a pain. Its a popup icon in the middle of the screen. But when you x it out, it pops up again. It does that and won't go away. On the top line it says:

DriverWhiz.exe- Bad Image

Then in the box it says:

"The application or DLL c:\WINDOWS\Microsoft.NET\Framework\v.2.0.50727\diasymreader.dll is not a valid windows image. Please check this against your installation diskette."

I ran malwarebytes and it registered nothing on my computer.

Advertisements

Register to Remove

#2 OCD

SuperHelper

Malware Team
5,574 posts

Posted 06 January 2014 - 10:41 AM

Hi mikej62,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Security Check

Download Security Check by screen317 from here or here.

Save it to your Desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

aswMBR

Download aswMBR.exe and save it to your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

OTL

Download OTL to your desktop.

Make sure all other windows are closed and to let it run uninterrupted.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
BASESERVICES
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
- You may need two posts to fit them both in.

=========================

In your next post please provide the following:

checkup.txt
aswMBR.txt
attach MBR.zip
OTL.txt
Extras.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#3 mikej62

Authentic Member

Authentic Member
84 posts

Posted 09 January 2014 - 12:03 PM

Here are the logs. I couldn't get the OTL to work

Attached Files

aswMBR.txt 1.96KB 350 downloads
MBR.zip 499bytes 222 downloads

#4 OCD

SuperHelper

Malware Team
5,574 posts

Posted 09 January 2014 - 09:11 PM

Hi mikej62,

Please copy and paste logs directly into your reply, do not attach unless specifically asked to do so.

I couldn't get the OTL to work

Try this tools instead.

Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

You overlooked the Security Check log (checkup.txt) in your last reply.

=========================

In your next post please provide the following:

checkup.txt
FRST.txt
Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#5 mikej62

Authentic Member

Authentic Member
84 posts

Posted 11 January 2014 - 05:32 PM

I couldn't attach the checkup.txt because the program did run but it kept saying "preparing" for like an hour.

Attached Files

Addition.txt 19.2KB 398 downloads
FRST.txt 23.07KB 298 downloads

#6 OCD

SuperHelper

Malware Team
5,574 posts

Posted 11 January 2014 - 08:36 PM

Hi mikej62,

Important : Please copy and paste the logs directly into the reply window. When you attach them I have to download them in order to view them which takes additional time. If I need you to attach a log I will ask you specifically to do so. I appreciate your cooperation.

Don't worry about the Security Check log for now.

=========================

TDSSKiller

Please download TDSSKiller.zip

Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

=========================

ComboFix

Refer to the ComboFix User's Guide

Download ComboFix from the following location:

Link

* IMPORTANT !!! Place ComboFix.exe on your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

=========================

In your next post please provide the following:
- TDSSKiller log
- Combofix.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#7 mikej62

Authentic Member

Authentic Member
84 posts

Posted 12 January 2014 - 02:01 PM

Sorry for attaching the files.

Combofix log:

ComboFix 14-01-12.01 - Nashih 01/12/2014 14:44:34.4.2 - x86
Running from: c:\documents and settings\Nashih\My Documents\Downloads\ComboFix.exe
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Nashih\My Documents\~WRL0001.tmp
C:\Documents
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LCOM_Service
-------\Service_LCOM Service
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-12 to 2014-01-12 )))))))))))))))))))))))))))))))
.
.
2014-01-10 19:21 . 2014-01-11 22:43   --------   d-----w-   C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 02:59 . 2004-08-04 01:07   150528   ------w-   c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2004-08-04 01:07   591360   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2009-10-08 00:06   7168   ----a-w-   c:\windows\system32\xpsp4res.dll
2013-10-30 02:26 . 2004-08-04 01:07   1879040   ------w-   c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2004-08-04 01:07   920064   ----a-w-   c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2004-08-04 01:07   43520   ------w-   c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2004-08-04 01:07   18944   ------w-   c:\windows\system32\corpol.dll
2013-10-29 07:57 . 2004-08-04 01:07   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2013-10-29 00:45 . 2004-08-04 01:07   385024   ------w-   c:\windows\system32\html.iec
2013-10-23 23:45 . 2004-08-04 01:07   172032   ------w-   c:\windows\system32\scrrun.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2012-07-18 23:33 . 3F677172F23FC17283D9BCE4B42E3F65 . 913888 . . [14.0.1] . . c:\windows\ERDNT\cache\firefox.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Driver Whiz"="c:\program files\Driver Whiz\Driver Whiz\DriverWhiz.exe" [2013-01-25 3534704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-14 536576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"ICF"="c:\program files\Internet Content Filter\mfp.exe" [2010-03-09 1280016]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2011-04-05 6156336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
3;2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe [x]
R3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\Drivers\XLoader.sys [2004-09-04 13184]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2011-03-22 29832]
S2 fpUpdateSvc;Family Protection Update Service;c:\program files\Internet Content Filter\UpdateService.exe [2010-03-09 235024]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2013-09-13 350792]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-21 50704]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2011-07-04 1201656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper   REG_MULTI_SZ     getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-18 18:23   1210320   ----a-w-   c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 17:32]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-11 17:24]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-11 17:24]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.0.1
FF - ProfilePath - c:\documents and settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: keyword.enabled - false
FF - ExtSQL: 2013-11-20 14:41; {1e0fd655-5aea-4b4c-a583-f76ef1e3af9c}; c:\documents and settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\extensions\{1e0fd655-5aea-4b4c-a583-f76ef1e3af9c}.xpi
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-12 14:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2728)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\sediag.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Webroot\WebrootSecurity\SSU.EXE
.
**************************************************************************
.
Completion time: 2014-01-12 14:56:39 - machine was rebooted
ComboFix-quarantined-files.txt 2014-01-12 19:56
.
Pre-Run: 120,761,798,656 bytes free
Post-Run: 121,734,725,632 bytes free
.
- - End Of File - - 4702B718B5EBA2E889D645874ACFAA10
8F558EB6672622401DA993E1E865C861

TDSSKiller:

14:40:01.0109 2860 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:40:05.0265 2860 ============================================================
14:40:05.0265 2860 Current date / time: 2014/01/12 14:40:05.0265
14:40:05.0265 2860 SystemInfo:
14:40:05.0265 2860
14:40:05.0265 2860 OS Version: 5.1.2600 ServicePack: 3.0
14:40:05.0265 2860 Product type: Workstation
14:40:05.0265 2860 ComputerName: HOME-7992934537
14:40:05.0265 2860 UserName: Nashih
14:40:05.0265 2860 Windows directory: C:\WINDOWS
14:40:05.0265 2860 System windows directory: C:\WINDOWS
14:40:05.0265 2860 Processor architecture: Intel x86
14:40:05.0265 2860 Number of processors: 2
14:40:05.0265 2860 Page size: 0x1000
14:40:05.0265 2860 Boot type: Normal boot
14:40:05.0265 2860 ============================================================
14:40:05.0765 2860 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:40:05.0765 2860 ============================================================
14:40:05.0765 2860 \Device\Harddisk0\DR0:
14:40:05.0765 2860 MBR partitions:
14:40:05.0765 2860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
14:40:05.0765 2860 ============================================================
14:40:05.0781 2860 C: <-> \Device\Harddisk0\DR0\Partition1
14:40:05.0781 2860 ============================================================
14:40:05.0781 2860 Initialize success
14:40:05.0781 2860 ============================================================
14:40:07.0671 2084 ============================================================
14:40:07.0671 2084 Scan started
14:40:07.0671 2084 Mode: Manual;
14:40:07.0671 2084 ============================================================
14:40:07.0828 2084 ================ Scan system memory ========================
14:40:07.0828 2084 System memory - ok
14:40:07.0828 2084 ================ Scan services =============================
14:40:08.0093 2084 Abiosdsk - ok
14:40:08.0093 2084 abp480n5 - ok
14:40:08.0125 2084 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:40:08.0125 2084 ACPI - ok
14:40:08.0156 2084 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:40:08.0156 2084 ACPIEC - ok
14:40:08.0218 2084 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:40:08.0218 2084 AdobeFlashPlayerUpdateSvc - ok
14:40:08.0218 2084 adpu160m - ok
14:40:08.0250 2084 [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:40:08.0250 2084 aec - ok
14:40:08.0296 2084 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:40:08.0296 2084 AFD - ok
14:40:08.0296 2084 Aha154x - ok
14:40:08.0312 2084 aic78u2 - ok
14:40:08.0312 2084 aic78xx - ok
14:40:08.0343 2084 [ AE617E60E79D2D5C492E65D15776187B ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:40:08.0359 2084 Alerter - ok
14:40:08.0375 2084 [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
14:40:08.0375 2084 ALG - ok
14:40:08.0390 2084 AliIde - ok
14:40:08.0421 2084 [ EFBB0956BAED786E137351B5CA272AEF ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:40:08.0421 2084 AmdK8 - ok
14:40:08.0437 2084 amsint - ok
14:40:08.0515 2084 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:40:08.0515 2084 Apple Mobile Device - ok
14:40:08.0546 2084 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:40:08.0562 2084 AppMgmt - ok
14:40:08.0562 2084 asc - ok
14:40:08.0562 2084 asc3350p - ok
14:40:08.0578 2084 asc3550 - ok
14:40:08.0625 2084 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:40:08.0625 2084 aspnet_state - ok
14:40:08.0656 2084 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:40:08.0656 2084 AsyncMac - ok
14:40:08.0671 2084 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:40:08.0671 2084 atapi - ok
14:40:08.0671 2084 Atdisk - ok
14:40:08.0703 2084 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:40:08.0703 2084 Atmarpc - ok
14:40:08.0734 2084 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:40:08.0734 2084 AudioSrv - ok
14:40:08.0765 2084 [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:40:08.0765 2084 audstub - ok
14:40:08.0812 2084 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:40:08.0812 2084 Beep - ok
14:40:08.0859 2084 [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:40:08.0906 2084 BITS - ok
14:40:08.0953 2084 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:40:08.0968 2084 Bonjour Service - ok
14:40:09.0000 2084 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
14:40:09.0000 2084 Browser - ok
14:40:09.0000 2084 catchme - ok
14:40:09.0046 2084 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:40:09.0046 2084 cbidf2k - ok
14:40:09.0078 2084 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:40:09.0078 2084 CCDECODE - ok
14:40:09.0078 2084 cd20xrnt - ok
14:40:09.0109 2084 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:40:09.0109 2084 Cdaudio - ok
14:40:09.0125 2084 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:40:09.0140 2084 Cdfs - ok
14:40:09.0156 2084 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:40:09.0156 2084 Cdrom - ok
14:40:09.0171 2084 Changer - ok
14:40:09.0203 2084 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:40:09.0203 2084 CiSvc - ok
14:40:09.0218 2084 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:40:09.0218 2084 ClipSrv - ok
14:40:09.0234 2084 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:40:09.0250 2084 clr_optimization_v2.0.50727_32 - ok
14:40:09.0250 2084 CmdIde - ok
14:40:09.0250 2084 COMSysApp - ok
14:40:09.0265 2084 Cpqarray - ok
14:40:09.0359 2084 cpuz132 - ok
14:40:09.0390 2084 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:40:09.0390 2084 CryptSvc - ok
14:40:09.0406 2084 dac2w2k - ok
14:40:09.0406 2084 dac960nt - ok
14:40:09.0453 2084 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:40:09.0468 2084 DcomLaunch - ok
14:40:09.0500 2084 [ 770471DE2550820FEEB7E5D24BF2E273 ] DgiVecp         C:\WINDOWS\system32\Drivers\DgiVecp.sys
14:40:09.0500 2084 DgiVecp - ok
14:40:09.0531 2084 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:40:09.0531 2084 Dhcp - ok
14:40:09.0562 2084 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:40:09.0562 2084 Disk - ok
14:40:09.0578 2084 dmadmin - ok
14:40:09.0609 2084 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:40:09.0625 2084 dmboot - ok
14:40:09.0640 2084 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:40:09.0640 2084 dmio - ok
14:40:09.0656 2084 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:40:09.0656 2084 dmload - ok
14:40:09.0687 2084 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:40:09.0687 2084 dmserver - ok
14:40:09.0703 2084 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:40:09.0703 2084 DMusic - ok
14:40:09.0734 2084 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:40:09.0734 2084 Dnscache - ok
14:40:09.0734 2084 [ 662D57727604CCAF459E8ADFD4E3A0A7 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
14:40:09.0734 2084 Dot3svc - ok
14:40:09.0750 2084 dpti2o - ok
14:40:09.0781 2084 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:40:09.0781 2084 drmkaud - ok
14:40:09.0796 2084 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
14:40:09.0796 2084 EapHost - ok
14:40:09.0812 2084 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:40:09.0812 2084 ERSvc - ok
14:40:09.0859 2084 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
14:40:09.0859 2084 Eventlog - ok
14:40:09.0921 2084 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
14:40:09.0921 2084 EventSystem - ok
14:40:09.0937 2084 [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:40:09.0937 2084 Fastfat - ok
14:40:09.0984 2084 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:40:09.0984 2084 FastUserSwitchingCompatibility - ok
14:40:10.0015 2084 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
14:40:10.0015 2084 Fdc - ok
14:40:10.0031 2084 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:40:10.0031 2084 Fips - ok
14:40:10.0046 2084 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
14:40:10.0046 2084 Flpydisk - ok
14:40:10.0078 2084 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
14:40:10.0078 2084 FltMgr - ok
14:40:10.0125 2084 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:40:10.0140 2084 FontCache3.0.0.0 - ok
14:40:10.0171 2084 [ C5E5BDA0250574E8D159BD79BBB635DB ] fpUpdateSvc     C:\Program Files\Internet Content Filter\UpdateService.exe
14:40:10.0171 2084 fpUpdateSvc - ok
14:40:10.0421 2084 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:40:10.0421 2084 Fs_Rec - ok
14:40:10.0437 2084 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:40:10.0437 2084 Ftdisk - ok
14:40:10.0484 2084 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:40:10.0484 2084 GEARAspiWDM - ok
14:40:10.0515 2084 [ FD7E9ABA274DF75E08320420B8E9A1D5 ] getPlusHelper   C:\Program Files\NOS\bin\getPlus_Helper.dll
14:40:10.0515 2084 getPlusHelper - ok
14:40:10.0531 2084 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:40:10.0531 2084 Gpc - ok
14:40:10.0593 2084 [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
14:40:10.0593 2084 gupdate - ok
14:40:10.0609 2084 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:40:10.0609 2084 gupdatem - ok
14:40:10.0625 2084 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:40:10.0625 2084 HDAudBus - ok
14:40:10.0703 2084 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:40:10.0703 2084 helpsvc - ok
14:40:10.0718 2084 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
14:40:10.0718 2084 HidServ - ok
14:40:10.0750 2084 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:40:10.0750 2084 HidUsb - ok
14:40:10.0781 2084 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
14:40:10.0781 2084 hkmsvc - ok
14:40:10.0796 2084 hpn - ok
14:40:10.0828 2084 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:40:10.0843 2084 HTTP - ok
14:40:10.0890 2084 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:40:10.0890 2084 HTTPFilter - ok
14:40:10.0890 2084 i2omgmt - ok
14:40:10.0890 2084 i2omp - ok
14:40:10.0921 2084 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:40:10.0921 2084 i8042prt - ok
14:40:10.0984 2084 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:40:11.0015 2084 idsvc - ok
14:40:11.0093 2084 [ 3962F0BE2018A275DBE7510A80173759 ] IHA_MessageCenter C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
14:40:11.0093 2084 IHA_MessageCenter - ok
14:40:11.0093 2084 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:40:11.0093 2084 Imapi - ok
14:40:11.0140 2084 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:40:11.0140 2084 ImapiService - ok
14:40:11.0156 2084 ini910u - ok
14:40:11.0312 2084 [ 41EF008D7B089CE6F5F2E4A61D5638E6 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:40:11.0421 2084 IntcAzAudAddService - ok
14:40:11.0421 2084 IntelIde - ok
14:40:11.0468 2084 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
14:40:11.0468 2084 Ip6Fw - ok
14:40:11.0484 2084 [ 0B228192D66A71CCC787331F2C4B527A ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:40:11.0484 2084 IpFilterDriver - ok
14:40:11.0500 2084 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:40:11.0500 2084 IpInIp - ok
14:40:11.0515 2084 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:40:11.0515 2084 IpNat - ok
14:40:11.0562 2084 [ E51BD095B2FDF56B17EE010BB794D6ED ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:40:11.0593 2084 iPod Service - ok
14:40:11.0625 2084 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:40:11.0625 2084 IPSec - ok
14:40:11.0656 2084 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:40:11.0656 2084 IRENUM - ok
14:40:11.0671 2084 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:40:11.0671 2084 isapnp - ok
14:40:11.0734 2084 [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
14:40:11.0734 2084 JavaQuickStarterService - ok
14:40:11.0750 2084 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:40:11.0765 2084 Kbdclass - ok
14:40:11.0781 2084 [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:40:11.0781 2084 kmixer - ok
14:40:11.0812 2084 [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:40:11.0812 2084 KSecDD - ok
14:40:11.0843 2084 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
14:40:11.0843 2084 lanmanserver - ok
14:40:11.0890 2084 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:40:11.0890 2084 lanmanworkstation - ok
14:40:11.0906 2084 lbrtfdc - ok
14:40:12.0015 2084 [ B0FC97C84A05F00EB8431B71DBE6CAF1 ] LCOM Service    C:\Documents and Settings\Nashih\My Documents\Downloads\YouTubeViewer\YTVC.exe
14:40:12.0031 2084 LCOM Service - ok
14:40:12.0062 2084 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:40:12.0062 2084 LmHosts - ok
14:40:12.0093 2084 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
14:40:12.0093 2084 MBAMProtector - ok
14:40:12.0125 2084 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:40:12.0140 2084 MBAMScheduler - ok
14:40:12.0187 2084 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:40:12.0203 2084 MBAMService - ok
14:40:12.0218 2084 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:40:12.0218 2084 Messenger - ok
14:40:12.0281 2084 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:40:12.0281 2084 Microsoft Office Groove Audit Service - ok
14:40:12.0328 2084 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:40:12.0328 2084 mnmdd - ok
14:40:12.0359 2084 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:40:12.0359 2084 mnmsrvc - ok
14:40:12.0375 2084 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:40:12.0375 2084 Modem - ok
14:40:12.0375 2084 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:40:12.0375 2084 Mouclass - ok
14:40:12.0406 2084 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:40:12.0406 2084 mouhid - ok
14:40:12.0437 2084 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:40:12.0437 2084 MountMgr - ok
14:40:12.0484 2084 [ 3B9398E0146855B1DC0E3D9769C80F01 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:40:12.0484 2084 MozillaMaintenance - ok
14:40:12.0500 2084 mraid35x - ok
14:40:12.0515 2084 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:40:12.0515 2084 MRxDAV - ok
14:40:12.0546 2084 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:40:12.0562 2084 MRxSmb - ok
14:40:12.0593 2084 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:40:12.0593 2084 MSDTC - ok
14:40:12.0609 2084 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:40:12.0609 2084 Msfs - ok
14:40:12.0609 2084 MSIServer - ok
14:40:12.0625 2084 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:40:12.0625 2084 MSKSSRV - ok
14:40:12.0640 2084 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:40:12.0640 2084 MSPCLOCK - ok
14:40:12.0640 2084 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:40:12.0640 2084 MSPQM - ok
14:40:12.0671 2084 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:40:12.0671 2084 mssmbios - ok
14:40:12.0703 2084 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
14:40:12.0703 2084 MSTEE - ok
14:40:12.0718 2084 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor        C:\WINDOWS\system32\DRIVERS\ASACPI.sys
14:40:12.0718 2084 MTsensor - ok
14:40:12.0734 2084 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:40:12.0734 2084 Mup - ok
14:40:12.0765 2084 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:40:12.0765 2084 NABTSFEC - ok
14:40:12.0796 2084 [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
14:40:12.0828 2084 napagent - ok
14:40:12.0890 2084 [ F46070DDADA5C396B1F2EBF1C46DBB08 ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
14:40:12.0906 2084 NBService - ok
14:40:12.0921 2084 [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:40:12.0921 2084 NDIS - ok
14:40:12.0953 2084 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:40:12.0953 2084 NdisIP - ok
14:40:12.0984 2084 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:40:12.0984 2084 NdisTapi - ok
14:40:13.0015 2084 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:40:13.0015 2084 Ndisuio - ok
14:40:13.0015 2084 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:40:13.0015 2084 NdisWan - ok
14:40:13.0031 2084 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:40:13.0031 2084 NDProxy - ok
14:40:13.0062 2084 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:40:13.0062 2084 NetBIOS - ok
14:40:13.0093 2084 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:40:13.0093 2084 NetBT - ok
14:40:13.0125 2084 [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:40:13.0140 2084 NetDDE - ok
14:40:13.0140 2084 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:40:13.0140 2084 NetDDEdsdm - ok
14:40:13.0187 2084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:40:13.0187 2084 Netlogon - ok
14:40:13.0218 2084 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
14:40:13.0218 2084 Netman - ok
14:40:13.0265 2084 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:40:13.0265 2084 NetTcpPortSharing - ok
14:40:13.0296 2084 [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:40:13.0296 2084 Nla - ok
14:40:13.0359 2084 [ 433049770B810D7C83C5C94CDB3E09D2 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
14:40:13.0375 2084 NMIndexingService - ok
14:40:13.0406 2084 [ B9730495E0CF674680121E34BD95A73B ] NPF             C:\WINDOWS\system32\drivers\npf.sys
14:40:13.0406 2084 NPF - ok
14:40:13.0421 2084 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:40:13.0421 2084 Npfs - ok
14:40:13.0453 2084 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:40:13.0468 2084 Ntfs - ok
14:40:13.0468 2084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:40:13.0468 2084 NtLmSsp - ok
14:40:13.0500 2084 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:40:13.0515 2084 NtmsSvc - ok
14:40:13.0546 2084 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:40:13.0546 2084 Null - ok
14:40:13.0875 2084 [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:40:14.0156 2084 nv - ok
14:40:14.0171 2084 [ EF9941593B2E9B436F64A87DDB570D1A ] nvata           C:\WINDOWS\system32\DRIVERS\nvata.sys
14:40:14.0171 2084 nvata - ok
14:40:14.0203 2084 [ D8151977E2A20DF13C3D30146FD4E542 ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
14:40:14.0203 2084 NVENETFD - ok
14:40:14.0218 2084 [ 13A6CCF5F60A55F2ED2658B736D65C8B ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
14:40:14.0218 2084 nvnetbus - ok
14:40:14.0250 2084 [ E9E110CDF6A063A5F9B841C36FB5CC95 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
14:40:14.0265 2084 NVSvc - ok
14:40:14.0296 2084 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:40:14.0296 2084 NwlnkFlt - ok
14:40:14.0296 2084 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:40:14.0296 2084 NwlnkFwd - ok
14:40:14.0375 2084 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:40:14.0390 2084 odserv - ok
14:40:14.0421 2084 [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:40:14.0421 2084 ose - ok
14:40:14.0453 2084 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
14:40:14.0453 2084 Parport - ok
14:40:14.0453 2084 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:40:14.0468 2084 PartMgr - ok
14:40:14.0500 2084 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:40:14.0500 2084 ParVdm - ok
14:40:14.0500 2084 [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:40:14.0500 2084 PCI - ok
14:40:14.0500 2084 PCIDump - ok
14:40:14.0531 2084 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:40:14.0531 2084 PCIIde - ok
14:40:14.0546 2084 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
14:40:14.0546 2084 Pcmcia - ok
14:40:14.0546 2084 PDCOMP - ok
14:40:14.0546 2084 PDFRAME - ok
14:40:14.0562 2084 PDRELI - ok
14:40:14.0562 2084 PDRFRAME - ok
14:40:14.0562 2084 perc2 - ok
14:40:14.0578 2084 perc2hib - ok
14:40:14.0593 2084 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
14:40:14.0593 2084 PlugPlay - ok
14:40:14.0609 2084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:40:14.0609 2084 PolicyAgent - ok
14:40:14.0609 2084 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:40:14.0625 2084 PptpMiniport - ok
14:40:14.0625 2084 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
14:40:14.0625 2084 Processor - ok
14:40:14.0640 2084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:40:14.0640 2084 ProtectedStorage - ok
14:40:14.0640 2084 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:40:14.0640 2084 PSched - ok
14:40:14.0671 2084 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:40:14.0671 2084 Ptilink - ok
14:40:14.0687 2084 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:40:14.0687 2084 PxHelp20 - ok
14:40:14.0687 2084 ql1080 - ok
14:40:14.0703 2084 Ql10wnt - ok
14:40:14.0703 2084 ql12160 - ok
14:40:14.0703 2084 ql1240 - ok
14:40:14.0718 2084 ql1280 - ok
14:40:14.0718 2084 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:40:14.0718 2084 RasAcd - ok
14:40:14.0750 2084 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:40:14.0750 2084 RasAuto - ok
14:40:14.0765 2084 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:40:14.0765 2084 Rasl2tp - ok
14:40:14.0812 2084 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:40:14.0812 2084 RasMan - ok
14:40:14.0812 2084 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:40:14.0828 2084 RasPppoe - ok
14:40:14.0828 2084 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:40:14.0828 2084 Raspti - ok
14:40:14.0859 2084 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:40:14.0859 2084 Rdbss - ok
14:40:14.0875 2084 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:40:14.0875 2084 RDPCDD - ok
14:40:14.0890 2084 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:40:14.0890 2084 rdpdr - ok
14:40:14.0921 2084 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:40:14.0937 2084 RDPWD - ok
14:40:14.0968 2084 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:40:14.0968 2084 RDSessMgr - ok
14:40:14.0968 2084 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:40:14.0984 2084 redbook - ok
14:40:15.0000 2084 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:40:15.0015 2084 RemoteAccess - ok
14:40:15.0046 2084 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:40:15.0046 2084 RemoteRegistry - ok
14:40:15.0062 2084 Roxio UPnP Renderer 11 - ok
14:40:15.0093 2084 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
14:40:15.0093 2084 rpcapd - ok
14:40:15.0109 2084 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:40:15.0109 2084 RpcLocator - ok
14:40:15.0140 2084 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
14:40:15.0140 2084 RpcSs - ok
14:40:15.0187 2084 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:40:15.0187 2084 RSVP - ok
14:40:15.0187 2084 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:40:15.0203 2084 SamSs - ok
14:40:15.0218 2084 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:40:15.0218 2084 SCardSvr - ok
14:40:15.0250 2084 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:40:15.0250 2084 Schedule - ok
14:40:15.0281 2084 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:40:15.0281 2084 Secdrv - ok
14:40:15.0281 2084 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:40:15.0281 2084 seclogon - ok
14:40:15.0296 2084 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
14:40:15.0296 2084 SENS - ok
14:40:15.0328 2084 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
14:40:15.0328 2084 serenum - ok
14:40:15.0343 2084 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:40:15.0343 2084 Serial - ok
14:40:15.0375 2084 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:40:15.0375 2084 Sfloppy - ok
14:40:15.0390 2084 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:40:15.0390 2084 ShellHWDetection - ok
14:40:15.0390 2084 Simbad - ok
14:40:15.0421 2084 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:40:15.0421 2084 SLIP - ok
14:40:15.0437 2084 Sparrow - ok
14:40:15.0453 2084 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:40:15.0453 2084 splitter - ok
14:40:15.0468 2084 [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:40:15.0484 2084 Spooler - ok
14:40:15.0500 2084 [ 3C756678976E449CF6330781786AA48A ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:40:15.0500 2084 sr - ok
14:40:15.0531 2084 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:40:15.0546 2084 srservice - ok
14:40:15.0593 2084 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:40:15.0609 2084 Srv - ok
14:40:15.0625 2084 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:40:15.0625 2084 SSDPSRV - ok
14:40:15.0656 2084 [ 6C46D1D2FC31A8CF0F1D6F9D6859D836 ] ssfs0bbc        C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys
14:40:15.0656 2084 ssfs0bbc - ok
14:40:15.0687 2084 [ CFBD9006204468F64C5737F71EB602F3 ] sshrmd          C:\WINDOWS\system32\DRIVERS\sshrmd.sys
14:40:15.0687 2084 sshrmd - ok
14:40:15.0718 2084 [ 808C18876DD615B82F08298C98AF46B2 ] ssidrv          C:\WINDOWS\system32\DRIVERS\ssidrv.sys
14:40:15.0718 2084 ssidrv - ok
14:40:15.0718 2084 SSPORT - ok
14:40:15.0765 2084 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:40:15.0781 2084 stisvc - ok
14:40:15.0812 2084 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:40:15.0812 2084 streamip - ok
14:40:15.0828 2084 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:40:15.0828 2084 swenum - ok
14:40:15.0828 2084 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:40:15.0828 2084 swmidi - ok
14:40:15.0843 2084 SwPrv - ok
14:40:15.0843 2084 symc810 - ok
14:40:15.0859 2084 symc8xx - ok
14:40:15.0859 2084 sym_hi - ok
14:40:15.0875 2084 sym_u3 - ok
14:40:15.0875 2084 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:40:15.0875 2084 sysaudio - ok
14:40:15.0921 2084 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:40:15.0921 2084 SysmonLog - ok
14:40:15.0953 2084 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:40:15.0953 2084 TapiSrv - ok
14:40:16.0000 2084 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:40:16.0015 2084 Tcpip - ok
14:40:16.0031 2084 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:40:16.0046 2084 TDPIPE - ok
14:40:16.0062 2084 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:40:16.0062 2084 TDTCP - ok
14:40:16.0078 2084 [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:40:16.0078 2084 TermDD - ok
14:40:16.0093 2084 [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
14:40:16.0109 2084 TermService - ok
14:40:16.0125 2084 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:40:16.0125 2084 Themes - ok
14:40:16.0156 2084 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
14:40:16.0156 2084 TlntSvr - ok
14:40:16.0171 2084 TosIde - ok
14:40:16.0187 2084 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:40:16.0187 2084 TrkWks - ok
14:40:16.0218 2084 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:40:16.0218 2084 Udfs - ok
14:40:16.0218 2084 ultra - ok
14:40:16.0265 2084 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:40:16.0281 2084 Update - ok
14:40:16.0328 2084 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:40:16.0328 2084 upnphost - ok
14:40:16.0375 2084 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
14:40:16.0375 2084 UPS - ok
14:40:16.0406 2084 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
14:40:16.0406 2084 USBAAPL - ok
14:40:16.0406 2084 [ 1B611611C28D2DF25BC057D79C6F13FC ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:40:16.0406 2084 usbccgp - ok
14:40:16.0437 2084 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:40:16.0437 2084 usbehci - ok
14:40:16.0453 2084 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:40:16.0453 2084 usbhub - ok
14:40:16.0468 2084 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:40:16.0468 2084 usbohci - ok
14:40:16.0500 2084 [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:40:16.0500 2084 usbprint - ok
14:40:16.0531 2084 [ F8EDE2B6928970DCE3D5614C27D9E7F6 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:40:16.0531 2084 usbscan - ok
14:40:16.0562 2084 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:40:16.0562 2084 usbstor - ok
14:40:16.0578 2084 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:40:16.0578 2084 VgaSave - ok
14:40:16.0593 2084 ViaIde - ok
14:40:16.0609 2084 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:40:16.0609 2084 VolSnap - ok
14:40:16.0640 2084 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
14:40:16.0671 2084 VSS - ok
14:40:16.0687 2084 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
14:40:16.0703 2084 W32Time - ok
14:40:16.0718 2084 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:40:16.0734 2084 Wanarp - ok
14:40:16.0734 2084 WDICA - ok
14:40:16.0765 2084 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:40:16.0765 2084 wdmaud - ok
14:40:16.0796 2084 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:40:16.0812 2084 WebClient - ok
14:40:16.0953 2084 [ 51B4F00A7685F0FE5ECE6B113926E323 ] WebrootSpySweeperService C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
14:40:17.0000 2084 WebrootSpySweeperService - ok
14:40:17.0062 2084 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:40:17.0062 2084 winmgmt - ok
14:40:17.0109 2084 [ D631E5CE1E789CF8ECD277DF3E969057 ] WISTechVIDCAP   C:\WINDOWS\system32\drivers\Xstream.sys
14:40:17.0109 2084 WISTechVIDCAP - ok
14:40:17.0140 2084 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
14:40:17.0140 2084 WmdmPmSN - ok
14:40:17.0187 2084 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
14:40:17.0218 2084 Wmi - ok
14:40:17.0234 2084 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:40:17.0234 2084 WmiApSrv - ok
14:40:17.0281 2084 [ F24B2C2AC4AF2B1A19C42D3415CCA040 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
14:40:17.0281 2084 WMPNetworkSvc - ok
14:40:17.0312 2084 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:40:17.0312 2084 WpdUsb - ok
14:40:17.0375 2084 [ 7B24D0143B4A68433A578E49D1A13EDC ] WRConsumerService C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
14:40:17.0406 2084 WRConsumerService - ok
14:40:17.0421 2084 [ 5F93DD1ADE1CA125297E37E0A419EA45 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:40:17.0421 2084 WS2IFSL - ok
14:40:17.0437 2084 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:40:17.0437 2084 WSTCODEC - ok
14:40:17.0468 2084 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:40:17.0468 2084 wuauserv - ok
14:40:17.0500 2084 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:40:17.0500 2084 WudfPf - ok
14:40:17.0500 2084 [ 74FC90760A14B13340CB718F200BA350 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:40:17.0515 2084 WudfRd - ok
14:40:17.0531 2084 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
14:40:17.0562 2084 WudfSvc - ok
14:40:17.0593 2084 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:40:17.0609 2084 WZCSVC - ok
14:40:17.0640 2084 [ E54D59202747147F6D2501D32C43E35E ] XLoader         C:\WINDOWS\system32\Drivers\XLoader.sys
14:40:17.0640 2084 XLoader - ok
14:40:17.0687 2084 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:40:17.0687 2084 xmlprov - ok
14:40:17.0687 2084 ================ Scan global ===============================
14:40:17.0718 2084 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:40:17.0750 2084 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:40:17.0765 2084 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:40:17.0781 2084 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:40:17.0796 2084 [Global] - ok
14:40:17.0796 2084 ================ Scan MBR ==================================
14:40:17.0812 2084 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:40:17.0890 2084 \Device\Harddisk0\DR0 - ok
14:40:17.0890 2084 ================ Scan VBR ==================================
14:40:17.0890 2084 [ 3324581562DE91C69394226C103A2CE9 ] \Device\Harddisk0\DR0\Partition1
14:40:17.0890 2084 \Device\Harddisk0\DR0\Partition1 - ok
14:40:17.0890 2084 ============================================================
14:40:17.0890 2084 Scan finished
14:40:17.0890 2084 ============================================================
14:40:17.0906 3756 Detected object count: 0
14:40:17.0906 3756 Actual detected object count: 0
14:40:33.0171 3820 Deinitialize success

#8 OCD

SuperHelper

Malware Team
5,574 posts

Posted 12 January 2014 - 09:54 PM

Hi mikej62,

You may think I am being overly particular, but it is important that you read the instructions carefully and follow them precisely. Tools need to be saved and run from the Desktop. Saving and running the tools from somewhere other than the desktop doesn't provide a complete or accurate log for review.
It is not necessary to place your reply in quote tags, just copy and paste into the reply window.

=========================

With that in mind kindly re-run Combofix and provide the log generated in your next reply.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#9 mikej62

Authentic Member

Authentic Member
84 posts

Posted 13 January 2014 - 11:08 AM

My bad.

Log:

ComboFix 14-01-13.01 - Nashih 01/13/2014 12:02:49.6.2 - x86
Running from: c:\documents and settings\Nashih\Desktop\ComboFix.exe
* Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-13 to 2014-01-13 )))))))))))))))))))))))))))))))
.
.
2014-01-10 19:21 . 2014-01-11 22:43   --------   d-----w-   C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 02:59 . 2004-08-04 01:07   150528   ------w-   c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2004-08-04 01:07   591360   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2009-10-08 00:06   7168   ----a-w-   c:\windows\system32\xpsp4res.dll
2013-10-30 02:26 . 2004-08-04 01:07   1879040   ------w-   c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2004-08-04 01:07   920064   ----a-w-   c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2004-08-04 01:07   43520   ------w-   c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2004-08-04 01:07   18944   ------w-   c:\windows\system32\corpol.dll
2013-10-29 07:57 . 2004-08-04 01:07   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2013-10-29 00:45 . 2004-08-04 01:07   385024   ------w-   c:\windows\system32\html.iec
2013-10-23 23:45 . 2004-08-04 01:07   172032   ------w-   c:\windows\system32\scrrun.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2012-07-18 23:33 . 3F677172F23FC17283D9BCE4B42E3F65 . 913888 . . [14.0.1] . . c:\windows\ERDNT\cache\firefox.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Driver Whiz"="c:\program files\Driver Whiz\Driver Whiz\DriverWhiz.exe" [2013-01-25 3534704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-14 536576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"ICF"="c:\program files\Internet Content Filter\mfp.exe" [2010-03-09 1280016]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2011-04-05 6156336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe [x]
R3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\Drivers\XLoader.sys [2004-09-04 13184]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2011-03-22 29832]
S2 fpUpdateSvc;Family Protection Update Service;c:\program files\Internet Content Filter\UpdateService.exe [2010-03-09 235024]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2013-09-13 350792]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-21 50704]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2011-07-04 1201656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper   REG_MULTI_SZ     getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-18 18:23   1210320   ----a-w-   c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 17:32]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-11 17:24]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-11 17:24]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.0.1
FF - ProfilePath - c:\documents and settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: keyword.enabled - false
FF - ExtSQL: 2013-11-20 14:41; {1e0fd655-5aea-4b4c-a583-f76ef1e3af9c}; c:\documents and settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\extensions\{1e0fd655-5aea-4b4c-a583-f76ef1e3af9c}.xpi
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-13 12:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1596)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2014-01-13 12:07:39
ComboFix-quarantined-files.txt 2014-01-13 17:07
ComboFix2.txt 2014-01-13 16:57
ComboFix3.txt 2014-01-12 19:56
.
Pre-Run: 121,898,356,736 bytes free
Post-Run: 121,878,560,768 bytes free
.
- - End Of File - - F5973972921137BCF93C6AB93667A5E0
8F558EB6672622401DA993E1E865C861

#10 OCD

SuperHelper

Malware Team
5,574 posts

Posted 13 January 2014 - 03:05 PM

Hi mikej62,

Firewall & Anti-Virus software is missing from the header of your ComboFix log.

What programs are you using to protect your computer from infection?
Have you run ComboFix in the past? (recently)

=========================

Your log also shows a network proxy, did you make this selection?

=========================

P2P - (Peer to Peer)

I see you have/had P2P software BitTorrent & SteamTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

BitTorrent
StreamTorrent 1.0

If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

You stated in your original post that you were receiving error messages from Driver Wizard. Let's remove it and re-install it and see if that corrects the problem.

Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

Driver Whiz

=========================

Reboot

=========================

If you would like to re-install it please visit this website and re-download and install a fresh copy.

Reboot

If you don't re-install there is no need to reboot.

=========================

Test and see if problem is still present.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

Advertisements

Register to Remove

#11 mikej62

Authentic Member

Authentic Member
84 posts

Posted 13 January 2014 - 03:32 PM

The programs I use for computer protection is Spysweeper though its expired. I also use Malwarebytes.

I ran combofix 3 times in the past 2 days. Before that it was like a year since I had to use combofix (for another virus)

As far as removing driver whiz. When I try to that, it freezes the second I click the remove button. It did that a few times. Is there any other way to remove the program?

#12 OCD

SuperHelper

Malware Team
5,574 posts

Posted 13 January 2014 - 03:40 PM

Hi mikej62 ,

MalwareBytes is not an Anti-Virus program. You should have one Firewall and one Anti-Virus program installed and running at all times to help prevent infection.

Firewall or Anti-Virus

AntiVirus Program
I noticed that you don't have an Antivirus program installed on your system. As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.

I would recommend that you install one of these free Antivirus programs immediately. Just choose one:
Microsoft Security Essentials
Avast

Firewall Program

If you have not already done so, turn on your Windows Firewall. Start > Control Panel > Windows Firewall > select On > OK

OR

If you would care to choose from a few free firewalls there are some, with the links, below. Just choose one:
Online Armor Free
Agnitum Outpost Firewall Free
Zone Alarm Free

=========================

Revo Uninstaller Pro

Please download Revo Uninstaller Pro and save it to your desktop.
(This version is a fully functional, 30 day free trial)

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
From the list of programs click on
Driver Whiz
Chose "Uninstall". When prompted click Yes.
Make sure the advanced option is checked... then click Next.
The program will run, when prompted... click Yes... then Next.
Once the program has searched for leftovers click Next.
Check ONLY the bolded items on the list then... click Next... then Yes.
When done click Finish.

=========================

Reboot

=========================

Test performance and report back

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#13 mikej62

Authentic Member

Authentic Member
84 posts

Posted 13 January 2014 - 03:53 PM

I tried revo uninstaller and it seemed to work. I reboote d the computer and the driverwhiz.exe pop up hasn't come up. Thanks so much.

#14 OCD

SuperHelper

Malware Team
5,574 posts

Posted 13 January 2014 - 04:25 PM

Hi mikej62,

Good. :thumbup: Let's retry Security Check and a fresh FRST scan.

If Security Check still will not run, continue on with the FRST scan

In your next post please provide the following:

check-up.txt
FRST.txt
How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#15 mikej62

Authentic Member

Authentic Member
84 posts

Posted 13 January 2014 - 05:13 PM

I tried the security check scan and when I click it to start, I got a popup similar to the one I had before but this its says "Autolt v3: Objlist.exe- Bad Image". Though fortunately when I click x twice, it goes away unlike the problem I previously had.

here is the finished security check log that popped up after the scan finished.

Results of screen317's Security Check version 0.99.78
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spy Sweeper for MSN
Spy Sweeper Core
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 30
Java version out of Date!
Adobe Flash Player 11.6.602.171
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox 9.0 Firefox out of Date!
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````

Here is the frst.txt log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-01-2014 03
Ran by Nashih (administrator) on HOME-7992934537 on 11-01-2014 17:44:32
Running from C:\Documents and Settings\Nashih\My Documents\Downloads
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

ATTENTION: If processes are not listed WMI should be repaired.

==================== Processes (Whitelisted) ===================

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16125440 2007-02-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] - C:\Windows\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Samsung PanelMgr] - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [536576 2008-08-13] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-09] (Nero AG)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [ICF] - C:\Program Files\Internet Content Filter\mfp.exe [1280016 2010-03-09] (McAfee, Inc.)
HKLM\...\Run: [SpySweeper] - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [6156336 2011-04-05] (Webroot Software, Inc.)
HKLM\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG)
HKCU\...\Run: [Driver Whiz] - C:\Program Files\Driver Whiz\Driver Whiz\DriverWhiz.exe [3534704 2013-01-25] (PC Drivers Headquarters)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] shell32.dll ATTENTION! ====> ZeroAccess/Alureon?
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-03-12] (Nero AG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: HKCU - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default
FF user.js: detected! => C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "http", "68.71.76.242"
FF NetworkProxy: "http_port", 8082
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll ()
FF Plugin: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Nashih\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Nashih\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF Extension: iMacros for Firefox - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013-12-23]
FF Extension: Adobe DLM (powered by getPlus®) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009-11-04]
FF Extension: Clear Form History - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{1e0fd655-5aea-4b4c-a583-f76ef1e3af9c}.xpi [2013-11-20]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-01-13]
FF HKLM\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] - C:\Program Files\fbphotozoom\fbphotozoom15.xpi
FF Extension: FBPhotoZoom - C:\Program Files\fbphotozoom\fbphotozoom15.xpi [2012-03-24]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Documents and Settings\Nashih\Application Data\Move Networks
FF Extension: No Name - C:\Documents and Settings\Nashih\Application Data\Move Networks [2009-11-07]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (getPlusPlus for Adobe 16248) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Nashih\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (FBPHOTOZOOM) - C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\3.0_0 [2014-01-07]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2014-01-07]
CHR HKLM\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files\fbphotozoom\fbphotozoom15.crx [2012-03-24]

========================== Services (Whitelisted) =================

S4 Alerter; C:\Windows\system32\alrsvc.dll [17408 2008-04-13] ()
S3 Dot3svc; C:\Windows\System32\dot3svc.dll [132096 2008-04-13] ()
R2 fpUpdateSvc; C:\Program Files\Internet Content Filter\UpdateService.exe [235024 2010-03-09] (McAfee, Inc.)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-11-10] (Sun Microsystems, Inc.)
S2 LCOM Service; C:\Documents and Settings\Nashih\My Documents\Downloads\YouTubeViewer\YTVC.exe [93696 2011-10-17] (Microsoft)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 WebrootSpySweeperService; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [4048256 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] ()
R2 WRConsumerService; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [1201656 2011-07-03] (Webroot Software, Inc. )
S3 Roxio UPnP Renderer 11; "C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe" [x]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-03] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-11] ()
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-21] (CACE Technologies, Inc.)
R0 nvata; C:\Windows\System32\DRIVERS\nvata.sys [105472 2006-10-17] (NVIDIA Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [57856 2006-09-27] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [19968 2006-09-27] (NVIDIA Corporation)
S0 sr; C:\Windows\System32\DRIVERS\sr.sys [73472 2008-04-13] ()
R0 ssfs0bbc; C:\Windows\System32\DRIVERS\ssfs0bbc.sys [29832 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
R0 sshrmd; C:\Windows\System32\DRIVERS\sshrmd.sys [23176 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [176776 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
S3 WISTechVIDCAP; C:\Windows\System32\drivers\Xstream.sys [118400 2004-09-03] (Plextor Corp.)
S1 WS2IFSL; C:\Windows\System32\drivers\ws2ifsl.sys [12032 2004-08-03] ()
S3 WudfRd; C:\Windows\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] ()
S3 XLoader; C:\Windows\System32\Drivers\XLoader.sys [13184 2004-09-03] (Plextor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz132; \??\C:\DOCUME~1\Nashih\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-10 14:21 - 2014-01-11 17:43 - 00000000 ____D C:\FRST
2014-01-08 16:14 - 2014-01-08 16:14 - 00000499 _____ C:\Documents and Settings\Nashih\Desktop\MBR.zip
2014-01-08 16:13 - 2014-01-08 16:13 - 00002007 _____ C:\Documents and Settings\Nashih\Desktop\aswMBR.txt
2014-01-08 16:13 - 2014-01-08 16:13 - 00000512 _____ C:\Documents and Settings\Nashih\Desktop\MBR.dat
2014-01-05 15:25 - 2014-01-05 15:25 - 00000000 ____D C:\Documents and Settings\Nashih\My Documents\New Folder (2)
2014-01-03 22:26 - 2014-01-03 22:26 - 00039823 _____ C:\Documents and Settings\Nashih\My Documents\Book11.xlsx
2013-12-31 11:04 - 2013-12-31 11:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-23 14:07 - 2013-12-23 14:08 - 00012685 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00005000 _____ C:\WINDOWS\KB2904266.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-23 14:04 - 2013-12-23 14:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-18 13:45 - 2013-12-23 14:07 - 00011252 _____ C:\WINDOWS\KB2898715.log
2013-12-18 13:45 - 2013-12-23 14:04 - 00010089 _____ C:\WINDOWS\KB2893294.log
2013-12-18 13:45 - 2013-12-23 14:03 - 00010788 _____ C:\WINDOWS\KB2893984.log
2013-12-18 13:45 - 2013-12-23 14:03 - 00009292 _____ C:\WINDOWS\KB2892075.log

==================== One Month Modified Files and Folders =======

2014-01-11 17:43 - 2014-01-10 14:21 - 00000000 ____D C:\FRST
2014-01-11 17:32 - 2012-06-05 00:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-11 17:23 - 2012-08-11 12:24 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-11 13:23 - 2012-08-11 12:24 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-11 12:59 - 2009-10-06 21:01 - 01646011 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-11 12:54 - 2009-10-06 21:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-11 12:54 - 2009-10-06 16:55 - 00000159 ____C C:\WINDOWS\wiadebug.log
2014-01-11 12:54 - 2009-10-06 16:55 - 00000049 ____C C:\WINDOWS\wiaservc.log
2014-01-10 11:32 - 2009-10-14 15:24 - 00002473 _____ C:\Documents and Settings\Nashih\Desktop\Microsoft Office Excel 2007.lnk
2014-01-10 10:38 - 2004-08-03 20:07 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-09 16:34 - 2009-10-06 21:06 - 00000178 __SHC C:\Documents and Settings\Nashih\ntuser.ini
2014-01-09 16:34 - 2009-10-06 21:06 - 00000000 ____D C:\Documents and Settings\Nashih
2014-01-09 16:34 - 2009-10-06 21:05 - 00032540 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-08 16:14 - 2014-01-08 16:14 - 00000499 _____ C:\Documents and Settings\Nashih\Desktop\MBR.zip
2014-01-08 16:13 - 2014-01-08 16:13 - 00002007 _____ C:\Documents and Settings\Nashih\Desktop\aswMBR.txt
2014-01-08 16:13 - 2014-01-08 16:13 - 00000512 _____ C:\Documents and Settings\Nashih\Desktop\MBR.dat
2014-01-05 15:25 - 2014-01-05 15:25 - 00000000 ____D C:\Documents and Settings\Nashih\My Documents\New Folder (2)
2014-01-03 22:26 - 2014-01-03 22:26 - 00039823 _____ C:\Documents and Settings\Nashih\My Documents\Book11.xlsx
2014-01-01 11:33 - 2012-05-06 12:45 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-31 11:05 - 2013-12-31 11:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-23 14:30 - 2011-09-14 15:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-23 14:14 - 2009-10-06 16:52 - 00291680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-23 14:08 - 2013-12-23 14:07 - 00012685 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-23 14:08 - 2009-10-06 16:54 - 00704065 ____C C:\WINDOWS\ocgen.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00005000 _____ C:\WINDOWS\KB2904266.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-23 14:07 - 2013-12-18 13:45 - 00011252 _____ C:\WINDOWS\KB2898715.log
2013-12-23 14:07 - 2013-08-26 02:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-23 14:07 - 2009-10-07 20:15 - 00055518 ____C C:\WINDOWS\system32\TZLog.log
2013-12-23 14:07 - 2009-10-07 19:15 - 00038737 ____C C:\WINDOWS\updspapi.log
2013-12-23 14:04 - 2013-12-23 14:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-23 14:04 - 2013-12-18 13:45 - 00010089 _____ C:\WINDOWS\KB2893294.log
2013-12-23 14:04 - 2009-10-07 19:31 - 88123800 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-23 14:03 - 2013-12-18 13:45 - 00010788 _____ C:\WINDOWS\KB2893984.log
2013-12-23 14:03 - 2013-12-18 13:45 - 00009292 _____ C:\WINDOWS\KB2892075.log
2013-12-18 13:29 - 2012-10-27 19:14 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-12-18 13:14 - 2012-08-06 19:46 - 00000000 ____D C:\Documents and Settings\Nashih\Desktop\Samir

ZeroAccess:
C:\RECYCLER\S-1-5-21-1214440339-1614895754-725345543-1003\$142e8fc1cdeb2027af6c9d8d24fdebc2

Some content of TEMP:
====================
C:\Documents and Settings\Nashih\Local Settings\temp\InstallNorton.exe
C:\Documents and Settings\Nashih\Local Settings\temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Documents and Settings\Nashih\Local Settings\temp\install_flashplayer11x32_mssd_aaa_aih_1.exe
C:\Documents and Settings\Nashih\Local Settings\temp\mcinsint.exe
C:\Documents and Settings\Nashih\Local Settings\temp\SymcPCCUInstaller.exe
C:\Documents and Settings\Nashih\Local Settings\temp\VASInstallerWizard.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Body Background

skin color theme