Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus scanner probably not working and have detected zperm in the past


  • This topic is locked This topic is locked
13 replies to this topic

#1 jefferysitz

jefferysitz

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 29 October 2013 - 08:29 PM

This topic has a bit of history, if you would like to see it, the thread is

 

http://www.bleepingcomputer.com/forums/t/512145/strange-disk-behavior-and-win32zperm/

 

I had been using AVG internet security as my primary defense and Ad-aware anti-virus in its compatibility setting which Ad-aware says is okay with AVG.  I also use WinPatrol and SpybodSD's tea timer.

 

There was an infection a month or so ago that I thought we had delt with but now I am not so sure.

http://www.bleepingcomputer.com/forums/t/508728/dds-and-combofix-logs-as-requested/?hl=requested#entry3174075

About a week ago my primary hard drive started giving a "boot disk not found error".  I ran chkdsk and it seemed okay.  I got the error a second time the next day, powered down the computer and rebooted and have had no problem since.

 

However, yesterday I got a recurring virus detection of win32/zperm from AVG.  I cleaned it several times and it came back.

 

Next, WinPatrol gave me messages that AdAware AV, WinPatrol, Spybot Search and Destroy Tea Timer, AVG Toolbar and RTHDCPL.exe had been removed from my startup.  Since that time I have had no virus detections.

 

On instruction by the previous person, I removed AdAware AV, Gomez Peer, Antimalware engine (a part of AdAware), uTorrent and some other things.

 

The AdAware AV. I had a tremendous amount of trouble removing.  I uninstalled, deleted the folder, scoured the system every way I could think of and it still shows up as being installed on Security Check.

There is an issue with the Panzilla component of Gomez Peer showing as a virus on some scanners but I researched this and no one said it was a problem.  I have ran the program for over 10 years with no problems.

 

Now WinPatrol, SpybotSD and AVG internet Security are showing on my taskbar but I suspect they are not working.  The last MiniToolbox check I ran showed several AVG drivers as not being loaded.

 

I have never downloaded anything but jpg and pdf files on the uTorrent and the last person said all my jpgs and pdfs were infected???  According to research at Symantec and Adobe, it is impossible to get a virus from a jpg, or a pdf without clicking a link inside the pdf.  I have never done this.

 

Ok, on to the logs.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Possumsjagger at 19:50:35 on 2013-10-29
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3327.2118 [GMT -5:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {22CB8761-914A-11CF-B705-00AA0062CBB7}
AV: AVG Internet Security 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2014 *Enabled*
FW: Ad-Aware Firewall *Disabled*
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
\??\C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AVG\AVG2014\avgfws.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
\??\C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG2014\avgmfapx.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
EB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - <orphaned>
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351291633796
TCP: NameServer = 10.0.0.2 192.168.1.1
TCP: Interfaces\{6AF5D1E5-4A96-4D5C-91F2-62C0D52E389A} : NameServer = 66.38.0.240,66.38.1.240
TCP: Interfaces\{6AF5D1E5-4A96-4D5C-91F2-62C0D52E389A} : DHCPNameServer = 10.0.0.2 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: AtiExtEvent - Ati2evxx.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\possumsjagger\application data\mozilla\firefox\profiles\58hjwsem.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/
FF - prefs.js: keyword.URL - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=bs&q=
FF - prefs.js: network.proxy.ftp_port - 8001
FF - prefs.js: network.proxy.http_port - 8001
FF - prefs.js: network.proxy.socks_port - 8001
FF - prefs.js: network.proxy.ssl_port - 8001
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\possumsjagger\application data\sony online entertainment\npsoe.dll
FF - plugin: c:\documents and settings\possumsjagger\application data\sony online entertainment\npsoeact.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-09-29 13:32; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\possumsjagger\application data\mozilla\firefox\profiles\58hjwsem.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-09-29 13:32; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\possumsjagger\application data\mozilla\firefox\profiles\58hjwsem.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-9-2 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-9-2 223032]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-8-20 102200]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-8 27448]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-9-29 13560]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-9-2 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-9-2 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-9-29 37664]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2012-10-24 8192]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2012-8-23 158552]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2012-8-23 91992]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2014\avgfws.exe [2013-9-25 1358944]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-10-3 3538480]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-25 301152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-28 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-10-28 701512]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-4-4 103040]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-28 22856]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2012-8-20 104792]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2012-8-20 116056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-4-4 1691480]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2013-5-14 266240]
.
=============== Created Last 30 ================
.
2013-10-29 13:07:53    --------    d-----w-    c:\program files\common files\Lavasoft
2013-10-29 02:02:52    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-29 02:02:51    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-10-28 18:04:33    --------    d-sha-r-    C:\cmdcons
2013-10-28 18:02:30    98816    ----a-w-    c:\windows\sed.exe
2013-10-28 18:02:30    256000    ----a-w-    c:\windows\PEV.exe
2013-10-28 18:02:30    208896    ----a-w-    c:\windows\MBR.exe
2013-10-28 17:39:12    --------    d-----w-    C:\AdwCleaner
2013-10-15 01:24:11    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2013-10-15 01:24:11    14976    -c----w-    c:\windows\system32\dllcache\usbscan.sys
2013-10-15 01:23:20    60160    -c----w-    c:\windows\system32\dllcache\usbaudio.sys
2013-10-15 01:23:20    46848    -c----w-    c:\windows\system32\dllcache\irbus.sys
2013-10-15 01:23:20    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2013-10-15 01:22:45    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2013-10-15 01:22:45    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2013-10-15 01:22:45    30336    -c----w-    c:\windows\system32\dllcache\usbehci.sys
2013-10-15 01:22:45    144128    -c----w-    c:\windows\system32\dllcache\usbport.sys
2013-10-09 14:48:33    17813896    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-10-01 00:37:15    --------    d-----w-    c:\documents and settings\all users\application data\Licenses
2013-10-01 00:37:06    129872    ----a-w-    c:\windows\system32\MSSTDFMT.DLL
2013-10-01 00:37:06    --------    d-----w-    c:\program files\SpywareBlaster
2013-09-30 18:45:30    --------    d-----w-    c:\documents and settings\all users\application data\IObit
2013-09-30 18:45:18    --------    d-----w-    c:\program files\IObit
.
==================== Find3M  ====================
.
2013-10-13 18:50:00    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-10-09 15:48:41    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 15:48:41    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-29 21:00:20    44424    ----a-w-    c:\windows\system32\sbbd.exe
2013-09-29 21:00:20    13560    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-09-26 01:57:14    120632    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
2013-09-23 18:33:58    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33:57    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 18:06:48    385024    ------w-    c:\windows\system32\html.iec
2013-09-11 03:11:44    22840    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 03:12:16    27448    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 15:39:32    176952    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-09-02 15:28:06    145720    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-09-02 15:28:04    209208    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 15:28:00    223032    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-08-29 01:31:44    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-09 01:56:45    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-09 00:55:08    144128    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07    32384    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06    5376    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30:32    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-01 21:08:52    193848    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
.
============= FINISH: 19:51:06.42 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/4/2012 11:50:49 AM
System Uptime: 10/29/2013 9:07:25 AM (10 hours ago)
.
Motherboard: BIOSTAR Group |  | TA780G M2+
Processor: AMD Athlon™ 7750 Dual-Core Processor | CPU 1 | 2700/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 73 GiB total, 32.315 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
S: is FIXED (NTFS) - 186 GiB total, 14.833 GiB free.
Y: is FIXED (NTFS) - 74 GiB total, 43.434 GiB free.
Z: is FIXED (NTFS) - 195 GiB total, 53.605 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB Device
Device ID: USB\VID_4348&PID_5512\5&CF8D8DA&0&1
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_4348&PID_5512\5&CF8D8DA&0&1
Service:
.
==== System Restore Points ===================
.
RP1: 10/29/2013 7:56:40 AM - System Checkpoint
RP2: 10/29/2013 8:06:22 AM - AA11
RP3: 10/29/2013 8:07:55 AM - AA11
RP4: 10/29/2013 8:11:05 AM - Removed Microsoft Silverlight
RP5: 10/29/2013 8:11:40 AM - Configured Microsoft Flight Simulator X Demo
.
==== Installed Programs ======================
.
135 HP Piper Tripacer, N3343A
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Adobe Shockwave Player 12.0
Age of Conan: Unchained
AMD Catalyst Install Manager
AMD Processor Driver
AntimalwareEngine
ArtistScope Plugin FX
ATI AVIVO Codecs
ATI Parental Control & Encoder
AVG 2012
AVG 2014
AVG SafeGuard toolbar
Beechcraft Bonanza F33A For FS2004
Belarc Advisor 8.1
BTGuard 2.6
calibre
Carenado C 152 II
Carenado Mooney M20J
Carenado Piper Dakota 236
Carenado Premium Cessna 210M Centurion II
CCleaner
Cisco Connect
CloneSpy 2.7
Defraggler
EditVoicepack
EQ2MAP Updater 1.2.10
EverQuest
EverQuest II
Explorer Suite IV
EZ Scenery Library
FSGenesis Afghanistan - North 19m Terrain Mesh for FS2004
FSGenesis Afghanistan - South 19m Terrain Mesh for FS2004
FSGenesis Alabama 19m Terrain Mesh for FS2004
FSGenesis Alaska 38.2m Terrain
FSGenesis Alaska 76.4m Terrain
FSGenesis Alberta 19m Terrain Mesh for FS2004
FSGenesis Alps 19.1m Terrain
FSGenesis Andes Mountains 76.4m Terrain
FSGenesis Appalachians & Northeast 38m Terrain
FSGenesis Arizona 19m Terrain Mesh for FS2004
FSGenesis Arkansas 19m Terrain Mesh for FS2004
FSGenesis Atlantic Canada 38.2m Terrain
FSGenesis Australia 76.4m Terrain
FSGenesis Belarus 19m Terrain Mesh for FS2004
FSGenesis Brazilian Highlands 76.4m Terrain
FSGenesis British Columbia - NE 19m Terrain Mesh for FS2004
FSGenesis British Columbia - NW 19m Terrain Mesh for FS2004
FSGenesis British Columbia - SE 19m Terrain Mesh for FS2004
FSGenesis British Columbia - SW 19m Terrain Mesh for FS2004
FSGenesis Bulgaria 19m Terrain Mesh for FS2004
FSGenesis California 19m Terrain Mesh for FS2004
FSGenesis Canada 76.4m Terrain
FSGenesis Canada Interior Plains 38.2m Terrain
FSGenesis Central Africa 76.4m Terrain
FSGenesis Colorado 19m Terrain Mesh for FS2004
FSGenesis Cordillera Canada 38.2m Terrain
FSGenesis Cuba 19m Terrain Mesh for FS2004
FSGenesis Cypress 19m Terrain Mesh for FS2004
FSGenesis Eastern Hemisphere - North 153m Terrain
FSGenesis Eastern Hemisphere - Southeast 153m Terrain
FSGenesis Eastern Hemisphere - Southwest 153m Terrain
FSGenesis Eastern Hemisphere 306m Terrain
FSGenesis Eastern Siberia Terrain Mesh for FS2004
FSGenesis Egypt - North 19m Terrain Mesh for FS2004
FSGenesis Egypt - South 19m Terrain Mesh for FS2004
FSGenesis Ethiopia - North 19m Terrain Mesh for FS2004
FSGenesis Ethiopia - South 19m Terrain Mesh for FS2004
FSGenesis Europe 76.4m Terrain
FSGenesis Florida 19m Terrain Mesh for FS2004
FSGenesis Georgia 19m Terrain Mesh for FS2004
FSGenesis Greece 19m Terrain Mesh for FS2004
FSGenesis Hawaiian Islands 10m Terrain & Landclass
FSGenesis Himalayas 76.4m Terrain
FSGenesis Hungary 19m Terrain Mesh for FS2004
FSGenesis Idaho 19m Terrain Mesh for FS2004
FSGenesis Illinois 19m Terrain Mesh for FS2004
FSGenesis Indiana 19m Terrain Mesh for FS2004
FSGenesis Iowa 19m Terrain Mesh for FS2004
FSGenesis Iran - North 19m Terrain Mesh for FS2004
FSGenesis Iran - South 19m Terrain Mesh for FS2004
FSGenesis Iraq 19m Terrain Mesh for FS2004
FSGenesis Israel 19m Terrain Mesh for FS2004
FSGenesis Jordan 19m Terrain Mesh for FS2004
FSGenesis Kansas 19m Terrain Mesh for FS2004
FSGenesis Kentucky 19m Terrain Mesh for FS2004
FSGenesis Lebanon 19m Terrain Mesh for FS2004
FSGenesis Libya - Central 19m Terrain Mesh for FS2004
FSGenesis Libya - North 19m Terrain Mesh for FS2004
FSGenesis Libya - South 19m Terrain Mesh for FS2004
FSGenesis Louisiana 19m Terrain Mesh for FS2004
FSGenesis Madagascar 19m Terrain Mesh for FS2004
FSGenesis Maine 19m Terrain Mesh for FS2004
FSGenesis Manitoba 19m Terrain Mesh for FS2004
FSGenesis Maryland-Delaware 19m Terrain Mesh for FS2004
FSGenesis Massachutsetts-Connecticut-Rhode Island 19m Terrain Mesh for FS2004
FSGenesis Mexico 38.2m Terrain
FSGenesis Michigan 19m Terrain Mesh for FS2004
FSGenesis Middle East 76.4m Terrain
FSGenesis Minnesota 19m Terrain Mesh for FS2004
FSGenesis Mississippi 19m Terrain Mesh for FS2004
FSGenesis Missouri 19m Terrain Mesh for FS2004
FSGenesis Montana 19m Terrain Mesh for FS2004
FSGenesis Nebraska 19m Terrain Mesh for FS2004
FSGenesis Nevada 19m Terrain Mesh for FS2004
FSGenesis New Brunswick 19m Terrain Mesh for FS2004
FSGenesis New Hampshire 19m Terrain Mesh for FS2004
FSGenesis New Jersey 19m Terrain Mesh for FS2004
FSGenesis New Mexico 19m Terrain Mesh for FS2004
FSGenesis New York 19m Terrain Mesh for FS2004
FSGenesis Newfoundland 19m Terrain Mesh for FS2004
FSGenesis North Asia 76.4m Terrain
FSGenesis North Atlantic Terrain for FS2004
FSGenesis North Carolina 19m Terrain Mesh for FS2004
FSGenesis North Dakota 19m Terrain Mesh for FS2004
FSGenesis Northern Africa 76.4m Terrain
FSGenesis Northern Canada 76.4m Terrain
FSGenesis Northern Russia Terrain Mesh for FS2004
FSGenesis Northwest Territories - Central 19m Terrain Mesh for FS2004
FSGenesis Northwest Territories - North 19m Terrain Mesh for FS2004
FSGenesis Northwest Territories - South 19m Terrain Mesh for FS2004
FSGenesis Nova Scotia 19m Terrain Mesh for FS2004
FSGenesis Ohio 19m Terrain Mesh for FS2004
FSGenesis Oklahoma 19m Terrain Mesh for FS2004
FSGenesis Oman 19m Terrain Mesh for FS2004
FSGenesis Ontario - North 19m Terrain Mesh for FS2004
FSGenesis Ontario - South 19m Terrain Mesh for FS2004
FSGenesis Ontario 38.2m Terrain
FSGenesis Oregon 19m Terrain Mesh for FS2004
FSGenesis Pacific Islands 76.4m Terrain
FSGenesis Pakistan - North 19m Terrain Mesh for FS2004
FSGenesis Pakistan - South 19m Terrain Mesh for FS2004
FSGenesis Pennsylvania 19m Terrain Mesh for FS2004
FSGenesis Poland 19m Terrain Mesh for FS2004
FSGenesis Quebec - Central 19m Terrain Mesh for FS2004
FSGenesis Quebec - North 19m Terrain Mesh for FS2004
FSGenesis Quebec - South 19m Terrain Mesh for FS2004
FSGenesis Romania 19m Terrain Mesh for FS2004
FSGenesis Russia 76.4m Terrain
FSGenesis Saskatchewan 19m Terrain Mesh for FS2004
FSGenesis Saudi Arabia - Central 19m Terrain Mesh for FS2004
FSGenesis Saudi Arabia - North 19m Terrain Mesh for FS2004
FSGenesis Saudi Arabia - South 19m Terrain Mesh for FS2004
FSGenesis Scandinavia Terrain Mesh for FS2004
FSGenesis Slovakia 19m Terrain Mesh for FS2004
FSGenesis South Asia & Indonesia 76.4m Terrain
FSGenesis South Carolina 19m Terrain Mesh for FS2004
FSGenesis South Dakota 19m Terrain Mesh for FS2004
FSGenesis Southern Africa 76.4m Terrain
FSGenesis Syria 19m Terrain Mesh for FS2004
FSGenesis Tennessee 19m Terrain Mesh for FS2004
FSGenesis Texas & Southeast 38m Terrain
FSGenesis Texas 19m Terrain Mesh for FS2004
FSGenesis The Balkans 19m Terrain Mesh for FS2004
FSGenesis The Great Plains 38m Terrain
FSGenesis The Orient 76.4m Terrain
FSGenesis The Rockies 38m Terrain
FSGenesis The West Coast 38m Terrain
FSGenesis Turkey - East 19m Terrain Mesh for FS2004
FSGenesis Turkey - West 19m Terrain Mesh for FS2004
FSGenesis Ukraine - East 19m Terrain Mesh for FS2004
FSGenesis Ukraine - West 19m Terrain Mesh for FS2004
FSGenesis United States 76.4m Terrain
FSGenesis Utah 19m Terrain Mesh for FS2004
FSGenesis Venezuela & Angel Falls 76.4m Terrain
FSGenesis Vermont 19m Terrain Mesh for FS2004
FSGenesis Virginia 19m Terrain Mesh for FS2004
FSGenesis Washington 19m Terrain Mesh for FS2004
FSGenesis West Virginia 19m Terrain Mesh for FS2004
FSGenesis Western Hemisphere - North 153m Terrain
FSGenesis Western Hemisphere - South 153m Terrain
FSGenesis Western Hemisphere 306m Terrain
FSGenesis Western Siberia Terrain Mesh for FS2004
FSGenesis Wisconsin 19m Terrain Mesh for FS2004
FSGenesis Worldwide LOD 4/5/6 Terrain
FSGenesis Wyoming 19m Terrain Mesh for FS2004
FSGenesis Yemen 19m Terrain Mesh for FS2004
FSGenesis Yukon Territory - N 19m Terrain Mesh for FS2004
FSGenesis Yukon Territory - S 19m Terrain Mesh for FS2004
FSGenesis Yukon Territory 38.2m Terrain
FSNavigator
FSrealWX lite version 1.06.1469
Google Chrome
Google Drive
Google Earth Plug-in
Google Update Helper
Hawker Hurricane IIA for FS2004
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
ICQ7M
ImgBurn
IrfanView (remove only)
LibreOffice 4.0 Help Pack (English)
LibreOffice 4.0.1.2
LightScribe  1.4.142.1
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Combat Flight Simulator
Microsoft Flight
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 25.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyDefrag v4.3.1
MySQL Server 5.5
OpenAL
Oracle VM VirtualBox 4.1.20
PeerBlock 1.1 (r518)
Plan-G
Plan-G v3
PowerISO
Radio Range v4.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
RIFT
RoboForm 7-9-0-0 (All Users)
Rwy12 Library
SecondLifeViewer (remove only)
Secure Download Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB923789)
Skyhawk 172R by Flight One Software
Spybot - Search & Destroy
SpywareBlaster 5.0
Star Wars: The Old Republic
Strongvault Online Backup
swMSM
SyncToy 2.1 (x86)
T Utility Over Clock II
Tseries BIOS Update
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
VC 9.0 Runtime
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.3
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format Runtime
WinPatrol
WinRAR archiver
Xtreme RDP ActiveX Control
Yahoo! Messenger
Youtube Downloader HD v. 2.9.6
ZoneAlarm Firewall
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
10/29/2013 7:54:51 AM, error: Service Control Manager [7000]  - The Ad-Aware Service 11 service failed to start due to the following error:  The system cannot find the file specified.
10/29/2013 7:44:23 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/29/2013 7:43:10 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/29/2013 7:43:04 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdPPM Avgdiskx AVGIDSDriver AVGIDSShim Avgldx86 BANTExt BS_I2cIo Fips SCDEmu VBoxDrv VBoxUSBMon
10/29/2013 7:43:04 AM, error: Service Control Manager [7001]  - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/29/2013 7:41:50 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/29/2013 7:36:32 AM, error: Service Control Manager [7034]  - The Ad-Aware Service 11 service terminated unexpectedly.  It has done this 1 time(s).
10/28/2013 1:48:13 PM, error: MRxSmb [8003]  - The master browser has received a server announcement from the computer ZERO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6AF5D1E5-4A96-4D5C-91F2. The master browser is stopping or an election is being forced.
10/28/2013 1:05:38 PM, error: Service Control Manager [7016]  - The BrSplService service has reported an invalid current state 0.
10/26/2013 7:31:08 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
10/25/2013 12:52:45 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
10/25/2013 12:21:18 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the TrkWks service.
10/23/2013 12:15:57 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
10/23/2013 12:14:57 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the dmserver service.
.
==== End Of File ===========================
 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 01 November 2013 - 10:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
Please post the logs for my review.

#3 jefferysitz

jefferysitz
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 03 November 2013 - 01:30 PM

Ok, I forgot to mention one symptom.  When I am watching Netflix on fullscreen, the screen will pop out to normal and they blue bar at the top gets dim like another window is taking focus.  There is no other window to be found though and nothing in task manager.  This has not happened in a couple of days though.

 

TDSSKiller asked to update so I allowed it.  It had one new box "use ksn to scan objects."  It was checked by default so I left it alone.  If this is not right let me know and I will do it again.

 

aswMBR also asked to update definitions which I allowed.

 

Roguekiller made 2 logs, I included both.

 

I normally use WinRar, so I got 7zip to make the zip file.  Hopefully that is a safe program.

 

11:33:28.0502 0x1440  TDSS rootkit removing tool 3.0.0.16 Nov  1 2013 15:53:38
11:33:34.0377 0x1440  ============================================================
11:33:34.0377 0x1440  Current date / time: 2013/11/03 11:33:34.0377
11:33:34.0377 0x1440  SystemInfo:
11:33:34.0377 0x1440  
11:33:34.0377 0x1440  OS Version: 5.1.2600 ServicePack: 3.0
11:33:34.0377 0x1440  Product type: Workstation
11:33:34.0377 0x1440  ComputerName: POSSUM
11:33:34.0377 0x1440  UserName: Possumsjagger
11:33:34.0377 0x1440  Windows directory: C:\WINDOWS
11:33:34.0377 0x1440  System windows directory: C:\WINDOWS
11:33:34.0377 0x1440  Processor architecture: Intel x86
11:33:34.0377 0x1440  Number of processors: 2
11:33:34.0377 0x1440  Page size: 0x1000
11:33:34.0377 0x1440  Boot type: Normal boot
11:33:34.0377 0x1440  ============================================================
11:33:36.0315 0x1440  System UUID: {0E457B2C-8CFF-ABF1-EF9C-8D0557538E74}
11:33:37.0158 0x1440  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:33:37.0174 0x1440  Drive \Device\Harddisk1\DR1 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:33:37.0190 0x1440  ============================================================
11:33:37.0190 0x1440  \Device\Harddisk0\DR0:
11:33:37.0190 0x1440  MBR partitions:
11:33:37.0190 0x1440  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x927B5DA
11:33:37.0190 0x1440  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x927B619, BlocksNum 0x1869E598
11:33:37.0190 0x1440  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x21919BB1, BlocksNum 0x1731991E
11:33:37.0190 0x1440  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x6, StartLBA 0x38C334CF, BlocksNum 0x1751772
11:33:37.0190 0x1440  \Device\Harddisk1\DR1:
11:33:37.0190 0x1440  MBR partitions:
11:33:37.0190 0x1440  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
11:33:37.0190 0x1440  ============================================================
11:33:37.0205 0x1440  C: <-> \Device\Harddisk0\DR0\Partition1
11:33:37.0252 0x1440  Z: <-> \Device\Harddisk0\DR0\Partition2
11:33:37.0299 0x1440  S: <-> \Device\Harddisk0\DR0\Partition3
11:33:37.0346 0x1440  Y: <-> \Device\Harddisk1\DR1\Partition1
11:33:37.0346 0x1440  ============================================================
11:33:37.0346 0x1440  Initialize success
11:33:37.0346 0x1440  ============================================================
11:34:18.0924 0x1474  ============================================================
11:34:18.0924 0x1474  Scan started
11:34:18.0924 0x1474  Mode: Manual; SigCheck; TDLFS;
11:34:18.0924 0x1474  ============================================================
11:34:18.0924 0x1474  KSN ping started
11:34:21.0252 0x1474  KSN ping finished: true
11:34:21.0830 0x1474  ================ Scan system memory ========================
11:34:21.0830 0x1474  System memory - ok
11:34:21.0830 0x1474  ================ Scan services =============================
11:34:21.0924 0x1474  Abiosdsk - ok
11:34:21.0924 0x1474  abp480n5 - ok
11:34:21.0955 0x1474  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:34:22.0190 0x1474  ACPI - ok
11:34:22.0221 0x1474  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
11:34:22.0299 0x1474  ACPIEC - ok
11:34:22.0346 0x1474  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:34:22.0362 0x1474  AdobeFlashPlayerUpdateSvc - ok
11:34:22.0362 0x1474  adpu160m - ok
11:34:22.0393 0x1474  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:34:22.0487 0x1474  aec - ok
11:34:22.0518 0x1474  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:34:22.0533 0x1474  AFD - ok
11:34:22.0533 0x1474  Aha154x - ok
11:34:22.0549 0x1474  aic78u2 - ok
11:34:22.0549 0x1474  aic78xx - ok
11:34:22.0565 0x1474  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:34:22.0643 0x1474  Alerter - ok
11:34:22.0658 0x1474  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
11:34:22.0752 0x1474  ALG - ok
11:34:22.0752 0x1474  AliIde - ok
11:34:22.0830 0x1474  [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
11:34:22.0908 0x1474  Ambfilt - ok
11:34:22.0940 0x1474  [ 6E58654CB25730B2579E45E1FD116A47, F8E99959421E81B5F730647A5D6D1783BE0CFE92CFA6A53A8482F36901BE152C ] amdide          C:\WINDOWS\system32\DRIVERS\amdide.sys
11:34:22.0940 0x1474  amdide - ok
11:34:22.0987 0x1474  [ 033448D435E65C4BD72E70521FD05C76, A5462C22D5461F1BA06E81CD7E1ECE5409092DE53A8E4D3E78D089B65CB474D4 ] AmdPPM          C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
11:34:23.0002 0x1474  AmdPPM - ok
11:34:23.0018 0x1474  amsint - ok
11:34:23.0033 0x1474  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
11:34:23.0127 0x1474  AppMgmt - ok
11:34:23.0127 0x1474  asc - ok
11:34:23.0127 0x1474  asc3350p - ok
11:34:23.0127 0x1474  asc3550 - ok
11:34:23.0205 0x1474  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:34:23.0221 0x1474  aspnet_state - ok
11:34:23.0221 0x1474  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:34:23.0315 0x1474  AsyncMac - ok
11:34:23.0330 0x1474  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:34:23.0424 0x1474  atapi - ok
11:34:23.0424 0x1474  Atdisk - ok
11:34:23.0471 0x1474  [ 809B0EB83C75061C9DE2E528C65A1575, 7AB4CC3303111832C7CC16FAE310C07112EED6A41B0ABAAB498804BFA48CB399 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:34:23.0518 0x1474  Ati HotKey Poller - ok
11:34:23.0752 0x1474  [ 032F23B133B680B06861329C5A176EE0, 1288ABF05A960671C13AC00E0F296D7FD27018CF0E02C9C8A39E42BEE0B5000A ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:34:24.0096 0x1474  ati2mtag - ok
11:34:24.0127 0x1474  [ 924971A182E07463765EF9FA8876F24F, 62B849254390411AB33B2F0E209971970ADDD95D176803ADD9AFD19C493B3228 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
11:34:24.0143 0x1474  AtiHDAudioService - ok
11:34:24.0158 0x1474  [ D9BC8892B9440A2551B8148C57AA039E, FC5EFB83D62FEFEFE5D82EA33611659851B4F5E1C126C164A9650F8E2F83DF93 ] AtiHdmiService  C:\WINDOWS\system32\drivers\AtiHdmi.sys
11:34:24.0190 0x1474  AtiHdmiService - ok
11:34:24.0205 0x1474  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:34:24.0283 0x1474  Atmarpc - ok
11:34:24.0299 0x1474  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:34:24.0377 0x1474  AudioSrv - ok
11:34:24.0393 0x1474  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:34:24.0471 0x1474  audstub - ok
11:34:24.0502 0x1474  [ 8A7DC10E81E73994AF8D8FB4E921BA20, C9905638CC3CACAE77E907DAE061EC3D2A8AACC412004E905D0CD2BEA418EC91 ] Avgdiskx        C:\WINDOWS\system32\DRIVERS\avgdiskx.sys
11:34:24.0518 0x1474  Avgdiskx - ok
11:34:24.0533 0x1474  [ 8BE661C16FBF84A73BCEC84B6B4A9DB5, 7C93BB50B6EDDEAABB149045A52BDAE5DD9262DC87EEE537D766714E793292C5 ] Avgfwdx         C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
11:34:24.0549 0x1474  Avgfwdx - ok
11:34:24.0549 0x1474  [ 8BE661C16FBF84A73BCEC84B6B4A9DB5, 7C93BB50B6EDDEAABB149045A52BDAE5DD9262DC87EEE537D766714E793292C5 ] Avgfwfd         C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
11:34:24.0565 0x1474  Avgfwfd - ok
11:34:24.0690 0x1474  [ 55985B78AB0B3CC406C8BFDF772E05C2, AEC927EEFF7ED5B4B510E776D4A2C6BCEC6C6DB21B301FF86F7BF0247FB3499A ] avgfws          C:\Program Files\AVG\AVG2014\avgfws.exe
11:34:24.0752 0x1474  avgfws - ok
11:34:24.0846 0x1474  [ 332AEB8F6F9595C8886A7AA7A62322DC, CC2F2856257D10B72558660161732EB5FB5D8CCD8AC78EFED8263895A2529CC9 ] AVGIDSAgent     C:\Program Files\AVG\AVG2014\avgidsagent.exe
11:34:24.0971 0x1474  AVGIDSAgent - ok
11:34:25.0033 0x1474  [ E2D441E3F58C04DD91286F38916CE102, C03F50CE5BDFCBC2B0DB062D6517ADE99DFF8EB65859CF6122DC95D3167E7C7E ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
11:34:25.0049 0x1474  AVGIDSDriver - ok
11:34:25.0096 0x1474  [ 7E7E946C5620BD398BFCFA41E435545B, 0B2F496367F36BE20AD075DF0054E8DE083E690179F9C5C9ECF9B3677069D6CF ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
11:34:25.0112 0x1474  AVGIDSHX - ok
11:34:25.0127 0x1474  [ C3828E5C49924969799ED8B1E123A267, 26713E308FC9BBDF28BD4E47234002D6928AAA234F73B2248BB2466EBA41747E ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
11:34:25.0143 0x1474  AVGIDSShim - ok
11:34:25.0158 0x1474  [ A997D4A7361F4870A4F13BA5BF36F388, 1DF529F4207081E154BC377154A02FD641C20EF8BDB913C232465519AAC48827 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
11:34:25.0174 0x1474  Avgldx86 - ok
11:34:25.0205 0x1474  [ 62C926243D7875BDE097904E4DE4FFAD, 32730FEB5133F51A62DEDB9528EDE5A8F9A3C8121753D09699C5EEB930E4E217 ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
11:34:25.0221 0x1474  Avglogx - ok
11:34:25.0252 0x1474  [ 02C25C2974F728391E33A2E45A23FFA4, B36A9601BF855ABAC4855023913A8D977567AD15EDCC3FFAB3028A9B6FE5D2CA ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
11:34:25.0268 0x1474  Avgmfx86 - ok
11:34:25.0283 0x1474  [ 9745AD34365318593909EDDEDAE66B9A, 16374BF9789053AA0124CB8437E1192442F44E46D14435BF80A049CD0D47F16A ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
11:34:25.0299 0x1474  Avgrkx86 - ok
11:34:25.0330 0x1474  [ E98603F9D1F412F38ADF2F76053F9E5A, 1CE4668E0202ADD8C4C3D7D883DC837F7888F5D6E3B6FEE8338E15A86FE6AC22 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
11:34:25.0346 0x1474  Avgtdix - ok
11:34:25.0362 0x1474  [ 15ACA2AD17ACECA4814F249783E63AD3, AB8E74A5B8FC2FD04BA2B495610A8BE76408E9362A447D7069D5AAB8F3512F33 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
11:34:25.0377 0x1474  avgtp - ok
11:34:25.0408 0x1474  [ 07646F5F37F18F1F978CE3B0378EF1C9, 0BC440C3E8E617FA5D70D28413F091678E9FD4CF9F87CB8ED686609A0291D95B ] avgwd           C:\Program Files\AVG\AVG2014\avgwdsvc.exe
11:34:25.0424 0x1474  avgwd - ok
11:34:25.0455 0x1474  [ 5D7BE7B19E827125E016325334E58FF1, 76AE80C91BF53DF4EE18C92D47EDC6541C2013E3669278166079D1A4A24F9FB6 ] BANTExt         C:\WINDOWS\System32\Drivers\BANTExt.sys
11:34:25.0455 0x1474  BANTExt - detected UnsignedFile.Multi.Generic ( 1 )
11:34:28.0096 0x1474  Detect skipped due to KSN trusted
11:34:28.0096 0x1474  BANTExt - ok
11:34:28.0127 0x1474  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:34:28.0221 0x1474  Beep - ok
11:34:28.0237 0x1474  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:34:28.0377 0x1474  BITS - ok
11:34:28.0393 0x1474  [ CAC61BDD786A6928989451871FBCEDB8, 802263F5EF6934BA4542BA1BB9CFFBCC3193B8140E76E08C7F4F56EF41DC91BF ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
11:34:28.0408 0x1474  Brother XP spl Service - ok
11:34:28.0424 0x1474  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
11:34:28.0455 0x1474  Browser - ok
11:34:28.0471 0x1474  [ 9383FFA2AAD55F6CA4831ADDD0EDF230, 29132D806058E995261572067DB69032F4F2BA7FE7C91DA01F5276160847BA56 ] BS_I2cIo        C:\WINDOWS\system32\drivers\BS_I2cIo.sys
11:34:28.0471 0x1474  BS_I2cIo - detected UnsignedFile.Multi.Generic ( 1 )
11:34:31.0002 0x1474  Detect skipped due to KSN trusted
11:34:31.0002 0x1474  BS_I2cIo - ok
11:34:31.0065 0x1474  catchme - ok
11:34:31.0080 0x1474  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:34:31.0174 0x1474  cbidf2k - ok
11:34:31.0190 0x1474  cd20xrnt - ok
11:34:31.0205 0x1474  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:34:31.0299 0x1474  Cdaudio - ok
11:34:31.0315 0x1474  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:34:31.0393 0x1474  Cdfs - ok
11:34:31.0393 0x1474  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:34:31.0487 0x1474  Cdrom - ok
11:34:31.0487 0x1474  [ 84853B3FD012251690570E9E7E43343F, 65CACFA643E52A0C0E6B2D901228A8A0AD4993CAFA3C287E65395F4B7C521089 ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
11:34:31.0502 0x1474  cercsr6 - detected UnsignedFile.Multi.Generic ( 1 )
11:34:34.0033 0x1474  Detect skipped due to KSN trusted
11:34:34.0033 0x1474  cercsr6 - ok
11:34:34.0033 0x1474  Changer - ok
11:34:34.0065 0x1474  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:34:34.0143 0x1474  CiSvc - ok
11:34:34.0158 0x1474  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:34:34.0237 0x1474  ClipSrv - ok
11:34:34.0268 0x1474  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:34:34.0283 0x1474  clr_optimization_v2.0.50727_32 - ok
11:34:34.0315 0x1474  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:34:34.0330 0x1474  clr_optimization_v4.0.30319_32 - ok
11:34:34.0330 0x1474  CmdIde - ok
11:34:34.0330 0x1474  COMSysApp - ok
11:34:34.0346 0x1474  Cpqarray - ok
11:34:34.0362 0x1474  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:34:34.0440 0x1474  CryptSvc - ok
11:34:34.0471 0x1474  [ AEFB8558199BD5212B268B09BFA1D71A, 8623C845977FFCECA6E90F8B148B05AE8E85CF7C517652BE8ED44F597A749BEE ] CSHelper        C:\WINDOWS\system32\CSHelper.exe
11:34:34.0487 0x1474  CSHelper - detected UnsignedFile.Multi.Generic ( 1 )
11:34:37.0237 0x1474  Detect skipped due to KSN trusted
11:34:37.0237 0x1474  CSHelper - ok
11:34:37.0252 0x1474  dac2w2k - ok
11:34:37.0252 0x1474  dac960nt - ok
11:34:37.0283 0x1474  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:34:37.0362 0x1474  DcomLaunch - ok
11:34:37.0393 0x1474  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:34:37.0471 0x1474  Dhcp - ok
11:34:37.0487 0x1474  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:34:37.0549 0x1474  Disk - ok
11:34:37.0549 0x1474  dmadmin - ok
11:34:37.0596 0x1474  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:34:37.0690 0x1474  dmboot - ok
11:34:37.0721 0x1474  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:34:37.0799 0x1474  dmio - ok
11:34:37.0815 0x1474  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:34:37.0908 0x1474  dmload - ok
11:34:37.0924 0x1474  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:34:38.0002 0x1474  dmserver - ok
11:34:38.0018 0x1474  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:34:38.0096 0x1474  DMusic - ok
11:34:38.0112 0x1474  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:34:38.0158 0x1474  Dnscache - ok
11:34:38.0174 0x1474  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:34:38.0252 0x1474  Dot3svc - ok
11:34:38.0252 0x1474  dpti2o - ok
11:34:38.0268 0x1474  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:34:38.0346 0x1474  drmkaud - ok
11:34:38.0362 0x1474  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:34:38.0424 0x1474  EapHost - ok
11:34:38.0455 0x1474  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:34:38.0533 0x1474  ERSvc - ok
11:34:38.0549 0x1474  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
11:34:38.0596 0x1474  Eventlog - ok
11:34:38.0627 0x1474  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
11:34:38.0643 0x1474  EventSystem - ok
11:34:38.0690 0x1474  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:34:38.0768 0x1474  Fastfat - ok
11:34:38.0799 0x1474  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:34:38.0830 0x1474  FastUserSwitchingCompatibility - ok
11:34:38.0846 0x1474  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
11:34:38.0924 0x1474  Fdc - ok
11:34:38.0940 0x1474  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:34:39.0018 0x1474  Fips - ok
11:34:39.0033 0x1474  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:34:39.0096 0x1474  Flpydisk - ok
11:34:39.0112 0x1474  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:34:39.0205 0x1474  FltMgr - ok
11:34:39.0237 0x1474  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:34:39.0252 0x1474  FontCache3.0.0.0 - ok
11:34:39.0252 0x1474  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:34:39.0346 0x1474  Fs_Rec - ok
11:34:39.0377 0x1474  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:34:39.0471 0x1474  Ftdisk - ok
11:34:39.0487 0x1474  [ 483924F92E55A5F9423201EC635E2CED, FEDAC3616709F081A0FA48E2BF521CBCC35E11E523EBADDEACA7308AD14338B3 ] gfibto          C:\WINDOWS\system32\drivers\gfibto.sys
11:34:39.0487 0x1474  gfibto - ok
11:34:39.0518 0x1474  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:34:39.0596 0x1474  Gpc - ok
11:34:39.0627 0x1474  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
11:34:39.0643 0x1474  gupdate - ok
11:34:39.0658 0x1474  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:34:39.0658 0x1474  gupdatem - ok
11:34:39.0690 0x1474  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:34:39.0783 0x1474  HDAudBus - ok
11:34:39.0815 0x1474  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:34:39.0893 0x1474  helpsvc - ok
11:34:39.0893 0x1474  HidServ - ok
11:34:39.0908 0x1474  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:34:40.0002 0x1474  hidusb - ok
11:34:40.0018 0x1474  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:34:40.0096 0x1474  hkmsvc - ok
11:34:40.0096 0x1474  hpn - ok
11:34:40.0127 0x1474  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:34:40.0143 0x1474  HTTP - ok
11:34:40.0158 0x1474  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:34:40.0237 0x1474  HTTPFilter - ok
11:34:40.0237 0x1474  i2omgmt - ok
11:34:40.0237 0x1474  i2omp - ok
11:34:40.0268 0x1474  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
11:34:40.0330 0x1474  i8042prt - ok
11:34:40.0393 0x1474  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:34:40.0393 0x1474  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
11:34:42.0752 0x1474  Detect skipped due to KSN trusted
11:34:42.0752 0x1474  IDriverT - ok
11:34:42.0815 0x1474  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:34:42.0846 0x1474  idsvc - ok
11:34:42.0862 0x1474  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:34:42.0940 0x1474  Imapi - ok
11:34:42.0971 0x1474  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
11:34:43.0065 0x1474  ImapiService - ok
11:34:43.0065 0x1474  ini910u - ok
11:34:43.0268 0x1474  [ 5D138ADC44C43BF37634C8E528D75B1F, 4FA38D9B34C9F840B432F6E1337ED39323C4457563FC7167B5815A9D91343361 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:34:43.0518 0x1474  IntcAzAudAddService - ok
11:34:43.0533 0x1474  IntelIde - ok
11:34:43.0549 0x1474  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
11:34:43.0643 0x1474  Ip6Fw - ok
11:34:43.0643 0x1474  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:34:43.0721 0x1474  IpFilterDriver - ok
11:34:43.0737 0x1474  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:34:43.0815 0x1474  IpInIp - ok
11:34:43.0830 0x1474  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:34:43.0908 0x1474  IpNat - ok
11:34:43.0940 0x1474  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:34:44.0018 0x1474  IPSec - ok
11:34:44.0018 0x1474  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:34:44.0096 0x1474  IRENUM - ok
11:34:44.0112 0x1474  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:34:44.0190 0x1474  isapnp - ok
11:34:44.0205 0x1474  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:34:44.0268 0x1474  Kbdclass - ok
11:34:44.0283 0x1474  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:34:44.0362 0x1474  kbdhid - ok
11:34:44.0377 0x1474  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:34:44.0455 0x1474  kmixer - ok
11:34:44.0471 0x1474  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:34:44.0502 0x1474  KSecDD - ok
11:34:44.0518 0x1474  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
11:34:44.0533 0x1474  lanmanserver - ok
11:34:44.0565 0x1474  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:34:44.0580 0x1474  lanmanworkstation - ok
11:34:44.0580 0x1474  lbrtfdc - ok
11:34:44.0627 0x1474  [ 793FF718477345CD5D232C50BED1E452, 1D39CF9F10742C79FF99B9B4E0361EAEA63B4FC545C58B54B55537D18C802941 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
11:34:44.0627 0x1474  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
11:34:47.0002 0x1474  Detect skipped due to KSN trusted
11:34:47.0002 0x1474  LightScribeService - ok
11:34:47.0033 0x1474  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:34:47.0096 0x1474  LmHosts - ok
11:34:47.0112 0x1474  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:34:47.0190 0x1474  Messenger - ok
11:34:47.0205 0x1474  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:34:47.0299 0x1474  mnmdd - ok
11:34:47.0330 0x1474  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
11:34:47.0408 0x1474  mnmsrvc - ok
11:34:47.0424 0x1474  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:34:47.0502 0x1474  Modem - ok
11:34:47.0549 0x1474  [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
11:34:47.0596 0x1474  Monfilt - ok
11:34:47.0627 0x1474  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:34:47.0705 0x1474  Mouclass - ok
11:34:47.0721 0x1474  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:34:47.0815 0x1474  mouhid - ok
11:34:47.0830 0x1474  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:34:47.0908 0x1474  MountMgr - ok
11:34:47.0940 0x1474  [ F9359ADA531A75FB98FA7A864B97D30B, C417D9EB3233A19ACEC0FD2934FD93FC527068E2E7AD8C74717EDC4868AFBDD7 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:34:47.0955 0x1474  MozillaMaintenance - ok
11:34:47.0955 0x1474  mraid35x - ok
11:34:47.0971 0x1474  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:34:48.0065 0x1474  MRxDAV - ok
11:34:48.0112 0x1474  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:34:48.0158 0x1474  MRxSmb - ok
11:34:48.0158 0x1474  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
11:34:48.0237 0x1474  MSDTC - ok
11:34:48.0252 0x1474  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:34:48.0315 0x1474  Msfs - ok
11:34:48.0330 0x1474  MSIServer - ok
11:34:48.0346 0x1474  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:34:48.0424 0x1474  MSKSSRV - ok
11:34:48.0440 0x1474  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:34:48.0502 0x1474  MSPCLOCK - ok
11:34:48.0518 0x1474  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:34:48.0580 0x1474  MSPQM - ok
11:34:48.0596 0x1474  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:34:48.0658 0x1474  mssmbios - ok
11:34:48.0690 0x1474  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:34:48.0690 0x1474  Mup - ok
11:34:48.0737 0x1474  MySQL - ok
11:34:48.0768 0x1474  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:34:48.0846 0x1474  napagent - ok
11:34:48.0877 0x1474  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:34:48.0955 0x1474  NDIS - ok
11:34:48.0971 0x1474  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:34:48.0987 0x1474  NdisTapi - ok
11:34:49.0002 0x1474  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:34:49.0080 0x1474  Ndisuio - ok
11:34:49.0096 0x1474  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:34:49.0190 0x1474  NdisWan - ok
11:34:49.0205 0x1474  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:34:49.0221 0x1474  NDProxy - ok
11:34:49.0237 0x1474  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:34:49.0315 0x1474  NetBIOS - ok
11:34:49.0330 0x1474  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:34:49.0424 0x1474  NetBT - ok
11:34:49.0440 0x1474  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:34:49.0502 0x1474  NetDDE - ok
11:34:49.0518 0x1474  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:34:49.0580 0x1474  NetDDEdsdm - ok
11:34:49.0612 0x1474  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:34:49.0674 0x1474  Netlogon - ok
11:34:49.0705 0x1474  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
11:34:49.0783 0x1474  Netman - ok
11:34:49.0815 0x1474  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:34:49.0830 0x1474  NetTcpPortSharing - ok
11:34:49.0846 0x1474  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:34:49.0877 0x1474  Nla - ok
11:34:49.0908 0x1474  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:34:49.0971 0x1474  Npfs - ok
11:34:50.0018 0x1474  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:34:50.0112 0x1474  Ntfs - ok
11:34:50.0112 0x1474  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
11:34:50.0190 0x1474  NtLmSsp - ok
11:34:50.0205 0x1474  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:34:50.0315 0x1474  NtmsSvc - ok
11:34:50.0315 0x1474  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:34:50.0408 0x1474  Null - ok
11:34:50.0424 0x1474  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:34:50.0502 0x1474  NwlnkFlt - ok
11:34:50.0502 0x1474  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:34:50.0596 0x1474  NwlnkFwd - ok
11:34:50.0596 0x1474  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
11:34:50.0674 0x1474  Parport - ok
11:34:50.0690 0x1474  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:34:50.0768 0x1474  PartMgr - ok
11:34:50.0768 0x1474  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:34:50.0862 0x1474  ParVdm - ok
11:34:50.0877 0x1474  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:34:50.0955 0x1474  PCI - ok
11:34:50.0955 0x1474  PCIDump - ok
11:34:50.0971 0x1474  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
11:34:51.0049 0x1474  PCIIde - ok
11:34:51.0065 0x1474  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
11:34:51.0143 0x1474  Pcmcia - ok
11:34:51.0143 0x1474  PDCOMP - ok
11:34:51.0158 0x1474  PDFRAME - ok
11:34:51.0158 0x1474  PDRELI - ok
11:34:51.0158 0x1474  PDRFRAME - ok
11:34:51.0158 0x1474  perc2 - ok
11:34:51.0174 0x1474  perc2hib - ok
11:34:51.0190 0x1474  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
11:34:51.0221 0x1474  PlugPlay - ok
11:34:51.0237 0x1474  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
11:34:51.0299 0x1474  PolicyAgent - ok
11:34:51.0315 0x1474  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:34:51.0393 0x1474  PptpMiniport - ok
11:34:51.0408 0x1474  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
11:34:51.0502 0x1474  Processor - ok
11:34:51.0502 0x1474  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:34:51.0580 0x1474  ProtectedStorage - ok
11:34:51.0580 0x1474  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:34:51.0658 0x1474  PSched - ok
11:34:51.0674 0x1474  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:34:51.0752 0x1474  Ptilink - ok
11:34:51.0752 0x1474  ql1080 - ok
11:34:51.0752 0x1474  Ql10wnt - ok
11:34:51.0752 0x1474  ql12160 - ok
11:34:51.0752 0x1474  ql1240 - ok
11:34:51.0768 0x1474  ql1280 - ok
11:34:51.0768 0x1474  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:34:51.0846 0x1474  RasAcd - ok
11:34:51.0877 0x1474  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:34:51.0955 0x1474  RasAuto - ok
11:34:51.0987 0x1474  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:34:52.0065 0x1474  Rasl2tp - ok
11:34:52.0096 0x1474  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:34:52.0190 0x1474  RasMan - ok
11:34:52.0205 0x1474  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:34:52.0283 0x1474  RasPppoe - ok
11:34:52.0299 0x1474  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:34:52.0362 0x1474  Raspti - ok
11:34:52.0393 0x1474  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:34:52.0487 0x1474  Rdbss - ok
11:34:52.0487 0x1474  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:34:52.0565 0x1474  RDPCDD - ok
11:34:52.0580 0x1474  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:34:52.0658 0x1474  rdpdr - ok
11:34:52.0690 0x1474  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:34:52.0721 0x1474  RDPWD - ok
11:34:52.0737 0x1474  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:34:52.0815 0x1474  RDSessMgr - ok
11:34:52.0815 0x1474  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:34:52.0893 0x1474  redbook - ok
11:34:52.0924 0x1474  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:34:52.0987 0x1474  RemoteAccess - ok
11:34:53.0002 0x1474  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:34:53.0096 0x1474  RemoteRegistry - ok
11:34:53.0112 0x1474  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:34:53.0190 0x1474  RpcLocator - ok
11:34:53.0205 0x1474  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
11:34:53.0252 0x1474  RpcSs - ok
11:34:53.0283 0x1474  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
11:34:53.0362 0x1474  RSVP - ok
11:34:53.0487 0x1474  [ 3A5D16604E1744964E08432354C489A3, AA9C19DC007E7ADDE5055C02318D3B932448DE5028DB3B0F50B88788D5413284 ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtKHDMI.sys
11:34:53.0658 0x1474  RTHDMIAzAudService - ok
11:34:53.0674 0x1474  [ 1323BA3CA4E8D863EB00CD81C0AAF356, C1E5C0D4B404BCDD11177466C23898E5A50C50C5A5447B0B88BF9039A2366196 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
11:34:53.0690 0x1474  RTLE8023xp - ok
11:34:53.0721 0x1474  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:34:53.0783 0x1474  SamSs - ok
11:34:53.0799 0x1474  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:34:53.0893 0x1474  SCardSvr - ok
11:34:53.0908 0x1474  [ B08CC192330FDE1510F28CF284F80026, C917F495E0EFF8219376054E8691D00D3B5F37B1A1D517DAFC453315D4F4C51D ] SCDEmu          C:\WINDOWS\system32\drivers\SCDEmu.sys
11:34:53.0924 0x1474  SCDEmu - ok
11:34:53.0940 0x1474  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:34:54.0033 0x1474  Schedule - ok
11:34:54.0065 0x1474  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:34:54.0143 0x1474  Secdrv - ok
11:34:54.0158 0x1474  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:34:54.0221 0x1474  seclogon - ok
11:34:54.0237 0x1474  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
11:34:54.0315 0x1474  SENS - ok
11:34:54.0330 0x1474  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:34:54.0408 0x1474  serenum - ok
11:34:54.0424 0x1474  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
11:34:54.0502 0x1474  Serial - ok
11:34:54.0518 0x1474  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
11:34:54.0596 0x1474  Sfloppy - ok
11:34:54.0627 0x1474  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:34:54.0705 0x1474  SharedAccess - ok
11:34:54.0737 0x1474  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:34:54.0737 0x1474  ShellHWDetection - ok
11:34:54.0752 0x1474  Simbad - ok
11:34:54.0752 0x1474  Sparrow - ok
11:34:54.0783 0x1474  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:34:54.0862 0x1474  splitter - ok
11:34:54.0877 0x1474  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:34:54.0893 0x1474  Spooler - ok
11:34:54.0908 0x1474  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:34:54.0987 0x1474  sr - ok
11:34:55.0018 0x1474  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
11:34:55.0096 0x1474  srservice - ok
11:34:55.0127 0x1474  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:34:55.0174 0x1474  Srv - ok
11:34:55.0190 0x1474  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:34:55.0268 0x1474  SSDPSRV - ok
11:34:55.0283 0x1474  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:34:55.0393 0x1474  stisvc - ok
11:34:55.0408 0x1474  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:34:55.0487 0x1474  swenum - ok
11:34:55.0502 0x1474  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:34:55.0580 0x1474  swmidi - ok
11:34:55.0580 0x1474  SwPrv - ok
11:34:55.0596 0x1474  symc810 - ok
11:34:55.0596 0x1474  symc8xx - ok
11:34:55.0596 0x1474  sym_hi - ok
11:34:55.0596 0x1474  sym_u3 - ok
11:34:55.0612 0x1474  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:34:55.0690 0x1474  sysaudio - ok
11:34:55.0705 0x1474  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:34:55.0783 0x1474  SysmonLog - ok
11:34:55.0799 0x1474  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:34:55.0877 0x1474  TapiSrv - ok
11:34:55.0924 0x1474  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:34:55.0987 0x1474  Tcpip - ok
11:34:56.0002 0x1474  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:34:56.0065 0x1474  TDPIPE - ok
11:34:56.0080 0x1474  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:34:56.0158 0x1474  TDTCP - ok
11:34:56.0174 0x1474  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:34:56.0237 0x1474  TermDD - ok
11:34:56.0252 0x1474  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
11:34:56.0346 0x1474  TermService - ok
11:34:56.0362 0x1474  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:34:56.0377 0x1474  Themes - ok
11:34:56.0408 0x1474  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
11:34:56.0487 0x1474  TlntSvr - ok
11:34:56.0487 0x1474  TosIde - ok
11:34:56.0502 0x1474  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:34:56.0580 0x1474  TrkWks - ok
11:34:56.0612 0x1474  [ B7C681175E3F8DE967CEFE90E46440B5, A47DA5AD1FD6E2DC4C8B7F06118985A2038E9CD6BD0F55ED95A3590258CB44EB ] Trufos          C:\WINDOWS\system32\DRIVERS\Trufos.sys
11:34:56.0643 0x1474  Trufos - ok
11:34:56.0658 0x1474  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:34:56.0737 0x1474  Udfs - ok
11:34:56.0737 0x1474  ultra - ok
11:34:56.0768 0x1474  [ C81B8635DEE0D3EF5F64B3DD643023A5, 6D7438A5FB7168352099F726BD0980AD398A7CFE929B8D2BD362B238C1540D85 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
11:34:56.0768 0x1474  UMWdf - ok
11:34:56.0815 0x1474  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:34:56.0924 0x1474  Update - ok
11:34:56.0940 0x1474  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:34:57.0018 0x1474  upnphost - ok
11:34:57.0018 0x1474  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
11:34:57.0096 0x1474  UPS - ok
11:34:57.0112 0x1474  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:34:57.0127 0x1474  usbccgp - ok
11:34:57.0158 0x1474  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:34:57.0174 0x1474  usbehci - ok
11:34:57.0174 0x1474  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:34:57.0252 0x1474  usbhub - ok
11:34:57.0268 0x1474  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:34:57.0362 0x1474  usbohci - ok
11:34:57.0377 0x1474  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:34:57.0440 0x1474  usbprint - ok
11:34:57.0455 0x1474  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:34:57.0533 0x1474  usbstor - ok
11:34:57.0565 0x1474  [ 75639B33F31F24F9A5484582330B768F, D613F2D365424B803968EBDD7A9F9E5BB9D73D7902572828D9720274A1CE4664 ] VBoxDrv         C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
11:34:57.0565 0x1474  VBoxDrv - ok
11:34:57.0596 0x1474  [ 31B7C620454295214BD2173F89549B9F, 1D34F56C781AF7E52E8C7D84835CCC7091EF7D06F57F997E9F397CE1BD947CD7 ] VBoxNetAdp      C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
11:34:57.0612 0x1474  VBoxNetAdp - ok
11:34:57.0612 0x1474  [ 5E4AB59B0C2277614EF29ACAAF65B8FC, F2CDDEA140A8DA94201F039EB1570925C6AC70B0F42E2C6817018AF2872C70C7 ] VBoxNetFlt      C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
11:34:57.0627 0x1474  VBoxNetFlt - ok
11:34:57.0658 0x1474  [ 46DE9B70AB91C949C004F7F9522CC73B, 5F7D1BC1CDC666CCDE97EDFECAAF1F0321CDA01A2F47BDE113291C6742DDFBB4 ] VBoxUSBMon      C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
11:34:57.0674 0x1474  VBoxUSBMon - ok
11:34:57.0690 0x1474  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:34:57.0752 0x1474  VgaSave - ok
11:34:57.0752 0x1474  ViaIde - ok
11:34:57.0783 0x1474  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:34:57.0862 0x1474  VolSnap - ok
11:34:57.0893 0x1474  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
11:34:57.0971 0x1474  VSS - ok
11:34:58.0002 0x1474  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
11:34:58.0080 0x1474  W32Time - ok
11:34:58.0096 0x1474  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:34:58.0158 0x1474  Wanarp - ok
11:34:58.0158 0x1474  WDICA - ok
11:34:58.0190 0x1474  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:34:58.0252 0x1474  wdmaud - ok
11:34:58.0268 0x1474  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:34:58.0362 0x1474  WebClient - ok
11:34:58.0393 0x1474  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:34:58.0471 0x1474  winmgmt - ok
11:34:58.0518 0x1474  [ 18F347402DA544A780949B8FDF83351B, D1AD972D438A51A4998FEF68670395DAE3353240AD2A17F35794287AF0826FFB ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
11:34:58.0596 0x1474  WinRM - ok
11:34:58.0627 0x1474  [ A477391B7A8B0A0DAABADB17CF533A4B, 9B1929B5BBF2738BA3D402809FCB8DAA09EF4727F860567895D5E73EBE43E627 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
11:34:58.0643 0x1474  WmdmPmSN - ok
11:34:58.0674 0x1474  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
11:34:58.0721 0x1474  Wmi - ok
11:34:58.0737 0x1474  [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:34:58.0815 0x1474  WmiAcpi - ok
11:34:58.0846 0x1474  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:34:58.0924 0x1474  WmiApSrv - ok
11:34:59.0002 0x1474  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:34:59.0033 0x1474  WPFFontCache_v0400 - ok
11:34:59.0065 0x1474  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:34:59.0158 0x1474  WS2IFSL - ok
11:34:59.0174 0x1474  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
11:34:59.0252 0x1474  wscsvc - ok
11:34:59.0268 0x1474  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:34:59.0330 0x1474  wuauserv - ok
11:34:59.0377 0x1474  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:34:59.0455 0x1474  WZCSVC - ok
11:34:59.0471 0x1474  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:34:59.0549 0x1474  xmlprov - ok
11:34:59.0549 0x1474  ================ Scan global ===============================
11:34:59.0565 0x1474  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
11:34:59.0596 0x1474  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:34:59.0612 0x1474  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:34:59.0627 0x1474  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
11:34:59.0627 0x1474  [ Global ] - ok
11:34:59.0627 0x1474  ================ Scan MBR ==================================
11:34:59.0643 0x1474  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:35:00.0565 0x1474  \Device\Harddisk0\DR0 - ok
11:35:00.0580 0x1474  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
11:35:00.0627 0x1474  \Device\Harddisk1\DR1 - ok
11:35:00.0627 0x1474  ================ Scan VBR ==================================
11:35:00.0627 0x1474  [ 5E0DE2B004B2DF56A039A6A157904614 ] \Device\Harddisk0\DR0\Partition1
11:35:00.0627 0x1474  \Device\Harddisk0\DR0\Partition1 - ok
11:35:00.0643 0x1474  [ 1C4392D9D146A71401505305AD07215A ] \Device\Harddisk0\DR0\Partition2
11:35:00.0643 0x1474  \Device\Harddisk0\DR0\Partition2 - ok
11:35:00.0674 0x1474  [ 35757CE2804C8031308EF8AF6B55CD5C ] \Device\Harddisk0\DR0\Partition3
11:35:00.0674 0x1474  \Device\Harddisk0\DR0\Partition3 - ok
11:35:00.0690 0x1474  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition4
11:35:00.0690 0x1474  \Device\Harddisk0\DR0\Partition4 - ok
11:35:00.0705 0x1474  [ 783CB06A7D80797234B261088A9CE84A ] \Device\Harddisk1\DR1\Partition1
11:35:00.0705 0x1474  \Device\Harddisk1\DR1\Partition1 - ok
11:35:00.0705 0x1474  Waiting for KSN requests completion. In queue: 212
11:35:01.0705 0x1474  Waiting for KSN requests completion. In queue: 212
11:35:02.0705 0x1474  Waiting for KSN requests completion. In queue: 212
11:35:03.0705 0x1474  AV detected via SS1: Ad-Aware Antivirus, , disabled, outofdate
11:35:03.0705 0x1474  AV detected via SS1: AVG Internet Security 2014, 2014.0, disabled, updated
11:35:03.0705 0x1474  FW detected via SS1: AVG Internet Security 2014, 2014.0, enabled
11:35:03.0705 0x1474  FW detected via SS1: Ad-Aware Firewall, , disabled
11:35:06.0174 0x1474  ============================================================
11:35:06.0174 0x1474  Scan finished
11:35:06.0174 0x1474  ============================================================
11:35:06.0174 0x15d0  Detected object count: 0
11:35:06.0174 0x15d0  Actual detected object count: 0
11:35:33.0737 0x1680  Deinitialize success
 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-03 11:36:00
-----------------------------
11:36:00.268    OS Version: Windows 5.1.2600 Service Pack 3
11:36:00.268    Number of processors: 2 586 0x203
11:36:00.268    ComputerName: POSSUM  UserName:
11:36:00.721    Initialize success
11:39:59.752    AVAST engine defs: 13110300
11:40:26.033    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
11:40:26.033    Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA3MA Size: 476940MB BusType: 3
11:40:26.033    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
11:40:26.033    Disk 1 Vendor: Maxtor_6Y080M0 YAR51HW0 Size: 76293MB BusType: 3
11:40:26.112    Disk 0 MBR read successfully
11:40:26.112    Disk 0 MBR scan
11:40:26.205    Disk 0 Windows XP default MBR code
11:40:26.221    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        74998 MB offset 63
11:40:26.237    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       199996 MB offset 153597465
11:40:26.252    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       190003 MB offset 563190705
11:40:26.283    Disk 0 Partition 4 00     06        FAT16             11938 MB offset 952317135
11:40:26.283    Disk 0 scanning sectors +976768065
11:40:26.408    Disk 0 scanning C:\WINDOWS\system32\drivers
11:40:33.096    Service scanning
11:40:47.674    Modules scanning
11:40:53.268    Disk 0 trace - called modules:
11:40:53.283    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS
11:40:53.283    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b277ab8]
11:40:53.283    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000072[0x8b3370a8]
11:40:53.283    5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b27cd98]
11:40:53.783    AVAST engine scan C:\WINDOWS
11:40:57.987    AVAST engine scan C:\WINDOWS\system32
11:42:42.518    AVAST engine scan C:\WINDOWS\system32\drivers
11:42:51.455    AVAST engine scan C:\Documents and Settings\Possumsjagger
11:48:50.080    AVAST engine scan C:\Documents and Settings\All Users
11:51:04.783    Scan finished successfully
11:52:51.783    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Possumsjagger\Desktop\MBR.dat"
11:52:51.799    The log file has been saved successfully to "C:\Documents and Settings\Possumsjagger\Desktop\aswMBR.txt"

RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Possumsjagger [Admin rights]
Mode : Scan -- Date : 11/03/2013 11:56:49
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] aswMBR.exe -- C:\Documents and Settings\Possumsjagger\Desktop\aswMBR.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{6AF5D1E5-4A96-4D5C-91F2-62C0D52E389A} : NameServer (66.38.0.240,66.38.1.240 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{6AF5D1E5-4A96-4D5C-91F2-62C0D52E389A} : NameServer (66.38.0.240,66.38.1.240 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS003\[...]\{6AF5D1E5-4A96-4D5C-91F2-62C0D52E389A} : NameServer (66.38.0.240,66.38.1.240 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[FF][PROXY] 58hjwsem.default : user_pref("network.proxy.hxxp_port", 8001); -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?_Clocptr@_Locimp@locale@std@@0PAV123@A) : MSVCP100.dll -> HOOKED (Unknown @ 0x7B0BD431)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721050CLA362 +++++
--- User ---
[MBR] 0a98a6f1d913eb4f3f64d5471c02346c
[BSP] ae5ddb26662330cea139f59435abfc2a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 74998 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 153597465 | Size: 199996 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 563190705 | Size: 190003 Mo
3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 952317135 | Size: 11938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) Maxtor 6Y080M0 +++++
--- User ---
[MBR] 752a81ebe127bde8b67700de3f927c9b
[BSP] 89a4d2224595cdd08f93ddcb80e72a81 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11032013_115649.txt >>


RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Possumsjagger [Admin rights]
Mode : Remove -- Date : 11/03/2013 11:56:58
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] aswMBR.exe -- C:\Documents and Settings\Possumsjagger\Desktop\aswMBR.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?_Clocptr@_Locimp@locale@std@@0PAV123@A) : MSVCP100.dll -> HOOKED (Unknown @ 0x7B0BD431)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721050CLA362 +++++
--- User ---
[MBR] 0a98a6f1d913eb4f3f64d5471c02346c
[BSP] ae5ddb26662330cea139f59435abfc2a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 74998 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 153597465 | Size: 199996 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 563190705 | Size: 190003 Mo
3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 952317135 | Size: 11938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) Maxtor 6Y080M0 +++++
--- User ---
[MBR] 752a81ebe127bde8b67700de3f927c9b
[BSP] 89a4d2224595cdd08f93ddcb80e72a81 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_11032013_115658.txt >>
RKreport[0]_S_11032013_115649.txt





 

Attached Files

  • Attached File  MBR.zip   588bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 03 November 2013 - 02:46 PM

Your previous logs are clean.

Totally uninstall [Ad-Aware], using the Revo Uninstaller.

Download and run the free version of Revo Uninstaller.

Select [Ad-Aware] and click Uninstall.

Set it to 'Advanced' and click Scan.

Revo will do this:

Step 1. Create restore point.

Step 2. Run the official [Ad-Aware] uninstaller.

Step 3. When uninstaller finishes, click Scan in Revo and it will search for remnants. Delete everything found (Select All, Delete All).

Reboot if asked to.
===

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please let me know what problem persists.

#5 jefferysitz

jefferysitz
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 03 November 2013 - 04:30 PM

I tried Revo and it was unable to find AdAware.  The only place it shows up now is on Security Check.  It has been uninstalled and it's folder deleted.  I just checked and it is not on the Services list.  If you think I should, I can reinstall it and uninstall with revo.

 

Also on Security Check it says my AVG definitions are out of date but AVG says they are caught up.

 

More worrisome, when I start the computer (maybe 1/3 to 1/2 of the time) one or more sections of AVG will be toggled off and I have to turn them on manually.  Sometimes it is real time protection, sometimes linkscanner, and sometimes firewall.  I am not sure if it always did it or not, but I noticed the last couple of weeks when avg comes up, it shows up normal, then the firewall component goes down and reactivates about 30 seconds later.

 

Mainly, I am just concerned as to whether AVG (Internet Security) is fully functional.  Should I reinstall it?  Or is there a way to test it?

 

Combofix deleted one program from my download folder, PowerPointViewer.exe which I installed a few days ago.  I thought it was a microsoft product but maybe not.  Windows Update just downloaded and installed a SP for Power Point Viewer.  I have the combofix log if you are interested.

 

Right now I am using AVG Internet Security (except for AVG Search), SpybodSD, WinPatrol and scanning every week or two with the free version of Malwarebytes.  It was WinPatrol that alerted me to this because startup programs started disappearing from my login.  I also use NoScript, which blocks javascripts on a site by site basis because I occasionally go places that I don't entirely trust.  Am I being sufficiently paranoid or is there anything else I should be doing?

 

Please keep the ticket open a few days in case something new pops up.

Thank You Very Much

Jeffery Sitz



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 04 November 2013 - 08:09 AM

Post your ComboFix log.
I may be able to remove the Ad-Aware in the Security Center with the tool.

===
 

Combofix deleted one program from my download folder, PowerPointViewer.exe

Is the program still running?

The .exe that was in the Download folder may only be the installer. It was probably deleted because it's not normal to install programs in a Download folder.
Check it out and let me know.
===


I suspect that AVG is not installed correctly.
 

\??\C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
\??\C:\Program Files\AVG\AVG2014\avgcsrvx.exe

The \??\ are worring me. Not sure why you have these ??.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with changes we are trying to make.

TeaTimer takes snapshots of Registry entries and compares these with the Registry at startup. Until these snapshots are updated you are likely to get pop-ups (at startup) of changes you made in the past. In other words, TeaTimer attempts to return the Registry to the state it was in when the snapshot was taken. This happens primarily when you reboot the system. To refresh TeaTimer's snapshot files:
Right click Spybot's TeaTimer System Tray Icon > click Exit Spybot-S&D Resident.
TeaTimer closes.
TeaTimer's snapshot files are refreshed at this time.

Then re-install the AVG2014.

When all is well restart TeaTimer:
Using Windows Explorer, navigate to C:\Program Files\Spybot - Search & Destroy.
Double click TeaTimer.exe to start it.


===

Post a fresh DDS log for my review.

#7 jefferysitz

jefferysitz
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 04 November 2013 - 02:14 PM

I am having a lot of problems with long pauses.  They can happen at any time as far as I can tell.  Sometimes playing a game, sometimes just switching windows or browsing.  When the pause goes away all commands that have been entered while it was there execute.

 

Will get to work on getting AVG straightened out.  I will try a straight over the top reinstall and see if that works, if not I may have to remove it and reinstall.

 

I removed Spybot SD last night to upgrade to the newer version.  I don't like it and may go back if I can find a copy.  It no longer has tea timer and when I ran the scan it erased a lot of history files including my recently ran programs which I can't get to repopulate.  I don't recommend SpybotSD 2.

 

The powerpoint was an exe file in the download directory, so maybe it just did not like that.  I think there are some other exe files in there though.  I don't have a powerpoint handy to test the viewer with, I will try to find one.

 

Here is the quarentine log from combofix, combofix log follows.

 

2013-11-03 20:35:54 . 2013-11-03 20:35:56       26,693,516 ----a-w-  C:\Qoobox\Quarantine\Z\av4.zip
2013-11-03 20:35:49 . 2013-11-02 20:13:57       27,024,112 ----a-w-  C:\Qoobox\Quarantine\Z\My Documents\Downloads\PowerPointViewer.exe.vir
2013-10-28 18:43:08 . 2013-10-28 18:43:08              522 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-GAS de Havilland DH 60 Moth for FSX.reg.dat
2013-10-28 18:43:08 . 2013-10-28 18:43:08              484 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-Ultimate Terrain - USA.reg.dat
2013-10-28 18:42:34 . 2013-11-03 20:37:10              157 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\BHO-{95B7759C-8C7F-4BF1-B163-73684A933233}.reg.dat
2013-10-28 18:42:34 . 2013-11-03 20:37:10              157 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\BHO-{6c97a91e-4524-4019-86af-2aa2d567bf5c}.reg.dat
2013-10-28 18:41:09 . 2013-10-28 18:41:09          157,674 ----a-w-  C:\Qoobox\Quarantine\J\av3.zip
2013-10-28 18:41:07 . 2008-12-03 18:38:50          319,488 ----a-w-  C:\Qoobox\Quarantine\J\Setup.exe.vir
2013-10-28 18:41:07 . 2008-11-05 18:19:36               52 ----a-w-  C:\Qoobox\Quarantine\J\Autorun.inf.vir
2013-10-28 18:38:47 . 2013-11-03 20:34:02            6,454 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-10-28 18:05:34 . 2013-11-03 20:32:03              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-10-28 18:02:27 . 2013-11-03 20:29:39              102 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2013-10-15 21:06:14 . 2013-10-15 21:06:05            9,742 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\6c57a98c8efafe29.fb.vir
2013-10-13 18:50:40 . 2013-10-13 18:49:54            9,742 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d59c1d94ac84a026.fb.vir
2013-09-30 18:27:30 . 2013-10-15 21:06:05              586 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\881b3593316772f0.fb.vir
2013-09-30 18:27:30 . 2013-10-15 21:06:05              663 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\7614bd6cfa99e546.fb.vir
2013-09-30 18:27:30 . 2013-10-15 21:06:05              668 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\691f14230153a9e1.fb.vir
2013-09-30 18:27:30 . 2013-10-15 21:06:05            1,071 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\613e8ce7ab7106af.fb.vir
2013-09-30 18:27:30 . 2013-10-15 21:06:05              661 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\49fbbc5a8678d502.fb.vir
2013-09-30 18:27:30 . 2013-10-15 21:06:05              366 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\f2cda51fd108941f.fb.vir
2013-09-30 18:27:30 . 2013-10-15 21:06:05              622 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\227113dfa1ca894d.fb.vir
2013-09-30 18:27:30 . 2013-10-15 21:06:05              628 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\77664b6ccc36be9f.fb.vir
2013-09-30 18:27:29 . 2013-10-15 21:06:05              577 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\98657d0579ae1930.fb.vir
2013-09-30 18:27:28 . 2013-10-15 21:06:05              636 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\6cb409d7ac73d9f1.fb.vir
2013-09-30 18:27:28 . 2013-10-15 21:06:05              365 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\f34d8db84131d925.fb.vir
2013-09-30 18:27:28 . 2013-10-15 21:06:05              627 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d5c0f4e7bbe35bf3.fb.vir
2013-09-30 18:27:28 . 2013-10-15 21:06:05              567 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\633a76311867bd11.fb.vir
2013-09-30 18:27:28 . 2013-10-15 21:06:05            1,022 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d9ca663388d21ec0.fb.vir
2013-09-30 18:27:28 . 2013-10-15 21:06:05            1,291 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\075884af680ff6dc.fb.vir
2013-09-30 18:27:28 . 2013-09-30 18:27:18            9,742 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\67443c97dbeea3a6.fb.vir
 

and the combofix log

 

ComboFix 13-11-03.02 - Possumsjagger 11/03/2013  14:32:04.5.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3327.2571 [GMT -6:00]
Running from: c:\documents and settings\Possumsjagger\Desktop\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {22CB8761-914A-11CF-B705-00AA0062CBB7}
AV: AVG Internet Security 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Ad-Aware Firewall *Disabled* {9211320F-6C40-4035-BBDE-3C96ED504F33}
FW: AVG Internet Security 2014 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
z:\my documents\Downloads\PowerPointViewer.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-03 to 2013-11-03  )))))))))))))))))))))))))))))))
.
.
2013-11-03 20:09 . 2013-11-03 20:09    --------    d-----w-    c:\program files\VS Revo Group
2013-11-03 18:15 . 2013-11-03 18:15    --------    d-----w-    c:\program files\7-Zip
2013-10-30 19:45 . 2013-10-30 19:45    --------    d-----w-    c:\program files\Microsoft Silverlight
2013-10-30 03:30 . 2013-10-30 03:30    25992    ----a-w-    c:\windows\system32\pgdfgsvc.exe
2013-10-29 13:07 . 2013-10-29 13:07    --------    d-----w-    c:\program files\Common Files\Lavasoft
2013-10-29 02:02 . 2013-04-04 19:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-29 02:02 . 2013-10-29 02:02    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-10-28 17:39 . 2013-10-28 17:41    --------    d-----w-    C:\AdwCleaner
2013-10-28 02:37 . 2013-10-28 02:37    --------    d-----w-    c:\documents and settings\Possumsjagger\Application Data\Lavasoft
2013-10-15 01:24 . 2013-07-03 02:12    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2013-10-15 01:24 . 2013-07-03 01:59    14976    -c----w-    c:\windows\system32\dllcache\usbscan.sys
2013-10-15 01:23 . 2013-07-17 00:58    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2013-10-15 01:23 . 2013-07-17 00:58    46848    -c----w-    c:\windows\system32\dllcache\irbus.sys
2013-10-15 01:23 . 2013-07-17 00:58    60160    -c----w-    c:\windows\system32\dllcache\usbaudio.sys
2013-10-15 01:22 . 2013-08-09 00:55    144128    -c----w-    c:\windows\system32\dllcache\usbport.sys
2013-10-15 01:22 . 2013-08-09 00:55    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2013-10-15 01:22 . 2013-08-09 00:55    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2013-10-15 01:22 . 2009-03-18 11:02    30336    -c----w-    c:\windows\system32\dllcache\usbehci.sys
2013-10-09 14:48 . 2013-10-09 15:48    17813896    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-13 18:50 . 2013-09-29 17:13    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-10-09 15:48 . 2012-08-16 22:06    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 15:48 . 2012-08-16 22:06    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-29 21:00 . 2013-09-29 21:00    13560    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-09-29 21:00 . 2012-07-18 19:21    44424    ----a-w-    c:\windows\system32\sbbd.exe
2013-09-26 01:57 . 2013-08-01 21:06    120632    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
2013-09-23 18:33 . 2006-03-04 03:33    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2004-08-04 10:00    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2004-08-04 10:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2004-08-04 10:00    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2004-08-04 10:00    385024    ------w-    c:\windows\system32\html.iec
2013-09-11 03:11 . 2013-09-11 03:11    22840    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 03:12 . 2013-09-09 03:12    27448    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 15:39 . 2013-09-02 15:39    176952    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-09-02 15:28 . 2013-09-02 15:28    145720    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-09-02 15:28 . 2013-09-02 15:28    209208    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 15:28 . 2013-09-02 15:28    223032    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-08-29 01:31 . 2004-08-04 10:00    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-21 03:54 . 2013-08-21 03:54    102200    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2013-08-09 01:56 . 2004-08-04 10:00    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2004-08-04 10:00    144128    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2004-08-04 10:00    32384    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2004-08-04 10:00    5376    ----a-w-    c:\windows\system32\drivers\usbd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 22:37    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 22:37    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 22:37    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 22:37    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 22:37    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 22:37    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-10-19 456768]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-07-14 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-08 4908592]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Werner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"s:\\Age of Conan\\ConanPatcher.exe"=
"c:\\Program Files\\ICQ7M\\ICQ.exe"=
"c:\\BTGUARD\\uTorrent.exe"=
"s:\\Everquest II\\EQ2VoiceService.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
"s:\\swtor\\launcher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [9/2/2013 9:28 AM 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/2/2013 9:28 AM 223032]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/8/2013 9:12 PM 27448]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [9/29/2013 3:00 PM 13560]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [8/1/2013 3:06 PM 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [9/2/2013 9:28 AM 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/10/2013 9:11 PM 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/2/2013 9:39 AM 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [8/1/2013 3:08 PM 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/29/2013 11:13 AM 37664]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [10/24/2012 11:51 AM 8192]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [8/23/2012 6:25 PM 158552]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [8/23/2012 6:25 PM 91992]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2014\avgfws.exe [9/25/2013 8:55 PM 1358944]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [9/25/2013 8:47 PM 301152]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [4/4/2012 6:06 PM 103040]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 6:52 PM 30944]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8/20/2012 4:32 PM 104792]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [8/20/2012 4:32 PM 116056]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [10/3/2013 9:00 PM 3538480]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/4/2012 11:11 AM 1691480]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 6:52 PM 30944]
S4 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [5/14/2013 12:32 PM 266240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-16 12:54    1185744    ----a-w-    c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 15:49]
.
2013-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 20:46]
.
2013-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 20:46]
.
2013-11-03 c:\windows\Tasks\MyDefrag v4.3.1 Daily.job
- c:\program files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2012-11-14 18:03]
.
2013-11-01 c:\windows\Tasks\MyDefrag v4.3.1 Monthly.job
- c:\program files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2012-11-14 18:03]
.
.
------- Supplementary Scan -------
.
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: google.com\mail
Trusted Zone: googleusercontent.com\mail-attachment
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.0.2 192.168.1.1
TCP: Interfaces\{6AF5D1E5-4A96-4D5C-91F2-62C0D52E389A}: NameServer = 66.38.0.240,66.38.1.240
FF - ProfilePath - c:\documents and settings\Possumsjagger\Application Data\Mozilla\Firefox\Profiles\58hjwsem.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/
FF - prefs.js: keyword.URL - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=bs&q=
FF - prefs.js: network.proxy.ftp_port - 8001
FF - prefs.js: network.proxy.http_port - 8001
FF - prefs.js: network.proxy.socks_port - 8001
FF - prefs.js: network.proxy.ssl_port - 8001
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-09-29 13:32; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\Possumsjagger\Application Data\Mozilla\Firefox\Profiles\58hjwsem.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-09-29 13:32; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\Possumsjagger\Application Data\Mozilla\Firefox\Profiles\58hjwsem.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-03 14:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1214440339-1229272821-839522115-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1608)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2013-11-03  14:38:15
ComboFix-quarantined-files.txt  2013-11-03 20:38
.
Pre-Run: 36,961,447,936 bytes free
Post-Run: 37,020,852,224 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - C0E30027DDFB5AF4E9DDA11BD48F7424
8F558EB6672622401DA993E1E865C861
 



#8 jefferysitz

jefferysitz
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 04 November 2013 - 02:55 PM

I just re-installed AVG but it does not seem to have helped.  When I rebooted the linkscanner was turned off.

 

Since I installed a program yesterday (7zip) I ran combofix again and it had some references to 7zip.  I think I got it off download.com, should be a safe site.

 

I will wait until I hear from you before I try to go back to SpybotSD from Spybot 2.

 

Here is the new log.

 

ComboFix 13-11-03.02 - Possumsjagger 11/04/2013  13:27:02.6.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3327.2074 [GMT -6:00]
Running from: C:\Documents and Settings\Possumsjagger\Desktop\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {22CB8761-914A-11CF-B705-00AA0062CBB7}
AV: AVG Internet Security 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Ad-Aware Firewall *Disabled* {9211320F-6C40-4035-BBDE-3C96ED504F33}
FW: AVG Internet Security 2014 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\POSSUM~1\LOCALS~1\Temp\SevenZipJBinding-N8q7X\lib7-Zip-JBinding.dll
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\Possumsjagger\Local Settings\temp\SevenZipJBinding-N8q7X\lib7-Zip-JBinding.dll


(((((((((((((((((((((((((   Files Created from 2013-10-04 to 2013-11-04  )))))))))))))))))))))))))))))))


2013-11-03 22:34:28 . 2013-09-20 16:49:30    18968    ----a-w-    C:\WINDOWS\system32\sdnclean.exe
2013-11-03 22:34:22 . 2013-11-04 19:34:28    --------    d-----w-    C:\Program Files\Spybot - Search & Destroy 2
2013-11-03 20:09:43 . 2013-11-03 20:09:43    --------    d-----w-    C:\Program Files\VS Revo Group
2013-11-03 18:15:00 . 2013-11-03 18:15:01    --------    d-----w-    C:\Program Files\7-Zip
2013-10-30 19:45:30 . 2013-10-30 19:45:31    --------    d-----w-    C:\Program Files\Microsoft Silverlight
2013-10-30 03:30:01 . 2013-10-30 03:30:01    25992    ----a-w-    C:\WINDOWS\system32\pgdfgsvc.exe
2013-10-29 13:07:53 . 2013-10-29 13:07:53    --------    d-----w-    C:\Program Files\Common Files\Lavasoft
2013-10-29 02:02:52 . 2013-04-04 19:50:32    22856    ----a-w-    C:\WINDOWS\system32\drivers\mbam.sys
2013-10-29 02:02:51 . 2013-10-29 02:02:56    --------    d-----w-    C:\Program Files\Malwarebytes' Anti-Malware
2013-10-28 17:39:12 . 2013-10-28 17:41:00    --------    d-----w-    C:\AdwCleaner
2013-10-28 02:37:14 . 2013-10-28 02:37:14    --------    d-----w-    C:\Documents and Settings\Possumsjagger\Application Data\Lavasoft
2013-10-15 01:24:11 . 2013-07-03 02:12:52    25088    -c----w-    C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-15 01:24:11 . 2013-07-03 01:59:02    14976    -c----w-    C:\WINDOWS\system32\dllcache\usbscan.sys
2013-10-15 01:23:20 . 2013-07-17 00:58:17    123008    -c----w-    C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-15 01:23:20 . 2013-07-17 00:58:06    46848    -c----w-    C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-15 01:23:20 . 2013-07-17 00:58:03    60160    -c----w-    C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-15 01:22:45 . 2013-08-09 00:55:08    144128    -c----w-    C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-15 01:22:45 . 2013-08-09 00:55:07    32384    -c----w-    C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-10-15 01:22:45 . 2013-08-09 00:55:06    5376    -c----w-    C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-15 01:22:45 . 2009-03-18 11:02:23    30336    -c----w-    C:\WINDOWS\system32\dllcache\usbehci.sys
2013-10-09 14:48:33 . 2013-10-09 15:48:37    17813896    ----a-w-    C:\WINDOWS\system32\FlashPlayerInstaller.exe
.


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-10-13 18:50:00 . 2013-09-29 17:13:45    37664    ----a-w-    C:\WINDOWS\system32\drivers\avgtpx86.sys
2013-10-09 15:48:41 . 2012-08-16 22:06:30    71048    ----a-w-    C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-09 15:48:41 . 2012-08-16 22:06:30    692616    ----a-w-    C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-29 21:00:20 . 2013-09-29 21:00:20    13560    ----a-w-    C:\WINDOWS\system32\drivers\gfibto.sys
2013-09-29 21:00:20 . 2012-07-18 19:21:54    44424    ----a-w-    C:\WINDOWS\system32\sbbd.exe
2013-09-26 01:57:14 . 2013-08-01 21:06:14    120632    ----a-w-    C:\WINDOWS\system32\drivers\avgdiskx.sys
2013-09-23 18:33:58 . 2006-03-04 03:33:46    920064    ----a-w-    C:\WINDOWS\system32\wininet.dll
2013-09-23 18:33:57 . 2004-08-04 10:00:00    43520    ------w-    C:\WINDOWS\system32\licmgr10.dll
2013-09-23 18:33:57 . 2004-08-04 10:00:00    1469440    ------w-    C:\WINDOWS\system32\inetcpl.cpl
2013-09-23 18:33:56 . 2004-08-04 10:00:00    18944    ----a-w-    C:\WINDOWS\system32\corpol.dll
2013-09-23 18:06:48 . 2004-08-04 10:00:00    385024    ------w-    C:\WINDOWS\system32\html.iec
2013-09-11 03:11:44 . 2013-09-11 03:11:44    22840    ----a-w-    C:\WINDOWS\system32\drivers\avgidsshimx.sys
2013-09-09 03:12:16 . 2013-09-09 03:12:16    27448    ----a-w-    C:\WINDOWS\system32\drivers\avgrkx86.sys
2013-09-02 15:39:32 . 2013-09-02 15:39:32    176952    ----a-w-    C:\WINDOWS\system32\drivers\avgldx86.sys
2013-09-02 15:28:06 . 2013-09-02 15:28:06    145720    ----a-w-    C:\WINDOWS\system32\drivers\avgidshx.sys
2013-09-02 15:28:04 . 2013-09-02 15:28:04    209208    ----a-w-    C:\WINDOWS\system32\drivers\avgidsdriverx.sys
2013-09-02 15:28:00 . 2013-09-02 15:28:00    223032    ----a-w-    C:\WINDOWS\system32\drivers\avglogx.sys
2013-08-29 01:31:44 . 2004-08-04 10:00:00    1878656    ----a-w-    C:\WINDOWS\system32\win32k.sys
2013-08-21 03:54:04 . 2013-08-21 03:54:04    102200    ----a-w-    C:\WINDOWS\system32\drivers\avgmfx86.sys
2013-08-09 01:56:45 . 2004-08-04 10:00:00    386560    ----a-w-    C:\WINDOWS\system32\themeui.dll
2013-08-09 00:55:08 . 2004-08-04 10:00:00    144128    ----a-w-    C:\WINDOWS\system32\drivers\usbport.sys
2013-08-09 00:55:07 . 2004-08-04 10:00:00    32384    ----a-w-    C:\WINDOWS\system32\drivers\usbccgp.sys
2013-08-09 00:55:06 . 2004-08-04 10:00:00    5376    ----a-w-    C:\WINDOWS\system32\drivers\usbd.sys


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 22:37:00    579024    ----a-w-    C:\Program Files\Google\Drive\googledrivesync32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 22:37:00    579024    ----a-w-    C:\Program Files\Google\Drive\googledrivesync32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 22:37:00    579024    ----a-w-    C:\Program Files\Google\Drive\googledrivesync32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 22:37:00    579024    ----a-w-    C:\Program Files\Google\Drive\googledrivesync32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 22:37:00    579024    ----a-w-    C:\Program Files\Google\Drive\googledrivesync32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 22:37:00    579024    ----a-w-    C:\Program Files\Google\Drive\googledrivesync32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2013-10-19 03:25:57 456768]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-07-14 15:25:25 109784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20:49:12 20065384]
"AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe" [2013-10-08 00:54:20 4908592]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]
"SDTray"="C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 17:19:26 5624784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
GomezPEER.lnk - C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe [2011-4-27 73728]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart\0\0sdnclean.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Documents and Settings\\Werner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"S:\\Age of Conan\\ConanPatcher.exe"=
"C:\\Program Files\\ICQ7M\\ICQ.exe"=
"C:\\BTGUARD\\uTorrent.exe"=
"S:\\Everquest II\\EQ2VoiceService.exe"=
"C:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"C:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"C:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
"S:\\swtor\\launcher.exe"=
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"Y:\\BitTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 AVGIDSHX;AVGIDSHX;C:\WINDOWS\system32\drivers\avgidshx.sys [9/2/2013 9:28:06 AM 145720]
R0 Avglogx;AVG Logging Driver;C:\WINDOWS\system32\drivers\avglogx.sys [9/2/2013 9:28:00 AM 223032]
R0 Avgrkx86;AVG Anti-Rootkit Driver;C:\WINDOWS\system32\drivers\avgrkx86.sys [9/8/2013 9:12:16 PM 27448]
R0 gfibto;gfibto;C:\WINDOWS\system32\drivers\gfibto.sys [9/29/2013 3:00:20 PM 13560]
R1 Avgdiskx;AVG Disk Driver;C:\WINDOWS\system32\drivers\avgdiskx.sys [8/1/2013 3:06:14 PM 120632]
R1 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\system32\drivers\avgidsdriverx.sys [9/2/2013 9:28:04 AM 209208]
R1 AVGIDSShim;AVGIDSShim;C:\WINDOWS\system32\drivers\avgidsshimx.sys [9/10/2013 9:11:44 PM 22840]
R1 Avgldx86;AVG AVI Loader Driver;C:\WINDOWS\system32\drivers\avgldx86.sys [9/2/2013 9:39:32 AM 176952]
R1 Avgtdix;AVG TDI Driver;C:\WINDOWS\system32\drivers\avgtdix.sys [8/1/2013 3:08:52 PM 193848]
R1 avgtp;avgtp;C:\WINDOWS\system32\drivers\avgtpx86.sys [9/29/2013 11:13:45 AM 37664]
R1 BS_I2cIo;BS_I2cIo;C:\WINDOWS\system32\drivers\BS_I2cIo.sys [10/24/2012 11:51:49 AM 8192]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\drivers\VBoxDrv.sys [8/23/2012 6:25:20 PM 158552]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\drivers\VBoxUSBMon.sys [8/23/2012 6:25:00 PM 91992]
R2 avgfws;AVG Firewall;C:\Program Files\AVG\AVG2014\avgfws.exe [9/25/2013 8:55:10 PM 1358944]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files\AVG\AVG2014\avgidsagent.exe [10/3/2013 9:00:24 PM 3538480]
R2 avgwd;AVG WatchDog;C:\Program Files\AVG\AVG2014\avgwdsvc.exe [9/25/2013 8:47:22 PM 301152]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [11/3/2013 4:34:27 PM 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [11/3/2013 4:34:30 PM 1042272]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\WINDOWS\system32\drivers\AtihdXP3.sys [4/4/2012 6:06:18 PM 103040]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\drivers\avgfwdx.sys [1/12/2012 6:52:06 PM 30944]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\WINDOWS\system32\drivers\VBoxNetAdp.sys [8/20/2012 4:32:30 PM 104792]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\WINDOWS\system32\drivers\VBoxNetFlt.sys [8/20/2012 4:32:30 PM 116056]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [11/3/2013 4:34:31 PM 171416]
S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [4/4/2012 11:11:55 AM 1691480]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\drivers\avgfwdx.sys [1/12/2012 6:52:06 PM 30944]
S4 CSHelper;CopySafe Helper Service;C:\WINDOWS\system32\CSHelper.exe [5/14/2013 12:32:25 PM 266240]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-16 12:54:24    1185744    ----a-w-    C:\Program Files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe

Contents of the 'Scheduled Tasks' folder

2013-11-04 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 22:06:30 . 2013-10-09 15:49:42]

2013-11-04 C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-11-03 22:34:30 . 2013-09-20 16:57:22]

2013-11-04 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-04 20:46:37 . 2012-04-04 20:46:34]

2013-11-04 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-04 20:46:37 . 2012-04-04 20:46:34]

2013-11-03 C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-11-03 22:34:28 . 2013-09-20 16:49:14]

2013-11-03 C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
- C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2013-11-03 22:34:27 . 2013-09-20 16:51:08]


------- Supplementary Scan -------

IE: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: google.com\mail
Trusted Zone: googleusercontent.com\mail-attachment
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.0.2 192.168.1.1
TCP: Interfaces\{6AF5D1E5-4A96-4D5C-91F2-62C0D52E389A}: NameServer = 66.38.0.240,66.38.1.240
FF - ProfilePath - C:\Documents and Settings\Possumsjagger\Application Data\Mozilla\Firefox\Profiles\58hjwsem.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/
FF - prefs.js: keyword.URL - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=bs&q=
FF - prefs.js: network.proxy.ftp_port - 8001
FF - prefs.js: network.proxy.http_port - 8001
FF - prefs.js: network.proxy.socks_port - 8001
FF - prefs.js: network.proxy.ssl_port - 8001
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-09-29 13:32; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Documents and Settings\Possumsjagger\Application Data\Mozilla\Firefox\Profiles\58hjwsem.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-09-29 13:32; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Documents and Settings\Possumsjagger\Application Data\Mozilla\Firefox\Profiles\58hjwsem.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

- - - - ORPHANS REMOVED - - - -

BHO-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Notify-SDWinLogon - SDWinLogon.dll

 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 05 November 2013 - 07:53 AM

Since I installed a program yesterday (7zip) I ran combofix again and it had some references to 7zip. I think I got it off download.com, should be a safe site.

You should always download programs from the original company site. Some files from Download.com have been known to be infected.

In you case it may just be that the file was removed since it's in a Temp folder.
===

I just re-installed AVG but it does not seem to have helped. When I rebooted the linkscanner was turned off.

I'm not sure of this but could there be a conflick with the WOT Extension that does the same thing?

Disable it from the Firefox extension.
FF - ExtSQL: 2013-09-29 13:32; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Documents and Settings\Possumsjagger\Application Data\Mozilla\Firefox\Profiles\58hjwsem.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
Keep me posted.

===

Remove the Ad-Aware security center items.

Open notepad and copy/paste the text in the quote box below into it:

SecCenter::
{22CB8761-914A-11CF-B705-00AA0062CBB7}
{9211320F-6C40-4035-BBDE-3C96ED504F33}
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Please post also a fresh DDS log for my review.

#10 jefferysitz

jefferysitz
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 05 November 2013 - 04:48 PM

I might to have fixed the pausing problem.  Java.exe was using almost 100 percent of CPU.  I uninstalled Java and am waiting around to see if it fixed it.

 

ComboFix 13-11-03.02 - Possumsjagger 11/05/2013  15:36:08.7.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3327.2562 [GMT -6:00]
Running from: c:\documents and settings\Possumsjagger\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Possumsjagger\Desktop\cfscript.txt
AV: Ad-Aware Antivirus *Disabled/Outdated* {22CB8761-914A-11CF-B705-00AA0062CBB7}
AV: AVG Internet Security 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Ad-Aware Firewall *Disabled* {9211320F-6C40-4035-BBDE-3C96ED504F33}
FW: AVG Internet Security 2014 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\docume~1\POSSUM~1\LOCALS~1\Temp\SevenZipJBinding-N8q7X\lib7-Zip-JBinding.dll
c:\documents and settings\Possumsjagger\Local Settings\temp\SevenZipJBinding-N8q7X\lib7-Zip-JBinding.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-05 to 2013-11-05  )))))))))))))))))))))))))))))))
.
.
2013-11-05 00:17 . 2013-11-05 00:21    --------    d-----w-    c:\documents and settings\All Users\Application Data\SecTaskMan
2013-11-05 00:16 . 2013-11-05 00:17    --------    d-----w-    c:\program files\Security Task Manager
2013-11-03 22:34 . 2013-09-20 16:49    18968    ----a-w-    c:\windows\system32\sdnclean.exe
2013-11-03 22:34 . 2013-11-04 19:34    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2013-11-03 20:09 . 2013-11-03 20:09    --------    d-----w-    c:\program files\VS Revo Group
2013-11-03 18:15 . 2013-11-03 18:15    --------    d-----w-    c:\program files\7-Zip
2013-10-30 19:45 . 2013-10-30 19:45    --------    d-----w-    c:\program files\Microsoft Silverlight
2013-10-30 03:30 . 2013-10-30 03:30    25992    ----a-w-    c:\windows\system32\pgdfgsvc.exe
2013-10-29 13:07 . 2013-10-29 13:07    --------    d-----w-    c:\program files\Common Files\Lavasoft
2013-10-29 02:02 . 2013-04-04 19:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-29 02:02 . 2013-10-29 02:02    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-10-28 17:39 . 2013-10-28 17:41    --------    d-----w-    C:\AdwCleaner
2013-10-28 02:37 . 2013-10-28 02:37    --------    d-----w-    c:\documents and settings\Possumsjagger\Application Data\Lavasoft
2013-10-15 01:24 . 2013-07-03 02:12    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2013-10-15 01:24 . 2013-07-03 01:59    14976    -c----w-    c:\windows\system32\dllcache\usbscan.sys
2013-10-15 01:23 . 2013-07-17 00:58    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2013-10-15 01:23 . 2013-07-17 00:58    46848    -c----w-    c:\windows\system32\dllcache\irbus.sys
2013-10-15 01:23 . 2013-07-17 00:58    60160    -c----w-    c:\windows\system32\dllcache\usbaudio.sys
2013-10-15 01:22 . 2013-08-09 00:55    144128    -c----w-    c:\windows\system32\dllcache\usbport.sys
2013-10-15 01:22 . 2013-08-09 00:55    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2013-10-15 01:22 . 2013-08-09 00:55    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2013-10-15 01:22 . 2009-03-18 11:02    30336    -c----w-    c:\windows\system32\dllcache\usbehci.sys
2013-10-09 14:48 . 2013-10-09 15:48    17813896    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-13 18:50 . 2013-09-29 17:13    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-10-09 15:48 . 2012-08-16 22:06    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 15:48 . 2012-08-16 22:06    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-29 21:00 . 2013-09-29 21:00    13560    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-09-29 21:00 . 2012-07-18 19:21    44424    ----a-w-    c:\windows\system32\sbbd.exe
2013-09-26 01:57 . 2013-08-01 21:06    120632    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
2013-09-23 18:33 . 2006-03-04 03:33    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2004-08-04 10:00    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2004-08-04 10:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2004-08-04 10:00    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2004-08-04 10:00    385024    ------w-    c:\windows\system32\html.iec
2013-09-11 03:11 . 2013-09-11 03:11    22840    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 03:12 . 2013-09-09 03:12    27448    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 15:39 . 2013-09-02 15:39    176952    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-09-02 15:28 . 2013-09-02 15:28    145720    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-09-02 15:28 . 2013-09-02 15:28    209208    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 15:28 . 2013-09-02 15:28    223032    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-08-29 01:31 . 2004-08-04 10:00    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-21 03:54 . 2013-08-21 03:54    102200    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2013-08-09 01:56 . 2004-08-04 10:00    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2004-08-04 10:00    144128    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2004-08-04 10:00    32384    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2004-08-04 10:00    5376    ----a-w-    c:\windows\system32\drivers\usbd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 22:37    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 22:37    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 22:37    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 22:37    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 22:37    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 22:37    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-10-19 456768]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-07-14 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-08 4908592]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Werner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"s:\\Age of Conan\\ConanPatcher.exe"=
"c:\\Program Files\\ICQ7M\\ICQ.exe"=
"c:\\BTGUARD\\uTorrent.exe"=
"s:\\Everquest II\\EQ2VoiceService.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
"s:\\swtor\\launcher.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"y:\\BitTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [9/2/2013 9:28 AM 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/2/2013 9:28 AM 223032]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/8/2013 9:12 PM 27448]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [9/29/2013 3:00 PM 13560]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [8/1/2013 3:06 PM 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [9/2/2013 9:28 AM 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/10/2013 9:11 PM 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/2/2013 9:39 AM 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [8/1/2013 3:08 PM 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/29/2013 11:13 AM 37664]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [10/24/2012 11:51 AM 8192]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [8/23/2012 6:25 PM 158552]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [8/23/2012 6:25 PM 91992]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2014\avgfws.exe [9/25/2013 8:55 PM 1358944]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [9/25/2013 8:47 PM 301152]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [11/3/2013 4:34 PM 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [11/3/2013 4:34 PM 1042272]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [4/4/2012 6:06 PM 103040]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 6:52 PM 30944]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8/20/2012 4:32 PM 104792]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [8/20/2012 4:32 PM 116056]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [10/3/2013 9:00 PM 3538480]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [11/3/2013 4:34 PM 171416]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/4/2012 11:11 AM 1691480]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 6:52 PM 30944]
S4 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [5/14/2013 12:32 PM 266240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-16 12:54    1185744    ----a-w-    c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 15:49]
.
2013-11-05 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-11-03 16:57]
.
2013-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 20:46]
.
2013-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 20:46]
.
2013-11-03 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-11-03 16:49]
.
2013-11-03 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-11-03 16:51]
.
.
------- Supplementary Scan -------
.
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: google.com\mail
Trusted Zone: googleusercontent.com\mail-attachment
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.0.2 192.168.1.1
TCP: Interfaces\{6AF5D1E5-4A96-4D5C-91F2-62C0D52E389A}: NameServer = 66.38.0.240,66.38.1.240
FF - ProfilePath - c:\documents and settings\Possumsjagger\Application Data\Mozilla\Firefox\Profiles\58hjwsem.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/
FF - prefs.js: keyword.URL - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=bs&q=
FF - prefs.js: network.proxy.ftp_port - 8001
FF - prefs.js: network.proxy.http_port - 8001
FF - prefs.js: network.proxy.socks_port - 8001
FF - prefs.js: network.proxy.ssl_port - 8001
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-09-29 13:32; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\Possumsjagger\Application Data\Mozilla\Firefox\Profiles\58hjwsem.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-09-29 13:32; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\Possumsjagger\Application Data\Mozilla\Firefox\Profiles\58hjwsem.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-05 15:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1214440339-1229272821-839522115-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1620)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(4392)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2013-11-05  15:41:20
ComboFix-quarantined-files.txt  2013-11-05 21:41
ComboFix2.txt  2013-11-03 20:38
.
Pre-Run: 35,531,366,400 bytes free
Post-Run: 35,516,407,808 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - E8ED92D3F1DA59EB596E00874B574EA4
8F558EB6672622401DA993E1E865C861
 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Possumsjagger at 15:43:50 on 2013-11-05
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3327.2308 [GMT -6:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {22CB8761-914A-11CF-B705-00AA0062CBB7}
AV: AVG Internet Security 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2014 *Enabled*
FW: Ad-Aware Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351291633796
TCP: NameServer = 10.0.0.2 192.168.1.1
TCP: Interfaces\{6AF5D1E5-4A96-4D5C-91F2-62C0D52E389A} : NameServer = 66.38.0.240,66.38.1.240
TCP: Interfaces\{6AF5D1E5-4A96-4D5C-91F2-62C0D52E389A} : DHCPNameServer = 10.0.0.2 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: SDWinLogon - SDWinLogon.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\possumsjagger\application data\mozilla\firefox\profiles\58hjwsem.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/
FF - prefs.js: keyword.URL - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=bs&q=
FF - prefs.js: network.proxy.ftp_port - 8001
FF - prefs.js: network.proxy.http_port - 8001
FF - prefs.js: network.proxy.socks_port - 8001
FF - prefs.js: network.proxy.ssl_port - 8001
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\possumsjagger\application data\sony online entertainment\npsoe.dll
FF - plugin: c:\documents and settings\possumsjagger\application data\sony online entertainment\npsoeact.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-09-29 13:32; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\possumsjagger\application data\mozilla\firefox\profiles\58hjwsem.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-09-29 13:32; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\possumsjagger\application data\mozilla\firefox\profiles\58hjwsem.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-9-2 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-9-2 223032]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-8-20 102200]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-8 27448]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-9-29 13560]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-9-2 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-9-2 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-9-29 37664]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2012-10-24 8192]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2012-8-23 158552]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2012-8-23 91992]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2014\avgfws.exe [2013-9-25 1358944]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-10-3 3538480]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-25 301152]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-11-3 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-11-3 1042272]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-4-4 103040]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2012-8-20 104792]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2012-8-20 116056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-11-3 171416]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-4-4 1691480]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2013-5-14 266240]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-10-13 18:50:00    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-10-09 15:48:41    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 15:48:41    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-29 21:00:20    44424    ----a-w-    c:\windows\system32\sbbd.exe
2013-09-29 21:00:20    13560    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-09-26 01:57:14    120632    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
2013-09-23 18:33:58    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33:57    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 18:06:48    385024    ------w-    c:\windows\system32\html.iec
2013-09-11 03:11:44    22840    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 03:12:16    27448    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 15:39:32    176952    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-09-02 15:28:06    145720    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-09-02 15:28:04    209208    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 15:28:00    223032    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-08-29 01:31:44    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-09 01:56:45    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-09 00:55:08    144128    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07    32384    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06    5376    ----a-w-    c:\windows\system32\drivers\usbd.sys
.
============= FINISH: 15:44:02.03 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/4/2012 11:50:49 AM
System Uptime: 11/4/2013 6:08:29 PM (21 hours ago)
.
Motherboard: BIOSTAR Group |  | TA780G M2+
Processor: AMD Athlon™ 7750 Dual-Core Processor | CPU 1 | 2700/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 73 GiB total, 33.111 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
S: is FIXED (NTFS) - 186 GiB total, 14.727 GiB free.
Y: is FIXED (NTFS) - 74 GiB total, 46.045 GiB free.
Z: is FIXED (NTFS) - 195 GiB total, 45.235 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB Device
Device ID: USB\VID_4348&PID_5512\5&CF8D8DA&0&1
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_4348&PID_5512\5&CF8D8DA&0&1
Service:
.
==== System Restore Points ===================
.
RP1: 10/29/2013 7:56:40 AM - System Checkpoint
RP2: 10/29/2013 8:06:22 AM - AA11
RP3: 10/29/2013 8:07:55 AM - AA11
RP4: 10/29/2013 8:11:05 AM - Removed Microsoft Silverlight
RP5: 10/29/2013 8:11:40 AM - Configured Microsoft Flight Simulator X Demo
RP6: 10/30/2013 8:39:05 AM - System Checkpoint
RP7: 10/31/2013 4:49:07 PM - System Checkpoint
RP8: 11/1/2013 5:39:04 PM - System Checkpoint
RP9: 11/2/2013 3:15:58 PM - Installed Microsoft Office PowerPoint Viewer 2007 (English)
RP10: 11/3/2013 3:14:57 PM - Software Distribution Service 3.0
RP11: 11/3/2013 4:18:57 PM - Revo Uninstaller's restore point - Spybot - Search & Destroy
RP12: 11/4/2013 6:11:50 PM - Software Distribution Service 3.0
RP13: 11/4/2013 6:19:28 PM - Move file to quarantine: {6c97a91e-4524-4019-86af-2aa2d567bf5c}
RP14: 11/4/2013 6:19:51 PM - Move file to quarantine: {95B7759C-8C7F-4BF1-B163-73684A933233}
.
==== Installed Programs ======================
.
µTorrent
135 HP Piper Tripacer, N3343A
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Adobe Shockwave Player 12.0
Age of Conan: Unchained
AMD Catalyst Install Manager
AMD Processor Driver
AntimalwareEngine
ArtistScope Plugin FX
ATI AVIVO Codecs
ATI Parental Control & Encoder
AVG 2012
AVG 2014
AVG SafeGuard toolbar
Beechcraft Bonanza F33A For FS2004
Belarc Advisor 8.1
BTGuard 2.6
calibre
Carenado C 152 II
Carenado Mooney M20J
Carenado Piper Dakota 236
Carenado Premium Cessna 210M Centurion II
CCleaner
Cisco Connect
CloneSpy 2.7
Defraggler
EditVoicepack
EQ2MAP Updater 1.2.10
EverQuest
EverQuest II
Explorer Suite IV
EZ Scenery Library
FSGenesis Afghanistan - North 19m Terrain Mesh for FS2004
FSGenesis Afghanistan - South 19m Terrain Mesh for FS2004
FSGenesis Alabama 19m Terrain Mesh for FS2004
FSGenesis Alaska 38.2m Terrain
FSGenesis Alaska 76.4m Terrain
FSGenesis Alberta 19m Terrain Mesh for FS2004
FSGenesis Alps 19.1m Terrain
FSGenesis Andes Mountains 76.4m Terrain
FSGenesis Appalachians & Northeast 38m Terrain
FSGenesis Arizona 19m Terrain Mesh for FS2004
FSGenesis Arkansas 19m Terrain Mesh for FS2004
FSGenesis Atlantic Canada 38.2m Terrain
FSGenesis Australia 76.4m Terrain
FSGenesis Belarus 19m Terrain Mesh for FS2004
FSGenesis Brazilian Highlands 76.4m Terrain
FSGenesis British Columbia - NE 19m Terrain Mesh for FS2004
FSGenesis British Columbia - NW 19m Terrain Mesh for FS2004
FSGenesis British Columbia - SE 19m Terrain Mesh for FS2004
FSGenesis British Columbia - SW 19m Terrain Mesh for FS2004
FSGenesis Bulgaria 19m Terrain Mesh for FS2004
FSGenesis California 19m Terrain Mesh for FS2004
FSGenesis Canada 76.4m Terrain
FSGenesis Canada Interior Plains 38.2m Terrain
FSGenesis Central Africa 76.4m Terrain
FSGenesis Colorado 19m Terrain Mesh for FS2004
FSGenesis Cordillera Canada 38.2m Terrain
FSGenesis Cuba 19m Terrain Mesh for FS2004
FSGenesis Cypress 19m Terrain Mesh for FS2004
FSGenesis Eastern Hemisphere - North 153m Terrain
FSGenesis Eastern Hemisphere - Southeast 153m Terrain
FSGenesis Eastern Hemisphere - Southwest 153m Terrain
FSGenesis Eastern Hemisphere 306m Terrain
FSGenesis Eastern Siberia Terrain Mesh for FS2004
FSGenesis Egypt - North 19m Terrain Mesh for FS2004
FSGenesis Egypt - South 19m Terrain Mesh for FS2004
FSGenesis Ethiopia - North 19m Terrain Mesh for FS2004
FSGenesis Ethiopia - South 19m Terrain Mesh for FS2004
FSGenesis Europe 76.4m Terrain
FSGenesis Florida 19m Terrain Mesh for FS2004
FSGenesis Georgia 19m Terrain Mesh for FS2004
FSGenesis Greece 19m Terrain Mesh for FS2004
FSGenesis Hawaiian Islands 10m Terrain & Landclass
FSGenesis Himalayas 76.4m Terrain
FSGenesis Hungary 19m Terrain Mesh for FS2004
FSGenesis Idaho 19m Terrain Mesh for FS2004
FSGenesis Illinois 19m Terrain Mesh for FS2004
FSGenesis Indiana 19m Terrain Mesh for FS2004
FSGenesis Iowa 19m Terrain Mesh for FS2004
FSGenesis Iran - North 19m Terrain Mesh for FS2004
FSGenesis Iran - South 19m Terrain Mesh for FS2004
FSGenesis Iraq 19m Terrain Mesh for FS2004
FSGenesis Israel 19m Terrain Mesh for FS2004
FSGenesis Jordan 19m Terrain Mesh for FS2004
FSGenesis Kansas 19m Terrain Mesh for FS2004
FSGenesis Kentucky 19m Terrain Mesh for FS2004
FSGenesis Lebanon 19m Terrain Mesh for FS2004
FSGenesis Libya - Central 19m Terrain Mesh for FS2004
FSGenesis Libya - North 19m Terrain Mesh for FS2004
FSGenesis Libya - South 19m Terrain Mesh for FS2004
FSGenesis Louisiana 19m Terrain Mesh for FS2004
FSGenesis Madagascar 19m Terrain Mesh for FS2004
FSGenesis Maine 19m Terrain Mesh for FS2004
FSGenesis Manitoba 19m Terrain Mesh for FS2004
FSGenesis Maryland-Delaware 19m Terrain Mesh for FS2004
FSGenesis Massachutsetts-Connecticut-Rhode Island 19m Terrain Mesh for FS2004
FSGenesis Mexico 38.2m Terrain
FSGenesis Michigan 19m Terrain Mesh for FS2004
FSGenesis Middle East 76.4m Terrain
FSGenesis Minnesota 19m Terrain Mesh for FS2004
FSGenesis Mississippi 19m Terrain Mesh for FS2004
FSGenesis Missouri 19m Terrain Mesh for FS2004
FSGenesis Montana 19m Terrain Mesh for FS2004
FSGenesis Nebraska 19m Terrain Mesh for FS2004
FSGenesis Nevada 19m Terrain Mesh for FS2004
FSGenesis New Brunswick 19m Terrain Mesh for FS2004
FSGenesis New Hampshire 19m Terrain Mesh for FS2004
FSGenesis New Jersey 19m Terrain Mesh for FS2004
FSGenesis New Mexico 19m Terrain Mesh for FS2004
FSGenesis New York 19m Terrain Mesh for FS2004
FSGenesis Newfoundland 19m Terrain Mesh for FS2004
FSGenesis North Asia 76.4m Terrain
FSGenesis North Atlantic Terrain for FS2004
FSGenesis North Carolina 19m Terrain Mesh for FS2004
FSGenesis North Dakota 19m Terrain Mesh for FS2004
FSGenesis Northern Africa 76.4m Terrain
FSGenesis Northern Canada 76.4m Terrain
FSGenesis Northern Russia Terrain Mesh for FS2004
FSGenesis Northwest Territories - Central 19m Terrain Mesh for FS2004
FSGenesis Northwest Territories - North 19m Terrain Mesh for FS2004
FSGenesis Northwest Territories - South 19m Terrain Mesh for FS2004
FSGenesis Nova Scotia 19m Terrain Mesh for FS2004
FSGenesis Ohio 19m Terrain Mesh for FS2004
FSGenesis Oklahoma 19m Terrain Mesh for FS2004
FSGenesis Oman 19m Terrain Mesh for FS2004
FSGenesis Ontario - North 19m Terrain Mesh for FS2004
FSGenesis Ontario - South 19m Terrain Mesh for FS2004
FSGenesis Ontario 38.2m Terrain
FSGenesis Oregon 19m Terrain Mesh for FS2004
FSGenesis Pacific Islands 76.4m Terrain
FSGenesis Pakistan - North 19m Terrain Mesh for FS2004
FSGenesis Pakistan - South 19m Terrain Mesh for FS2004
FSGenesis Pennsylvania 19m Terrain Mesh for FS2004
FSGenesis Poland 19m Terrain Mesh for FS2004
FSGenesis Quebec - Central 19m Terrain Mesh for FS2004
FSGenesis Quebec - North 19m Terrain Mesh for FS2004
FSGenesis Quebec - South 19m Terrain Mesh for FS2004
FSGenesis Romania 19m Terrain Mesh for FS2004
FSGenesis Russia 76.4m Terrain
FSGenesis Saskatchewan 19m Terrain Mesh for FS2004
FSGenesis Saudi Arabia - Central 19m Terrain Mesh for FS2004
FSGenesis Saudi Arabia - North 19m Terrain Mesh for FS2004
FSGenesis Saudi Arabia - South 19m Terrain Mesh for FS2004
FSGenesis Scandinavia Terrain Mesh for FS2004
FSGenesis Slovakia 19m Terrain Mesh for FS2004
FSGenesis South Asia & Indonesia 76.4m Terrain
FSGenesis South Carolina 19m Terrain Mesh for FS2004
FSGenesis South Dakota 19m Terrain Mesh for FS2004
FSGenesis Southern Africa 76.4m Terrain
FSGenesis Syria 19m Terrain Mesh for FS2004
FSGenesis Tennessee 19m Terrain Mesh for FS2004
FSGenesis Texas & Southeast 38m Terrain
FSGenesis Texas 19m Terrain Mesh for FS2004
FSGenesis The Balkans 19m Terrain Mesh for FS2004
FSGenesis The Great Plains 38m Terrain
FSGenesis The Orient 76.4m Terrain
FSGenesis The Rockies 38m Terrain
FSGenesis The West Coast 38m Terrain
FSGenesis Turkey - East 19m Terrain Mesh for FS2004
FSGenesis Turkey - West 19m Terrain Mesh for FS2004
FSGenesis Ukraine - East 19m Terrain Mesh for FS2004
FSGenesis Ukraine - West 19m Terrain Mesh for FS2004
FSGenesis United States 76.4m Terrain
FSGenesis Utah 19m Terrain Mesh for FS2004
FSGenesis Venezuela & Angel Falls 76.4m Terrain
FSGenesis Vermont 19m Terrain Mesh for FS2004
FSGenesis Virginia 19m Terrain Mesh for FS2004
FSGenesis Washington 19m Terrain Mesh for FS2004
FSGenesis West Virginia 19m Terrain Mesh for FS2004
FSGenesis Western Hemisphere - North 153m Terrain
FSGenesis Western Hemisphere - South 153m Terrain
FSGenesis Western Hemisphere 306m Terrain
FSGenesis Western Siberia Terrain Mesh for FS2004
FSGenesis Wisconsin 19m Terrain Mesh for FS2004
FSGenesis Worldwide LOD 4/5/6 Terrain
FSGenesis Wyoming 19m Terrain Mesh for FS2004
FSGenesis Yemen 19m Terrain Mesh for FS2004
FSGenesis Yukon Territory - N 19m Terrain Mesh for FS2004
FSGenesis Yukon Territory - S 19m Terrain Mesh for FS2004
FSGenesis Yukon Territory 38.2m Terrain
FSNavigator
FSrealWX lite version 1.06.1469
Google Chrome
Google Drive
Google Earth Plug-in
Google Update Helper
Hawker Hurricane IIA for FS2004
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
ICQ7M
ImgBurn
IrfanView (remove only)
LibreOffice 4.0 Help Pack (English)
LibreOffice 4.0.1.2
LightScribe  1.4.142.1
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Combat Flight Simulator
Microsoft Flight
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyDefrag v4.3.1
MySQL Server 5.5
OpenAL
Oracle VM VirtualBox 4.1.20
PeerBlock 1.1 (r518)
Plan-G
Plan-G v3
PowerISO
Radio Range v4.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
RIFT
RoboForm 7-9-0-0 (All Users)
Rwy12 Library
SecondLifeViewer (remove only)
Secure Download Manager
Security Task Manager 1.8g
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB923789)
Skyhawk 172R by Flight One Software
Spybot - Search & Destroy
SpywareBlaster 5.0
Star Wars: The Old Republic
Strongvault Online Backup
swMSM
SyncToy 2.1 (x86)
T Utility Over Clock II
Tseries BIOS Update
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
VC 9.0 Runtime
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.3
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format Runtime
WinPatrol
WinRAR archiver
Xtreme RDP ActiveX Control
Yahoo! Messenger
Youtube Downloader HD v. 2.9.6
ZoneAlarm Firewall
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
11/3/2013 4:35:10 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
11/3/2013 4:35:10 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
11/3/2013 4:35:10 PM, error: Service Control Manager [7000]  - The Spybot-S&D 2 Security Center Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
11/3/2013 4:35:10 PM, error: Service Control Manager [7000]  - The Spybot-S&D 2 Scanner Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
11/1/2013 12:09:04 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the TrkWks service.
10/30/2013 12:12:02 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
10/30/2013 12:11:26 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the dmserver service.
10/29/2013 7:54:51 AM, error: Service Control Manager [7000]  - The Ad-Aware Service 11 service failed to start due to the following error:  The system cannot find the file specified.
10/29/2013 7:50:38 PM, error: Service Control Manager [7016]  - The BrSplService service has reported an invalid current state 0.
10/29/2013 7:44:23 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/29/2013 7:43:10 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/29/2013 7:43:04 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdPPM Avgdiskx AVGIDSDriver AVGIDSShim Avgldx86 BANTExt BS_I2cIo Fips SCDEmu VBoxDrv VBoxUSBMon
10/29/2013 7:43:04 AM, error: Service Control Manager [7001]  - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/29/2013 7:41:50 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/29/2013 7:36:32 AM, error: Service Control Manager [7034]  - The Ad-Aware Service 11 service terminated unexpectedly.  It has done this 1 time(s).
10/29/2013 12:19:41 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
.
==== End Of File ===========================
 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 06 November 2013 - 09:13 AM

Did you disable Teatimer as suggested in post No. 6?

The Security Center Ad-Aware registry entries were not removed.
The programs has been removed so not causing any problems.

Repeat my ComboFix script in post no 9 if TeaTimer was enable when you did it the last time.
If not let it go.
===

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Let me know what problem persists.

#12 jefferysitz

jefferysitz
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 06 November 2013 - 11:57 AM

I did not totally understand your instructions on how to get rid of WoT.  I went to the Firefox extensions tab and deleted it from there, and it appeared to erase the folder inside application data.

 

Yesterday Spybot 2 was running and even though it says it has no real time protection, who knows.  I did a uninstall on it and rebooted.

 

I disabled avg, ran the script on it again and here is the log.  After will be the Security Check log with AVG active again.

 

ComboFix 13-11-04.01 - Possumsjagger 11/06/2013  10:33:31.8.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3327.2645 [GMT -6:00]
Running from: c:\documents and settings\Possumsjagger\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Possumsjagger\Desktop\cfscript.txt
AV: AVG Internet Security 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2014 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-06 to 2013-11-06  )))))))))))))))))))))))))))))))
.
.
2013-11-05 00:17 . 2013-11-05 00:21    --------    d-----w-    c:\documents and settings\All Users\Application Data\SecTaskMan
2013-11-05 00:16 . 2013-11-05 00:17    --------    d-----w-    c:\program files\Security Task Manager
2013-11-03 22:34 . 2013-11-06 16:23    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2013-11-03 20:09 . 2013-11-03 20:09    --------    d-----w-    c:\program files\VS Revo Group
2013-11-03 18:15 . 2013-11-03 18:15    --------    d-----w-    c:\program files\7-Zip
2013-10-30 19:45 . 2013-10-30 19:45    --------    d-----w-    c:\program files\Microsoft Silverlight
2013-10-30 03:30 . 2013-10-30 03:30    25992    ----a-w-    c:\windows\system32\pgdfgsvc.exe
2013-10-29 13:07 . 2013-10-29 13:07    --------    d-----w-    c:\program files\Common Files\Lavasoft
2013-10-29 02:02 . 2013-04-04 19:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-29 02:02 . 2013-10-29 02:02    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-10-28 17:39 . 2013-10-28 17:41    --------    d-----w-    C:\AdwCleaner
2013-10-28 02:37 . 2013-10-28 02:37    --------    d-----w-    c:\documents and settings\Possumsjagger\Application Data\Lavasoft
2013-10-15 01:24 . 2013-07-03 02:12    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2013-10-15 01:24 . 2013-07-03 01:59    14976    -c----w-    c:\windows\system32\dllcache\usbscan.sys
2013-10-15 01:23 . 2013-07-17 00:58    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2013-10-15 01:23 . 2013-07-17 00:58    46848    -c----w-    c:\windows\system32\dllcache\irbus.sys
2013-10-15 01:23 . 2013-07-17 00:58    60160    -c----w-    c:\windows\system32\dllcache\usbaudio.sys
2013-10-15 01:22 . 2013-08-09 00:55    144128    -c----w-    c:\windows\system32\dllcache\usbport.sys
2013-10-15 01:22 . 2013-08-09 00:55    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2013-10-15 01:22 . 2013-08-09 00:55    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2013-10-15 01:22 . 2009-03-18 11:02    30336    -c----w-    c:\windows\system32\dllcache\usbehci.sys
2013-10-09 14:48 . 2013-10-09 15:48    17813896    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-13 18:50 . 2013-09-29 17:13    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-10-09 15:48 . 2012-08-16 22:06    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 15:48 . 2012-08-16 22:06    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-29 21:00 . 2013-09-29 21:00    13560    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-09-29 21:00 . 2012-07-18 19:21    44424    ----a-w-    c:\windows\system32\sbbd.exe
2013-09-26 01:57 . 2013-08-01 21:06    120632    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
2013-09-23 18:33 . 2006-03-04 03:33    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2004-08-04 10:00    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2004-08-04 10:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2004-08-04 10:00    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2004-08-04 10:00    385024    ------w-    c:\windows\system32\html.iec
2013-09-11 03:11 . 2013-09-11 03:11    22840    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 03:12 . 2013-09-09 03:12    27448    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 15:39 . 2013-09-02 15:39    176952    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-09-02 15:28 . 2013-09-02 15:28    145720    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-09-02 15:28 . 2013-09-02 15:28    209208    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 15:28 . 2013-09-02 15:28    223032    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-08-29 01:31 . 2004-08-04 10:00    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-21 03:54 . 2013-08-21 03:54    102200    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2013-08-09 01:56 . 2004-08-04 10:00    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2004-08-04 10:00    144128    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2004-08-04 10:00    32384    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2004-08-04 10:00    5376    ----a-w-    c:\windows\system32\drivers\usbd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 22:37    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 22:37    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 22:37    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 22:37    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 22:37    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 22:37    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-10-19 456768]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-07-14 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-08 4908592]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Werner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"s:\\Age of Conan\\ConanPatcher.exe"=
"c:\\Program Files\\ICQ7M\\ICQ.exe"=
"c:\\BTGUARD\\uTorrent.exe"=
"s:\\Everquest II\\EQ2VoiceService.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
"s:\\swtor\\launcher.exe"=
"y:\\BitTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [9/2/2013 9:28 AM 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/2/2013 9:28 AM 223032]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/8/2013 9:12 PM 27448]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [9/29/2013 3:00 PM 13560]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [8/1/2013 3:06 PM 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [9/2/2013 9:28 AM 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/10/2013 9:11 PM 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/2/2013 9:39 AM 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [8/1/2013 3:08 PM 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/29/2013 11:13 AM 37664]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [10/24/2012 11:51 AM 8192]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [8/23/2012 6:25 PM 158552]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [8/23/2012 6:25 PM 91992]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2014\avgfws.exe [9/25/2013 8:55 PM 1358944]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [9/25/2013 8:47 PM 301152]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [4/4/2012 6:06 PM 103040]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 6:52 PM 30944]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8/20/2012 4:32 PM 104792]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [8/20/2012 4:32 PM 116056]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [10/3/2013 9:00 PM 3538480]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/4/2012 11:11 AM 1691480]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 6:52 PM 30944]
S4 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [5/14/2013 12:32 PM 266240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-16 12:54    1185744    ----a-w-    c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 15:49]
.
2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 20:46]
.
2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 20:46]
.
.
------- Supplementary Scan -------
.
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: google.com\mail
Trusted Zone: googleusercontent.com\mail-attachment
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.0.2 192.168.1.1
TCP: Interfaces\{6AF5D1E5-4A96-4D5C-91F2-62C0D52E389A}: NameServer = 66.38.0.240,66.38.1.240
FF - ProfilePath - c:\documents and settings\Possumsjagger\Application Data\Mozilla\Firefox\Profiles\58hjwsem.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/
FF - prefs.js: keyword.URL - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=bs&q=
FF - prefs.js: network.proxy.ftp_port - 8001
FF - prefs.js: network.proxy.http_port - 8001
FF - prefs.js: network.proxy.socks_port - 8001
FF - prefs.js: network.proxy.ssl_port - 8001
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-09-29 13:32; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\Possumsjagger\Application Data\Mozilla\Firefox\Profiles\58hjwsem.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-09-29 13:32; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\Possumsjagger\Application Data\Mozilla\Firefox\Profiles\58hjwsem.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-06 10:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1214440339-1229272821-839522115-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1632)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2013-11-06  10:39:01
ComboFix-quarantined-files.txt  2013-11-06 16:38
ComboFix2.txt  2013-11-05 21:41
ComboFix3.txt  2013-11-03 20:38
.
Pre-Run: 35,668,279,296 bytes free
Post-Run: 35,650,027,520 bytes free
.
- - End Of File - - 6C0F4A0E196302110A80A0139A5B0C26
8F558EB6672622401DA993E1E865C861
 

 Results of screen317's Security Check version 0.99.76  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
AVG Internet Security 2014   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 WinPatrol
 CloneSpy 2.7    
 SpywareBlaster 5.0    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Adobe Flash Player     11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (26.0)
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 BillP Studios WinPatrol winpatrol.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 29% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 About that fragmentataion number.  That is only one file fragmented into about 4 pieces.  The windows swap file is scattered around the hard drive and there is not a contiguous area big enough to hold that huge file.  Short of repartitioning the hard drive there is nothing I can do about it.  It does not seem to slow down the computer.

 

Still have problems with parts of AVG turning themselves off.  AVG has a program to do a total uninstall of all avg products.  I could use that and reinstall AVG from scratch if I can find my license number.  Anyway, I will leave it alone until you tell me otherwise, it might still be giving some protection.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 06 November 2013 - 12:52 PM

If you know about the defrag situation leave it alone.
===

Still have problems with parts of AVG turning themselves off. AVG has a program to do a total uninstall of all avg products. I could use that and reinstall AVG from scratch if I can find my license number.

Your call. If you find tha licence then I suggest you remove it using their uninstaller and after a restart of the computer re install the application.
==

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===


Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful addons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 12 November 2013 - 10:01 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users