When someone has time I would like to make sure this computer is clean.

[NBryanM]

This is the computer that AVG reported a trojan on. When I ran Malwarebytes Anti Rootkit it said there were actually 4 trojans. Two trojan.exploit.RK, 1 trojan.inject, 2 trojan.0access, and 1 trojan.agent. technically that's 6 but any way. The removal seemed to go ok I just want to be as sure as possible the machine is clean.

Here is the DDS file I ran on it:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.13.2

Run by Owner at 23:38:23 on 2013-05-24

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.490 [GMT -4:00]

.

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ================

.

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.2.0.5\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.2.0.5\AVG Secure Search_toolbar.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\perfec~1.lnk - c:\corel\office7\shared\pfit7\PFPPOP70.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1361026299231

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 24.159.64.23 24.217.201.67 24.177.176.38

TCP: Interfaces\{8D7C9B65-BBAE-46F8-8975-D604BC04F7D3} : DHCPNameServer = 24.159.64.23 24.217.201.67 24.177.176.38

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.2.0\ViProtocol.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 96568]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 39224]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-3-29 13496]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 208184]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22328]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 170808]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 182072]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-5 37664]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]

R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\ToolbarUpdater.exe [2013-5-20 1015984]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]

.

=============== Created Last 30 ================

.

2013-05-20 18:04:59 -------- d-----w- c:\windows\system32\cache

2013-05-20 00:57:21 -------- d-----w- c:\windows\system32\CatRoot2

2013-05-20 00:38:17 -------- d-----w- C:\RegBackup

2013-05-20 00:37:22 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2013-05-20 00:37:19 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2013-05-20 00:37:18 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2013-05-20 00:37:14 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2013-05-20 00:37:11 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2013-05-20 00:37:05 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2013-05-20 00:37:01 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2013-05-20 00:35:59 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys

2013-05-20 00:34:56 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2013-05-20 00:33:58 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll

2013-05-20 00:32:59 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2013-05-20 00:31:58 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2013-05-20 00:30:57 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll

2013-05-20 00:29:57 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll

2013-05-20 00:28:57 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll

2013-05-20 00:27:59 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll

2013-05-20 00:26:58 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll

2013-05-20 00:25:59 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys

2013-05-20 00:24:58 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys

2013-05-20 00:23:57 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll

2013-05-20 00:22:56 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys

2013-05-20 00:21:58 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll

2013-05-20 00:20:59 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys

2013-05-20 00:19:52 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys

2013-05-20 00:18:57 100936 -c--a-w- c:\windows\system32\dllcache\ibmtok.sys

2013-05-20 00:17:59 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll

2013-05-20 00:16:59 31744 -c--a-w- c:\windows\system32\dllcache\fxsroute.dll

2013-05-20 00:15:58 594238 -c--a-w- c:\windows\system32\dllcache\es56hpi.sys

2013-05-20 00:14:56 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys

2013-05-20 00:13:58 117760 -c--a-w- c:\windows\system32\dllcache\d100ib5.sys

2013-05-20 00:12:59 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll

2013-05-20 00:11:56 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll

2013-05-19 23:43:47 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-05-19 23:38:18 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro

2013-05-11 13:32:06 465280 ----a-r- c:\windows\system32\cpnprt2win32.cid

2013-05-09 16:10:18 45056 ----a-w- c:\documents and settings\owner\application data\microsoft\installer\{37331c16-3e97-4a20-80d8-bfb43ab0e2fb}\UNINST_Uninstall_C_EBD1846850A64C858760A659B987DCFF.exe

2013-05-06 01:36:28 -------- d-sha-r- C:\cmdcons

2013-05-06 01:33:01 98816 ----a-w- c:\windows\sed.exe

2013-05-06 01:33:01 256000 ----a-w- c:\windows\PEV.exe

2013-05-06 01:33:01 208896 ----a-w- c:\windows\MBR.exe

.

==================== Find3M ====================

.

2013-05-20 18:04:36 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll

2013-04-16 22:17:14 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-04-16 22:17:14 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-04-13 07:02:03 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin

2013-04-13 07:02:03 1 ----a-w- c:\windows\system32\nvdrssel.bin

2013-04-13 07:01:50 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin

2013-04-12 23:28:55 385024 ----a-w- c:\windows\system32\html.iec

2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys

2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-29 06:53:48 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-03-21 07:08:24 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2013-03-13 10:03:03 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-13 10:03:03 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:28:24 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50:28 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-01 14:32:20 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll

.

============= FINISH: 23:39:08.43 ===============

[D-FRED-BROWN]

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.
  

----------Step 2----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 3----------------

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

----------Step 4----------------

In your next reply, please include the following:

• TDSSKiller's logfile
  
• ComboFix's report (C:\ComboFix.txt)
  
• Security Check checkup.txt
  

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

[NBryanM]

D-Fred-Brown

Here we go with round one TDSSKiller, Combofix, and Security Check:

TDSSKiller

============================================================

00:06:54.0437 3096 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

00:06:54.0984 3096 ============================================================

00:06:54.0984 3096 Current date / time: 2013/05/25 00:06:54.0984

00:06:54.0984 3096 SystemInfo:

00:06:54.0984 3096

00:06:54.0984 3096 OS Version: 5.1.2600 ServicePack: 3.0

00:06:54.0984 3096 Product type: Workstation

00:06:54.0984 3096 ComputerName: EMACHINE2

00:06:54.0984 3096 UserName: Owner

00:06:54.0984 3096 Windows directory: C:\WINDOWS

00:06:54.0984 3096 System windows directory: C:\WINDOWS

00:06:54.0984 3096 Processor architecture: Intel x86

00:06:54.0984 3096 Number of processors: 1

00:06:54.0984 3096 Page size: 0x1000

00:06:54.0984 3096 Boot type: Normal boot

00:06:54.0984 3096 ============================================================

00:06:56.0031 3096 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

00:06:56.0093 3096 Drive \Device\Harddisk6\DR19 - Size: 0x775F8000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

00:06:56.0093 3096 ============================================================

00:06:56.0093 3096 \Device\Harddisk1\DR1:

00:06:56.0093 3096 MBR partitions:

00:06:56.0093 3096 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x624C51, BlocksNum 0x123EFFAF

00:06:56.0093 3096 \Device\Harddisk1\DR1\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x624C12

00:06:56.0093 3096 \Device\Harddisk6\DR19:

00:06:56.0093 3096 MBR partitions:

00:06:56.0093 3096 \Device\Harddisk6\DR19\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3BAD41

00:06:56.0093 3096 ============================================================

00:06:56.0140 3096 C: <-> \Device\Harddisk1\DR1\Partition1

00:06:56.0140 3096 D: <-> \Device\Harddisk1\DR1\Partition2

00:06:56.0140 3096 ============================================================

00:06:56.0140 3096 Initialize success

00:06:56.0140 3096 ============================================================

00:07:05.0640 1064 ============================================================

00:07:05.0640 1064 Scan started

00:07:05.0640 1064 Mode: Manual;

00:07:05.0640 1064 ============================================================

00:07:06.0093 1064 ================ Scan system memory ========================

00:07:06.0093 1064 System memory - ok

00:07:06.0109 1064 ================ Scan services =============================

00:07:06.0234 1064 Abiosdsk - ok

00:07:06.0265 1064 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

00:07:06.0265 1064 abp480n5 - ok

00:07:06.0312 1064 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

00:07:06.0312 1064 ACPI - ok

00:07:06.0343 1064 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

00:07:06.0343 1064 ACPIEC - ok

00:07:06.0406 1064 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

00:07:06.0421 1064 AdobeFlashPlayerUpdateSvc - ok

00:07:06.0437 1064 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys

00:07:06.0437 1064 adpu160m - ok

00:07:06.0468 1064 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

00:07:06.0468 1064 aec - ok

00:07:06.0515 1064 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

00:07:06.0531 1064 AFD - ok

00:07:06.0562 1064 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys

00:07:06.0562 1064 agp440 - ok

00:07:06.0578 1064 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

00:07:06.0578 1064 agpCPQ - ok

00:07:06.0593 1064 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys

00:07:06.0593 1064 Aha154x - ok

00:07:06.0625 1064 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys

00:07:06.0625 1064 aic78u2 - ok

00:07:06.0640 1064 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys

00:07:06.0640 1064 aic78xx - ok

00:07:06.0750 1064 [ 4E0ACA5290B2966F24C45250A56C2DA1 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS

00:07:06.0828 1064 ALCXWDM - ok

00:07:06.0875 1064 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

00:07:06.0875 1064 Alerter - ok

00:07:06.0890 1064 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

00:07:06.0890 1064 ALG - ok

00:07:06.0906 1064 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys

00:07:06.0906 1064 AliIde - ok

00:07:06.0921 1064 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys

00:07:06.0937 1064 alim1541 - ok

00:07:06.0937 1064 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys

00:07:06.0937 1064 amdagp - ok

00:07:06.0984 1064 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

00:07:06.0984 1064 AmdPPM - ok

00:07:07.0015 1064 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys

00:07:07.0015 1064 amsint - ok

00:07:07.0031 1064 AppMgmt - ok

00:07:07.0078 1064 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

00:07:07.0093 1064 Arp1394 - ok

00:07:07.0109 1064 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys

00:07:07.0109 1064 asc - ok

00:07:07.0125 1064 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys

00:07:07.0125 1064 asc3350p - ok

00:07:07.0125 1064 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys

00:07:07.0125 1064 asc3550 - ok

00:07:07.0171 1064 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys

00:07:07.0171 1064 ASCTRM - ok

00:07:07.0296 1064 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

00:07:07.0296 1064 aspnet_state - ok

00:07:07.0312 1064 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

00:07:07.0312 1064 AsyncMac - ok

00:07:07.0359 1064 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

00:07:07.0359 1064 atapi - ok

00:07:07.0359 1064 Atdisk - ok

00:07:07.0421 1064 [ BBA22521D24625C7A7B8D57FB20A812E ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

00:07:07.0437 1064 Ati HotKey Poller - ok

00:07:07.0515 1064 [ 07AC9A98EA70B5A6655A5797174BD282 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

00:07:07.0562 1064 ati2mtag - ok

00:07:07.0593 1064 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

00:07:07.0593 1064 Atmarpc - ok

00:07:07.0625 1064 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

00:07:07.0625 1064 AudioSrv - ok

00:07:07.0671 1064 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

00:07:07.0671 1064 audstub - ok

00:07:07.0937 1064 [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe

00:07:08.0078 1064 AVGIDSAgent - ok

00:07:08.0125 1064 [ 4750A2A188D39034F5DDDDAE1BF38BF8 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys

00:07:08.0140 1064 AVGIDSDriver - ok

00:07:08.0187 1064 [ B0DEF92F4E1E6B9242E6C8FAB82703F7 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys

00:07:08.0187 1064 AVGIDSHX - ok

00:07:08.0187 1064 [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys

00:07:08.0187 1064 AVGIDSShim - ok

00:07:08.0218 1064 [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys

00:07:08.0234 1064 Avgldx86 - ok

00:07:08.0265 1064 [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys

00:07:08.0281 1064 Avglogx - ok

00:07:08.0281 1064 [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

00:07:08.0296 1064 Avgmfx86 - ok

00:07:08.0312 1064 [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

00:07:08.0312 1064 Avgrkx86 - ok

00:07:08.0375 1064 [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys

00:07:08.0375 1064 Avgtdix - ok

00:07:08.0406 1064 [ 02A43ADBA362B89B7D5715221D5F3010 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys

00:07:08.0406 1064 avgtp - ok

00:07:08.0453 1064 [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe

00:07:08.0453 1064 avgwd - ok

00:07:08.0484 1064 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

00:07:08.0484 1064 Beep - ok

00:07:08.0546 1064 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

00:07:08.0562 1064 BITS - ok

00:07:08.0593 1064 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

00:07:08.0609 1064 Browser - ok

00:07:08.0718 1064 catchme - ok

00:07:08.0750 1064 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

00:07:08.0765 1064 cbidf - ok

00:07:08.0765 1064 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

00:07:08.0765 1064 cbidf2k - ok

00:07:08.0781 1064 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

00:07:08.0781 1064 cd20xrnt - ok

00:07:08.0812 1064 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

00:07:08.0812 1064 Cdaudio - ok

00:07:08.0859 1064 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

00:07:08.0859 1064 Cdfs - ok

00:07:08.0875 1064 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

00:07:08.0890 1064 Cdrom - ok

00:07:08.0890 1064 Changer - ok

00:07:08.0937 1064 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

00:07:08.0937 1064 CiSvc - ok

00:07:08.0968 1064 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

00:07:08.0984 1064 ClipSrv - ok

00:07:09.0015 1064 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

00:07:09.0015 1064 clr_optimization_v2.0.50727_32 - ok

00:07:09.0062 1064 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys

00:07:09.0078 1064 CmdIde - ok

00:07:09.0078 1064 COMSysApp - ok

00:07:09.0109 1064 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys

00:07:09.0109 1064 Cpqarray - ok

00:07:09.0140 1064 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

00:07:09.0140 1064 CryptSvc - ok

00:07:09.0156 1064 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

00:07:09.0156 1064 dac2w2k - ok

00:07:09.0171 1064 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys

00:07:09.0171 1064 dac960nt - ok

00:07:09.0234 1064 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

00:07:09.0250 1064 DcomLaunch - ok

00:07:09.0312 1064 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

00:07:09.0312 1064 Dhcp - ok

00:07:09.0343 1064 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

00:07:09.0343 1064 Disk - ok

00:07:09.0359 1064 dmadmin - ok

00:07:09.0406 1064 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

00:07:09.0437 1064 dmboot - ok

00:07:09.0453 1064 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

00:07:09.0453 1064 dmio - ok

00:07:09.0500 1064 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

00:07:09.0500 1064 dmload - ok

00:07:09.0546 1064 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

00:07:09.0546 1064 dmserver - ok

00:07:09.0593 1064 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

00:07:09.0593 1064 DMusic - ok

00:07:09.0640 1064 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

00:07:09.0640 1064 Dnscache - ok

00:07:09.0687 1064 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

00:07:09.0687 1064 Dot3svc - ok

00:07:09.0718 1064 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys

00:07:09.0718 1064 dpti2o - ok

00:07:09.0734 1064 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

00:07:09.0734 1064 drmkaud - ok

00:07:09.0765 1064 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

00:07:09.0765 1064 EapHost - ok

00:07:09.0812 1064 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

00:07:09.0812 1064 ERSvc - ok

00:07:09.0859 1064 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

00:07:09.0875 1064 Eventlog - ok

00:07:09.0906 1064 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

00:07:09.0921 1064 EventSystem - ok

00:07:09.0968 1064 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

00:07:09.0968 1064 Fastfat - ok

00:07:10.0015 1064 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

00:07:10.0015 1064 FastUserSwitchingCompatibility - ok

00:07:10.0062 1064 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

00:07:10.0062 1064 Fdc - ok

00:07:10.0078 1064 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

00:07:10.0078 1064 Fips - ok

00:07:10.0093 1064 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

00:07:10.0093 1064 Flpydisk - ok

00:07:10.0140 1064 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

00:07:10.0140 1064 FltMgr - ok

00:07:10.0218 1064 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

00:07:10.0218 1064 FontCache3.0.0.0 - ok

00:07:10.0250 1064 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

00:07:10.0265 1064 Fs_Rec - ok

00:07:10.0281 1064 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

00:07:10.0281 1064 Ftdisk - ok

00:07:10.0312 1064 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

00:07:10.0328 1064 Gpc - ok

00:07:10.0390 1064 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

00:07:10.0390 1064 gupdate - ok

00:07:10.0406 1064 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

00:07:10.0406 1064 gupdatem - ok

00:07:10.0453 1064 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

00:07:10.0453 1064 gusvc - ok

00:07:10.0531 1064 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

00:07:10.0531 1064 helpsvc - ok

00:07:10.0546 1064 HidServ - ok

00:07:10.0593 1064 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

00:07:10.0593 1064 hkmsvc - ok

00:07:10.0640 1064 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys

00:07:10.0640 1064 hpn - ok

00:07:10.0687 1064 [ B6B0721A86E51D141EC55C3CC1CA5686 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

00:07:10.0687 1064 HSFHWBS2 - ok

00:07:10.0781 1064 [ B2DFC168D6F7512FAEA085253C5A37AD ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

00:07:10.0875 1064 HSF_DP - ok

00:07:10.0921 1064 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

00:07:10.0953 1064 HSF_DPV - ok

00:07:10.0984 1064 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

00:07:11.0000 1064 HTTP - ok

00:07:11.0046 1064 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

00:07:11.0062 1064 HTTPFilter - ok

00:07:11.0125 1064 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys

00:07:11.0125 1064 i2omgmt - ok

00:07:11.0156 1064 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys

00:07:11.0156 1064 i2omp - ok

00:07:11.0203 1064 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

00:07:11.0203 1064 i8042prt - ok

00:07:11.0281 1064 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

00:07:11.0328 1064 idsvc - ok

00:07:11.0359 1064 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

00:07:11.0359 1064 Imapi - ok

00:07:11.0406 1064 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

00:07:11.0406 1064 ImapiService - ok

00:07:11.0453 1064 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys

00:07:11.0453 1064 ini910u - ok

00:07:11.0468 1064 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

00:07:11.0468 1064 IntelIde - ok

00:07:11.0515 1064 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

00:07:11.0515 1064 Ip6Fw - ok

00:07:11.0546 1064 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

00:07:11.0546 1064 IpFilterDriver - ok

00:07:11.0578 1064 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

00:07:11.0578 1064 IpInIp - ok

00:07:11.0625 1064 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

00:07:11.0625 1064 IpNat - ok

00:07:11.0640 1064 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

00:07:11.0640 1064 IPSec - ok

00:07:11.0671 1064 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

00:07:11.0671 1064 IRENUM - ok

00:07:11.0703 1064 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

00:07:11.0703 1064 isapnp - ok

00:07:11.0812 1064 [ CC54FD59486BEF7CE70275FAC2FD9D34 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe

00:07:11.0812 1064 JavaQuickStarterService - ok

00:07:11.0843 1064 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

00:07:11.0843 1064 Kbdclass - ok

00:07:11.0875 1064 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

00:07:11.0875 1064 kmixer - ok

00:07:11.0921 1064 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

00:07:11.0921 1064 KSecDD - ok

00:07:11.0968 1064 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

00:07:11.0968 1064 lanmanserver - ok

00:07:12.0015 1064 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

00:07:12.0031 1064 lanmanworkstation - ok

00:07:12.0031 1064 lbrtfdc - ok

00:07:12.0093 1064 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

00:07:12.0093 1064 LmHosts - ok

00:07:12.0125 1064 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

00:07:12.0125 1064 mdmxsdk - ok

00:07:12.0156 1064 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

00:07:12.0156 1064 Messenger - ok

00:07:12.0187 1064 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

00:07:12.0187 1064 mnmdd - ok

00:07:12.0218 1064 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

00:07:12.0218 1064 mnmsrvc - ok

00:07:12.0265 1064 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

00:07:12.0265 1064 Modem - ok

00:07:12.0312 1064 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

00:07:12.0312 1064 Mouclass - ok

00:07:12.0328 1064 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

00:07:12.0328 1064 MountMgr - ok

00:07:12.0359 1064 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys

00:07:12.0359 1064 mraid35x - ok

00:07:12.0390 1064 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

00:07:12.0390 1064 MRxDAV - ok

00:07:12.0437 1064 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

00:07:12.0453 1064 MRxSmb - ok

00:07:12.0484 1064 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

00:07:12.0484 1064 MSDTC - ok

00:07:12.0515 1064 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

00:07:12.0515 1064 Msfs - ok

00:07:12.0531 1064 MSIServer - ok

00:07:12.0546 1064 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

00:07:12.0546 1064 MSKSSRV - ok

00:07:12.0562 1064 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

00:07:12.0562 1064 MSPCLOCK - ok

00:07:12.0609 1064 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

00:07:12.0609 1064 MSPQM - ok

00:07:12.0640 1064 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

00:07:12.0640 1064 mssmbios - ok

00:07:12.0687 1064 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

00:07:12.0687 1064 Mup - ok

00:07:12.0718 1064 [ E1CDF20697D992CF83FF86DD04DF1285 ] mxnic C:\WINDOWS\system32\DRIVERS\mxnic.sys

00:07:12.0718 1064 mxnic - ok

00:07:12.0781 1064 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

00:07:12.0796 1064 napagent - ok

00:07:12.0828 1064 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

00:07:12.0828 1064 NDIS - ok

00:07:12.0859 1064 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

00:07:12.0859 1064 NdisTapi - ok

00:07:12.0906 1064 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

00:07:12.0906 1064 Ndisuio - ok

00:07:12.0921 1064 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

00:07:12.0921 1064 NdisWan - ok

00:07:12.0968 1064 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

00:07:12.0968 1064 NDProxy - ok

00:07:13.0000 1064 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

00:07:13.0015 1064 NetBIOS - ok

00:07:13.0062 1064 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

00:07:13.0062 1064 NetBT - ok

00:07:13.0109 1064 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

00:07:13.0109 1064 NetDDE - ok

00:07:13.0125 1064 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

00:07:13.0125 1064 NetDDEdsdm - ok

00:07:13.0156 1064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

00:07:13.0156 1064 Netlogon - ok

00:07:13.0187 1064 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

00:07:13.0187 1064 Netman - ok

00:07:13.0234 1064 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

00:07:13.0234 1064 NetTcpPortSharing - ok

00:07:13.0250 1064 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

00:07:13.0250 1064 NIC1394 - ok

00:07:13.0281 1064 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

00:07:13.0296 1064 Nla - ok

00:07:13.0312 1064 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

00:07:13.0312 1064 Npfs - ok

00:07:13.0359 1064 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

00:07:13.0375 1064 Ntfs - ok

00:07:13.0390 1064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

00:07:13.0390 1064 NtLmSsp - ok

00:07:13.0453 1064 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

00:07:13.0468 1064 NtmsSvc - ok

00:07:13.0500 1064 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

00:07:13.0500 1064 Null - ok

00:07:13.0921 1064 [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

00:07:14.0312 1064 nv - ok

00:07:14.0375 1064 [ A8C1E6FF53FB0628A302843EA5FA5AB6 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe

00:07:14.0375 1064 nvsvc - ok

00:07:14.0406 1064 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

00:07:14.0406 1064 NwlnkFlt - ok

00:07:14.0421 1064 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

00:07:14.0421 1064 NwlnkFwd - ok

00:07:14.0453 1064 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

00:07:14.0453 1064 ohci1394 - ok

00:07:14.0484 1064 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys

00:07:14.0484 1064 P3 - ok

00:07:14.0515 1064 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

00:07:14.0515 1064 Parport - ok

00:07:14.0531 1064 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

00:07:14.0531 1064 PartMgr - ok

00:07:14.0578 1064 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

00:07:14.0578 1064 ParVdm - ok

00:07:14.0578 1064 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

00:07:14.0593 1064 PCI - ok

00:07:14.0593 1064 PCIDump - ok

00:07:14.0625 1064 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

00:07:14.0625 1064 PCIIde - ok

00:07:14.0671 1064 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

00:07:14.0671 1064 Pcmcia - ok

00:07:14.0687 1064 PDCOMP - ok

00:07:14.0703 1064 PDFRAME - ok

00:07:14.0703 1064 PDRELI - ok

00:07:14.0718 1064 PDRFRAME - ok

00:07:14.0765 1064 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys

00:07:14.0765 1064 perc2 - ok

00:07:14.0765 1064 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys

00:07:14.0765 1064 perc2hib - ok

00:07:14.0828 1064 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

00:07:14.0828 1064 PlugPlay - ok

00:07:14.0875 1064 [ 45E333C6B7197ED61C70736472F3703B ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe

00:07:14.0875 1064 Pml Driver HPZ12 - ok

00:07:14.0906 1064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

00:07:14.0906 1064 PolicyAgent - ok

00:07:14.0953 1064 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

00:07:14.0953 1064 PptpMiniport - ok

00:07:15.0031 1064 [ 33D7285F12D934268A34206DFC4AD1B3 ] PrismXL C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

00:07:15.0031 1064 PrismXL - ok

00:07:15.0062 1064 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys

00:07:15.0062 1064 Processor - ok

00:07:15.0078 1064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

00:07:15.0078 1064 ProtectedStorage - ok

00:07:15.0093 1064 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

00:07:15.0093 1064 PSched - ok

00:07:15.0125 1064 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

00:07:15.0125 1064 Ptilink - ok

00:07:15.0156 1064 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys

00:07:15.0156 1064 ql1080 - ok

00:07:15.0156 1064 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

00:07:15.0156 1064 Ql10wnt - ok

00:07:15.0171 1064 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys

00:07:15.0171 1064 ql12160 - ok

00:07:15.0187 1064 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys

00:07:15.0187 1064 ql1240 - ok

00:07:15.0203 1064 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys

00:07:15.0203 1064 ql1280 - ok

00:07:15.0218 1064 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

00:07:15.0218 1064 RasAcd - ok

00:07:15.0265 1064 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

00:07:15.0265 1064 RasAuto - ok

00:07:15.0296 1064 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

00:07:15.0296 1064 Rasl2tp - ok

00:07:15.0343 1064 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

00:07:15.0343 1064 RasMan - ok

00:07:15.0375 1064 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

00:07:15.0375 1064 RasPppoe - ok

00:07:15.0421 1064 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

00:07:15.0421 1064 Raspti - ok

00:07:15.0437 1064 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

00:07:15.0437 1064 Rdbss - ok

00:07:15.0453 1064 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

00:07:15.0453 1064 RDPCDD - ok

00:07:15.0500 1064 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

00:07:15.0500 1064 rdpdr - ok

00:07:15.0546 1064 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

00:07:15.0546 1064 RDPWD - ok

00:07:15.0593 1064 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

00:07:15.0609 1064 RDSessMgr - ok

00:07:15.0625 1064 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

00:07:15.0625 1064 redbook - ok

00:07:15.0671 1064 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

00:07:15.0671 1064 RemoteAccess - ok

00:07:15.0687 1064 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

00:07:15.0703 1064 RpcLocator - ok

00:07:15.0734 1064 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll

00:07:15.0734 1064 RpcSs - ok

00:07:15.0796 1064 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

00:07:15.0796 1064 RSVP - ok

00:07:15.0859 1064 [ 3529828EC571FB2F64F6B142F9109993 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

00:07:15.0859 1064 RTL8023xp - ok

00:07:15.0890 1064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

00:07:15.0890 1064 SamSs - ok

00:07:15.0968 1064 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

00:07:15.0968 1064 SASDIFSV - ok

00:07:16.0000 1064 [ 61DB0D0756A99506207FD724E3692B25 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

00:07:16.0000 1064 SASKUTIL - ok

00:07:16.0046 1064 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

00:07:16.0062 1064 SCardSvr - ok

00:07:16.0093 1064 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

00:07:16.0109 1064 Schedule - ok

00:07:16.0171 1064 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

00:07:16.0171 1064 Secdrv - ok

00:07:16.0203 1064 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

00:07:16.0203 1064 seclogon - ok

00:07:16.0250 1064 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

00:07:16.0250 1064 SENS - ok

00:07:16.0312 1064 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys

00:07:16.0312 1064 Serial - ok

00:07:16.0359 1064 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

00:07:16.0359 1064 Sfloppy - ok

00:07:16.0421 1064 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

00:07:16.0453 1064 SharedAccess - ok

00:07:16.0468 1064 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

00:07:16.0484 1064 ShellHWDetection - ok

00:07:16.0484 1064 Simbad - ok

00:07:16.0531 1064 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys

00:07:16.0531 1064 sisagp - ok

00:07:16.0562 1064 [ 972DEA0D8149D73C5B7A2C97B2E749E3 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys

00:07:16.0578 1064 SmartDefragDriver - ok

00:07:16.0593 1064 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys

00:07:16.0593 1064 Sparrow - ok

00:07:16.0625 1064 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

00:07:16.0625 1064 splitter - ok

00:07:16.0656 1064 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

00:07:16.0656 1064 Spooler - ok

00:07:16.0687 1064 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

00:07:16.0687 1064 sr - ok

00:07:16.0734 1064 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

00:07:16.0734 1064 srservice - ok

00:07:16.0828 1064 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

00:07:16.0843 1064 Srv - ok

00:07:16.0875 1064 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

00:07:16.0875 1064 SSDPSRV - ok

00:07:16.0906 1064 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys

00:07:16.0906 1064 StillCam - ok

00:07:16.0968 1064 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

00:07:17.0000 1064 stisvc - ok

00:07:17.0046 1064 [ 86CA1A5C15A5A98D5533945FB1120B05 ] SunkFilt C:\WINDOWS\System32\Drivers\sunkfilt.sys

00:07:17.0046 1064 SunkFilt - ok

00:07:17.0093 1064 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

00:07:17.0093 1064 swenum - ok

00:07:17.0125 1064 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

00:07:17.0125 1064 swmidi - ok

00:07:17.0140 1064 SwPrv - ok

00:07:17.0187 1064 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys

00:07:17.0187 1064 symc810 - ok

00:07:17.0203 1064 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys

00:07:17.0203 1064 symc8xx - ok

00:07:17.0203 1064 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys

00:07:17.0203 1064 sym_hi - ok

00:07:17.0218 1064 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys

00:07:17.0218 1064 sym_u3 - ok

00:07:17.0250 1064 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

00:07:17.0250 1064 sysaudio - ok

00:07:17.0296 1064 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

00:07:17.0296 1064 SysmonLog - ok

00:07:17.0343 1064 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

00:07:17.0359 1064 TapiSrv - ok

00:07:17.0406 1064 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

00:07:17.0421 1064 Tcpip - ok

00:07:17.0453 1064 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

00:07:17.0453 1064 TDPIPE - ok

00:07:17.0484 1064 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

00:07:17.0484 1064 TDTCP - ok

00:07:17.0500 1064 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

00:07:17.0500 1064 TermDD - ok

00:07:17.0562 1064 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

00:07:17.0578 1064 TermService - ok

00:07:17.0593 1064 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

00:07:17.0609 1064 Themes - ok

00:07:17.0656 1064 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys

00:07:17.0656 1064 TosIde - ok

00:07:17.0703 1064 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

00:07:17.0703 1064 TrkWks - ok

00:07:17.0734 1064 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

00:07:17.0734 1064 Udfs - ok

00:07:17.0781 1064 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys

00:07:17.0781 1064 ultra - ok

00:07:17.0843 1064 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

00:07:17.0906 1064 Update - ok

00:07:17.0953 1064 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

00:07:17.0968 1064 upnphost - ok

00:07:17.0984 1064 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

00:07:17.0984 1064 UPS - ok

00:07:18.0046 1064 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

00:07:18.0046 1064 usbccgp - ok

00:07:18.0093 1064 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

00:07:18.0093 1064 usbehci - ok

00:07:18.0140 1064 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

00:07:18.0140 1064 usbhub - ok

00:07:18.0156 1064 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys

00:07:18.0156 1064 usbohci - ok

00:07:18.0187 1064 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

00:07:18.0187 1064 usbprint - ok

00:07:18.0203 1064 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

00:07:18.0218 1064 USBSTOR - ok

00:07:18.0250 1064 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

00:07:18.0250 1064 VgaSave - ok

00:07:18.0265 1064 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys

00:07:18.0265 1064 viaagp - ok

00:07:18.0281 1064 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys

00:07:18.0281 1064 ViaIde - ok

00:07:18.0296 1064 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

00:07:18.0296 1064 VolSnap - ok

00:07:18.0343 1064 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

00:07:18.0375 1064 VSS - ok

00:07:18.0484 1064 [ 4B817450226F93C31ADD5BCC27FED27A ] vToolbarUpdater15.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

00:07:18.0515 1064 vToolbarUpdater15.2.0 - ok

00:07:18.0546 1064 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

00:07:18.0546 1064 W32Time - ok

00:07:18.0593 1064 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

00:07:18.0593 1064 Wanarp - ok

00:07:18.0609 1064 wanatw - ok

00:07:18.0625 1064 WDICA - ok

00:07:18.0640 1064 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

00:07:18.0640 1064 wdmaud - ok

00:07:18.0687 1064 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

00:07:18.0687 1064 WebClient - ok

00:07:18.0765 1064 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

00:07:18.0812 1064 winachsf - ok

00:07:18.0890 1064 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

00:07:18.0890 1064 winmgmt - ok

00:07:18.0968 1064 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

00:07:18.0968 1064 WmdmPmSN - ok

00:07:19.0000 1064 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

00:07:19.0000 1064 WmiApSrv - ok

00:07:19.0125 1064 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

00:07:19.0140 1064 WMPNetworkSvc - ok

00:07:19.0187 1064 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

00:07:19.0187 1064 WS2IFSL - ok

00:07:19.0218 1064 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

00:07:19.0234 1064 wscsvc - ok

00:07:19.0234 1064 WSearch - ok

00:07:19.0265 1064 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

00:07:19.0265 1064 wuauserv - ok

00:07:19.0312 1064 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

00:07:19.0312 1064 WudfPf - ok

00:07:19.0328 1064 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

00:07:19.0328 1064 WudfRd - ok

00:07:19.0343 1064 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

00:07:19.0359 1064 WudfSvc - ok

00:07:19.0406 1064 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

00:07:19.0421 1064 WZCSVC - ok

00:07:19.0468 1064 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

00:07:19.0468 1064 xmlprov - ok

00:07:19.0484 1064 ================ Scan global ===============================

00:07:19.0531 1064 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

00:07:19.0578 1064 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll

00:07:19.0593 1064 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll

00:07:19.0625 1064 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

00:07:19.0625 1064 [Global] - ok

00:07:19.0625 1064 ================ Scan MBR ==================================

00:07:19.0640 1064 [ B20939CD98B7710036274839082AE757 ] \Device\Harddisk1\DR1

00:07:19.0828 1064 \Device\Harddisk1\DR1 - ok

00:07:19.0828 1064 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk6\DR19

00:07:19.0843 1064 \Device\Harddisk6\DR19 - ok

00:07:19.0843 1064 ================ Scan VBR ==================================

00:07:19.0875 1064 [ 8DCB40314A673D4F7A65C6D0047A7475 ] \Device\Harddisk1\DR1\Partition1

00:07:19.0875 1064 \Device\Harddisk1\DR1\Partition1 - ok

00:07:19.0906 1064 [ 2F9C0B47A93C07EAC08A2AF83EC3136F ] \Device\Harddisk1\DR1\Partition2

00:07:19.0906 1064 \Device\Harddisk1\DR1\Partition2 - ok

00:07:19.0921 1064 [ 0C31A72305AA2593807CDA1A90E50F44 ] \Device\Harddisk6\DR19\Partition1

00:07:19.0921 1064 \Device\Harddisk6\DR19\Partition1 - ok

00:07:19.0921 1064 ============================================================

00:07:19.0921 1064 Scan finished

00:07:19.0921 1064 ============================================================

00:07:19.0937 3172 Detected object count: 0

00:07:19.0937 3172 Actual detected object count: 0

00:08:10.0093 0168 Deinitialize success

Combofix

=============================================================================

ComboFix 13-05-24.01 - Owner 05/25/2013 0:13.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.489 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\Cache

c:\windows\system32\Cache\26c630d098e22dd5.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\95f567698be8a182.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\caa172fe94c8ade0.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

.

.

((((((((((((((((((((((((( Files Created from 2013-04-25 to 2013-05-25 )))))))))))))))))))))))))))))))

.

.

2013-05-20 00:57 . 2013-05-23 21:13 -------- d-----w- c:\windows\system32\CatRoot2

2013-05-20 00:38 . 2013-05-20 00:38 -------- d-----w- C:\RegBackup

2013-05-20 00:37 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2013-05-20 00:37 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2013-05-20 00:37 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2013-05-20 00:37 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2013-05-20 00:37 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2013-05-20 00:37 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2013-05-20 00:37 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2013-05-20 00:35 . 2004-08-04 02:29 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys

2013-05-20 00:34 . 2001-08-17 17:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2013-05-20 00:33 . 2001-08-18 02:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll

2013-05-20 00:32 . 2001-08-17 16:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2013-05-20 00:31 . 2001-08-18 02:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2013-05-20 00:30 . 2001-08-17 18:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll

2013-05-20 00:29 . 2001-08-17 18:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll

2013-05-20 00:28 . 2001-08-18 02:36 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll

2013-05-20 00:27 . 2001-08-18 02:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll

2013-05-20 00:26 . 2001-08-18 02:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll

2013-05-20 00:25 . 2004-08-04 02:31 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys

2013-05-20 00:24 . 2001-08-17 16:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys

2013-05-20 00:23 . 2001-08-18 02:36 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll

2013-05-20 00:22 . 2001-08-17 18:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys

2013-05-20 00:21 . 2001-08-18 02:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll

2013-05-20 00:20 . 2001-08-17 16:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys

2013-05-20 00:19 . 2001-08-17 16:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys

2013-05-20 00:18 . 2001-08-17 16:12 100936 -c--a-w- c:\windows\system32\dllcache\ibmtok.sys

2013-05-20 00:17 . 2001-08-18 02:36 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll

2013-05-20 00:16 . 2004-08-04 19:00 31744 -c--a-w- c:\windows\system32\dllcache\fxsroute.dll

2013-05-20 00:15 . 2001-08-17 17:28 594238 -c--a-w- c:\windows\system32\dllcache\es56hpi.sys

2013-05-20 00:14 . 2001-08-17 16:12 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys

2013-05-20 00:13 . 2001-08-17 16:12 117760 -c--a-w- c:\windows\system32\dllcache\d100ib5.sys

2013-05-20 00:12 . 2008-04-14 00:11 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll

2013-05-20 00:11 . 2001-08-17 18:55 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll

2013-05-20 00:02 . 2013-05-20 01:00 181064 ----a-w- c:\windows\PSEXESVC.EXE

2013-05-19 23:43 . 2013-05-19 23:43 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-05-19 23:38 . 2013-05-19 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro

2013-05-19 22:38 . 2013-05-19 23:17 -------- d-----w- c:\documents and settings\Administrator

2013-05-11 13:32 . 2013-05-11 13:32 465280 ----a-r- c:\windows\system32\cpnprt2win32.cid

2013-05-09 16:10 . 2013-05-09 16:10 45056 ----a-w- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\UNINST_Uninstall_C_EBD1846850A64C858760A659B987DCFF.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-20 18:04 . 2012-09-05 11:50 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-04-16 22:17 . 2005-03-23 16:53 920064 ----a-w- c:\windows\system32\wininet.dll

2013-04-16 22:17 . 2005-03-23 16:52 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-04-16 22:17 . 2005-03-23 16:52 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-04-12 23:28 . 2005-03-23 16:52 385024 ----a-w- c:\windows\system32\html.iec

2013-04-10 01:31 . 2005-03-23 16:53 1876352 ----a-w- c:\windows\system32\win32k.sys

2013-04-04 18:50 . 2011-03-30 02:52 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-30 15:14 . 2013-03-30 15:14 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\ARPPRODUCTICON.exe

2013-03-29 06:53 . 2011-12-23 17:32 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-03-21 07:08 . 2010-11-12 17:19 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2013-03-13 10:03 . 2013-03-05 00:57 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-13 10:03 . 2013-03-05 00:57 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-08 08:36 . 2005-03-23 16:53 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:28 . 2005-03-23 16:52 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50 . 2004-08-04 05:59 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-01 14:32 . 2011-12-23 17:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-02-27 07:56 . 2005-03-23 18:08 2067456 ----a-w- c:\windows\system32\mstscax.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-05-20 18:04 1991344 ----a-w- c:\program files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll" [2013-05-20 1991344]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-30 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-05-20 1226928]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-03-19 98304]

.

c:\documents and settings\Owner\Start Menu\Programs\Startup\

PerfectPrint.LNK - c:\corel\Office7\Shared\PFit7\PFPPOP70.EXE [2011-3-29 282624]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2005-03-18 05:05 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2010-11-04 12:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-03-19 19:42 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-14 07:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-03 04:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2004-12-02 00:54 77824 ----a-w- c:\windows\SOUNDMAN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2011-03-30 14:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 245048]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 39224]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [3/29/2011 10:18 PM 13496]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 208184]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 22328]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 170808]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 182072]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/5/2012 7:50 AM 37664]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [4/18/2013 4:34 AM 283136]

R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [5/20/2013 2:04 PM 1015984]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [5/14/2013 12:54 AM 4937264]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 03687188

*Deregistered* - 03687188

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-05 10:03]

.

2013-05-24 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]

.

2013-05-25 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]

.

2013-05-25 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]

.

2013-05-24 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]

.

2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 14:17]

.

2013-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 14:17]

.

2011-03-19 c:\windows\Tasks\ISP signup reminder 1.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-03-23 00:12]

.

2013-05-23 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job

- c:\program files\AVG Secure Search\PostInstall\ROC.exe [2013-01-25 14:39]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 24.159.64.23 24.217.201.67 24.177.176.38

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-05-25 00:17

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(928)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2013-05-25 00:19:59

ComboFix-quarantined-files.txt 2013-05-25 04:19

ComboFix2.txt 2013-05-19 23:53

ComboFix3.txt 2013-05-06 01:46

.

Pre-Run: 143,183,523,840 bytes free

Post-Run: 143,265,456,128 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 99F0DB2636ECF0129A778119C3F2BDF9

Security Check

==========================================================================================

ComboFix 13-05-24.01 - Owner 05/25/2013 0:13.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.489 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\Cache

c:\windows\system32\Cache\26c630d098e22dd5.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\95f567698be8a182.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\caa172fe94c8ade0.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

.

.

((((((((((((((((((((((((( Files Created from 2013-04-25 to 2013-05-25 )))))))))))))))))))))))))))))))

.

.

2013-05-20 00:57 . 2013-05-23 21:13 -------- d-----w- c:\windows\system32\CatRoot2

2013-05-20 00:38 . 2013-05-20 00:38 -------- d-----w- C:\RegBackup

2013-05-20 00:37 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2013-05-20 00:37 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2013-05-20 00:37 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2013-05-20 00:37 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2013-05-20 00:37 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2013-05-20 00:37 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2013-05-20 00:37 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2013-05-20 00:35 . 2004-08-04 02:29 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys

2013-05-20 00:34 . 2001-08-17 17:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2013-05-20 00:33 . 2001-08-18 02:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll

2013-05-20 00:32 . 2001-08-17 16:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2013-05-20 00:31 . 2001-08-18 02:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2013-05-20 00:30 . 2001-08-17 18:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll

2013-05-20 00:29 . 2001-08-17 18:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll

2013-05-20 00:28 . 2001-08-18 02:36 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll

2013-05-20 00:27 . 2001-08-18 02:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll

2013-05-20 00:26 . 2001-08-18 02:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll

2013-05-20 00:25 . 2004-08-04 02:31 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys

2013-05-20 00:24 . 2001-08-17 16:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys

2013-05-20 00:23 . 2001-08-18 02:36 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll

2013-05-20 00:22 . 2001-08-17 18:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys

2013-05-20 00:21 . 2001-08-18 02:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll

2013-05-20 00:20 . 2001-08-17 16:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys

2013-05-20 00:19 . 2001-08-17 16:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys

2013-05-20 00:18 . 2001-08-17 16:12 100936 -c--a-w- c:\windows\system32\dllcache\ibmtok.sys

2013-05-20 00:17 . 2001-08-18 02:36 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll

2013-05-20 00:16 . 2004-08-04 19:00 31744 -c--a-w- c:\windows\system32\dllcache\fxsroute.dll

2013-05-20 00:15 . 2001-08-17 17:28 594238 -c--a-w- c:\windows\system32\dllcache\es56hpi.sys

2013-05-20 00:14 . 2001-08-17 16:12 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys

2013-05-20 00:13 . 2001-08-17 16:12 117760 -c--a-w- c:\windows\system32\dllcache\d100ib5.sys

2013-05-20 00:12 . 2008-04-14 00:11 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll

2013-05-20 00:11 . 2001-08-17 18:55 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll

2013-05-20 00:02 . 2013-05-20 01:00 181064 ----a-w- c:\windows\PSEXESVC.EXE

2013-05-19 23:43 . 2013-05-19 23:43 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-05-19 23:38 . 2013-05-19 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro

2013-05-19 22:38 . 2013-05-19 23:17 -------- d-----w- c:\documents and settings\Administrator

2013-05-11 13:32 . 2013-05-11 13:32 465280 ----a-r- c:\windows\system32\cpnprt2win32.cid

2013-05-09 16:10 . 2013-05-09 16:10 45056 ----a-w- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\UNINST_Uninstall_C_EBD1846850A64C858760A659B987DCFF.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-20 18:04 . 2012-09-05 11:50 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-04-16 22:17 . 2005-03-23 16:53 920064 ----a-w- c:\windows\system32\wininet.dll

2013-04-16 22:17 . 2005-03-23 16:52 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-04-16 22:17 . 2005-03-23 16:52 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-04-12 23:28 . 2005-03-23 16:52 385024 ----a-w- c:\windows\system32\html.iec

2013-04-10 01:31 . 2005-03-23 16:53 1876352 ----a-w- c:\windows\system32\win32k.sys

2013-04-04 18:50 . 2011-03-30 02:52 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-30 15:14 . 2013-03-30 15:14 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\ARPPRODUCTICON.exe

2013-03-29 06:53 . 2011-12-23 17:32 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-03-21 07:08 . 2010-11-12 17:19 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2013-03-13 10:03 . 2013-03-05 00:57 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-13 10:03 . 2013-03-05 00:57 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-08 08:36 . 2005-03-23 16:53 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:28 . 2005-03-23 16:52 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50 . 2004-08-04 05:59 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-01 14:32 . 2011-12-23 17:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-02-27 07:56 . 2005-03-23 18:08 2067456 ----a-w- c:\windows\system32\mstscax.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-05-20 18:04 1991344 ----a-w- c:\program files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll" [2013-05-20 1991344]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-30 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-05-20 1226928]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-03-19 98304]

.

c:\documents and settings\Owner\Start Menu\Programs\Startup\

PerfectPrint.LNK - c:\corel\Office7\Shared\PFit7\PFPPOP70.EXE [2011-3-29 282624]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2005-03-18 05:05 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2010-11-04 12:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-03-19 19:42 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-14 07:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-03 04:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2004-12-02 00:54 77824 ----a-w- c:\windows\SOUNDMAN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2011-03-30 14:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 245048]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 39224]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [3/29/2011 10:18 PM 13496]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 208184]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 22328]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 170808]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 182072]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/5/2012 7:50 AM 37664]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [4/18/2013 4:34 AM 283136]

R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [5/20/2013 2:04 PM 1015984]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [5/14/2013 12:54 AM 4937264]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 03687188

*Deregistered* - 03687188

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-05 10:03]

.

2013-05-24 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]

.

2013-05-25 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]

.

2013-05-25 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]

.

2013-05-24 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]

.

2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 14:17]

.

2013-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 14:17]

.

2011-03-19 c:\windows\Tasks\ISP signup reminder 1.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-03-23 00:12]

.

2013-05-23 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job

- c:\program files\AVG Secure Search\PostInstall\ROC.exe [2013-01-25 14:39]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 24.159.64.23 24.217.201.67 24.177.176.38

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-05-25 00:17

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(928)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2013-05-25 00:19:59

ComboFix-quarantined-files.txt 2013-05-25 04:19

ComboFix2.txt 2013-05-19 23:53

ComboFix3.txt 2013-05-06 01:46

.

Pre-Run: 143,183,523,840 bytes free

Post-Run: 143,265,456,128 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 99F0DB2636ECF0129A778119C3F2BDF9

[D-FRED-BROWN]

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

03687188

File::

C:\Windows\System32\Drivers\03687188.sys

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

[NBryanM]

Round two D-Fred-Brown, here is the Combofix log file.

ComboFix 13-05-25.02 - Owner 05/25/2013 8:04.4.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.458 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

FILE ::

"c:\windows\System32\Drivers\03687188.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_03687188

.

.

((((((((((((((((((((((((( Files Created from 2013-04-25 to 2013-05-25 )))))))))))))))))))))))))))))))

.

.

2013-05-25 12:04 . 2013-05-25 12:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Avg2013

2013-05-20 00:57 . 2013-05-25 12:12 -------- d-----w- c:\windows\system32\CatRoot2

2013-05-20 00:38 . 2013-05-20 00:38 -------- d-----w- C:\RegBackup

2013-05-20 00:37 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2013-05-20 00:37 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2013-05-20 00:37 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2013-05-20 00:37 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2013-05-20 00:37 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2013-05-20 00:37 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2013-05-20 00:37 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2013-05-20 00:35 . 2004-08-04 02:29 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys

2013-05-20 00:34 . 2001-08-17 17:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2013-05-20 00:33 . 2001-08-18 02:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll

2013-05-20 00:32 . 2001-08-17 16:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2013-05-20 00:31 . 2001-08-18 02:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2013-05-20 00:30 . 2001-08-17 18:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll

2013-05-20 00:29 . 2001-08-17 18:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll

2013-05-20 00:28 . 2001-08-18 02:36 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll

2013-05-20 00:27 . 2001-08-18 02:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll

2013-05-20 00:26 . 2001-08-18 02:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll

2013-05-20 00:25 . 2004-08-04 02:31 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys

2013-05-20 00:24 . 2001-08-17 16:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys

2013-05-20 00:23 . 2001-08-18 02:36 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll

2013-05-20 00:22 . 2001-08-17 18:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys

2013-05-20 00:21 . 2001-08-18 02:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll

2013-05-20 00:20 . 2001-08-17 16:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys

2013-05-20 00:19 . 2001-08-17 16:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys

2013-05-20 00:18 . 2001-08-17 16:12 100936 -c--a-w- c:\windows\system32\dllcache\ibmtok.sys

2013-05-20 00:17 . 2001-08-18 02:36 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll

2013-05-20 00:16 . 2004-08-04 19:00 31744 -c--a-w- c:\windows\system32\dllcache\fxsroute.dll

2013-05-20 00:15 . 2001-08-17 17:28 594238 -c--a-w- c:\windows\system32\dllcache\es56hpi.sys

2013-05-20 00:14 . 2001-08-17 16:12 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys

2013-05-20 00:13 . 2001-08-17 16:12 117760 -c--a-w- c:\windows\system32\dllcache\d100ib5.sys

2013-05-20 00:12 . 2008-04-14 00:11 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll

2013-05-20 00:11 . 2001-08-17 18:55 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll

2013-05-20 00:02 . 2013-05-20 01:00 181064 ----a-w- c:\windows\PSEXESVC.EXE

2013-05-19 23:43 . 2013-05-19 23:43 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-05-19 23:38 . 2013-05-19 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro

2013-05-19 22:38 . 2013-05-19 23:17 -------- d-----w- c:\documents and settings\Administrator

2013-05-11 13:32 . 2013-05-11 13:32 465280 ----a-r- c:\windows\system32\cpnprt2win32.cid

2013-05-09 16:10 . 2013-05-09 16:10 45056 ----a-w- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\UNINST_Uninstall_C_EBD1846850A64C858760A659B987DCFF.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-20 18:04 . 2012-09-05 11:50 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-04-16 22:17 . 2005-03-23 16:53 920064 ----a-w- c:\windows\system32\wininet.dll

2013-04-16 22:17 . 2005-03-23 16:52 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-04-16 22:17 . 2005-03-23 16:52 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-04-12 23:28 . 2005-03-23 16:52 385024 ----a-w- c:\windows\system32\html.iec

2013-04-10 01:31 . 2005-03-23 16:53 1876352 ----a-w- c:\windows\system32\win32k.sys

2013-04-04 18:50 . 2011-03-30 02:52 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-30 15:14 . 2013-03-30 15:14 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\ARPPRODUCTICON.exe

2013-03-29 06:53 . 2011-12-23 17:32 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-03-21 07:08 . 2010-11-12 17:19 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2013-03-13 10:03 . 2013-03-05 00:57 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-13 10:03 . 2013-03-05 00:57 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-08 08:36 . 2005-03-23 16:53 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:28 . 2005-03-23 16:52 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50 . 2004-08-04 05:59 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-01 14:32 . 2011-12-23 17:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-02-27 07:56 . 2005-03-23 18:08 2067456 ----a-w- c:\windows\system32\mstscax.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-05-20 18:04 1991344 ----a-w- c:\program files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll" [2013-05-20 1991344]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-30 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-05-20 1226928]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-03-19 98304]

.

c:\documents and settings\Owner\Start Menu\Programs\Startup\

PerfectPrint.LNK - c:\corel\Office7\Shared\PFit7\PFPPOP70.EXE [2011-3-29 282624]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2005-03-18 05:05 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2010-11-04 12:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-03-19 19:42 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-14 07:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-03 04:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2004-12-02 00:54 77824 ----a-w- c:\windows\SOUNDMAN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2011-03-30 14:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 245048]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 39224]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [3/29/2011 10:18 PM 13496]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 208184]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 22328]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 170808]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 182072]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/5/2012 7:50 AM 37664]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [5/14/2013 12:54 AM 4937264]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [4/18/2013 4:34 AM 283136]

R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [5/20/2013 2:04 PM 1015984]

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-05 10:03]

.

2013-05-24 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]

.

2013-05-25 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]

.

2013-05-25 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]

.

2013-05-24 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]

.

2013-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 14:17]

.

2013-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 14:17]

.

2011-03-19 c:\windows\Tasks\ISP signup reminder 1.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-03-23 00:12]

.

2013-05-25 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job

- c:\program files\AVG Secure Search\PostInstall\ROC.exe [2013-01-25 14:39]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 24.159.64.23 24.217.201.67 24.177.176.38

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-05-25 08:13

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(916)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3804)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Java\jre7\bin\jqs.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

c:\windows\system32\SearchIndexer.exe

c:\program files\Windows Media Player\WMPNetwk.exe

.

**************************************************************************

.

Completion time: 2013-05-25 08:17:33 - machine was rebooted

ComboFix-quarantined-files.txt 2013-05-25 12:17

ComboFix2.txt 2013-05-25 04:20

ComboFix3.txt 2013-05-19 23:53

ComboFix4.txt 2013-05-06 01:46

.

Pre-Run: 143,270,277,120 bytes free

Post-Run: 143,195,725,824 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - E492BCBA800366358A7F8EDD425C020B

[D-FRED-BROWN]

Looking good.

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

[NBryanM]

Ok finally got the the eScan run, doesn't look good!! Here is the report:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=8

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=c47ccb1cdfceb740a9c188f9ed3c27c1

# engine=13919

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-05-26 06:59:48

# local_time=2013-05-26 02:59:48 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1039 16777213 100 92 0 55789172 0 0

# scanned=59619

# found=4

# cleaned=0

# scan_time=3102

sh=0203A277F5344DACBB4AA45A4C978F27B094ABB5 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2423.BM trojan" ac=I fn="C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\31\f6cc21f-78c97f81"

sh=0203A277F5344DACBB4AA45A4C978F27B094ABB5 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2423.BM trojan" ac=I fn="C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\58\6954eeba-30b29416"

sh=D287A9D956E3CA7C519EF34F40AF2ED12C7A332E ft=1 fh=b9124cfc8326b763 vn="Win32/OpenCandy application" ac=I fn="C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP407\A0040173.exe"

sh=9EC02818C840FCDD5F25828D00AF931C4E7B6A9E ft=1 fh=bff3dc5a99b1c18e vn="a variant of Win32/SoftonicDownloader.E application" ac=I fn="C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP407\A0040215.exe"

Thanks again for all your help.

Bryan

[D-FRED-BROWN]

Go ahead and allow it to remove all those threats this time.

After you're done, be sure to set a new Restore Point. See this link for info on how to do so: http://support.microsoft.com/kb/948247

[NBryanM]

I'm glad you said that, "LOL" I was apparently too tired yesterday to be working on computers. I must have forgot to uncheck the option to remove found threats so when I ran it again today of course it did not find anything because it had already removed the threats.

I'll set a restore point then I guess this one is clean and ready to put back on my network.

By the way I do plan to hit paypal for a donation for all your help as soon as I get the ok from my wife to put something on the card.

Thanks again for all your time and help.

Bryan

[D-FRED-BROWN]

Many thanks! I appreciate it.

Let me know if you run into any trouble removing those threats/making the new restore point.

[NBryanM]

I sent you a little something for all your help. I know it's not much but I hope it helps a little.

Bryan

[D-FRED-BROWN]

Thank you very much .

[NBryanM]

Everything seems to be good now. Thanks again for all your help.

Bryan

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!