Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

persistent Rootkit.Zeroaccess inserted in TCP/IP stack


  • This topic is locked This topic is locked
62 replies to this topic

#1 Julesverne

Julesverne

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:04 PM

Posted 18 September 2014 - 10:50 AM

Recently Malwarebytes detected and quarantined several files & folders infected with backdoor.0access, but didn't get them all. My last scan with ComboFix (run under supervision!) showed the Rootkit.Zeroaccess still on my system, inserted in the TCP/IP stack and active, despite many attempts to remove it.

 

The conclusion was that Tea Timer must be protecting the TCP/IP stack, only I don't have Spybot installed anymore, though it used to be.

 

Surely it must be the malware itself that's "protecting" the TCP/IP stack.

 

Besides the last ComboFix scan, I've tried TDSSKiller but it only scans 328 objects before closing.

 

Doing a manual search I discovered several files and/or folder on my system with suspicious-looking permissions, all of which appeared or were modified over the summer as I was beginning to have real problems with my computer - sluggishness, major redirects & internet connection issues, endless pop ups, a few disk errors, etc. In each of these files, the SID "Account Unknown (S-1-5-32-547)" is the lead entry in the Security permissions window, with full control granted.

 

I changed the "Account Unkown" permissions to "Deny", which doesn't seem (seem!) to have done any harm, but I know the computer's still infected. And I don't know how many other malicious objects may still be on my system.

 

I'm listing the (apparently) altered files here on the off chance they are relevant, and hoping someone's got a solution, whether or not they are the problem. I'm running Windows xp sp3 (home version).

 

Thanks in advance.

 

=====

 

C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage\data (DAT file)

C:\Documents and Settings\Default User\ntuser.dat (text document)

C:\Documents and Settings\Default User\NTUSER (DAT file)
C:\Documents and Settings\All Users\Application Data\Common Files\ (long string of #s & letters) (DAT file)

 

There were four more affected files, leftovers associated with AVG, but they uninstalled successfully with AVG's removal tool. 

 

There is one other folder with a strange SID number:

C:\Program Files\Uninstall Information

The folder appears to be empty, the permissions shows an unnamed profile with a question mark, an SID number S-1-5-21-(plus a huge suffix, 34-digits with some dashes), and no permissions are checked.
 

======
 

That's it. Thanks again!

 



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 PM

Posted 23 September 2014 - 10:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/548881 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Julesverne

Julesverne
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:04 PM

Posted 23 September 2014 - 01:04 PM

Thanks so much for your help!

 

In re what I've done since I posted this, mostly sit and wait for assistance. I honestly don't remember all the details, but here are some.

 

I did find remnants of AVG on my system, despite having uninstalled it months ago. I used AVG's uninstaller/cleanup utility (I forget the name) and I believe I've now gotten rid of all traces of the program.

 

Yesterday I ran TDSS killer as Administrator in Safe Mode and it found some suspicious files, which seem to be related to the ones I changed the permissions on (see above, thanks), but I think there were others as well. I took no actions. If you want to see that report, I'll have to go back into safe mode/admin to find it, or I can run another scan altogether. I'll wait for your instructions. (Please read my opening post in this topic for the names of those files. From here on out I'll quote when needed, I promise!)

 

I had gotten help from bleeping computer earlier when I found the original infection. It's a ridiculously long thread, which if necessary you can read here: http://www.bleepingcomputer.com/forums/t/546631/multiple-redirect-security-issues-after-recent-hark-backdoor-access-attacks/#entry3470490

 

The person who was originally helping me couldn't do anything more because he didn't have access to windows xp, so he closed the topic. It seemed he was able to remove many symptoms, but at the time, the rootkit was still showing up in ComboFix. My computer did start working a lot faster, but it's getting sluggish again, some popups have returned and I still see redirect activity, (though considerably less than there was before). Firefox has gone berserk blocking pages, and I don't know what that's about...

 

In re Windows installation CD, there is none. I'm on a Samsung N120, which came pre-installed and has no CD or DVD drive.

 

Here's the DDS scan log. The zip file is attached.

 

I am soooo looking forward to your help. Thank you again.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Jon at 19:06:23 on 2014-09-23
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2038.1136 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Enabled*
.
============== Running Processes ================
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k yksvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347777166031
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1359834116296
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 80.58.61.250 80.58.61.254
TCP: Interfaces\{194E84DB-1C6E-43ED-9912-6E794BE4F315} : DHCPNameServer = 80.58.61.250 80.58.61.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.120\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jon\application data\mozilla\firefox\profiles\q7ucmmv1.default-1404806262968\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2014-8-17 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [2014-8-17 252872]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-7-19 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-7-19 192352]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-8-17 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-7-19 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-7-19 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-7-19 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-7-19 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-7-19 50344]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2014-8-17 106488]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-3-25 4300]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-4-15 6656]
R2 SRS_WOWXT_Service;SRS WOWXT/TSXT Service;c:\program files\srs labs\srs wow xt and tsxt\SRS_PostInstaller.exe [2009-5-19 66792]
R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2009-3-25 14336]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2012-12-15 233512]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-3-25 238464]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-25 1684736]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-4-21 53208]
.
=============== Created Last 30 ================
.
2014-09-19 07:59:40    77824    ----a-w-    c:\program files\mozilla firefox\data\pcl\win9x\ukenglis\BROSNMP.DLL
2014-09-19 07:58:35    107512    ----a-w-    c:\program files\mozilla firefox\data\disk2\setup.exe
2014-09-12 23:55:58    --------    dcsha-r-    C:\cmdcons
2014-09-12 23:52:06    98816    ----a-w-    c:\windows\sed.exe
2014-09-12 23:52:06    256000    ----a-w-    c:\windows\PEV.exe
2014-09-12 23:52:06    208896    ----a-w-    c:\windows\MBR.exe
2014-09-12 23:14:14    --------    dc----w-    C:\MATS
2014-09-12 18:30:50    --------    d-----w-    c:\documents and settings\jon\application data\ElevatedDiagnostics
2014-09-12 17:42:16    --------    d-----w-    c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-09-09 13:15:15    --------    dc----w-    C:\FRST
2014-09-05 06:49:43    --------    d-----w-    c:\documents and settings\jon\local settings\application data\Help
2014-09-04 12:48:24    --------    d-----w-    c:\program files\common files\Wise Installation Wizard
2014-09-01 23:12:24    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2014-08-29 21:19:45    --------    d-----w-    c:\windows\ERUNT
2014-08-29 20:54:22    536576    ----a-w-    c:\windows\system32\sqlite3.dll
2014-08-29 20:51:28    --------    dc----w-    C:\AdwCleaner
2014-08-29 19:52:25    33512    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-08-29 19:52:22    --------    d-----w-    c:\documents and settings\all users\application data\RogueKiller
2014-08-28 09:36:03    --------    d-----w-    c:\windows\pss
.
==================== Find3M  ====================
.
2014-09-19 14:49:41    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-10 15:42:26    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 15:42:26    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-08-28 08:38:27    53208    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-08-17 19:00:30    26136    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2014-08-17 19:00:03    252872    ----a-w-    c:\windows\system32\drivers\aswNdis2.sys
2014-08-17 19:00:03    12112    ----a-w-    c:\windows\system32\drivers\aswNdis.sys
2014-07-19 16:15:47    779536    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-07-19 16:15:47    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-07-19 16:15:47    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-07-19 16:15:47    192352    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-07-19 16:15:46    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-07-19 16:15:44    43152    ----a-w-    c:\windows\avastSS.scr
2014-07-14 09:23:42    110296    ----a-w-    c:\windows\system32\drivers\48230029.sys
.
============= FINISH: 19:07:45.54 ===============
 

Attached Files



#4 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:12:04 AM

Posted 24 September 2014 - 04:51 PM

Hello and :welcome: on bleeping computer
My name is Sandra and I will help you with your problem.

  • Please follow my instructions in the order they are given
  • Read the instructions carefully before you start. If you get in trouble or do not understand what is to do then stop with the execution and describe the problem as good as you can
  • Do only run Scans which I advise to you
  • Do not do crossposting (Posting in different forums)
  • Do not de- or install software during removal, expect I advisted that to you
  • Please post all logfiles as a reply instead of attaching them unless I asked you for do so. If the files are too big then use more posts, thanks
  • Please keep in mind that we are all doing this here in our freetime, if I do not reply within 48 hours, feel free to send me a PM

Please notice: I am Malware Study Hall Senior, that means all of my answers will reviewed by an expert before I can post them here. Therefore it could be, that there is a little delay in my answering.

 

Step 1

Scan with FRST
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was runing from.
  • Please copy and paste these logs in your next reply.

 

 

Step 2

Please post also the Logfiles created by combofix (loglocation: C:\Combofix.txt )

and TDSS-Killer, if it has created a log it will be found under C:\TDSSKiller.<version_date_time>log.txt

also post the logfile created by Malwarebytes

Do not run TDSS-Killer again, thanks.


Edited by Bootsektor, 24 September 2014 - 04:54 PM.

regards,

 

Sandra


#5 Julesverne

Julesverne
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:04 PM

Posted 25 September 2014 - 02:58 AM

Hi, Sandra.

 

The logs are below this message. Malwarebytes seems to be corrupted. It doesn't allow me to access the full scan log history. Also, when I open the history interface to look at the logs, the visual format has now changed, and removed the panel that at least showed scan details. (I can't describe it any better than that, I'm sorry.)

 

Please note, the ComboFix log is from September 17 (the last time I ran it), but after that scan I made the changes to my system that I've described (permissions, uninstalling what was left of AVG). 

 

Also: I use the software update advisor utility in Avast. 2 days ago it advised that Adobe Reader and iTunes both need to be updated. I didn't try to update iTunes. I did try to download the Adobe update from the Avast panel but it failed. Yesterday Avast again notified me to update. This time when I clicked the update button, IE8 did open and direct me to Adobe, but the website offered me 11.0.08 (which is already installed on my computer) instead of 11.0.09 (what Avast was trying to download), so I'm wondering whether my Adobe Reader program has been compromised.

 

I won't do anything until I hear from you. Thanks.

 

Thanks for your help. :)

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2014
Ran by Jon (administrator) on JANETMINI on 25-09-2014 08:55:40
Running from C:\Documents and Settings\Jon\My Documents\Downloads
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe
() C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17881600 2009-05-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-05] (AVAST Software)
HKU\S-1-5-21-4049577926-3462803898-1742995077-1005\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_enUS350
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_enUS350
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1359834116296
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\q7ucmmv1.default-1404806262968
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-19]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-18]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-19]

Chrome:
=======
CHR CustomProfile: C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-02]
CHR Extension: (Google Drive) - C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-02]
CHR Extension: (YouTube) - C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-02]
CHR Extension: (Google Search) - C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-02]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-05]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-02]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-02]
CHR Extension: (Gmail) - C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-19]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-19] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-08-17] (AVAST Software)
R2 SRS_WOWXT_Service; C:\Program Files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe [66792 2009-05-19] (SRS Labs, Inc.)
R2 yksvc; C:\WINDOWS\System32\yk51x86.dll [282624 2009-04-21] (Marvell)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1334432 2008-10-08] (Atheros Communications, Inc.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-19] ()
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-08-17] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-19] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2014-08-17] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [252872 2014-08-17] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-19] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-19] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-19] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-19] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-19] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-19] ()
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539640 2008-07-27] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2008-07-27] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [879832 2008-07-29] (Broadcom Corporation.)
R3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37280 2008-07-27] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [74688 2008-07-27] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [38400 2009-07-13] (Samsung Electronics Co., Ltd.) [File not signed]
R2 DOSMEMIO; C:\WINDOWS\system32\MEMIO.SYS [4300 2005-10-27] () [File not signed]
R2 iPodDrv; C:\WINDOWS\system32\drivers\iPodDrv.sys [6656 2011-04-15] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-08-28] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 SRS_PremiumSound_Service; C:\WINDOWS\System32\drivers\srs_PremiumSound_i386.sys [233512 2009-05-18] ()
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [33512 2014-09-20] ()
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed]
R3 VMC326; C:\WINDOWS\System32\Drivers\VMC326.sys [238464 2008-11-21] (Vimicro Corporation)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [297344 2009-04-21] (Marvell)
S4 IntelIde; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U3 TlntSvr; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 19:37 - 2014-09-23 19:37 - 00004834 _____ () C:\Documents and Settings\Jon\Desktop\New Compressed (zipped) Folder.zip
2014-09-23 19:07 - 2014-09-23 19:36 - 00022510 _____ () C:\Documents and Settings\Jon\Desktop\attach.txt
2014-09-23 19:07 - 2014-09-23 19:07 - 00010224 _____ () C:\Documents and Settings\Jon\Desktop\dds.txt
2014-09-22 17:52 - 2014-08-29 20:35 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
2014-09-22 17:46 - 2014-09-22 17:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2014-09-22 17:46 - 2014-09-22 17:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-09-22 17:10 - 2014-09-22 17:10 - 00125506 _____ () C:\Documents and Settings\Jon\Local Settings\Application Data\census.cache
2014-09-22 17:09 - 2014-09-22 17:09 - 00124246 _____ () C:\Documents and Settings\Jon\Local Settings\Application Data\ars.cache
2014-09-22 16:54 - 2014-09-22 16:54 - 00000036 _____ () C:\Documents and Settings\Jon\Local Settings\Application Data\housecall.guid.cache
2014-09-19 15:22 - 2014-09-20 13:23 - 00002118 _____ () C:\Documents and Settings\Jon\Desktop\Rkill.txt
2014-09-19 09:58 - 2014-09-19 10:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-17 23:05 - 2014-09-17 23:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Wise Registry Cleaner
2014-09-17 18:05 - 2014-09-17 18:05 - 00001850 _____ () C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
2014-09-17 18:05 - 2014-09-17 18:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-09-17 15:54 - 2014-09-17 15:54 - 00000240 _____ () C:\Documents and Settings\Jon\Desktop\CFScript.txt
2014-09-17 11:47 - 2014-09-25 08:56 - 00000000 ____D () C:\Documents and Settings\Jon\Local Settings\temp
2014-09-17 11:47 - 2014-09-22 18:01 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-09-17 11:47 - 2014-09-17 11:47 - 00015012 ____C () C:\ComboFix.txt
2014-09-17 11:47 - 2014-09-17 11:47 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-09-17 11:47 - 2014-09-17 11:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-09-13 19:09 - 2014-09-13 19:09 - 00854417 _____ () C:\Documents and Settings\Jon\Desktop\SecurityCheck(1).exe
2014-09-13 01:56 - 2014-08-28 13:26 - 00000211 ____C () C:\Boot.bak
2014-09-13 01:56 - 2004-08-03 23:00 - 00260272 _RSHC () C:\cmldr
2014-09-13 01:55 - 2014-09-13 01:56 - 00000000 RSHDC () C:\cmdcons
2014-09-13 01:52 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-09-13 01:52 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-09-13 01:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-09-13 01:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-09-13 01:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-09-13 01:52 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-09-13 01:52 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-09-13 01:52 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-09-13 01:52 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-09-13 01:51 - 2014-09-17 11:48 - 00000000 ___DC () C:\Qoobox
2014-09-13 01:51 - 2014-09-13 02:25 - 00000000 ____D () C:\WINDOWS\erdnt
2014-09-13 01:41 - 2014-09-17 11:17 - 05579386 ____R (Swearware) C:\Documents and Settings\Jon\Desktop\ComboFix.exe
2014-09-13 01:14 - 2014-09-14 19:13 - 00000000 ___DC () C:\MATS
2014-09-12 20:23 - 2014-09-14 21:14 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-09-12 20:23 - 2014-09-12 20:23 - 00032378 _____ () C:\WINDOWS\KB926139-v2.log
2014-09-12 20:23 - 2014-09-12 20:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB926139-v2$
2014-09-12 20:23 - 2014-09-12 20:23 - 00000000 ____D () C:\WINDOWS\system32\windowspowershell
2014-09-12 20:23 - 2014-09-12 20:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
2014-09-12 19:42 - 2014-09-12 19:47 - 00000000 ____D () C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-09-09 15:15 - 2014-09-25 08:55 - 00000000 ___DC () C:\FRST
2014-09-09 09:50 - 2014-09-09 09:50 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Bluetooth Exchange Folder
2014-09-09 09:50 - 2014-09-09 09:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Bluetooth Software
2014-09-05 21:25 - 2014-09-05 21:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVAST Software
2014-09-05 08:49 - 2014-09-05 08:49 - 00000000 ____D () C:\Documents and Settings\Jon\Local Settings\Application Data\Help
2014-09-05 08:49 - 2014-09-05 08:49 - 00000000 ____D () C:\Documents and Settings\Jon\Application Data\Help
2014-09-04 20:08 - 2014-09-04 20:08 - 02118964 _____ () C:\Documents and Settings\Jon\My Documents\ARTICLES IN PROGRESS & notes.zip
2014-09-04 20:06 - 2014-09-04 20:06 - 22005286 _____ () C:\Documents and Settings\Jon\My Documents\RECIPES and MENUS.zip
2014-09-04 20:02 - 2014-09-04 20:02 - 03897542 _____ () C:\Documents and Settings\Jon\My Documents\WRITING - review this folder.zip
2014-09-04 19:57 - 2014-09-04 19:57 - 00107131 _____ () C:\Documents and Settings\Jon\My Documents\Bad Rescued or Destroyed Docs.zip
2014-09-04 19:56 - 2014-09-04 19:56 - 00000000 ____D () C:\Documents and Settings\Jon\My Documents\Bad Rescued or Destroyed Docs
2014-09-04 19:53 - 2014-09-04 19:53 - 01867697 _____ () C:\Documents and Settings\Jon\My Documents\TOURS & ITINERARIES.zip
2014-09-04 19:50 - 2014-09-04 19:50 - 01639740 _____ () C:\Documents and Settings\Jon\My Documents\Open Secrets, Buried Treasure.zip
2014-09-04 14:48 - 2014-09-04 14:48 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-09-02 01:12 - 2014-09-13 19:05 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-02 01:12 - 2014-09-02 10:28 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-08-29 23:19 - 2014-08-29 23:19 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-29 22:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-08-29 22:51 - 2014-09-20 13:10 - 00000000 ___DC () C:\AdwCleaner
2014-08-29 21:52 - 2014-09-20 13:25 - 00033512 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-08-29 21:52 - 2014-08-29 21:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-29 10:37 - 2011-11-26 18:49 - 00438884 ____R () C:\WINDOWS\system32\Drivers\etc\Copy of hosts 8.29.2014
2014-08-28 11:36 - 2014-09-14 11:18 - 00000000 ____D () C:\WINDOWS\pss
2014-08-28 10:51 - 2014-08-28 10:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-08-28 10:36 - 2014-09-22 18:10 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-28 10:36 - 2014-09-09 09:50 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-28 10:36 - 2014-09-04 15:04 - 00001636 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-08-28 10:36 - 2014-05-24 11:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-08-28 10:36 - 2014-05-24 11:34 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-28 10:36 - 2012-09-22 11:21 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2014-08-28 10:36 - 2009-10-22 13:56 - 00000782 _____ () C:\Documents and Settings\Administrator\Desktop\CyberLink YouCam.lnk
2014-08-28 10:36 - 2009-10-22 13:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\CyberLink YouCam
2014-08-28 10:36 - 2009-04-09 04:59 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Play Camera Media
2014-08-28 10:36 - 2009-03-25 03:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-08-28 10:36 - 2009-03-25 03:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2014-08-28 10:36 - 2009-03-25 03:38 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\InstallShield
2014-08-28 10:36 - 2009-03-25 03:34 - 00000767 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2014-08-28 10:36 - 2009-03-25 03:34 - 00000738 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2014-08-28 10:36 - 2009-03-25 03:34 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-08-28 10:36 - 2009-03-25 03:33 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
2014-08-27 08:21 - 2014-08-27 08:21 - 00000000 ____D () C:\Documents and Settings\Jon\Desktop\WRITING - review this folder

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 08:56 - 2014-09-17 11:47 - 00000000 ____D () C:\Documents and Settings\Jon\Local Settings\temp
2014-09-25 08:55 - 2014-09-09 15:15 - 00000000 ___DC () C:\FRST
2014-09-25 08:47 - 2009-03-25 03:28 - 01553449 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-25 08:46 - 2009-03-25 03:33 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-25 08:46 - 2009-03-24 19:24 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-25 08:46 - 2009-03-24 19:24 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-09-25 08:44 - 2009-10-22 13:53 - 00000178 ___SH () C:\Documents and Settings\Jon\ntuser.ini
2014-09-25 08:44 - 2009-03-25 03:33 - 00032612 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-25 08:41 - 2012-07-06 18:33 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-25 08:30 - 2009-10-25 02:33 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-09-24 23:06 - 2010-05-09 19:47 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-24 21:02 - 2014-07-19 18:16 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-24 18:28 - 2010-03-16 01:03 - 00000000 ____D () C:\Documents and Settings\Jon\Application Data\Skype
2014-09-24 10:41 - 2012-07-06 18:33 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-24 10:41 - 2011-11-06 16:41 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-23 19:37 - 2014-09-23 19:37 - 00004834 _____ () C:\Documents and Settings\Jon\Desktop\New Compressed (zipped) Folder.zip
2014-09-23 19:36 - 2014-09-23 19:07 - 00022510 _____ () C:\Documents and Settings\Jon\Desktop\attach.txt
2014-09-23 19:07 - 2014-09-23 19:07 - 00010224 _____ () C:\Documents and Settings\Jon\Desktop\dds.txt
2014-09-22 18:10 - 2014-08-28 10:36 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-09-22 18:05 - 2014-03-24 19:35 - 00348834 _____ () C:\WINDOWS\setupapi.log
2014-09-22 18:01 - 2014-09-17 11:47 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-09-22 17:46 - 2014-09-22 17:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2014-09-22 17:46 - 2014-09-22 17:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-09-22 17:10 - 2014-09-22 17:10 - 00125506 _____ () C:\Documents and Settings\Jon\Local Settings\Application Data\census.cache
2014-09-22 17:09 - 2014-09-22 17:09 - 00124246 _____ () C:\Documents and Settings\Jon\Local Settings\Application Data\ars.cache
2014-09-22 16:54 - 2014-09-22 16:54 - 00000036 _____ () C:\Documents and Settings\Jon\Local Settings\Application Data\housecall.guid.cache
2014-09-22 14:06 - 2010-05-09 19:47 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-20 13:25 - 2014-08-29 21:52 - 00033512 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-09-20 13:23 - 2014-09-19 15:22 - 00002118 _____ () C:\Documents and Settings\Jon\Desktop\Rkill.txt
2014-09-20 13:11 - 2013-04-24 13:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-20 13:10 - 2014-08-29 22:51 - 00000000 ___DC () C:\AdwCleaner
2014-09-19 16:49 - 2014-04-21 11:32 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 15:30 - 2012-09-12 11:56 - 00000000 ____D () C:\WINDOWS\system32\SupportAppXL
2014-09-19 10:00 - 2014-09-19 09:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 18:34 - 2009-10-22 13:53 - 00001520 _____ () C:\Documents and Settings\Jon\Desktop\Windows Explorer.lnk
2014-09-17 23:09 - 2014-09-17 23:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Wise Registry Cleaner
2014-09-17 21:05 - 2013-12-17 16:26 - 10264576 _____ () C:\Documents and Settings\Jon\NTUSER.rhk
2014-09-17 20:31 - 2009-03-25 03:33 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-09-17 18:20 - 2009-03-25 03:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-09-17 18:05 - 2014-09-17 18:05 - 00001850 _____ () C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
2014-09-17 18:05 - 2014-09-17 18:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-09-17 15:54 - 2014-09-17 15:54 - 00000240 _____ () C:\Documents and Settings\Jon\Desktop\CFScript.txt
2014-09-17 11:48 - 2014-09-13 01:51 - 00000000 ___DC () C:\Qoobox
2014-09-17 11:47 - 2014-09-17 11:47 - 00015012 ____C () C:\ComboFix.txt
2014-09-17 11:47 - 2014-09-17 11:47 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-09-17 11:47 - 2014-09-17 11:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-09-17 11:44 - 2009-03-25 02:08 - 00000227 ____C () C:\WINDOWS\system.ini
2014-09-17 11:17 - 2014-09-13 01:41 - 05579386 ____R (Swearware) C:\Documents and Settings\Jon\Desktop\ComboFix.exe
2014-09-14 21:14 - 2014-09-12 20:23 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-09-14 20:21 - 2012-09-12 11:35 - 00000000 ____D () C:\Documents and Settings\Jon\Desktop\Infrequent Shortcuts
2014-09-14 19:39 - 2009-03-25 03:26 - 00000000 ____D () C:\Program Files\Online Services
2014-09-14 19:16 - 2011-11-06 16:10 - 00000000 ____D () C:\Program Files\Adobe
2014-09-14 19:13 - 2014-09-13 01:14 - 00000000 ___DC () C:\MATS
2014-09-14 19:08 - 2009-03-25 02:09 - 00000327 __RSH () C:\boot.ini
2014-09-14 19:08 - 2009-03-25 02:08 - 00000530 _____ () C:\WINDOWS\win.ini
2014-09-14 11:18 - 2014-08-28 11:36 - 00000000 ____D () C:\WINDOWS\pss
2014-09-13 19:09 - 2014-09-13 19:09 - 00854417 _____ () C:\Documents and Settings\Jon\Desktop\SecurityCheck(1).exe
2014-09-13 19:05 - 2014-09-02 01:12 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-13 02:25 - 2014-09-13 01:51 - 00000000 ____D () C:\WINDOWS\erdnt
2014-09-13 02:13 - 2011-05-18 16:34 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-09-13 01:56 - 2014-09-13 01:55 - 00000000 RSHDC () C:\cmdcons
2014-09-13 01:05 - 2009-10-25 15:50 - 00011846 ____C () C:\WINDOWS\spupdsvc.log
2014-09-12 20:23 - 2014-09-12 20:23 - 00032378 _____ () C:\WINDOWS\KB926139-v2.log
2014-09-12 20:23 - 2014-09-12 20:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB926139-v2$
2014-09-12 20:23 - 2014-09-12 20:23 - 00000000 ____D () C:\WINDOWS\system32\windowspowershell
2014-09-12 20:23 - 2014-09-12 20:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
2014-09-12 20:23 - 2009-03-24 19:22 - 01551234 ____C () C:\WINDOWS\FaxSetup.log
2014-09-12 20:23 - 2009-03-24 19:22 - 00770419 ____C () C:\WINDOWS\ocgen.log
2014-09-12 20:23 - 2009-03-24 19:22 - 00597394 ____C () C:\WINDOWS\tsoc.log
2014-09-12 20:23 - 2009-03-24 19:22 - 00520972 ____C () C:\WINDOWS\comsetup.log
2014-09-12 20:23 - 2009-03-24 19:22 - 00317871 ____C () C:\WINDOWS\ntdtcsetup.log
2014-09-12 20:23 - 2009-03-24 19:22 - 00242182 ____C () C:\WINDOWS\iis6.log
2014-09-12 20:23 - 2009-03-24 19:22 - 00085747 ____C () C:\WINDOWS\ocmsn.log
2014-09-12 20:23 - 2009-03-24 19:22 - 00077320 ____C () C:\WINDOWS\msgsocm.log
2014-09-12 20:23 - 2009-03-24 19:22 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-09-12 19:47 - 2014-09-12 19:42 - 00000000 ____D () C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-09-12 00:23 - 2014-03-24 20:03 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-12 00:05 - 2010-12-24 23:00 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-11 17:16 - 2014-07-17 13:04 - 00000000 ____D () C:\Documents and Settings\Jon\My Documents\WRITING - review this folder
2014-09-11 16:47 - 2012-10-13 10:37 - 00000000 ____D () C:\Documents and Settings\Jon\My Documents\Recipes - misc. of others
2014-09-11 16:10 - 2012-09-23 17:20 - 00000000 ____D () C:\Documents and Settings\Jon\My Documents\ARTICLES IN PROGRESS & notes
2014-09-09 20:19 - 2012-10-01 22:54 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-09-09 10:11 - 2009-03-25 03:27 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-09-09 09:50 - 2014-09-09 09:50 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Bluetooth Exchange Folder
2014-09-09 09:50 - 2014-09-09 09:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Bluetooth Software
2014-09-09 09:50 - 2014-08-28 10:36 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-09-09 09:42 - 2009-10-22 13:53 - 00000000 ____D () C:\Documents and Settings\Jon
2014-09-09 08:37 - 2009-03-24 19:21 - 00213027 _____ () C:\WINDOWS\setupact.log
2014-09-08 18:07 - 2010-06-05 17:21 - 00000000 __SHD () C:\Documents and Settings\Jon\UserData
2014-09-08 15:40 - 2009-03-25 02:08 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-05 21:25 - 2014-09-05 21:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVAST Software
2014-09-05 08:49 - 2014-09-05 08:49 - 00000000 ____D () C:\Documents and Settings\Jon\Local Settings\Application Data\Help
2014-09-05 08:49 - 2014-09-05 08:49 - 00000000 ____D () C:\Documents and Settings\Jon\Application Data\Help
2014-09-05 08:49 - 2009-03-25 02:06 - 00000000 ____D () C:\WINDOWS\I386
2014-09-04 20:08 - 2014-09-04 20:08 - 02118964 _____ () C:\Documents and Settings\Jon\My Documents\ARTICLES IN PROGRESS & notes.zip
2014-09-04 20:06 - 2014-09-04 20:06 - 22005286 _____ () C:\Documents and Settings\Jon\My Documents\RECIPES and MENUS.zip
2014-09-04 20:05 - 2013-06-25 10:17 - 00000000 ____D () C:\Documents and Settings\Jon\My Documents\RECIPES and MENUS
2014-09-04 20:02 - 2014-09-04 20:02 - 03897542 _____ () C:\Documents and Settings\Jon\My Documents\WRITING - review this folder.zip
2014-09-04 19:57 - 2014-09-04 19:57 - 00107131 _____ () C:\Documents and Settings\Jon\My Documents\Bad Rescued or Destroyed Docs.zip
2014-09-04 19:56 - 2014-09-04 19:56 - 00000000 ____D () C:\Documents and Settings\Jon\My Documents\Bad Rescued or Destroyed Docs
2014-09-04 19:53 - 2014-09-04 19:53 - 01867697 _____ () C:\Documents and Settings\Jon\My Documents\TOURS & ITINERARIES.zip
2014-09-04 19:50 - 2014-09-04 19:50 - 01639740 _____ () C:\Documents and Settings\Jon\My Documents\Open Secrets, Buried Treasure.zip
2014-09-04 15:05 - 2009-03-25 03:30 - 00001636 ____C () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2014-09-04 15:04 - 2014-08-28 10:36 - 00001636 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-09-04 14:48 - 2014-09-04 14:48 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-09-02 10:28 - 2014-09-02 01:12 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-09-02 09:56 - 2009-10-25 21:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-09-02 01:15 - 2009-03-25 03:33 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-08-29 23:19 - 2014-08-29 23:19 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-29 21:52 - 2014-08-29 21:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-29 20:35 - 2014-09-22 17:52 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
2014-08-28 13:26 - 2014-09-13 01:56 - 00000211 ____C () C:\Boot.bak
2014-08-28 10:51 - 2014-08-28 10:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-08-28 10:38 - 2014-04-21 11:31 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-27 19:09 - 2011-11-11 22:29 - 00000000 ____D () C:\Temp
2014-08-27 18:46 - 2011-11-11 22:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Samsung Printers
2014-08-27 18:36 - 2009-03-25 03:35 - 00000091 _____ () C:\WINDOWS\setup.log
2014-08-27 18:28 - 2011-11-11 22:57 - 00000086 _____ () C:\WINDOWS\scanassistant.log
2014-08-27 18:28 - 2009-03-25 03:39 - 00000000 ____D () C:\Program Files\Samsung
2014-08-27 18:25 - 2009-03-25 03:35 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-08-27 08:21 - 2014-08-27 08:21 - 00000000 ____D () C:\Documents and Settings\Jon\Desktop\WRITING - review this folder
2014-08-26 10:44 - 2013-09-11 11:08 - 00000000 ____D () C:\Documents and Settings\Jon\Application Data\Wise Registry Cleaner

Some content of TEMP:
====================
C:\Documents and Settings\Jon\Local Settings\temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-09-2014
Ran by Jon at 2014-09-25 08:57:21
Running from C:\Documents and Settings\Jon\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AirPort (HKLM\...\{40184457-4514-4B18-84A8-6BB8A3AB6A81}) (Version: 5.5.3.2 - Apple Inc.)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Atheros WLAN Client (HKLM\...\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}) (Version: 18.00.0000 - WLAN)
avast! Internet Security (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
BatteryLifeExtender (HKLM\...\{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}) (Version: 1.0.0 - Samsung)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2618 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.2618 - CyberLink Corp.) Hidden
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.3 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung)
Easy Resolution Manager (HKLM\...\{9CAC71E9-D196-472E-845C-5462356B2AE1}) (Version: 1.0.0.4 - Samsung Electronics Co.,LTD.)
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.1.5.0 - )
EPSON Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 1.71.00 - )
EPSON File Manager (HKLM\...\{E86BC406-944E-41F6-ADE6-2C136734C96B}) (Version: 1.1.0.0 - )
EPSON Image Clip Palette (HKLM\...\{314F6D08-A8B7-11D8-8446-0050BA1D384D}) (Version: 1.02.00 - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EZ Vinyl/Tape Converter 7.4 by MixMeister (HKLM\...\EZ Vinyl/Tape Converter by MixMeister_is1) (Version:  - MixMeister Technology LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
imagine digital freedom - Samsung (HKLM\...\{8E106A57-A17E-431D-B48F-175E42EB9F74}) (Version: 1.0.2.2 - Samsung Electronics Co. Ltd.,)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Magic Keyboard (HKLM\...\{BD723E53-A42C-4702-AA04-1D74A0311590}) (Version: 7.0.3.3 - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.69.2.3 - Marvell)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}) (Version: 3.1.3.0 - Apple Inc.)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Namuga 1.3M Webcam (HKLM\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Readiris Pro 10 (HKLM\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5859 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM\...\{6A1F72DD-2465-43A2-A137-8A849399B7A8}) (Version: 1.01.0086 - REALTEK Semiconductor Corp.)
Samsung Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 1.00 - )
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 4.00 - )
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.8 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}) (Version: 2.0 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., LTD) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1900.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SRS WOW XT and TSXT (HKLM\...\{1FBEBAAF-A363-458D-8D26-9F61AC98ACC3}) (Version: 1.09.1300 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.2 - Synaptics)
TSR Watermark Image software version 2.4.1.2 - Free version (HKLM\...\TSR Watermark Image - Free version_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.6100 -  )
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Wise Registry Cleaner 7.84 (HKLM\...\Wise Registry Cleaner_is1) (Version: 7.84 - WiseCleaner.com, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

==================== Restore Points  =========================

09-09-2014 08:12:05 System Checkpoint
10-09-2014 16:37:31 System Checkpoint
11-09-2014 22:05:40 Software Distribution Service 3.0
12-09-2014 17:43:32 Quitado SpyHunter
12-09-2014 17:47:17 Quitado SpyHunter
12-09-2014 18:23:25 Installed %1 %2.
12-09-2014 23:13:21 Restore Point before Corrupt Patch Registry keys
14-09-2014 15:08:19 ComboFix created restore point
14-09-2014 17:29:41 Removed Bonjour Print Services
14-09-2014 19:13:43 Installed Microsoft Fix it 50199
17-09-2014 09:18:37 ComboFix created restore point
18-09-2014 20:43:44 System Checkpoint
19-09-2014 13:30:10 Eliminado YOIGO, Internet para llevar
20-09-2014 14:15:48 System Checkpoint
22-09-2014 11:38:38 System Checkpoint
24-09-2014 14:01:26 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-03-25 02:08 - 2014-09-14 17:34 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2008-09-17 21:20 - 2008-09-17 21:20 - 02842624 _____ () C:\WINDOWS\system32\btwicons.dll
2014-07-19 18:15 - 2014-07-19 18:15 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-24 22:23 - 2014-09-24 22:23 - 02866688 _____ () C:\Program Files\AVAST Software\Avast\defs\14092401\algo.dll
2011-11-11 22:52 - 2009-08-27 11:24 - 00026624 _____ () C:\WINDOWS\system32\sst2cl3.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-03-25 03:40 - 2008-11-27 20:34 - 02768896 _____ () C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
2014-07-19 18:15 - 2014-07-19 18:15 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-19 10:00 - 2014-09-19 10:00 - 03734640 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\$NtUninstallKB15624$:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Administrator\NTUSER.DAT:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Administrator\NTUSER.DAT:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\Default User\NTUSER.DAT:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Default User\NTUSER.DAT:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\Default User\ntuser.dat.LOG:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Default User\ntuser.dat.LOG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\Jon\NTUSER.rhk:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Jon\NTUSER.rhk:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk.disabled => C:\WINDOWS\pss\Bluetooth.lnk.disabledCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Jon^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk.disabled => C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnk.disabledStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: EEventManager => C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/24/2014 08:40:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1905187

Error: (09/24/2014 08:40:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1905187

Error: (09/24/2014 08:40:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/24/2014 08:08:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26047

Error: (09/24/2014 08:08:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 26047

Error: (09/24/2014 08:08:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/24/2014 08:08:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24094

Error: (09/24/2014 08:08:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24094

Error: (09/24/2014 08:08:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/24/2014 08:08:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22141


System errors:
=============
Error: (09/25/2014 08:46:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (09/23/2014 06:53:25 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.36 on the
Network Card with network address 0024D254F885.

Error: (09/22/2014 09:16:31 PM) (Source: Dhcp) (EventID: 1001) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0024D254F885.  The following error
occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Error: (09/22/2014 06:12:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (09/22/2014 06:10:37 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/22/2014 06:00:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
Fips
intelppm

Error: (09/22/2014 05:59:12 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/22/2014 05:57:46 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/22/2014 05:56:30 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/22/2014 05:56:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
Fips
intelppm


Microsoft Office Sessions:
=========================
Error: (08/19/2013 03:33:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1383872 seconds with 141180 seconds of active time.  This session ended with a crash.

Error: (04/20/2010 07:56:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3880 seconds with 2460 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor:  Intel® Atom™ CPU N270 @ 1.60GHz
Percentage of memory in use: 33%
Total physical RAM: 2038.36 MB
Available physical RAM: 1348.98 MB
Total Pagefile: 3927.02 MB
Available Pagefile: 3358.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.96 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:71.04 GB) (Free:47.11 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:72 GB) (Free:71.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 0F603502)
Partition 1: (Not Active) - (Size=6 GB) - (Type=12)
Partition 2: (Active) - (Size=71 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=72 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

ComboFix 14-09-16.01 - Jon 09/17/2014  11:27:45.4.2 - x86
Running from: c:\documents and settings\Jon\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-17 to 2014-09-17  )))))))))))))))))))))))))))))))
.
.
2014-09-12 23:14 . 2014-09-14 17:13    --------    dc----w-    C:\MATS
2014-09-12 18:30 . 2014-09-12 18:30    --------    d-----w-    c:\documents and settings\Jon\Application Data\ElevatedDiagnostics
2014-09-12 17:42 . 2014-09-12 17:47    --------    d-----w-    c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-09-09 13:15 . 2014-09-12 14:00    --------    dc----w-    C:\FRST
2014-09-05 06:49 . 2014-09-05 06:49    --------    d-----w-    c:\documents and settings\Jon\Local Settings\Application Data\Help
2014-09-04 12:48 . 2014-09-04 12:48    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2014-09-01 23:12 . 2014-09-13 17:05    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2014-08-29 21:19 . 2014-08-29 21:19    --------    d-----w-    c:\windows\ERUNT
2014-08-29 20:54 . 2010-08-30 06:34    536576    ----a-w-    c:\windows\system32\sqlite3.dll
2014-08-29 20:51 . 2014-09-14 09:31    --------    dc----w-    C:\AdwCleaner
2014-08-29 19:52 . 2014-09-14 11:03    33512    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-08-29 19:52 . 2014-08-29 19:52    --------    d-----w-    c:\documents and settings\All Users\Application Data\RogueKiller
2014-08-28 08:36 . 2014-09-09 07:50    --------    d-----w-    c:\documents and settings\Administrator
2014-08-22 19:10 . 2014-08-22 19:10    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-08-22 19:10 . 2014-08-22 19:09    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-08-22 19:10 . 2014-08-22 19:09    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-08-22 19:10 . 2014-08-22 19:09    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-08-22 19:10 . 2014-08-22 19:09    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-08-22 19:06 . 2014-08-22 19:09    --------    d-----w-    c:\program files\QuickTime
2014-08-21 16:14 . 2014-08-21 16:14    --------    d-sh--w-    c:\documents and settings\Jon\IECompatCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-15 22:16 . 2014-04-21 09:32    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-10 15:42 . 2012-07-06 16:33    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-09-10 15:42 . 2011-11-06 14:41    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-28 08:38 . 2014-04-21 09:31    53208    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-08-17 19:00 . 2014-08-17 19:02    26136    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2014-08-17 19:00 . 2014-08-17 19:02    252872    ----a-w-    c:\windows\system32\drivers\aswNdis2.sys
2014-08-17 19:00 . 2014-08-17 19:00    12112    ----a-w-    c:\windows\system32\drivers\aswNdis.sys
2014-07-19 16:16 . 2014-07-19 16:16    414520    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-07-19 16:15 . 2014-07-19 16:16    57800    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2014-07-19 16:15 . 2014-07-19 16:16    192352    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-07-19 16:15 . 2014-07-19 16:16    779536    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-07-19 16:15 . 2014-07-19 16:16    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-07-19 16:15 . 2014-07-19 16:16    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-07-19 16:15 . 2014-07-19 16:16    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-07-19 16:15 . 2014-07-19 16:16    55112    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2014-07-19 16:15 . 2014-07-19 16:15    276432    ----a-w-    c:\windows\system32\aswBoot.exe
2014-07-19 16:15 . 2014-07-19 16:15    43152    ----a-w-    c:\windows\avastSS.scr
2014-07-14 09:23 . 2014-05-27 19:06    110296    ----a-w-    c:\windows\system32\drivers\48230029.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-19 16:15    578240    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-18 166424]
"autodetect"="c:\windows\system32\SupportAppXL\AutoDect.exe" [2010-03-12 95368]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-05 4085896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk.disabled
backup=c:\windows\pss\Bluetooth.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jon^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk.disabled]
path=c:\documents and settings\Jon\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.disabledStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2005-04-08 12:09    102400    ------w-    c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-08-01 14:18    152392    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 14:24    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
"BatteryLifeExtender"=c:\program files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe /2
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe"
"DMHotKey"=c:\program files\Samsung\Easy Display Manager\DMLoader.exe
"Alcmtr"=ALCMTR.EXE
"BatteryManager"=c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe
"MagicKeyboard"=c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"SUPBackGround"=c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [8/17/2014 9:00 PM 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [8/17/2014 9:02 PM 252872]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [7/19/2014 6:16 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [7/19/2014 6:16 PM 192352]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [8/17/2014 9:02 PM 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/19/2014 6:16 PM 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [7/19/2014 6:16 PM 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [7/19/2014 6:16 PM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [7/19/2014 6:16 PM 67824]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [8/17/2014 9:00 PM 106488]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [3/25/2009 3:34 AM 4300]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [4/15/2011 2:15 AM 6656]
R2 SRS_WOWXT_Service;SRS WOWXT/TSXT Service;c:\program files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe [5/19/2009 11:39 AM 66792]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [3/25/2009 2:08 AM 14336]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [12/15/2012 5:41 PM 233512]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [3/25/2009 3:38 AM 238464]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 9:15 AM 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/25/2009 3:35 AM 1684736]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [9/12/2012 11:56 AM 9216]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/21/2014 11:31 AM 53208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
yksvcs    REG_MULTI_SZ       yksvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-13 01:07    1096520    ----a-w-    c:\program files\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 15:42]
.
2014-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2014-09-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-19 16:15]
.
2014-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 17:47]
.
2014-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 17:47]
.
2014-03-24 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-24 01:59]
.
2014-08-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-24 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
FF - ProfilePath - c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\q7ucmmv1.default-1404806262968\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-09-17 11:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-09-17  11:47:52
ComboFix-quarantined-files.txt  2014-09-17 09:47
ComboFix2.txt  2014-09-15 13:47
ComboFix3.txt  2014-09-14 15:38
ComboFix4.txt  2014-09-13 00:28
.
Pre-Run: 51,371,720,704 bytes free
Post-Run: 51,483,377,664 bytes free
.
- - End Of File - - 63FF7E926443C176235F0C211ECD2207
A0A345F7AB6F3BAC008FB0DE602E66CD

 

 

17:59:13.0640 0x0234  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
17:59:17.0437 0x0234  ============================================================
17:59:17.0437 0x0234  Current date / time: 2014/09/22 17:59:17.0437
17:59:17.0437 0x0234  SystemInfo:
17:59:17.0437 0x0234  
17:59:17.0437 0x0234  OS Version: 5.1.2600 ServicePack: 3.0
17:59:17.0437 0x0234  Product type: Workstation
17:59:17.0437 0x0234  ComputerName: JANETMINI
17:59:17.0437 0x0234  UserName: Administrator
17:59:17.0437 0x0234  Windows directory: C:\WINDOWS
17:59:17.0437 0x0234  System windows directory: C:\WINDOWS
17:59:17.0437 0x0234  Processor architecture: Intel x86
17:59:17.0437 0x0234  Number of processors: 2
17:59:17.0437 0x0234  Page size: 0x1000
17:59:17.0437 0x0234  Boot type: Safe boot with network
17:59:17.0437 0x0234  ============================================================
17:59:23.0734 0x0234  KLMD registered as C:\WINDOWS\system32\drivers\58229885.sys
17:59:23.0953 0x0234  System UUID: {22D28DEC-7CFA-E6CF-24CA-07B30D99D097}
17:59:24.0937 0x0234  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:59:24.0937 0x0234  ============================================================
17:59:24.0937 0x0234  \Device\Harddisk0\DR0:
17:59:24.0937 0x0234  MBR partitions:
17:59:24.0937 0x0234  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC02F10, BlocksNum 0x8E158F0
17:59:24.0937 0x0234  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9A18800, BlocksNum 0x9000800
17:59:24.0937 0x0234  ============================================================
17:59:25.0015 0x0234  C: <-> \Device\Harddisk0\DR0\Partition1
17:59:25.0062 0x0234  D: <-> \Device\Harddisk0\DR0\Partition2
17:59:25.0125 0x0234  ============================================================
17:59:25.0125 0x0234  Initialize success
17:59:25.0125 0x0234  ============================================================
18:00:00.0109 0x0490  ============================================================
18:00:00.0109 0x0490  Scan started
18:00:00.0109 0x0490  Mode: Manual; SigCheck; TDLFS;
18:00:00.0109 0x0490  ============================================================
18:00:00.0109 0x0490  KSN ping started
18:00:02.0750 0x0490  KSN ping finished: false
18:00:04.0140 0x0490  ================ Scan system memory ========================
18:00:04.0140 0x0490  System memory - ok
18:00:04.0140 0x0490  ================ Scan services =============================
18:00:04.0375 0x0490  [ C07D5197410AAB28D0D93F943F59656D, 482164BA2B57C7026A7DF3213E0AC59B752A898D9B880BC0629F9CADD05D2894 ] 6to4            C:\WINDOWS\System32\6to4svc.dll
18:00:05.0812 0x0490  6to4 - ok
18:00:05.0953 0x0490  Abiosdsk - ok
18:00:05.0968 0x0490  abp480n5 - ok
18:00:06.0078 0x0490  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:00:06.0906 0x0490  ACPI - ok
18:00:07.0000 0x0490  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:00:07.0265 0x0490  ACPIEC - ok
18:00:07.0359 0x0490  [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:00:07.0421 0x0490  AdobeFlashPlayerUpdateSvc - ok
18:00:07.0437 0x0490  adpu160m - ok
18:00:07.0531 0x0490  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
18:00:07.0812 0x0490  aec - ok
18:00:07.0890 0x0490  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
18:00:08.0015 0x0490  AFD - ok
18:00:08.0031 0x0490  Aha154x - ok
18:00:08.0046 0x0490  aic78u2 - ok
18:00:08.0078 0x0490  aic78xx - ok
18:00:08.0125 0x0490  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
18:00:08.0390 0x0490  Alerter - ok
18:00:08.0437 0x0490  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
18:00:08.0531 0x0490  ALG - ok
18:00:08.0546 0x0490  AliIde - ok
18:00:08.0765 0x0490  [ F6AF59D6EEE5E1C304F7F73706AD11D8, F5D39EF40CDB5102A84C8594CFC54DDBD5060E193E6D07421A9003D2ABC63E30 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
18:00:09.0140 0x0490  Ambfilt - ok
18:00:09.0171 0x0490  amsint - ok
18:00:09.0296 0x0490  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:00:09.0328 0x0490  Apple Mobile Device - ok
18:00:09.0343 0x0490  AppMgmt - ok
18:00:09.0531 0x0490  [ 6EACC829E76B1EFDFACE633619A3DB31, 001030656AAD181BBC3DC1569165B24C25044CB62FC4BF15377ADC67FE9E8B59 ] AR5416          C:\WINDOWS\system32\DRIVERS\athw.sys
18:00:09.0843 0x0490  AR5416 - ok
18:00:09.0859 0x0490  asc - ok
18:00:09.0875 0x0490  asc3350p - ok
18:00:09.0906 0x0490  asc3550 - ok
18:00:10.0031 0x0490  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:00:10.0078 0x0490  aspnet_state - ok
18:00:10.0140 0x0490  [ 3BFBB5DAE801CB893B8B46345FED6437, 2C2B71C1294585265D4871E74F17541500CA20DE34AC516F2A906DD81964C833 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
18:00:10.0250 0x0490  aswHwid - ok
18:00:10.0343 0x0490  [ 4E39E113E8F5FEE3C49160A0D657A4D5, AAB66B7C0EC63FD457F579ABDC21ED96F5E11C546AA7067AF2BA79BADCDE00B2 ] aswKbd          C:\WINDOWS\system32\drivers\aswKbd.sys
18:00:10.0375 0x0490  aswKbd - ok
18:00:10.0406 0x0490  [ C3014C735F450FE822C97FFBB0627113, 1CCFE845AED1757B8C1F52D310933076FF1EC197D82E499DB4592B09D66137B0 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
18:00:10.0453 0x0490  aswMonFlt - ok
18:00:10.0500 0x0490  [ 7B948E3657BEA62E437BC46CA6EF6012, D518FEB29DBCC1406FFFAF7F618A4475B0A469D4C2714313859D7AD402283A5C ] aswNdis         C:\WINDOWS\system32\DRIVERS\aswNdis.sys
18:00:10.0531 0x0490  aswNdis - ok
18:00:10.0593 0x0490  [ 8807767A4C1137A131A26546ED9EBDCB, 6EA5A474B0126289B051BB246525FB7F424E965DE271ACB8F2A3CE25C1179C78 ] aswNdis2        C:\WINDOWS\system32\drivers\aswNdis2.sys
18:00:10.0656 0x0490  aswNdis2 - ok
18:00:10.0687 0x0490  [ D6C9024F5D14843D33ADA8A6A10A1BE1, D40022D0A360FD4010D3D5D452BBC4CE9EE68224DEAB9584626E6F435E128857 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
18:00:10.0718 0x0490  aswRdr - ok
18:00:10.0781 0x0490  [ B7750AF7EDFD95674EB7CA92BCDD3358, A097577004F3CF71E2F9465F02B073D39926D7DEE2E2A9516D888158A5CB19E9 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
18:00:10.0812 0x0490  aswRvrt - ok
18:00:10.0921 0x0490  [ 51FDE588D860857A97E4C4B560E40C9B, 8A3AC3E55249DAE6CCD95593989F8B100D5C4712A16681A36E5D0F2F08BD57AA ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
18:00:11.0031 0x0490  aswSnx - ok
18:00:11.0156 0x0490  [ 1AEB8CDB797666AF709A291B47AE81E0, 12AC4DBC6338BA5E5C04B449FF8362E7EC8EBFCA675C4F21BE847DFDCAE8F7C9 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
18:00:11.0234 0x0490  aswSP - ok
18:00:11.0359 0x0490  [ 26C51C289E39E8EE0F12B8B06B71E436, 81382FC3E836698432EE832A166F09251CC9164B17584E90F73037A1FA54E4F7 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
18:00:11.0390 0x0490  aswTdi - ok
18:00:11.0453 0x0490  [ 90BEE0170D70D6744CEF2355EEAF8086, 8F9FF53F529B854934020E2F8163605DC794FF48464D3D4439BAAF70ECE8E963 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
18:00:11.0515 0x0490  aswVmm - ok
18:00:11.0562 0x0490  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:00:11.0828 0x0490  AsyncMac - ok
18:00:11.0890 0x0490  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
18:00:12.0187 0x0490  atapi - ok
18:00:12.0203 0x0490  Atdisk - ok
18:00:12.0250 0x0490  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:00:12.0515 0x0490  Atmarpc - ok
18:00:12.0562 0x0490  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
18:00:12.0843 0x0490  AudioSrv - ok
18:00:12.0890 0x0490  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
18:00:13.0140 0x0490  audstub - ok
18:00:13.0218 0x0490  [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:00:13.0250 0x0490  avast! Antivirus - ok
18:00:13.0312 0x0490  [ D386D51B1839E208EF7CCFBFA964638E, 56BF72AE80DFBB5A99A060591A9250BA0D4B9FDF1BEF23C87B61169D2D0EF111 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
18:00:13.0359 0x0490  avast! Firewall - ok
18:00:13.0406 0x0490  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
18:00:13.0687 0x0490  Beep - ok
18:00:13.0796 0x0490  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
18:00:14.0234 0x0490  BITS - ok
18:00:14.0359 0x0490  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:00:14.0421 0x0490  Bonjour Service - ok
18:00:14.0515 0x0490  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
18:00:14.0656 0x0490  Browser - ok
18:00:14.0843 0x0490  [ B6E16DA77EAFE84A8C5BC44784FEEAEA, 5E891966A09ACFB6DAA5E9468F8FEA9814F921FA1C15CF9F5487D730295BDA5D ] btaudio         C:\WINDOWS\system32\drivers\btaudio.sys
18:00:14.0968 0x0490  btaudio - ok
18:00:15.0000 0x0490  [ 58A49BD10E08D3D4333A60DEDCB1CED8, 2110462BDD51BCEB661C089376E60E5ECE5F5908CF80A09035190529C9F306A4 ] BTDriver        C:\WINDOWS\system32\DRIVERS\btport.sys
18:00:15.0046 0x0490  BTDriver - ok
18:00:15.0203 0x0490  [ 48AAD36BAEFB7820BFEB986763226905, D57F5A6FE6D0141709200044BBA11E0FB49FBCB4CF2DE312AACAEEC3A7DA0F6A ] BTKRNL          C:\WINDOWS\system32\DRIVERS\btkrnl.sys
18:00:15.0343 0x0490  BTKRNL - ok
18:00:15.0484 0x0490  [ 9D67887E051FDFC892CA480D814B06B5, B6032E0D3E1578BFA4DA370B649419AB1138DA827741C2A7F23F77128B4316E3 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
18:00:15.0546 0x0490  btwdins - ok
18:00:15.0625 0x0490  [ 8BCD7BFE9C70A8FF7444263435B18AA1, CD260090E88D75C5F277403075FA43BA71166E9C65B9ECD3E2D767E67D92374D ] btwmodem        C:\WINDOWS\system32\DRIVERS\btwmodem.sys
18:00:15.0656 0x0490  btwmodem - ok
18:00:15.0687 0x0490  [ 053DC5BE74621B63BB48C2B86BAFC7B0, 0BF9810CBB7D94DE00A2153DCF0649BC0A27CDBAF76412E61696083C54189778 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
18:00:15.0718 0x0490  BTWUSB - ok
18:00:15.0765 0x0490  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
18:00:16.0031 0x0490  cbidf2k - ok
18:00:16.0078 0x0490  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:00:16.0343 0x0490  CCDECODE - ok
18:00:16.0359 0x0490  cd20xrnt - ok
18:00:16.0406 0x0490  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
18:00:16.0687 0x0490  Cdaudio - ok
18:00:16.0750 0x0490  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
18:00:17.0000 0x0490  Cdfs - ok
18:00:17.0062 0x0490  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:00:17.0328 0x0490  Cdrom - ok
18:00:17.0343 0x0490  Changer - ok
18:00:17.0390 0x0490  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
18:00:17.0640 0x0490  CiSvc - ok
18:00:17.0718 0x0490  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
18:00:18.0000 0x0490  ClipSrv - ok
18:00:18.0046 0x0490  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:00:18.0109 0x0490  clr_optimization_v2.0.50727_32 - ok
18:00:18.0156 0x0490  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:00:18.0437 0x0490  CmBatt - ok
18:00:18.0453 0x0490  CmdIde - ok
18:00:18.0500 0x0490  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:00:18.0781 0x0490  Compbatt - ok
18:00:18.0796 0x0490  COMSysApp - ok
18:00:18.0828 0x0490  Cpqarray - ok
18:00:18.0875 0x0490  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
18:00:19.0140 0x0490  CryptSvc - ok
18:00:19.0156 0x0490  dac2w2k - ok
18:00:19.0187 0x0490  dac960nt - ok
18:00:19.0281 0x0490  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
18:00:19.0421 0x0490  DcomLaunch - ok
18:00:19.0531 0x0490  [ 7F19DBA1A467B838CCB23124A2C55568, 9D7C81AD7C4AAC69E8B263029F292B46FD8BFF9721349C2AB8A111C8CB670BB2 ] DgiVecp         C:\WINDOWS\system32\Drivers\DgiVecp.sys
18:00:19.0546 0x0490  DgiVecp - detected UnsignedFile.Multi.Generic ( 1 )
18:00:22.0031 0x0490  DgiVecp ( UnsignedFile.Multi.Generic ) - warning
18:00:22.0078 0x0490  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
18:00:22.0343 0x0490  Dhcp - ok
18:00:22.0437 0x0490  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
18:00:22.0703 0x0490  Disk - ok
18:00:22.0718 0x0490  dmadmin - ok
18:00:22.0859 0x0490  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
18:00:23.0218 0x0490  dmboot - ok
18:00:23.0312 0x0490  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
18:00:23.0593 0x0490  dmio - ok
18:00:23.0625 0x0490  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
18:00:23.0875 0x0490  dmload - ok
18:00:23.0906 0x0490  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
18:00:24.0156 0x0490  dmserver - ok
18:00:24.0203 0x0490  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
18:00:24.0484 0x0490  DMusic - ok
18:00:24.0546 0x0490  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
18:00:24.0640 0x0490  Dnscache - ok
18:00:24.0671 0x0490  [ 8A4CB9438571814B128B6DC30D698064, 2CE7DC464723C427C88E6FFB086330719DFE57F9EF0FE31AE9E0D8D0C910C388 ] DOSMEMIO        C:\WINDOWS\system32\MEMIO.SYS
18:00:24.0671 0x0490  DOSMEMIO - detected UnsignedFile.Multi.Generic ( 1 )
18:00:24.0671 0x0490  DOSMEMIO ( UnsignedFile.Multi.Generic ) - warning
18:00:24.0750 0x0490  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
18:00:25.0015 0x0490  Dot3svc - ok
18:00:25.0031 0x0490  dpti2o - ok
18:00:25.0062 0x0490  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
18:00:25.0328 0x0490  drmkaud - ok
18:00:25.0359 0x0490  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
18:00:25.0625 0x0490  EapHost - ok
18:00:25.0656 0x0490  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
18:00:25.0937 0x0490  ERSvc - ok
18:00:26.0015 0x0490  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
18:00:26.0062 0x0490  Eventlog - ok
18:00:26.0156 0x0490  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
18:00:26.0250 0x0490  EventSystem - ok
18:00:26.0312 0x0490  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
18:00:26.0593 0x0490  Fastfat - ok
18:00:26.0656 0x0490  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:00:26.0765 0x0490  FastUserSwitchingCompatibility - ok
18:00:26.0828 0x0490  [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax             C:\WINDOWS\system32\fxssvc.exe
18:00:27.0125 0x0490  Fax - ok
18:00:27.0187 0x0490  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
18:00:27.0453 0x0490  Fdc - ok
18:00:27.0500 0x0490  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
18:00:27.0765 0x0490  Fips - ok
18:00:27.0843 0x0490  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
18:00:28.0140 0x0490  Flpydisk - ok
18:00:28.0234 0x0490  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:00:28.0500 0x0490  FltMgr - ok
18:00:28.0656 0x0490  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:00:28.0687 0x0490  FontCache3.0.0.0 - ok
18:00:28.0718 0x0490  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:00:29.0000 0x0490  Fs_Rec - ok
18:00:29.0046 0x0490  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:00:29.0328 0x0490  Ftdisk - ok
18:00:29.0375 0x0490  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:00:29.0406 0x0490  GEARAspiWDM - ok
18:00:29.0453 0x0490  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:00:29.0734 0x0490  Gpc - ok
18:00:29.0843 0x0490  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
18:00:29.0875 0x0490  gupdate - ok
18:00:29.0906 0x0490  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:00:29.0937 0x0490  gupdatem - ok
18:00:30.0031 0x0490  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:00:30.0296 0x0490  HDAudBus - ok
18:00:30.0390 0x0490  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:00:30.0640 0x0490  helpsvc - ok
18:00:30.0687 0x0490  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
18:00:30.0953 0x0490  HidServ - ok
18:00:30.0984 0x0490  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:00:31.0250 0x0490  HidUsb - ok
18:00:31.0296 0x0490  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
18:00:31.0546 0x0490  hkmsvc - ok
18:00:31.0562 0x0490  hpn - ok
18:00:31.0671 0x0490  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
18:00:31.0750 0x0490  HTTP - ok
18:00:31.0828 0x0490  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
18:00:32.0078 0x0490  HTTPFilter - ok
18:00:32.0093 0x0490  i2omgmt - ok
18:00:32.0125 0x0490  i2omp - ok
18:00:32.0171 0x0490  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:00:32.0437 0x0490  i8042prt - ok
18:00:33.0046 0x0490  [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:00:33.0937 0x0490  ialm - ok
18:00:34.0109 0x0490  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:00:34.0250 0x0490  idsvc - ok
18:00:34.0296 0x0490  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
18:00:34.0562 0x0490  Imapi - ok
18:00:34.0640 0x0490  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
18:00:34.0937 0x0490  ImapiService - ok
18:00:34.0968 0x0490  ini910u - ok
18:00:35.0515 0x0490  [ 0CACDCBBC8E6F11E2865C47BFC509848, DD415DD9564BB1E99DA0DBE084CBF321DD55784F3ECC160521BFB4E06AC44523 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:00:36.0328 0x0490  IntcAzAudAddService - ok
18:00:36.0359 0x0490  IntelIde - ok
18:00:36.0421 0x0490  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:00:36.0671 0x0490  intelppm - ok
18:00:36.0750 0x0490  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:00:37.0015 0x0490  Ip6Fw - ok
18:00:37.0062 0x0490  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:00:37.0312 0x0490  IpFilterDriver - ok
18:00:37.0343 0x0490  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:00:37.0625 0x0490  IpInIp - ok
18:00:37.0671 0x0490  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:00:37.0953 0x0490  IpNat - ok
18:00:38.0046 0x0490  [ 35828479CCB4EE3CFD7523AF63443D5B, CA582DB092DC049597268B8245F2EEFF5DB807CBE2CFABEA04EA00DD5ED9A2B6 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:00:38.0125 0x0490  iPod Service - ok
18:00:38.0171 0x0490  [ CF79FF3D10864F73660A34E006B6B8F8, 2F8DD1D9F9FC79436137A06249677554FB42136E7082908727B1AF27B14C71D2 ] iPodDrv         C:\WINDOWS\system32\drivers\iPodDrv.sys
18:00:38.0203 0x0490  iPodDrv - detected UnsignedFile.Multi.Generic ( 1 )
18:00:38.0203 0x0490  iPodDrv ( UnsignedFile.Multi.Generic ) - warning
18:00:38.0250 0x0490  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:00:38.0515 0x0490  IPSec - ok
18:00:38.0609 0x0490  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
18:00:38.0718 0x0490  IRENUM - ok
18:00:38.0781 0x0490  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:00:39.0046 0x0490  isapnp - ok
18:00:39.0109 0x0490  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:00:39.0375 0x0490  Kbdclass - ok
18:00:39.0406 0x0490  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:00:39.0671 0x0490  kbdhid - ok
18:00:39.0734 0x0490  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
18:00:40.0000 0x0490  kmixer - ok
18:00:40.0078 0x0490  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
18:00:40.0171 0x0490  KSecDD - ok
18:00:40.0234 0x0490  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
18:00:40.0312 0x0490  LanmanServer - ok
18:00:40.0421 0x0490  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:00:40.0531 0x0490  lanmanworkstation - ok
18:00:40.0562 0x0490  lbrtfdc - ok
18:00:40.0625 0x0490  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
18:00:40.0890 0x0490  LmHosts - ok
18:00:40.0906 0x0490  massfilter - ok
18:00:41.0000 0x0490  [ DC7E770CD68E91FB65B2D841741F43F6, BEB8C42C5F1D262ECC9E7C9309B41D58A0F934E9BEBC22A0E9185D2FFA4BC261 ] mbamchameleon   C:\WINDOWS\system32\drivers\mbamchameleon.sys
18:00:41.0031 0x0490  mbamchameleon - ok
18:00:41.0062 0x0490  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
18:00:41.0328 0x0490  Messenger - ok
18:00:41.0375 0x0490  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
18:00:41.0625 0x0490  mnmdd - ok
18:00:41.0671 0x0490  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
18:00:41.0937 0x0490  mnmsrvc - ok
18:00:41.0968 0x0490  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
18:00:42.0218 0x0490  Modem - ok
18:00:42.0406 0x0490  [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
18:00:42.0718 0x0490  Monfilt - ok
18:00:42.0750 0x0490  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:00:43.0000 0x0490  Mouclass - ok
18:00:43.0031 0x0490  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:00:43.0281 0x0490  mouhid - ok
18:00:43.0328 0x0490  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
18:00:43.0578 0x0490  MountMgr - ok
18:00:43.0687 0x0490  [ FD5E45969B82B83E33CB05B5C9B0E3F2, A6C21F7A0A97683DA50FC102131618CC1BE5CA0C3625D2FDAF5861B9B6523E45 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:00:43.0734 0x0490  MozillaMaintenance - ok
18:00:43.0750 0x0490  mraid35x - ok
18:00:43.0843 0x0490  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:00:44.0125 0x0490  MRxDAV - ok
18:00:44.0218 0x0490  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:00:44.0312 0x0490  MRxSmb - ok
18:00:44.0375 0x0490  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
18:00:44.0625 0x0490  MSDTC - ok
18:00:44.0671 0x0490  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
18:00:44.0953 0x0490  Msfs - ok
18:00:44.0968 0x0490  MSIServer - ok
18:00:45.0015 0x0490  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:00:45.0265 0x0490  MSKSSRV - ok
18:00:45.0312 0x0490  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:00:45.0562 0x0490  MSPCLOCK - ok
18:00:45.0593 0x0490  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
18:00:45.0843 0x0490  MSPQM - ok
18:00:45.0859 0x0490  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:00:46.0109 0x0490  mssmbios - ok
18:00:46.0140 0x0490  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
18:00:46.0406 0x0490  MSTEE - ok
18:00:46.0468 0x0490  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
18:00:46.0593 0x0490  Mup - ok
18:00:46.0625 0x0490  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:00:46.0906 0x0490  NABTSFEC - ok
18:00:46.0968 0x0490  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
18:00:47.0265 0x0490  napagent - ok
18:00:47.0359 0x0490  [ 8716356E49A665BDC7B114725B60A456, F8187DD17B6C3D65D6A3AD7C13EC9B83C0767D86FAC9EC9EFCAB5ABA8A88A668 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
18:00:47.0421 0x0490  NDIS - ok
18:00:47.0453 0x0490  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:00:47.0718 0x0490  NdisIP - ok
18:00:47.0796 0x0490  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:00:47.0859 0x0490  NdisTapi - ok
18:00:47.0906 0x0490  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:00:48.0171 0x0490  Ndisuio - ok
18:00:48.0218 0x0490  [ 5526CFEBB619F7F763BD6A2E1B618078, B4A8C6C115B3DED7E2D977B583FCE5DEB0AD8D14DDAE24BF35E9F4DF2C3A52B2 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:00:48.0250 0x0490  NdisWan - ok
18:00:48.0296 0x0490  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
18:00:48.0390 0x0490  NDProxy - ok
18:00:48.0421 0x0490  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
18:00:48.0671 0x0490  NetBIOS - ok
18:00:48.0750 0x0490  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
18:00:49.0046 0x0490  NetBT - ok
18:00:49.0078 0x0490  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
18:00:49.0375 0x0490  NetDDE - ok
18:00:49.0390 0x0490  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
18:00:49.0656 0x0490  NetDDEdsdm - ok
18:00:49.0703 0x0490  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
18:00:49.0968 0x0490  Netlogon - ok
18:00:50.0031 0x0490  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
18:00:50.0296 0x0490  Netman - ok
18:00:50.0375 0x0490  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:00:50.0421 0x0490  NetTcpPortSharing - ok
18:00:50.0484 0x0490  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
18:00:50.0562 0x0490  Nla - ok
18:00:50.0609 0x0490  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
18:00:50.0859 0x0490  Npfs - ok
18:00:50.0937 0x0490  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
18:00:51.0281 0x0490  Ntfs - ok
18:00:51.0296 0x0490  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
18:00:51.0562 0x0490  NtLmSsp - ok
18:00:51.0625 0x0490  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
18:00:51.0937 0x0490  NtmsSvc - ok
18:00:51.0968 0x0490  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
18:00:52.0218 0x0490  Null - ok
18:00:52.0250 0x0490  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:00:52.0500 0x0490  NwlnkFlt - ok
18:00:52.0531 0x0490  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:00:52.0781 0x0490  NwlnkFwd - ok
18:00:52.0906 0x0490  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:00:52.0984 0x0490  odserv - ok
18:00:53.0078 0x0490  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:00:53.0125 0x0490  ose - ok
18:00:53.0156 0x0490  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
18:00:53.0437 0x0490  Parport - ok
18:00:53.0484 0x0490  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
18:00:53.0750 0x0490  PartMgr - ok
18:00:53.0781 0x0490  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
18:00:54.0046 0x0490  ParVdm - ok
18:00:54.0093 0x0490  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
18:00:54.0359 0x0490  PCI - ok
18:00:54.0375 0x0490  PCIDump - ok
18:00:54.0406 0x0490  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
18:00:54.0656 0x0490  PCIIde - ok
18:00:54.0734 0x0490  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
18:00:55.0015 0x0490  Pcmcia - ok
18:00:55.0031 0x0490  PDCOMP - ok
18:00:55.0062 0x0490  PDFRAME - ok
18:00:55.0078 0x0490  PDRELI - ok
18:00:55.0109 0x0490  PDRFRAME - ok
18:00:55.0125 0x0490  perc2 - ok
18:00:55.0156 0x0490  perc2hib - ok
18:00:55.0250 0x0490  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
18:00:55.0296 0x0490  PlugPlay - ok
18:00:55.0312 0x0490  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
18:00:55.0562 0x0490  PolicyAgent - ok
18:00:55.0609 0x0490  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:00:55.0859 0x0490  PptpMiniport - ok
18:00:55.0875 0x0490  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:00:56.0125 0x0490  ProtectedStorage - ok
18:00:56.0171 0x0490  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
18:00:56.0437 0x0490  PSched - ok
18:00:56.0484 0x0490  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:00:56.0718 0x0490  Ptilink - ok
18:00:56.0781 0x0490  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:00:56.0812 0x0490  PxHelp20 - ok
18:00:56.0828 0x0490  ql1080 - ok
18:00:56.0859 0x0490  Ql10wnt - ok
18:00:56.0875 0x0490  ql12160 - ok
18:00:56.0906 0x0490  ql1240 - ok
18:00:56.0921 0x0490  ql1280 - ok
18:00:56.0968 0x0490  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:00:57.0203 0x0490  RasAcd - ok
18:00:57.0250 0x0490  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
18:00:57.0515 0x0490  RasAuto - ok
18:00:57.0578 0x0490  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:00:57.0843 0x0490  Rasl2tp - ok
18:00:57.0890 0x0490  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
18:00:58.0171 0x0490  RasMan - ok
18:00:58.0203 0x0490  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:00:58.0468 0x0490  RasPppoe - ok
18:00:58.0500 0x0490  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
18:00:58.0765 0x0490  Raspti - ok
18:00:58.0859 0x0490  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:00:59.0156 0x0490  Rdbss - ok
18:00:59.0203 0x0490  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:00:59.0468 0x0490  RDPCDD - ok
18:00:59.0593 0x0490  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
18:00:59.0671 0x0490  RDPWD - ok
18:00:59.0750 0x0490  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
18:01:00.0015 0x0490  RDSessMgr - ok
18:01:00.0062 0x0490  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
18:01:00.0375 0x0490  redbook - ok
18:01:00.0421 0x0490  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
18:01:00.0718 0x0490  RemoteAccess - ok
18:01:00.0781 0x0490  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
18:01:01.0031 0x0490  RpcLocator - ok
18:01:01.0109 0x0490  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
18:01:01.0250 0x0490  RpcSs - ok
18:01:01.0312 0x0490  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
18:01:01.0578 0x0490  RSVP - ok
18:01:01.0609 0x0490  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
18:01:01.0875 0x0490  SamSs - ok
18:01:01.0906 0x0490  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
18:01:02.0187 0x0490  SCardSvr - ok
18:01:02.0281 0x0490  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
18:01:02.0562 0x0490  Schedule - ok
18:01:02.0609 0x0490  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:01:02.0734 0x0490  Secdrv - ok
18:01:02.0765 0x0490  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
18:01:03.0015 0x0490  seclogon - ok
18:01:03.0062 0x0490  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
18:01:03.0359 0x0490  SENS - ok
18:01:03.0406 0x0490  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
18:01:03.0656 0x0490  Serial - ok
18:01:03.0734 0x0490  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
18:01:04.0000 0x0490  Sfloppy - ok
18:01:04.0093 0x0490  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
18:01:04.0390 0x0490  SharedAccess - ok
18:01:04.0421 0x0490  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:01:04.0468 0x0490  ShellHWDetection - ok
18:01:04.0484 0x0490  Simbad - ok
18:01:04.0625 0x0490  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
18:01:04.0687 0x0490  SkypeUpdate - ok
18:01:04.0750 0x0490  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:01:04.0984 0x0490  SLIP - ok
18:01:05.0015 0x0490  Sparrow - ok
18:01:05.0078 0x0490  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
18:01:05.0328 0x0490  splitter - ok
18:01:05.0390 0x0490  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
18:01:05.0453 0x0490  Spooler - ok
18:01:05.0515 0x0490  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
18:01:05.0625 0x0490  sr - ok
18:01:05.0687 0x0490  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
18:01:05.0812 0x0490  srservice - ok
18:01:05.0937 0x0490  [ 7D7AD4ABA007E20ACC35CAB03B28A935, 95DC293ABE09D3F7F510A0D9154B30917B75BB2948863D6DD9D3F021C81C37EF ] SRS_PremiumSound_Service C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys
18:01:06.0000 0x0490  SRS_PremiumSound_Service - ok
18:01:06.0125 0x0490  [ 979B9C522C91BE3196E3220437BB2C38, 6EA46CD36CB54CACA5920018B387919744C1B1E76A5A1520C24B8EBCC94241A2 ] SRS_WOWXT_Service C:\Program Files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe
18:01:06.0171 0x0490  SRS_WOWXT_Service - ok
18:01:06.0250 0x0490  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
18:01:06.0406 0x0490  Srv - ok
18:01:06.0453 0x0490  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
18:01:06.0593 0x0490  SSDPSRV - ok
18:01:06.0656 0x0490  [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
18:01:06.0906 0x0490  StillCam - ok
18:01:07.0015 0x0490  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
18:01:07.0296 0x0490  stisvc - ok
18:01:07.0328 0x0490  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:01:07.0593 0x0490  streamip - ok
18:01:07.0656 0x0490  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
18:01:07.0890 0x0490  swenum - ok
18:01:07.0937 0x0490  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
18:01:08.0187 0x0490  swmidi - ok
18:01:08.0203 0x0490  SwPrv - ok
18:01:08.0234 0x0490  symc810 - ok
18:01:08.0250 0x0490  symc8xx - ok
18:01:08.0281 0x0490  sym_hi - ok
18:01:08.0296 0x0490  sym_u3 - ok
18:01:08.0406 0x0490  [ EA447F6DB6115E8A32352F9FAFFA824D, 36246E8780A085CE8122E30380DBDF708E3F48B81B851302608B27AFD0B8E953 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:01:08.0500 0x0490  SynTP - ok
18:01:08.0546 0x0490  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
18:01:08.0812 0x0490  sysaudio - ok
18:01:08.0843 0x0490  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
18:01:09.0125 0x0490  SysmonLog - ok
18:01:09.0171 0x0490  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
18:01:09.0453 0x0490  TapiSrv - ok
18:01:09.0531 0x0490  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:01:09.0656 0x0490  Tcpip - ok
18:01:09.0765 0x0490  [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7, D084EFE07AC200672A1CE7BB8AE736612B3E353271188D26E29EC973E26E1F5F ] Tcpip6          C:\WINDOWS\system32\DRIVERS\tcpip6.sys
18:01:09.0812 0x0490  Tcpip6 - ok
18:01:09.0859 0x0490  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
18:01:10.0125 0x0490  TDPIPE - ok
18:01:10.0156 0x0490  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
18:01:10.0421 0x0490  TDTCP - ok
18:01:10.0453 0x0490  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
18:01:10.0703 0x0490  TermDD - ok
18:01:10.0765 0x0490  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
18:01:11.0078 0x0490  TermService - ok
18:01:11.0125 0x0490  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
18:01:11.0171 0x0490  Themes - ok
18:01:11.0203 0x0490  TosIde - ok
18:01:11.0250 0x0490  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
18:01:11.0515 0x0490  TrkWks - ok
18:01:11.0625 0x0490  [ 446118FFFF5576434393AE4551A5CA74, 6E72F429EBF7EF5351735E12E153F39DDCAD3E0341106D3384C9EACFC105FDA6 ] TrueSight       C:\WINDOWS\system32\drivers\TrueSight.sys
18:01:11.0656 0x0490  TrueSight - ok
18:01:11.0828 0x0490  [ 8F861EDA21C05857EB8197300A92501C, 374FF9464F273610A051B9220C8D20F01FD4DD029095A7BE37244E20C5C8B5BB ] tunmp           C:\WINDOWS\system32\DRIVERS\tunmp.sys
18:01:12.0078 0x0490  tunmp - ok
18:01:12.0140 0x0490  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
18:01:12.0390 0x0490  Udfs - ok
18:01:12.0406 0x0490  ultra - ok
18:01:12.0468 0x0490  [ C81B8635DEE0D3EF5F64B3DD643023A5, 6D7438A5FB7168352099F726BD0980AD398A7CFE929B8D2BD362B238C1540D85 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
18:01:12.0562 0x0490  UMWdf - ok
18:01:12.0656 0x0490  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
18:01:12.0953 0x0490  Update - ok
18:01:13.0015 0x0490  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
18:01:13.0187 0x0490  upnphost - ok
18:01:13.0218 0x0490  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
18:01:13.0484 0x0490  UPS - ok
18:01:13.0546 0x0490  [ D4FB6ECC60A428564BA8768B0E23C0FC, 4170FB6D0D593B5C22F5B4F664F6253435208C8948AFB66C0D12E2B818BA6DD5 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
18:01:13.0562 0x0490  USBAAPL - detected UnsignedFile.Multi.Generic ( 1 )
18:01:13.0562 0x0490  USBAAPL ( UnsignedFile.Multi.Generic ) - warning
18:01:13.0609 0x0490  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:01:13.0687 0x0490  usbccgp - ok
18:01:13.0750 0x0490  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:01:13.0781 0x0490  usbehci - ok
18:01:13.0828 0x0490  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:01:14.0125 0x0490  usbhub - ok
18:01:14.0171 0x0490  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:01:14.0437 0x0490  usbprint - ok
18:01:14.0515 0x0490  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:01:14.0562 0x0490  usbscan - ok
18:01:14.0593 0x0490  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:01:14.0859 0x0490  USBSTOR - ok
18:01:14.0906 0x0490  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:01:15.0171 0x0490  usbuhci - ok
18:01:15.0250 0x0490  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
18:01:15.0328 0x0490  usbvideo - ok
18:01:15.0359 0x0490  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
18:01:15.0625 0x0490  VgaSave - ok
18:01:15.0640 0x0490  ViaIde - ok
18:01:15.0703 0x0490  [ 20A559A25C4AE3F9B35F8229636EE5A7, DB9D31662AD52447FC4545E67F37900C8BF93C32DAAE172B7DB6EB0B7BB70F4A ] VMC326          C:\WINDOWS\system32\Drivers\VMC326.sys
18:01:15.0781 0x0490  VMC326 - ok
18:01:15.0828 0x0490  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
18:01:16.0093 0x0490  VolSnap - ok
18:01:16.0156 0x0490  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
18:01:16.0281 0x0490  VSS - ok
18:01:16.0359 0x0490  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
18:01:16.0640 0x0490  W32Time - ok
18:01:16.0703 0x0490  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:01:16.0968 0x0490  Wanarp - ok
18:01:16.0984 0x0490  WDICA - ok
18:01:17.0015 0x0490  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
18:01:17.0265 0x0490  wdmaud - ok
18:01:17.0312 0x0490  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
18:01:17.0562 0x0490  WebClient - ok
18:01:17.0671 0x0490  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
18:01:17.0984 0x0490  winmgmt - ok
18:01:18.0062 0x0490  [ A477391B7A8B0A0DAABADB17CF533A4B, 9B1929B5BBF2738BA3D402809FCB8DAA09EF4727F860567895D5E73EBE43E627 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
18:01:18.0109 0x0490  WmdmPmSN - ok
18:01:18.0203 0x0490  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:01:18.0484 0x0490  WmiApSrv - ok
18:01:18.0531 0x0490  [ C1B3D9D75C3FB735F5FA3A5806ADED57, E81D46549C4AB73CB1285A849046655CC5F680EB7ACE7A13A9E4B55B864C33BD ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
18:01:18.0562 0x0490  WpdUsb - ok
18:01:18.0625 0x0490  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:01:18.0875 0x0490  WS2IFSL - ok
18:01:18.0937 0x0490  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
18:01:19.0203 0x0490  wscsvc - ok
18:01:19.0234 0x0490  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:01:19.0484 0x0490  WSTCODEC - ok
18:01:19.0578 0x0490  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
18:01:19.0843 0x0490  wuauserv - ok
18:01:19.0953 0x0490  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
18:01:20.0265 0x0490  WZCSVC - ok
18:01:20.0312 0x0490  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
18:01:20.0578 0x0490  xmlprov - ok
18:01:20.0656 0x0490  [ B074B1EE465A3292636858323D176402, 766FA29050D95857C8FBC77F1AD30A2647687A8580D73566360B45BD99FD20BC ] yksvc           C:\WINDOWS\System32\yk51x86.dll
18:01:20.0796 0x0490  yksvc - ok
18:01:20.0859 0x0490  [ 7578410B1512FAD9C485B134561E8B78, 1194AEFF3BFB1D73C36E28C6A26F94338A6CBF7090B6267F89096D7B4EF94ECE ] yukonwxp        C:\WINDOWS\system32\DRIVERS\yk51x86.sys
18:01:20.0968 0x0490  yukonwxp - ok
18:01:20.0984 0x0490  ZTEusbmdm6k - ok
18:01:21.0000 0x0490  ZTEusbnmea - ok
18:01:21.0046 0x0490  ZTEusbser6k - ok
18:01:21.0093 0x0490  ================ Scan global ===============================
18:01:21.0140 0x0490  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
18:01:21.0203 0x0490  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
18:01:21.0265 0x0490  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
18:01:21.0312 0x0490  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
18:01:21.0328 0x0490  [ Global ] - ok
18:01:21.0328 0x0490  ================ Scan MBR ==================================
18:01:21.0375 0x0490  [ A0A345F7AB6F3BAC008FB0DE602E66CD ] \Device\Harddisk0\DR0
18:01:22.0109 0x0490  \Device\Harddisk0\DR0 - ok
18:01:22.0109 0x0490  ================ Scan VBR ==================================
18:01:22.0125 0x0490  [ A27259930FCF727A480B3B260A37DE4B ] \Device\Harddisk0\DR0\Partition1
18:01:22.0187 0x0490  \Device\Harddisk0\DR0\Partition1 - ok
18:01:22.0203 0x0490  [ 796E92015F101C451EBC01986764F2FC ] \Device\Harddisk0\DR0\Partition2
18:01:22.0218 0x0490  \Device\Harddisk0\DR0\Partition2 - ok
18:01:22.0218 0x0490  ================ Scan generic autorun ======================
18:01:22.0281 0x0490  [ 2452ED666667DC381F1D418F3A102642, 95F0020BEDDF36A7708A6252294D9E4F59B6D3B5BB9408E20110B523C998FDF4 ] C:\WINDOWS\system32\igfxtray.exe
18:01:22.0328 0x0490  IgfxTray - ok
18:01:22.0406 0x0490  [ D49ED5FF272A46FA38361028835D09FA, E5B3A2EE5B08FBF538489A24D5B1FF68FE78E2B88EFA4B16A2CEB92C6BC3EA6D ] C:\WINDOWS\system32\hkcmd.exe
18:01:22.0453 0x0490  HotKeysCmds - ok
18:01:24.0171 0x0490  [ 2CC9A09302592884E442C9D6D4B306CA, FEBB8BC4592266F66B83EE612A96AB2565E9B8E86CD37AE19639F35EDA35A8AC ] C:\WINDOWS\RTHDCPL.EXE
18:01:28.0031 0x0490  RTHDCPL - ok
18:01:28.0500 0x0490  [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
18:01:29.0031 0x0490  AvastUI.exe - ok
18:01:29.0171 0x0490  [ 0395F4275F825078271AB287EFC4BF75, 092B22546A0BCF7B8277E3341BDA19653931AAC3F42631B4D89B80BAC001F672 ] C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe
18:01:29.0281 0x0490  BatteryLifeExtender - detected UnsignedFile.Multi.Generic ( 1 )
18:01:29.0281 0x0490  BatteryLifeExtender ( UnsignedFile.Multi.Generic ) - warning
18:01:29.0312 0x0490  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
18:01:29.0578 0x0490  ctfmon.exe - ok
18:01:29.0734 0x0490  AV detected via SS1: avast! Antivirus, 5.0.150996965, enabled, updated
18:01:29.0750 0x0490  FW detected via SS1: avast! Antivirus, 5.0.150996965, enabled
18:01:29.0750 0x0490  ============================================================
18:01:29.0750 0x0490  Scan finished
18:01:29.0750 0x0490  ============================================================
18:01:29.0781 0x0498  Detected object count: 5
18:01:29.0781 0x0498  Actual detected object count: 5
18:09:12.0500 0x0498  DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0500 0x0498  DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0500 0x0498  DOSMEMIO ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0500 0x0498  DOSMEMIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0515 0x0498  iPodDrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0515 0x0498  iPodDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0531 0x0498  USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0531 0x0498  USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0531 0x0498  BatteryLifeExtender ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0531 0x0498  BatteryLifeExtender ( UnsignedFile.Multi.Generic ) - User select action: Skip

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 9/14/2014 2:02:28 AM, SYSTEM, JANETMINI, Manual, Rootkit Database, 2014.9.10.2, 2014.9.13.1,
Update, 9/14/2014 2:02:38 AM, SYSTEM, JANETMINI, Manual, Malware Database, 2014.9.11.6, 2014.9.13.7,

(e
 



#6 Julesverne

Julesverne
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:04 PM

Posted 26 September 2014 - 08:44 AM

Here's an update and it's not good: My yahoo account password was changed some time last night or today. I was able to change it and have gotten back access to my account, but now I know for certain my computer is not safe at all. :radioactive:



#7 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:12:04 AM

Posted 27 September 2014 - 04:48 PM

Hello,
 

In each of these files, the SID "Account Unknown (S-1-5-32-547)" is the lead entry in the Security permissions window, with full control granted.

There is no need to worry about that. Under XP Home this useraccount will always be "account unknown" and this Account comes with the installation of XP

The log of TDSS-Killer is ok, the finds are legit
 

Here's an update and it's not good: My yahoo account password was changed some time last night or today. I was able to change it and have gotten back access to my account, but now I know for certain my computer is not safe at all.


I think this problem is not an issue, which is coming from the computer.
In my opinion the password was directly hacked in yahoo. Have you already changed the password from another computer ?

Lets have a closer look at the services which are on your system.

Step 1
Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step 2
Please check also in your Device Manager if there are devices with a question mark before it, make sure that you check the Show all Hidden devices option you will find under the View menu in Device Manager.
 


regards,

 

Sandra


#8 Julesverne

Julesverne
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:04 PM

Posted 27 September 2014 - 07:43 PM

Yes, I did change my yahoo password, but it took several attempts; I was directed several times to a false password page, but it seems I was able to get back to the legitimate yahoo security page. I'm monitoring the account to make sure it's secure again.

 

The device manager highlights two Non-Plug and Play Drivers with a black exclamation point in a yellow circle. One is called DgiVecp and the other is Serial. Looking in Properties, each has a code 24 indicated.

 

Here's the scan log:

 

Farbar Service Scanner Version: 21-07-2014
Ran by Jon (administrator) on 28-09-2014 at 02:13:49
Running from "C:\Documents and Settings\Jon\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
aswTdi(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) Tcpip6(11)
0x0C0000000400000001000000020000000300000009000000080000000B0000000C0000000D000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****



#9 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:12:04 AM

Posted 30 September 2014 - 03:52 PM

Hello,

the issues in the Device Manager have no relation with Zero Access.
Code 24 says that there is a missing driver, DgiVecp comes with printers or scanners, mostly Samsung.
 

Yes, I did change my yahoo password, but it took several attempts; I was directed several times to a false password page, but it seems I was able to get back to the legitimate yahoo security page. I'm monitoring the account to make sure it's secure again.


This is a good idea.

please run following fix with FRST
Step 1
We need to run a fix with FRST:
 

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log ( Fixlog.txt ) in the same location the tool was run, please post it to your reply



 

 

Attached Files


regards,

 

Sandra


#10 Julesverne

Julesverne
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:04 PM

Posted 30 September 2014 - 04:34 PM

Done!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-09-2014
Ran by Jon at 2014-09-30 23:30:25 Run:3
Running from C:\FRST\FRST-OlderVersion
Loaded Profile: Jon (Available profiles: Jon & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
folder: C:\WINDOWS\$NtUninstallKB15624$
*****************


========================= folder: C:\WINDOWS\$NtUninstallKB15624$ ========================


====== End of Folder: ======


==== End of Fixlog ====



#11 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:12:04 AM

Posted 03 October 2014 - 05:27 AM

Hello,
Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:
 

Folder::
C:\WINDOWS\$NtUninstallKB15624$


Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2
Please perform a new run with combofix, is the message gone?
 


regards,

 

Sandra


#12 Julesverne

Julesverne
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:04 PM

Posted 03 October 2014 - 10:00 AM

Sandra, should I include the word, "Quote" ?



#13 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:12:04 AM

Posted 03 October 2014 - 10:57 AM

Hello,

 

no, there went something wrong with the format, thank you for asking. You should only copy and paste this:

Folder::

C:\WINDOWS\$NtUninstallKB15624$

regards,

 

Sandra


#14 Julesverne

Julesverne
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:04 PM

Posted 03 October 2014 - 01:13 PM

Here's the Combofix log. The Zeroaccess rootkit was detected, also rootkit activity. I'll run Combofix again and report the results.

 

ComboFix 14-10-02.01 - Jon 10/03/2014  19:54:54.5.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2038.1555 [GMT 2:00]
Running from: c:\documents and settings\Jon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jon\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB15624$
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-03 to 2014-10-03  )))))))))))))))))))))))))))))))
.
.
2014-09-22 15:46 . 2014-09-22 15:46    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2014-09-17 21:05 . 2014-09-17 21:09    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Wise Registry Cleaner
2014-09-17 16:05 . 2014-09-17 16:05    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\Google
2014-09-12 23:14 . 2014-09-14 17:13    --------    dc----w-    C:\MATS
2014-09-12 18:30 . 2014-09-12 18:30    --------    d-----w-    c:\documents and settings\Jon\Application Data\ElevatedDiagnostics
2014-09-12 17:42 . 2014-09-12 17:47    --------    d-----w-    c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-09-09 13:15 . 2014-09-30 21:30    --------    dc----w-    C:\FRST
2014-09-09 07:50 . 2014-09-09 07:50    --------    d-----w-    c:\documents and settings\Administrator\Bluetooth Software
2014-09-05 19:25 . 2014-09-05 19:25    --------    d-----w-    c:\documents and settings\Administrator\Application Data\AVAST Software
2014-09-05 06:49 . 2014-09-05 06:49    --------    d-----w-    c:\documents and settings\Jon\Local Settings\Application Data\Help
2014-09-04 12:48 . 2014-09-04 12:48    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-01 19:02 . 2014-04-21 09:32    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-24 08:41 . 2012-07-06 16:33    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-09-24 08:41 . 2011-11-06 14:41    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-20 11:25 . 2014-08-29 19:52    33512    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-08-28 08:38 . 2014-04-21 09:31    53208    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-08-17 19:00 . 2014-08-17 19:02    26136    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2014-08-17 19:00 . 2014-08-17 19:02    252872    ----a-w-    c:\windows\system32\drivers\aswNdis2.sys
2014-08-17 19:00 . 2014-08-17 19:00    12112    ----a-w-    c:\windows\system32\drivers\aswNdis.sys
2014-07-19 16:16 . 2014-07-19 16:16    414520    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-07-19 16:15 . 2014-07-19 16:16    57800    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2014-07-19 16:15 . 2014-07-19 16:16    192352    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-07-19 16:15 . 2014-07-19 16:16    779536    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-07-19 16:15 . 2014-07-19 16:16    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-07-19 16:15 . 2014-07-19 16:16    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-07-19 16:15 . 2014-07-19 16:16    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-07-19 16:15 . 2014-07-19 16:16    55112    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2014-07-19 16:15 . 2014-07-19 16:15    276432    ----a-w-    c:\windows\system32\aswBoot.exe
2014-07-19 16:15 . 2014-07-19 16:15    43152    ----a-w-    c:\windows\avastSS.scr
2014-07-14 09:23 . 2014-05-27 19:06    110296    ----a-w-    c:\windows\system32\drivers\48230029.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-19 16:15    578240    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-18 166424]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-05 4085896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk.disabled
backup=c:\windows\pss\Bluetooth.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jon^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk.disabled]
path=c:\documents and settings\Jon\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.disabledStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2005-04-08 12:09    102400    ------w-    c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-08-01 14:18    152392    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 14:24    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
"BatteryLifeExtender"=c:\program files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe /2
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe"
"DMHotKey"=c:\program files\Samsung\Easy Display Manager\DMLoader.exe
"Alcmtr"=ALCMTR.EXE
"BatteryManager"=c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe
"MagicKeyboard"=c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"SUPBackGround"=c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [8/17/2014 9:00 PM 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [8/17/2014 9:02 PM 252872]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [7/19/2014 6:16 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [7/19/2014 6:16 PM 192352]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [8/17/2014 9:02 PM 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/19/2014 6:16 PM 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [7/19/2014 6:16 PM 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [7/19/2014 6:16 PM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [7/19/2014 6:16 PM 67824]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [8/17/2014 9:00 PM 106488]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [3/25/2009 3:34 AM 4300]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [4/15/2011 2:15 AM 6656]
R2 SRS_WOWXT_Service;SRS WOWXT/TSXT Service;c:\program files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe [5/19/2009 11:39 AM 66792]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [3/25/2009 2:08 AM 14336]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [12/15/2012 5:41 PM 233512]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [3/25/2009 3:38 AM 238464]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 9:15 AM 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/25/2009 3:35 AM 1684736]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/21/2014 11:31 AM 53208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
yksvcs    REG_MULTI_SZ       yksvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 07:07    1096520    ----a-w-    c:\program files\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 08:41]
.
2014-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2014-10-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-19 16:15]
.
2014-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 17:47]
.
2014-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 17:47]
.
2014-03-24 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-24 01:59]
.
2014-08-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-24 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
FF - ProfilePath - c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\q7ucmmv1.default-1404806262968\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-03 20:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-10-03  20:11:32
ComboFix-quarantined-files.txt  2014-10-03 18:11
ComboFix2.txt  2014-09-17 09:47
ComboFix3.txt  2014-09-15 13:47
ComboFix4.txt  2014-09-14 15:38
ComboFix5.txt  2014-10-03 17:44
.
Pre-Run: 49,964,355,584 bytes free
Post-Run: 50,133,204,992 bytes free
.
- - End Of File - - EB6F3B71F95BF326B440620391741DFA
A0A345F7AB6F3BAC008FB0DE602E66CD
 



#15 Julesverne

Julesverne
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:04 PM

Posted 03 October 2014 - 01:43 PM

After I started Combofix again I was called away from my desk, so I didn't see whether the rootkit was detected again. I'm sorry! Here is the log. If you would rather I run the program again, just say so. Thanks.

 

 

ComboFix 14-10-02.01 - Jon 10/03/2014  20:21:21.6.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2038.1409 [GMT 2:00]
Running from: c:\documents and settings\Jon\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-03 to 2014-10-03  )))))))))))))))))))))))))))))))
.
.
2014-09-22 15:46 . 2014-09-22 15:46    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2014-09-17 21:05 . 2014-09-17 21:09    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Wise Registry Cleaner
2014-09-17 16:05 . 2014-09-17 16:05    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\Google
2014-09-12 23:14 . 2014-09-14 17:13    --------    dc----w-    C:\MATS
2014-09-12 18:30 . 2014-09-12 18:30    --------    d-----w-    c:\documents and settings\Jon\Application Data\ElevatedDiagnostics
2014-09-12 17:42 . 2014-09-12 17:47    --------    d-----w-    c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-09-09 13:15 . 2014-09-30 21:30    --------    dc----w-    C:\FRST
2014-09-09 07:50 . 2014-09-09 07:50    --------    d-----w-    c:\documents and settings\Administrator\Bluetooth Software
2014-09-05 19:25 . 2014-09-05 19:25    --------    d-----w-    c:\documents and settings\Administrator\Application Data\AVAST Software
2014-09-05 06:49 . 2014-09-05 06:49    --------    d-----w-    c:\documents and settings\Jon\Local Settings\Application Data\Help
2014-09-04 12:48 . 2014-09-04 12:48    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-01 19:02 . 2014-04-21 09:32    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-24 08:41 . 2012-07-06 16:33    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-09-24 08:41 . 2011-11-06 14:41    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-20 11:25 . 2014-08-29 19:52    33512    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-08-28 08:38 . 2014-04-21 09:31    53208    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-08-17 19:00 . 2014-08-17 19:02    26136    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2014-08-17 19:00 . 2014-08-17 19:02    252872    ----a-w-    c:\windows\system32\drivers\aswNdis2.sys
2014-08-17 19:00 . 2014-08-17 19:00    12112    ----a-w-    c:\windows\system32\drivers\aswNdis.sys
2014-07-19 16:16 . 2014-07-19 16:16    414520    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-07-19 16:15 . 2014-07-19 16:16    57800    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2014-07-19 16:15 . 2014-07-19 16:16    192352    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-07-19 16:15 . 2014-07-19 16:16    779536    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-07-19 16:15 . 2014-07-19 16:16    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-07-19 16:15 . 2014-07-19 16:16    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-07-19 16:15 . 2014-07-19 16:16    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-07-19 16:15 . 2014-07-19 16:16    55112    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2014-07-19 16:15 . 2014-07-19 16:15    276432    ----a-w-    c:\windows\system32\aswBoot.exe
2014-07-19 16:15 . 2014-07-19 16:15    43152    ----a-w-    c:\windows\avastSS.scr
2014-07-14 09:23 . 2014-05-27 19:06    110296    ----a-w-    c:\windows\system32\drivers\48230029.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-19 16:15    578240    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-18 166424]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-05 4085896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk.disabled
backup=c:\windows\pss\Bluetooth.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jon^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk.disabled]
path=c:\documents and settings\Jon\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.disabledStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2005-04-08 12:09    102400    ------w-    c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-08-01 14:18    152392    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 14:24    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
"BatteryLifeExtender"=c:\program files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe /2
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe"
"DMHotKey"=c:\program files\Samsung\Easy Display Manager\DMLoader.exe
"Alcmtr"=ALCMTR.EXE
"BatteryManager"=c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe
"MagicKeyboard"=c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"SUPBackGround"=c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [8/17/2014 9:00 PM 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [8/17/2014 9:02 PM 252872]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [7/19/2014 6:16 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [7/19/2014 6:16 PM 192352]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [8/17/2014 9:02 PM 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/19/2014 6:16 PM 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [7/19/2014 6:16 PM 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [7/19/2014 6:16 PM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [7/19/2014 6:16 PM 67824]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [8/17/2014 9:00 PM 106488]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [3/25/2009 3:34 AM 4300]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [4/15/2011 2:15 AM 6656]
R2 SRS_WOWXT_Service;SRS WOWXT/TSXT Service;c:\program files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe [5/19/2009 11:39 AM 66792]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [3/25/2009 2:08 AM 14336]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [12/15/2012 5:41 PM 233512]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [3/25/2009 3:38 AM 238464]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 9:15 AM 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/25/2009 3:35 AM 1684736]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/21/2014 11:31 AM 53208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
yksvcs    REG_MULTI_SZ       yksvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 07:07    1096520    ----a-w-    c:\program files\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 08:41]
.
2014-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2014-10-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-19 16:15]
.
2014-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 17:47]
.
2014-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 17:47]
.
2014-03-24 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-24 01:59]
.
2014-08-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-24 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
FF - ProfilePath - c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\q7ucmmv1.default-1404806262968\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-03 20:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2508)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2014-10-03  20:33:53
ComboFix-quarantined-files.txt  2014-10-03 18:33
ComboFix2.txt  2014-10-03 18:11
ComboFix3.txt  2014-09-17 09:47
ComboFix4.txt  2014-09-15 13:47
ComboFix5.txt  2014-10-03 18:19
.
Pre-Run: 50,119,385,088 bytes free
Post-Run: 50,116,202,496 bytes free
.
- - End Of File - - 1445DD1AFC0F4E847A0D8D05C93A6384
A0A345F7AB6F3BAC008FB0DE602E66CD
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users