Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91699 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Driverwhiz.exe virus [Solved]


  • This topic is locked This topic is locked
50 replies to this topic

#1 mikej62

mikej62

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 05 January 2014 - 01:55 PM

I have a virus on my computer thats a pain. Its a popup icon in the middle of the screen. But when you x it out, it pops up again. It does that and won't go away. On the top line it says:

 

DriverWhiz.exe- Bad Image

 

Then in the box it says:

"The application or DLL c:\WINDOWS\Microsoft.NET\Framework\v.2.0.50727\diasymreader.dll is not a valid windows image. Please check this against your installation diskette."

 

I ran malwarebytes and it registered nothing on my computer.

 

 

 


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 06 January 2014 - 10:41 AM

Hi mikej62,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================
bullseye_zpse9eaf36e.gif OTL

Download OTL to your desktop.
  • Make sure all other windows are closed and to let it run uninterrupted.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s >
    BASESERVICES
    DRIVES
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • You may need two posts to fit them both in.
=========================

In your next post please provide the following:
  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • OTL.txt
  • Extras.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 mikej62

mikej62

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 09 January 2014 - 12:03 PM

Here are the logs. I couldn't get the OTL to work

Attached Files



#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 09 January 2014 - 09:11 PM

Hi mikej62,

Please copy and paste logs directly into your reply, do not attach unless specifically asked to do so.
 

I couldn't get the OTL to work


Try this tools instead.

bullseye_zpse9eaf36e.gif Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply
=========================

You overlooked the Security Check log (checkup.txt) in your last reply.
 
=========================

In your next post please provide the following:
  • checkup.txt
  • FRST.txt
  • Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 mikej62

mikej62

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 11 January 2014 - 05:32 PM

I couldn't attach the checkup.txt because the program did run but it kept saying "preparing" for like an hour.

Attached Files



#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 11 January 2014 - 08:36 PM

Hi mikej62,

Important : Please copy and paste the logs directly into the reply window. When you attach them I have to download them in order to view them which takes additional time. If I need you to attach a log I will ask you specifically to do so. I appreciate your cooperation.

 

Don't worry about the Security Check log for now.

=========================

bullseye_zpse9eaf36e.gif TDSSKiller

Please download TDSSKiller.zip

  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

=========================

bullseye_zpse9eaf36e.gif ComboFix

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your  Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------NOTE:  If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

    =========================

    In your next post please provide the following:
    • TDSSKiller log
    • Combofix.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 mikej62

mikej62

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 12 January 2014 - 02:01 PM

Sorry for attaching the files.

 

 

Combofix log:

 

ComboFix 14-01-12.01 - Nashih 01/12/2014  14:44:34.4.2 - x86
Running from: c:\documents and settings\Nashih\My Documents\Downloads\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Nashih\My Documents\~WRL0001.tmp
C:\Documents
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LCOM_Service
-------\Service_LCOM Service
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-12 to 2014-01-12  )))))))))))))))))))))))))))))))
.
.
2014-01-10 19:21 . 2014-01-11 22:43    --------    d-----w-    C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 02:59 . 2004-08-04 01:07    150528    ------w-    c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2004-08-04 01:07    591360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2009-10-08 00:06    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
2013-10-30 02:26 . 2004-08-04 01:07    1879040    ------w-    c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2004-08-04 01:07    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2004-08-04 01:07    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2004-08-04 01:07    18944    ------w-    c:\windows\system32\corpol.dll
2013-10-29 07:57 . 2004-08-04 01:07    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-10-29 00:45 . 2004-08-04 01:07    385024    ------w-    c:\windows\system32\html.iec
2013-10-23 23:45 . 2004-08-04 01:07    172032    ------w-    c:\windows\system32\scrrun.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2012-07-18 23:33 . 3F677172F23FC17283D9BCE4B42E3F65 . 913888 . . [14.0.1] . . c:\windows\ERDNT\cache\firefox.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Driver Whiz"="c:\program files\Driver Whiz\Driver Whiz\DriverWhiz.exe" [2013-01-25 3534704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-14 536576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"ICF"="c:\program files\Internet Content Filter\mfp.exe" [2010-03-09 1280016]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2011-04-05 6156336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
3;2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe [x]
R3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\Drivers\XLoader.sys [2004-09-04 13184]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2011-03-22 29832]
S2 fpUpdateSvc;Family Protection Update Service;c:\program files\Internet Content Filter\UpdateService.exe [2010-03-09 235024]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2013-09-13 350792]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-21 50704]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2011-07-04 1201656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper    REG_MULTI_SZ       getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-18 18:23    1210320    ----a-w-    c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 17:32]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-11 17:24]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-11 17:24]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.0.1
FF - ProfilePath - c:\documents and settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: keyword.enabled - false
FF - ExtSQL: 2013-11-20 14:41; {1e0fd655-5aea-4b4c-a583-f76ef1e3af9c}; c:\documents and settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\extensions\{1e0fd655-5aea-4b4c-a583-f76ef1e3af9c}.xpi
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-12 14:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2728)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\sediag.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Webroot\WebrootSecurity\SSU.EXE
.
**************************************************************************
.
Completion time: 2014-01-12  14:56:39 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-12 19:56
.
Pre-Run: 120,761,798,656 bytes free
Post-Run: 121,734,725,632 bytes free
.
- - End Of File - - 4702B718B5EBA2E889D645874ACFAA10
8F558EB6672622401DA993E1E865C861
 

 

TDSSKiller:

 

 

14:40:01.0109 2860  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:40:05.0265 2860  ============================================================
14:40:05.0265 2860  Current date / time: 2014/01/12 14:40:05.0265
14:40:05.0265 2860  SystemInfo:
14:40:05.0265 2860  
14:40:05.0265 2860  OS Version: 5.1.2600 ServicePack: 3.0
14:40:05.0265 2860  Product type: Workstation
14:40:05.0265 2860  ComputerName: HOME-7992934537
14:40:05.0265 2860  UserName: Nashih
14:40:05.0265 2860  Windows directory: C:\WINDOWS
14:40:05.0265 2860  System windows directory: C:\WINDOWS
14:40:05.0265 2860  Processor architecture: Intel x86
14:40:05.0265 2860  Number of processors: 2
14:40:05.0265 2860  Page size: 0x1000
14:40:05.0265 2860  Boot type: Normal boot
14:40:05.0265 2860  ============================================================
14:40:05.0765 2860  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:40:05.0765 2860  ============================================================
14:40:05.0765 2860  \Device\Harddisk0\DR0:
14:40:05.0765 2860  MBR partitions:
14:40:05.0765 2860  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
14:40:05.0765 2860  ============================================================
14:40:05.0781 2860  C: <-> \Device\Harddisk0\DR0\Partition1
14:40:05.0781 2860  ============================================================
14:40:05.0781 2860  Initialize success
14:40:05.0781 2860  ============================================================
14:40:07.0671 2084  ============================================================
14:40:07.0671 2084  Scan started
14:40:07.0671 2084  Mode: Manual;
14:40:07.0671 2084  ============================================================
14:40:07.0828 2084  ================ Scan system memory ========================
14:40:07.0828 2084  System memory - ok
14:40:07.0828 2084  ================ Scan services =============================
14:40:08.0093 2084  Abiosdsk - ok
14:40:08.0093 2084  abp480n5 - ok
14:40:08.0125 2084  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:40:08.0125 2084  ACPI - ok
14:40:08.0156 2084  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:40:08.0156 2084  ACPIEC - ok
14:40:08.0218 2084  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:40:08.0218 2084  AdobeFlashPlayerUpdateSvc - ok
14:40:08.0218 2084  adpu160m - ok
14:40:08.0250 2084  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:40:08.0250 2084  aec - ok
14:40:08.0296 2084  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:40:08.0296 2084  AFD - ok
14:40:08.0296 2084  Aha154x - ok
14:40:08.0312 2084  aic78u2 - ok
14:40:08.0312 2084  aic78xx - ok
14:40:08.0343 2084  [ AE617E60E79D2D5C492E65D15776187B ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:40:08.0359 2084  Alerter - ok
14:40:08.0375 2084  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
14:40:08.0375 2084  ALG - ok
14:40:08.0390 2084  AliIde - ok
14:40:08.0421 2084  [ EFBB0956BAED786E137351B5CA272AEF ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:40:08.0421 2084  AmdK8 - ok
14:40:08.0437 2084  amsint - ok
14:40:08.0515 2084  [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:40:08.0515 2084  Apple Mobile Device - ok
14:40:08.0546 2084  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:40:08.0562 2084  AppMgmt - ok
14:40:08.0562 2084  asc - ok
14:40:08.0562 2084  asc3350p - ok
14:40:08.0578 2084  asc3550 - ok
14:40:08.0625 2084  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:40:08.0625 2084  aspnet_state - ok
14:40:08.0656 2084  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:40:08.0656 2084  AsyncMac - ok
14:40:08.0671 2084  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:40:08.0671 2084  atapi - ok
14:40:08.0671 2084  Atdisk - ok
14:40:08.0703 2084  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:40:08.0703 2084  Atmarpc - ok
14:40:08.0734 2084  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:40:08.0734 2084  AudioSrv - ok
14:40:08.0765 2084  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:40:08.0765 2084  audstub - ok
14:40:08.0812 2084  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:40:08.0812 2084  Beep - ok
14:40:08.0859 2084  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:40:08.0906 2084  BITS - ok
14:40:08.0953 2084  [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:40:08.0968 2084  Bonjour Service - ok
14:40:09.0000 2084  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
14:40:09.0000 2084  Browser - ok
14:40:09.0000 2084  catchme - ok
14:40:09.0046 2084  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:40:09.0046 2084  cbidf2k - ok
14:40:09.0078 2084  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:40:09.0078 2084  CCDECODE - ok
14:40:09.0078 2084  cd20xrnt - ok
14:40:09.0109 2084  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:40:09.0109 2084  Cdaudio - ok
14:40:09.0125 2084  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:40:09.0140 2084  Cdfs - ok
14:40:09.0156 2084  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:40:09.0156 2084  Cdrom - ok
14:40:09.0171 2084  Changer - ok
14:40:09.0203 2084  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:40:09.0203 2084  CiSvc - ok
14:40:09.0218 2084  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:40:09.0218 2084  ClipSrv - ok
14:40:09.0234 2084  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:40:09.0250 2084  clr_optimization_v2.0.50727_32 - ok
14:40:09.0250 2084  CmdIde - ok
14:40:09.0250 2084  COMSysApp - ok
14:40:09.0265 2084  Cpqarray - ok
14:40:09.0359 2084  cpuz132 - ok
14:40:09.0390 2084  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:40:09.0390 2084  CryptSvc - ok
14:40:09.0406 2084  dac2w2k - ok
14:40:09.0406 2084  dac960nt - ok
14:40:09.0453 2084  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:40:09.0468 2084  DcomLaunch - ok
14:40:09.0500 2084  [ 770471DE2550820FEEB7E5D24BF2E273 ] DgiVecp         C:\WINDOWS\system32\Drivers\DgiVecp.sys
14:40:09.0500 2084  DgiVecp - ok
14:40:09.0531 2084  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:40:09.0531 2084  Dhcp - ok
14:40:09.0562 2084  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:40:09.0562 2084  Disk - ok
14:40:09.0578 2084  dmadmin - ok
14:40:09.0609 2084  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:40:09.0625 2084  dmboot - ok
14:40:09.0640 2084  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:40:09.0640 2084  dmio - ok
14:40:09.0656 2084  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:40:09.0656 2084  dmload - ok
14:40:09.0687 2084  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:40:09.0687 2084  dmserver - ok
14:40:09.0703 2084  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:40:09.0703 2084  DMusic - ok
14:40:09.0734 2084  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:40:09.0734 2084  Dnscache - ok
14:40:09.0734 2084  [ 662D57727604CCAF459E8ADFD4E3A0A7 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
14:40:09.0734 2084  Dot3svc - ok
14:40:09.0750 2084  dpti2o - ok
14:40:09.0781 2084  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:40:09.0781 2084  drmkaud - ok
14:40:09.0796 2084  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
14:40:09.0796 2084  EapHost - ok
14:40:09.0812 2084  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:40:09.0812 2084  ERSvc - ok
14:40:09.0859 2084  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
14:40:09.0859 2084  Eventlog - ok
14:40:09.0921 2084  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
14:40:09.0921 2084  EventSystem - ok
14:40:09.0937 2084  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:40:09.0937 2084  Fastfat - ok
14:40:09.0984 2084  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:40:09.0984 2084  FastUserSwitchingCompatibility - ok
14:40:10.0015 2084  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
14:40:10.0015 2084  Fdc - ok
14:40:10.0031 2084  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:40:10.0031 2084  Fips - ok
14:40:10.0046 2084  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
14:40:10.0046 2084  Flpydisk - ok
14:40:10.0078 2084  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
14:40:10.0078 2084  FltMgr - ok
14:40:10.0125 2084  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:40:10.0140 2084  FontCache3.0.0.0 - ok
14:40:10.0171 2084  [ C5E5BDA0250574E8D159BD79BBB635DB ] fpUpdateSvc     C:\Program Files\Internet Content Filter\UpdateService.exe
14:40:10.0171 2084  fpUpdateSvc - ok
14:40:10.0421 2084  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:40:10.0421 2084  Fs_Rec - ok
14:40:10.0437 2084  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:40:10.0437 2084  Ftdisk - ok
14:40:10.0484 2084  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:40:10.0484 2084  GEARAspiWDM - ok
14:40:10.0515 2084  [ FD7E9ABA274DF75E08320420B8E9A1D5 ] getPlusHelper   C:\Program Files\NOS\bin\getPlus_Helper.dll
14:40:10.0515 2084  getPlusHelper - ok
14:40:10.0531 2084  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:40:10.0531 2084  Gpc - ok
14:40:10.0593 2084  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
14:40:10.0593 2084  gupdate - ok
14:40:10.0609 2084  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:40:10.0609 2084  gupdatem - ok
14:40:10.0625 2084  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:40:10.0625 2084  HDAudBus - ok
14:40:10.0703 2084  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:40:10.0703 2084  helpsvc - ok
14:40:10.0718 2084  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
14:40:10.0718 2084  HidServ - ok
14:40:10.0750 2084  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:40:10.0750 2084  HidUsb - ok
14:40:10.0781 2084  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
14:40:10.0781 2084  hkmsvc - ok
14:40:10.0796 2084  hpn - ok
14:40:10.0828 2084  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:40:10.0843 2084  HTTP - ok
14:40:10.0890 2084  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:40:10.0890 2084  HTTPFilter - ok
14:40:10.0890 2084  i2omgmt - ok
14:40:10.0890 2084  i2omp - ok
14:40:10.0921 2084  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:40:10.0921 2084  i8042prt - ok
14:40:10.0984 2084  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:40:11.0015 2084  idsvc - ok
14:40:11.0093 2084  [ 3962F0BE2018A275DBE7510A80173759 ] IHA_MessageCenter C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
14:40:11.0093 2084  IHA_MessageCenter - ok
14:40:11.0093 2084  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:40:11.0093 2084  Imapi - ok
14:40:11.0140 2084  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:40:11.0140 2084  ImapiService - ok
14:40:11.0156 2084  ini910u - ok
14:40:11.0312 2084  [ 41EF008D7B089CE6F5F2E4A61D5638E6 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:40:11.0421 2084  IntcAzAudAddService - ok
14:40:11.0421 2084  IntelIde - ok
14:40:11.0468 2084  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
14:40:11.0468 2084  Ip6Fw - ok
14:40:11.0484 2084  [ 0B228192D66A71CCC787331F2C4B527A ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:40:11.0484 2084  IpFilterDriver - ok
14:40:11.0500 2084  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:40:11.0500 2084  IpInIp - ok
14:40:11.0515 2084  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:40:11.0515 2084  IpNat - ok
14:40:11.0562 2084  [ E51BD095B2FDF56B17EE010BB794D6ED ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:40:11.0593 2084  iPod Service - ok
14:40:11.0625 2084  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:40:11.0625 2084  IPSec - ok
14:40:11.0656 2084  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:40:11.0656 2084  IRENUM - ok
14:40:11.0671 2084  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:40:11.0671 2084  isapnp - ok
14:40:11.0734 2084  [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
14:40:11.0734 2084  JavaQuickStarterService - ok
14:40:11.0750 2084  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:40:11.0765 2084  Kbdclass - ok
14:40:11.0781 2084  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:40:11.0781 2084  kmixer - ok
14:40:11.0812 2084  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:40:11.0812 2084  KSecDD - ok
14:40:11.0843 2084  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
14:40:11.0843 2084  lanmanserver - ok
14:40:11.0890 2084  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:40:11.0890 2084  lanmanworkstation - ok
14:40:11.0906 2084  lbrtfdc - ok
14:40:12.0015 2084  [ B0FC97C84A05F00EB8431B71DBE6CAF1 ] LCOM Service    C:\Documents and Settings\Nashih\My Documents\Downloads\YouTubeViewer\YTVC.exe
14:40:12.0031 2084  LCOM Service - ok
14:40:12.0062 2084  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:40:12.0062 2084  LmHosts - ok
14:40:12.0093 2084  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
14:40:12.0093 2084  MBAMProtector - ok
14:40:12.0125 2084  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:40:12.0140 2084  MBAMScheduler - ok
14:40:12.0187 2084  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:40:12.0203 2084  MBAMService - ok
14:40:12.0218 2084  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:40:12.0218 2084  Messenger - ok
14:40:12.0281 2084  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:40:12.0281 2084  Microsoft Office Groove Audit Service - ok
14:40:12.0328 2084  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:40:12.0328 2084  mnmdd - ok
14:40:12.0359 2084  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:40:12.0359 2084  mnmsrvc - ok
14:40:12.0375 2084  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:40:12.0375 2084  Modem - ok
14:40:12.0375 2084  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:40:12.0375 2084  Mouclass - ok
14:40:12.0406 2084  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:40:12.0406 2084  mouhid - ok
14:40:12.0437 2084  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:40:12.0437 2084  MountMgr - ok
14:40:12.0484 2084  [ 3B9398E0146855B1DC0E3D9769C80F01 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:40:12.0484 2084  MozillaMaintenance - ok
14:40:12.0500 2084  mraid35x - ok
14:40:12.0515 2084  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:40:12.0515 2084  MRxDAV - ok
14:40:12.0546 2084  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:40:12.0562 2084  MRxSmb - ok
14:40:12.0593 2084  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:40:12.0593 2084  MSDTC - ok
14:40:12.0609 2084  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:40:12.0609 2084  Msfs - ok
14:40:12.0609 2084  MSIServer - ok
14:40:12.0625 2084  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:40:12.0625 2084  MSKSSRV - ok
14:40:12.0640 2084  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:40:12.0640 2084  MSPCLOCK - ok
14:40:12.0640 2084  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:40:12.0640 2084  MSPQM - ok
14:40:12.0671 2084  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:40:12.0671 2084  mssmbios - ok
14:40:12.0703 2084  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
14:40:12.0703 2084  MSTEE - ok
14:40:12.0718 2084  [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor        C:\WINDOWS\system32\DRIVERS\ASACPI.sys
14:40:12.0718 2084  MTsensor - ok
14:40:12.0734 2084  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:40:12.0734 2084  Mup - ok
14:40:12.0765 2084  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:40:12.0765 2084  NABTSFEC - ok
14:40:12.0796 2084  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
14:40:12.0828 2084  napagent - ok
14:40:12.0890 2084  [ F46070DDADA5C396B1F2EBF1C46DBB08 ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
14:40:12.0906 2084  NBService - ok
14:40:12.0921 2084  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:40:12.0921 2084  NDIS - ok
14:40:12.0953 2084  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:40:12.0953 2084  NdisIP - ok
14:40:12.0984 2084  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:40:12.0984 2084  NdisTapi - ok
14:40:13.0015 2084  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:40:13.0015 2084  Ndisuio - ok
14:40:13.0015 2084  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:40:13.0015 2084  NdisWan - ok
14:40:13.0031 2084  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:40:13.0031 2084  NDProxy - ok
14:40:13.0062 2084  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:40:13.0062 2084  NetBIOS - ok
14:40:13.0093 2084  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:40:13.0093 2084  NetBT - ok
14:40:13.0125 2084  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:40:13.0140 2084  NetDDE - ok
14:40:13.0140 2084  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:40:13.0140 2084  NetDDEdsdm - ok
14:40:13.0187 2084  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:40:13.0187 2084  Netlogon - ok
14:40:13.0218 2084  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
14:40:13.0218 2084  Netman - ok
14:40:13.0265 2084  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:40:13.0265 2084  NetTcpPortSharing - ok
14:40:13.0296 2084  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:40:13.0296 2084  Nla - ok
14:40:13.0359 2084  [ 433049770B810D7C83C5C94CDB3E09D2 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
14:40:13.0375 2084  NMIndexingService - ok
14:40:13.0406 2084  [ B9730495E0CF674680121E34BD95A73B ] NPF             C:\WINDOWS\system32\drivers\npf.sys
14:40:13.0406 2084  NPF - ok
14:40:13.0421 2084  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:40:13.0421 2084  Npfs - ok
14:40:13.0453 2084  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:40:13.0468 2084  Ntfs - ok
14:40:13.0468 2084  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:40:13.0468 2084  NtLmSsp - ok
14:40:13.0500 2084  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:40:13.0515 2084  NtmsSvc - ok
14:40:13.0546 2084  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:40:13.0546 2084  Null - ok
14:40:13.0875 2084  [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:40:14.0156 2084  nv - ok
14:40:14.0171 2084  [ EF9941593B2E9B436F64A87DDB570D1A ] nvata           C:\WINDOWS\system32\DRIVERS\nvata.sys
14:40:14.0171 2084  nvata - ok
14:40:14.0203 2084  [ D8151977E2A20DF13C3D30146FD4E542 ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
14:40:14.0203 2084  NVENETFD - ok
14:40:14.0218 2084  [ 13A6CCF5F60A55F2ED2658B736D65C8B ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
14:40:14.0218 2084  nvnetbus - ok
14:40:14.0250 2084  [ E9E110CDF6A063A5F9B841C36FB5CC95 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
14:40:14.0265 2084  NVSvc - ok
14:40:14.0296 2084  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:40:14.0296 2084  NwlnkFlt - ok
14:40:14.0296 2084  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:40:14.0296 2084  NwlnkFwd - ok
14:40:14.0375 2084  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:40:14.0390 2084  odserv - ok
14:40:14.0421 2084  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:40:14.0421 2084  ose - ok
14:40:14.0453 2084  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
14:40:14.0453 2084  Parport - ok
14:40:14.0453 2084  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:40:14.0468 2084  PartMgr - ok
14:40:14.0500 2084  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:40:14.0500 2084  ParVdm - ok
14:40:14.0500 2084  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:40:14.0500 2084  PCI - ok
14:40:14.0500 2084  PCIDump - ok
14:40:14.0531 2084  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:40:14.0531 2084  PCIIde - ok
14:40:14.0546 2084  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
14:40:14.0546 2084  Pcmcia - ok
14:40:14.0546 2084  PDCOMP - ok
14:40:14.0546 2084  PDFRAME - ok
14:40:14.0562 2084  PDRELI - ok
14:40:14.0562 2084  PDRFRAME - ok
14:40:14.0562 2084  perc2 - ok
14:40:14.0578 2084  perc2hib - ok
14:40:14.0593 2084  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
14:40:14.0593 2084  PlugPlay - ok
14:40:14.0609 2084  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:40:14.0609 2084  PolicyAgent - ok
14:40:14.0609 2084  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:40:14.0625 2084  PptpMiniport - ok
14:40:14.0625 2084  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
14:40:14.0625 2084  Processor - ok
14:40:14.0640 2084  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:40:14.0640 2084  ProtectedStorage - ok
14:40:14.0640 2084  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:40:14.0640 2084  PSched - ok
14:40:14.0671 2084  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:40:14.0671 2084  Ptilink - ok
14:40:14.0687 2084  [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:40:14.0687 2084  PxHelp20 - ok
14:40:14.0687 2084  ql1080 - ok
14:40:14.0703 2084  Ql10wnt - ok
14:40:14.0703 2084  ql12160 - ok
14:40:14.0703 2084  ql1240 - ok
14:40:14.0718 2084  ql1280 - ok
14:40:14.0718 2084  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:40:14.0718 2084  RasAcd - ok
14:40:14.0750 2084  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:40:14.0750 2084  RasAuto - ok
14:40:14.0765 2084  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:40:14.0765 2084  Rasl2tp - ok
14:40:14.0812 2084  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:40:14.0812 2084  RasMan - ok
14:40:14.0812 2084  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:40:14.0828 2084  RasPppoe - ok
14:40:14.0828 2084  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:40:14.0828 2084  Raspti - ok
14:40:14.0859 2084  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:40:14.0859 2084  Rdbss - ok
14:40:14.0875 2084  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:40:14.0875 2084  RDPCDD - ok
14:40:14.0890 2084  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:40:14.0890 2084  rdpdr - ok
14:40:14.0921 2084  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:40:14.0937 2084  RDPWD - ok
14:40:14.0968 2084  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:40:14.0968 2084  RDSessMgr - ok
14:40:14.0968 2084  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:40:14.0984 2084  redbook - ok
14:40:15.0000 2084  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:40:15.0015 2084  RemoteAccess - ok
14:40:15.0046 2084  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:40:15.0046 2084  RemoteRegistry - ok
14:40:15.0062 2084  Roxio UPnP Renderer 11 - ok
14:40:15.0093 2084  [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
14:40:15.0093 2084  rpcapd - ok
14:40:15.0109 2084  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:40:15.0109 2084  RpcLocator - ok
14:40:15.0140 2084  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
14:40:15.0140 2084  RpcSs - ok
14:40:15.0187 2084  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:40:15.0187 2084  RSVP - ok
14:40:15.0187 2084  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:40:15.0203 2084  SamSs - ok
14:40:15.0218 2084  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:40:15.0218 2084  SCardSvr - ok
14:40:15.0250 2084  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:40:15.0250 2084  Schedule - ok
14:40:15.0281 2084  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:40:15.0281 2084  Secdrv - ok
14:40:15.0281 2084  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:40:15.0281 2084  seclogon - ok
14:40:15.0296 2084  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
14:40:15.0296 2084  SENS - ok
14:40:15.0328 2084  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
14:40:15.0328 2084  serenum - ok
14:40:15.0343 2084  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:40:15.0343 2084  Serial - ok
14:40:15.0375 2084  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:40:15.0375 2084  Sfloppy - ok
14:40:15.0390 2084  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:40:15.0390 2084  ShellHWDetection - ok
14:40:15.0390 2084  Simbad - ok
14:40:15.0421 2084  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:40:15.0421 2084  SLIP - ok
14:40:15.0437 2084  Sparrow - ok
14:40:15.0453 2084  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:40:15.0453 2084  splitter - ok
14:40:15.0468 2084  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:40:15.0484 2084  Spooler - ok
14:40:15.0500 2084  [ 3C756678976E449CF6330781786AA48A ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:40:15.0500 2084  sr - ok
14:40:15.0531 2084  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:40:15.0546 2084  srservice - ok
14:40:15.0593 2084  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:40:15.0609 2084  Srv - ok
14:40:15.0625 2084  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:40:15.0625 2084  SSDPSRV - ok
14:40:15.0656 2084  [ 6C46D1D2FC31A8CF0F1D6F9D6859D836 ] ssfs0bbc        C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys
14:40:15.0656 2084  ssfs0bbc - ok
14:40:15.0687 2084  [ CFBD9006204468F64C5737F71EB602F3 ] sshrmd          C:\WINDOWS\system32\DRIVERS\sshrmd.sys
14:40:15.0687 2084  sshrmd - ok
14:40:15.0718 2084  [ 808C18876DD615B82F08298C98AF46B2 ] ssidrv          C:\WINDOWS\system32\DRIVERS\ssidrv.sys
14:40:15.0718 2084  ssidrv - ok
14:40:15.0718 2084  SSPORT - ok
14:40:15.0765 2084  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:40:15.0781 2084  stisvc - ok
14:40:15.0812 2084  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:40:15.0812 2084  streamip - ok
14:40:15.0828 2084  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:40:15.0828 2084  swenum - ok
14:40:15.0828 2084  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:40:15.0828 2084  swmidi - ok
14:40:15.0843 2084  SwPrv - ok
14:40:15.0843 2084  symc810 - ok
14:40:15.0859 2084  symc8xx - ok
14:40:15.0859 2084  sym_hi - ok
14:40:15.0875 2084  sym_u3 - ok
14:40:15.0875 2084  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:40:15.0875 2084  sysaudio - ok
14:40:15.0921 2084  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:40:15.0921 2084  SysmonLog - ok
14:40:15.0953 2084  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:40:15.0953 2084  TapiSrv - ok
14:40:16.0000 2084  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:40:16.0015 2084  Tcpip - ok
14:40:16.0031 2084  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:40:16.0046 2084  TDPIPE - ok
14:40:16.0062 2084  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:40:16.0062 2084  TDTCP - ok
14:40:16.0078 2084  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:40:16.0078 2084  TermDD - ok
14:40:16.0093 2084  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
14:40:16.0109 2084  TermService - ok
14:40:16.0125 2084  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:40:16.0125 2084  Themes - ok
14:40:16.0156 2084  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
14:40:16.0156 2084  TlntSvr - ok
14:40:16.0171 2084  TosIde - ok
14:40:16.0187 2084  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:40:16.0187 2084  TrkWks - ok
14:40:16.0218 2084  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:40:16.0218 2084  Udfs - ok
14:40:16.0218 2084  ultra - ok
14:40:16.0265 2084  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:40:16.0281 2084  Update - ok
14:40:16.0328 2084  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:40:16.0328 2084  upnphost - ok
14:40:16.0375 2084  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
14:40:16.0375 2084  UPS - ok
14:40:16.0406 2084  [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
14:40:16.0406 2084  USBAAPL - ok
14:40:16.0406 2084  [ 1B611611C28D2DF25BC057D79C6F13FC ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:40:16.0406 2084  usbccgp - ok
14:40:16.0437 2084  [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:40:16.0437 2084  usbehci - ok
14:40:16.0453 2084  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:40:16.0453 2084  usbhub - ok
14:40:16.0468 2084  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:40:16.0468 2084  usbohci - ok
14:40:16.0500 2084  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:40:16.0500 2084  usbprint - ok
14:40:16.0531 2084  [ F8EDE2B6928970DCE3D5614C27D9E7F6 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:40:16.0531 2084  usbscan - ok
14:40:16.0562 2084  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:40:16.0562 2084  usbstor - ok
14:40:16.0578 2084  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:40:16.0578 2084  VgaSave - ok
14:40:16.0593 2084  ViaIde - ok
14:40:16.0609 2084  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:40:16.0609 2084  VolSnap - ok
14:40:16.0640 2084  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
14:40:16.0671 2084  VSS - ok
14:40:16.0687 2084  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
14:40:16.0703 2084  W32Time - ok
14:40:16.0718 2084  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:40:16.0734 2084  Wanarp - ok
14:40:16.0734 2084  WDICA - ok
14:40:16.0765 2084  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:40:16.0765 2084  wdmaud - ok
14:40:16.0796 2084  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:40:16.0812 2084  WebClient - ok
14:40:16.0953 2084  [ 51B4F00A7685F0FE5ECE6B113926E323 ] WebrootSpySweeperService C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
14:40:17.0000 2084  WebrootSpySweeperService - ok
14:40:17.0062 2084  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:40:17.0062 2084  winmgmt - ok
14:40:17.0109 2084  [ D631E5CE1E789CF8ECD277DF3E969057 ] WISTechVIDCAP   C:\WINDOWS\system32\drivers\Xstream.sys
14:40:17.0109 2084  WISTechVIDCAP - ok
14:40:17.0140 2084  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
14:40:17.0140 2084  WmdmPmSN - ok
14:40:17.0187 2084  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
14:40:17.0218 2084  Wmi - ok
14:40:17.0234 2084  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:40:17.0234 2084  WmiApSrv - ok
14:40:17.0281 2084  [ F24B2C2AC4AF2B1A19C42D3415CCA040 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
14:40:17.0281 2084  WMPNetworkSvc - ok
14:40:17.0312 2084  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:40:17.0312 2084  WpdUsb - ok
14:40:17.0375 2084  [ 7B24D0143B4A68433A578E49D1A13EDC ] WRConsumerService C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
14:40:17.0406 2084  WRConsumerService - ok
14:40:17.0421 2084  [ 5F93DD1ADE1CA125297E37E0A419EA45 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:40:17.0421 2084  WS2IFSL - ok
14:40:17.0437 2084  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:40:17.0437 2084  WSTCODEC - ok
14:40:17.0468 2084  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:40:17.0468 2084  wuauserv - ok
14:40:17.0500 2084  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:40:17.0500 2084  WudfPf - ok
14:40:17.0500 2084  [ 74FC90760A14B13340CB718F200BA350 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:40:17.0515 2084  WudfRd - ok
14:40:17.0531 2084  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
14:40:17.0562 2084  WudfSvc - ok
14:40:17.0593 2084  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:40:17.0609 2084  WZCSVC - ok
14:40:17.0640 2084  [ E54D59202747147F6D2501D32C43E35E ] XLoader         C:\WINDOWS\system32\Drivers\XLoader.sys
14:40:17.0640 2084  XLoader - ok
14:40:17.0687 2084  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:40:17.0687 2084  xmlprov - ok
14:40:17.0687 2084  ================ Scan global ===============================
14:40:17.0718 2084  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:40:17.0750 2084  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:40:17.0765 2084  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:40:17.0781 2084  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:40:17.0796 2084  [Global] - ok
14:40:17.0796 2084  ================ Scan MBR ==================================
14:40:17.0812 2084  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:40:17.0890 2084  \Device\Harddisk0\DR0 - ok
14:40:17.0890 2084  ================ Scan VBR ==================================
14:40:17.0890 2084  [ 3324581562DE91C69394226C103A2CE9 ] \Device\Harddisk0\DR0\Partition1
14:40:17.0890 2084  \Device\Harddisk0\DR0\Partition1 - ok
14:40:17.0890 2084  ============================================================
14:40:17.0890 2084  Scan finished
14:40:17.0890 2084  ============================================================
14:40:17.0906 3756  Detected object count: 0
14:40:17.0906 3756  Actual detected object count: 0
14:40:33.0171 3820  Deinitialize success
 

 



#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 12 January 2014 - 09:54 PM

Hi mikej62,
  • You may think I am being overly particular, but it is important that you read the instructions carefully and follow them precisely. Tools need to be saved and run from the Desktop. Saving and running the tools from somewhere other than the desktop doesn't provide a complete or accurate log for review.
  • It is not necessary to place your reply in quote tags, just copy and paste into the reply window.
=========================

With that in mind kindly re-run Combofix and provide the log generated in your next reply.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 mikej62

mikej62

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 13 January 2014 - 11:08 AM

My bad.

 

Log:

ComboFix 14-01-13.01 - Nashih 01/13/2014  12:02:49.6.2 - x86
Running from: c:\documents and settings\Nashih\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-13 to 2014-01-13  )))))))))))))))))))))))))))))))
.
.
2014-01-10 19:21 . 2014-01-11 22:43    --------    d-----w-    C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 02:59 . 2004-08-04 01:07    150528    ------w-    c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2004-08-04 01:07    591360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2009-10-08 00:06    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
2013-10-30 02:26 . 2004-08-04 01:07    1879040    ------w-    c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2004-08-04 01:07    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2004-08-04 01:07    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2004-08-04 01:07    18944    ------w-    c:\windows\system32\corpol.dll
2013-10-29 07:57 . 2004-08-04 01:07    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-10-29 00:45 . 2004-08-04 01:07    385024    ------w-    c:\windows\system32\html.iec
2013-10-23 23:45 . 2004-08-04 01:07    172032    ------w-    c:\windows\system32\scrrun.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2012-07-18 23:33 . 3F677172F23FC17283D9BCE4B42E3F65 . 913888 . . [14.0.1] . . c:\windows\ERDNT\cache\firefox.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Driver Whiz"="c:\program files\Driver Whiz\Driver Whiz\DriverWhiz.exe" [2013-01-25 3534704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-14 536576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"ICF"="c:\program files\Internet Content Filter\mfp.exe" [2010-03-09 1280016]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2011-04-05 6156336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe [x]
R3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\Drivers\XLoader.sys [2004-09-04 13184]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2011-03-22 29832]
S2 fpUpdateSvc;Family Protection Update Service;c:\program files\Internet Content Filter\UpdateService.exe [2010-03-09 235024]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2013-09-13 350792]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-21 50704]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2011-07-04 1201656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper    REG_MULTI_SZ       getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-18 18:23    1210320    ----a-w-    c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 17:32]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-11 17:24]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-11 17:24]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.0.1
FF - ProfilePath - c:\documents and settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: keyword.enabled - false
FF - ExtSQL: 2013-11-20 14:41; {1e0fd655-5aea-4b4c-a583-f76ef1e3af9c}; c:\documents and settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\extensions\{1e0fd655-5aea-4b4c-a583-f76ef1e3af9c}.xpi
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-13 12:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1596)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2014-01-13  12:07:39
ComboFix-quarantined-files.txt  2014-01-13 17:07
ComboFix2.txt  2014-01-13 16:57
ComboFix3.txt  2014-01-12 19:56
.
Pre-Run: 121,898,356,736 bytes free
Post-Run: 121,878,560,768 bytes free
.
- - End Of File - - F5973972921137BCF93C6AB93667A5E0
8F558EB6672622401DA993E1E865C861



#10 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 13 January 2014 - 03:05 PM

Hi mikej62,

Firewall & Anti-Virus software is missing from the header of your ComboFix log.
  • What programs are you using to protect your computer from infection?
  • Have you run ComboFix in the past? (recently)
=========================

Your log also shows a network proxy, did you make this selection?

=========================

bullseye_zpse9eaf36e.gif P2P - (Peer to Peer)

I see you have/had P2P software BitTorrent & SteamTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • BitTorrent
  • StreamTorrent 1.0
If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

You stated in your original post that you were receiving error messages from Driver Wizard. Let's remove it and re-install it and see if that corrects the problem.

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • Driver Whiz
=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

If you would like to re-install it please visit this website and re-download and install a fresh copy.

bullseye_zpse9eaf36e.gif Reboot

If you don't re-install there is no need to reboot.

=========================

Test and see if problem is still present.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#11 mikej62

mikej62

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 13 January 2014 - 03:32 PM

The programs I use for computer protection is Spysweeper though its expired. I also use Malwarebytes.

 

I ran combofix 3 times in the past 2 days. Before that it was like a year since I had to use combofix (for another virus)

 

As far as removing driver whiz. When I try to that, it freezes the second I click the remove button. It did that a few times. Is there any other way to remove the program?



#12 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 13 January 2014 - 03:40 PM

Hi mikej62 ,

MalwareBytes is not an Anti-Virus program. You should have one Firewall and one Anti-Virus program installed and running at all times to help prevent infection.

bullseye_zpse9eaf36e.gif Firewall or Anti-Virus

AntiVirus Program
I noticed that you don't have an Antivirus program installed on your system. As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.

I would recommend that you install one of these free Antivirus programs immediately. Just choose one:
Microsoft Security Essentials
Avast

Firewall Program

If you have not already done so, turn on your Windows Firewall. Start > Control Panel > Windows Firewall > select On > OK

OR

If you would care to choose from a few free firewalls there are some, with the links, below. Just choose one:
Online Armor Free
Agnitum Outpost Firewall Free
Zone Alarm Free

=========================

bullseye_zpse9eaf36e.gif Revo Uninstaller Pro

Please download Revo Uninstaller Pro and save it to your desktop.
(This version is a fully functional, 30 day free trial)
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • From the list of programs click on
    Driver Whiz
  • Chose "Uninstall". When prompted click Yes.
  • Make sure the advanced option is checked... then click Next.
  • The program will run, when prompted... click Yes... then Next.
  • Once the program has searched for leftovers click Next.
  • Check ONLY the bolded items on the list then... click Next... then Yes.
  • When done click Finish.
=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

Test performance and report back
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#13 mikej62

mikej62

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 13 January 2014 - 03:53 PM

I tried revo uninstaller and it seemed to work. I reboote  d the computer and the driverwhiz.exe pop up hasn't come up. Thanks so much.



#14 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 13 January 2014 - 04:25 PM

Hi mikej62,

Good.  :thumbup:  Let's retry Security Check and a fresh FRST scan.

 

If Security Check still will not run, continue on with the FRST scan

In your next post please provide the following:

  • check-up.txt
  • FRST.txt
  • How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#15 mikej62

mikej62

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 13 January 2014 - 05:13 PM

I tried the security check scan and when I click it to start, I got a popup similar to the one I had before but this its says "Autolt v3: Objlist.exe- Bad Image". Though fortunately when I click x twice, it goes away unlike the problem I previously had.

 

here is the finished security check log that popped up after the scan finished.

 

Results of screen317's Security Check version 0.99.78  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spy Sweeper for MSN  
 Spy Sweeper Core   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 30  
 Java version out of Date!
 Adobe Flash Player     11.6.602.171  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox 9.0 Firefox out of Date!  
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````
 

 

Here is the frst.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-01-2014 03
Ran by Nashih (administrator) on HOME-7992934537 on 11-01-2014 17:44:32
Running from C:\Documents and Settings\Nashih\My Documents\Downloads
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

ATTENTION: If processes are not listed WMI should be repaired.


==================== Processes (Whitelisted) ===================



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16125440 2007-02-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] - C:\Windows\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Samsung PanelMgr] - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [536576 2008-08-13] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-09] (Nero AG)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [ICF] - C:\Program Files\Internet Content Filter\mfp.exe [1280016 2010-03-09] (McAfee, Inc.)
HKLM\...\Run: [SpySweeper] - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [6156336 2011-04-05] (Webroot Software, Inc.)
HKLM\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG)
HKCU\...\Run: [Driver Whiz] - C:\Program Files\Driver Whiz\Driver Whiz\DriverWhiz.exe [3534704 2013-01-25] (PC Drivers Headquarters)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] shell32.dll ATTENTION! ====> ZeroAccess/Alureon?
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-03-12] (Nero AG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: HKCU - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} -  No File
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default
FF user.js: detected! => C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "http", "68.71.76.242"
FF NetworkProxy: "http_port", 8082
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll ()
FF Plugin: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Nashih\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Nashih\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF Extension: iMacros for Firefox - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013-12-23]
FF Extension: Adobe DLM (powered by getPlus®) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009-11-04]
FF Extension: Clear Form History - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{1e0fd655-5aea-4b4c-a583-f76ef1e3af9c}.xpi [2013-11-20]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-01-13]
FF HKLM\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] - C:\Program Files\fbphotozoom\fbphotozoom15.xpi
FF Extension: FBPhotoZoom - C:\Program Files\fbphotozoom\fbphotozoom15.xpi [2012-03-24]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Documents and Settings\Nashih\Application Data\Move Networks
FF Extension: No Name - C:\Documents and Settings\Nashih\Application Data\Move Networks [2009-11-07]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (getPlusPlus for Adobe 16248) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Nashih\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (FBPHOTOZOOM) - C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\3.0_0 [2014-01-07]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2014-01-07]
CHR HKLM\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files\fbphotozoom\fbphotozoom15.crx [2012-03-24]

========================== Services (Whitelisted) =================

S4 Alerter; C:\Windows\system32\alrsvc.dll [17408 2008-04-13] ()
S3 Dot3svc; C:\Windows\System32\dot3svc.dll [132096 2008-04-13] ()
R2 fpUpdateSvc; C:\Program Files\Internet Content Filter\UpdateService.exe [235024 2010-03-09] (McAfee, Inc.)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-11-10] (Sun Microsystems, Inc.)
S2 LCOM Service; C:\Documents and Settings\Nashih\My Documents\Downloads\YouTubeViewer\YTVC.exe [93696 2011-10-17] (Microsoft)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 WebrootSpySweeperService; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [4048256 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] ()
R2 WRConsumerService; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [1201656 2011-07-03] (Webroot Software, Inc. )
S3 Roxio UPnP Renderer 11; "C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe" [x]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-03] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-11] ()
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-21] (CACE Technologies, Inc.)
R0 nvata; C:\Windows\System32\DRIVERS\nvata.sys [105472 2006-10-17] (NVIDIA Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [57856 2006-09-27] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [19968 2006-09-27] (NVIDIA Corporation)
S0 sr; C:\Windows\System32\DRIVERS\sr.sys [73472 2008-04-13] ()
R0 ssfs0bbc; C:\Windows\System32\DRIVERS\ssfs0bbc.sys [29832 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
R0 sshrmd; C:\Windows\System32\DRIVERS\sshrmd.sys [23176 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [176776 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
S3 WISTechVIDCAP; C:\Windows\System32\drivers\Xstream.sys [118400 2004-09-03] (Plextor Corp.)
S1 WS2IFSL; C:\Windows\System32\drivers\ws2ifsl.sys [12032 2004-08-03] ()
S3 WudfRd; C:\Windows\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] ()
S3 XLoader; C:\Windows\System32\Drivers\XLoader.sys [13184 2004-09-03] (Plextor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz132; \??\C:\DOCUME~1\Nashih\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-10 14:21 - 2014-01-11 17:43 - 00000000 ____D C:\FRST
2014-01-08 16:14 - 2014-01-08 16:14 - 00000499 _____ C:\Documents and Settings\Nashih\Desktop\MBR.zip
2014-01-08 16:13 - 2014-01-08 16:13 - 00002007 _____ C:\Documents and Settings\Nashih\Desktop\aswMBR.txt
2014-01-08 16:13 - 2014-01-08 16:13 - 00000512 _____ C:\Documents and Settings\Nashih\Desktop\MBR.dat
2014-01-05 15:25 - 2014-01-05 15:25 - 00000000 ____D C:\Documents and Settings\Nashih\My Documents\New Folder (2)
2014-01-03 22:26 - 2014-01-03 22:26 - 00039823 _____ C:\Documents and Settings\Nashih\My Documents\Book11.xlsx
2013-12-31 11:04 - 2013-12-31 11:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-23 14:07 - 2013-12-23 14:08 - 00012685 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00005000 _____ C:\WINDOWS\KB2904266.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-23 14:04 - 2013-12-23 14:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-18 13:45 - 2013-12-23 14:07 - 00011252 _____ C:\WINDOWS\KB2898715.log
2013-12-18 13:45 - 2013-12-23 14:04 - 00010089 _____ C:\WINDOWS\KB2893294.log
2013-12-18 13:45 - 2013-12-23 14:03 - 00010788 _____ C:\WINDOWS\KB2893984.log
2013-12-18 13:45 - 2013-12-23 14:03 - 00009292 _____ C:\WINDOWS\KB2892075.log

==================== One Month Modified Files and Folders =======

2014-01-11 17:43 - 2014-01-10 14:21 - 00000000 ____D C:\FRST
2014-01-11 17:32 - 2012-06-05 00:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-11 17:23 - 2012-08-11 12:24 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-11 13:23 - 2012-08-11 12:24 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-11 12:59 - 2009-10-06 21:01 - 01646011 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-11 12:54 - 2009-10-06 21:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-11 12:54 - 2009-10-06 16:55 - 00000159 ____C C:\WINDOWS\wiadebug.log
2014-01-11 12:54 - 2009-10-06 16:55 - 00000049 ____C C:\WINDOWS\wiaservc.log
2014-01-10 11:32 - 2009-10-14 15:24 - 00002473 _____ C:\Documents and Settings\Nashih\Desktop\Microsoft Office Excel 2007.lnk
2014-01-10 10:38 - 2004-08-03 20:07 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-09 16:34 - 2009-10-06 21:06 - 00000178 __SHC C:\Documents and Settings\Nashih\ntuser.ini
2014-01-09 16:34 - 2009-10-06 21:06 - 00000000 ____D C:\Documents and Settings\Nashih
2014-01-09 16:34 - 2009-10-06 21:05 - 00032540 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-08 16:14 - 2014-01-08 16:14 - 00000499 _____ C:\Documents and Settings\Nashih\Desktop\MBR.zip
2014-01-08 16:13 - 2014-01-08 16:13 - 00002007 _____ C:\Documents and Settings\Nashih\Desktop\aswMBR.txt
2014-01-08 16:13 - 2014-01-08 16:13 - 00000512 _____ C:\Documents and Settings\Nashih\Desktop\MBR.dat
2014-01-05 15:25 - 2014-01-05 15:25 - 00000000 ____D C:\Documents and Settings\Nashih\My Documents\New Folder (2)
2014-01-03 22:26 - 2014-01-03 22:26 - 00039823 _____ C:\Documents and Settings\Nashih\My Documents\Book11.xlsx
2014-01-01 11:33 - 2012-05-06 12:45 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-31 11:05 - 2013-12-31 11:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-23 14:30 - 2011-09-14 15:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-23 14:14 - 2009-10-06 16:52 - 00291680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-23 14:08 - 2013-12-23 14:07 - 00012685 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-23 14:08 - 2009-10-06 16:54 - 00704065 ____C C:\WINDOWS\ocgen.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00005000 _____ C:\WINDOWS\KB2904266.log
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-23 14:07 - 2013-12-23 14:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-23 14:07 - 2013-12-18 13:45 - 00011252 _____ C:\WINDOWS\KB2898715.log
2013-12-23 14:07 - 2013-08-26 02:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-23 14:07 - 2009-10-07 20:15 - 00055518 ____C C:\WINDOWS\system32\TZLog.log
2013-12-23 14:07 - 2009-10-07 19:15 - 00038737 ____C C:\WINDOWS\updspapi.log
2013-12-23 14:04 - 2013-12-23 14:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-23 14:04 - 2013-12-18 13:45 - 00010089 _____ C:\WINDOWS\KB2893294.log
2013-12-23 14:04 - 2009-10-07 19:31 - 88123800 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-23 14:03 - 2013-12-23 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-23 14:03 - 2013-12-18 13:45 - 00010788 _____ C:\WINDOWS\KB2893984.log
2013-12-23 14:03 - 2013-12-18 13:45 - 00009292 _____ C:\WINDOWS\KB2892075.log
2013-12-18 13:29 - 2012-10-27 19:14 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-12-18 13:14 - 2012-08-06 19:46 - 00000000 ____D C:\Documents and Settings\Nashih\Desktop\Samir

ZeroAccess:
C:\RECYCLER\S-1-5-21-1214440339-1614895754-725345543-1003\$142e8fc1cdeb2027af6c9d8d24fdebc2

Some content of TEMP:
====================
C:\Documents and Settings\Nashih\Local Settings\temp\InstallNorton.exe
C:\Documents and Settings\Nashih\Local Settings\temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Documents and Settings\Nashih\Local Settings\temp\install_flashplayer11x32_mssd_aaa_aih_1.exe
C:\Documents and Settings\Nashih\Local Settings\temp\mcinsint.exe
C:\Documents and Settings\Nashih\Local Settings\temp\SymcPCCUInstaller.exe
C:\Documents and Settings\Nashih\Local Settings\temp\VASInstallerWizard.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users