Jump to content

Malwarebytes found PUM.HiJack.Start Menu. Help Please!


JoThoma
 Share

Recommended Posts

I received a msg from Malwarebytes.org today.

"Being that you are possibly infected. Feel free to follow the instructions below to receive free one on one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware."

 

As requested, I followed Option 1 & completed the scan DDS.txt & Attach.txt. Files are copied as attachments..

 

My system is Windows XP 32 bit.

 

The PUM infection came up as a result of a quick scan by Malwarebytes Anti Malware on Wed 20 Nov. The report showed the following:

PUM.HiJack.Start Menu. HKCU\Software\Microsoft\Windows\Current Version\Explorer\AdvancedStart_ShowSearch

 

At startup my pc is very slow, takes almost 20 to 30 mins before I can activate anything with the mouse.  When the mouse hovers over the task bar only, the egg timer displays and I can't actively do anything to shut it down. 

 

When using IE8 I get kicked off, the pc shutsdown and restarts itself. This happened once yesterday.

 

I have had conflicting reports on how to deal with this, please does anyone have a definitive way to get my pc back to speed.

dds.txt

attach.txt

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please post the contents of that log in your next reply.

Link to post
Share on other sites

Marius, thanks for your response.

I have done as you suggested and TDSSKiller generated a report which I tried to send to you. I have also copied it here.

Nothing malicious came up in the rootkit scan.

 

Please advise what is the next step in the clean up process?

 

 

 

10:27:12.0078 0x0278  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
10:27:57.0062 0x0278  ============================================================
10:27:57.0062 0x0278  Current date / time: 2013/11/22 10:27:57.0062
10:27:57.0062 0x0278  SystemInfo:
10:27:57.0062 0x0278 
10:27:57.0062 0x0278  OS Version: 5.1.2600 ServicePack: 3.0
10:27:57.0062 0x0278  Product type: Workstation
10:27:57.0062 0x0278  ComputerName: YOUR-ABF4F98234
10:27:57.0062 0x0278  UserName: Default
10:27:57.0062 0x0278  Windows directory: C:\WINDOWS
10:27:57.0062 0x0278  System windows directory: C:\WINDOWS
10:27:57.0062 0x0278  Processor architecture: Intel x86
10:27:57.0062 0x0278  Number of processors: 1
10:27:57.0062 0x0278  Page size: 0x1000
10:27:57.0062 0x0278  Boot type: Normal boot
10:27:57.0062 0x0278  ============================================================
10:27:59.0593 0x0278  KLMD registered as C:\WINDOWS\system32\drivers\42813963.sys
10:28:00.0218 0x0278  System UUID: {FB96FAA6-1841-2438-8BD1-9B66054690E3}
10:28:02.0750 0x0278  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:28:02.0796 0x0278  Drive \Device\Harddisk1\DR1 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:28:02.0875 0x0278  ============================================================
10:28:02.0875 0x0278  \Device\Harddisk0\DR0:
10:28:02.0875 0x0278  MBR partitions:
10:28:02.0875 0x0278  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x69E5B0, BlocksNum 0x24D8F111
10:28:02.0875 0x0278  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x69E571
10:28:02.0875 0x0278  \Device\Harddisk1\DR1:
10:28:02.0875 0x0278  Invalid mbr signature
10:28:02.0875 0x0278  ============================================================
10:28:02.0906 0x0278  C: <-> \Device\Harddisk0\DR0\Partition1
10:28:02.0906 0x0278  D: <-> \Device\Harddisk0\DR0\Partition2
10:28:02.0906 0x0278  ============================================================
10:28:02.0906 0x0278  Initialize success
10:28:02.0906 0x0278  ============================================================
10:28:04.0468 0x0d94  ============================================================
10:28:04.0468 0x0d94  Scan started
10:28:04.0468 0x0d94  Mode: Manual;
10:28:04.0468 0x0d94  ============================================================
10:28:04.0468 0x0d94  KSN ping started
10:28:07.0015 0x0d94  KSN ping finished: true
10:28:07.0656 0x0d94  ================ Scan system memory ========================
10:28:07.0656 0x0d94  System memory - ok
10:28:07.0656 0x0d94  ================ Scan services =============================
10:28:07.0812 0x0d94  Abiosdsk - ok
10:28:07.0828 0x0d94  [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:28:07.0828 0x0d94  abp480n5 - ok
10:28:07.0937 0x0d94  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:28:07.0937 0x0d94  ACPI - ok
10:28:07.0968 0x0d94  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
10:28:07.0968 0x0d94  ACPIEC - ok
10:28:08.0062 0x0d94  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:28:08.0062 0x0d94  AdobeFlashPlayerUpdateSvc - ok
10:28:08.0078 0x0d94  [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:28:08.0093 0x0d94  adpu160m - ok
10:28:08.0109 0x0d94  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
10:28:08.0109 0x0d94  aec - ok
10:28:08.0156 0x0d94  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
10:28:08.0171 0x0d94  AFD - ok
10:28:08.0203 0x0d94  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
10:28:08.0203 0x0d94  agp440 - ok
10:28:08.0218 0x0d94  [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:28:08.0218 0x0d94  agpCPQ - ok
10:28:08.0234 0x0d94  [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:28:08.0234 0x0d94  Aha154x - ok
10:28:08.0250 0x0d94  [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:28:08.0250 0x0d94  aic78u2 - ok
10:28:08.0281 0x0d94  [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:28:08.0281 0x0d94  aic78xx - ok
10:28:08.0437 0x0d94  [ 933933288DF5ED26D1928215C97D05C7, 2CC5AAD5ABDAD463E4F355616D8D0FF3C93428B25FC1DE605FC7EF4172B27F11 ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
10:28:08.0546 0x0d94  ALCXWDM - ok
10:28:08.0578 0x0d94  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
10:28:08.0578 0x0d94  Alerter - ok
10:28:08.0609 0x0d94  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
10:28:08.0609 0x0d94  ALG - ok
10:28:08.0625 0x0d94  [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
10:28:08.0625 0x0d94  AliIde - ok
10:28:08.0640 0x0d94  [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:28:08.0640 0x0d94  alim1541 - ok
10:28:08.0656 0x0d94  [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:28:08.0656 0x0d94  amdagp - ok
10:28:08.0671 0x0d94  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
10:28:08.0671 0x0d94  amsint - ok
10:28:08.0671 0x0d94  AppMgmt - ok
10:28:08.0718 0x0d94  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:28:08.0718 0x0d94  Arp1394 - ok
10:28:08.0734 0x0d94  [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
10:28:08.0734 0x0d94  asc - ok
10:28:08.0750 0x0d94  [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:28:08.0750 0x0d94  asc3350p - ok
10:28:08.0765 0x0d94  [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:28:08.0765 0x0d94  asc3550 - ok
10:28:08.0890 0x0d94  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:28:08.0906 0x0d94  aspnet_state - ok
10:28:08.0921 0x0d94  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:28:08.0921 0x0d94  AsyncMac - ok
10:28:08.0937 0x0d94  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
10:28:08.0937 0x0d94  atapi - ok
10:28:08.0953 0x0d94  Atdisk - ok
10:28:09.0015 0x0d94  [ 09266AE04746D652680120BE8BE76F53, 5E1A640E03809AF0C49691B95BB597A19E805370053903E1E3B19B026E710E82 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
10:28:09.0031 0x0d94  Ati HotKey Poller - ok
10:28:09.0125 0x0d94  [ DCD26B36CE305B718E2F1C56C19DF668, 11D5EECEFC8855C43CEF5111FC032318D66BE06926FA72EDE30FCBD94A3C16E7 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:28:09.0171 0x0d94  ati2mtag - ok
10:28:09.0218 0x0d94  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:28:09.0218 0x0d94  Atmarpc - ok
10:28:09.0250 0x0d94  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
10:28:09.0250 0x0d94  AudioSrv - ok
10:28:09.0281 0x0d94  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
10:28:09.0281 0x0d94  audstub - ok
10:28:09.0296 0x0d94  [ 8A7DC10E81E73994AF8D8FB4E921BA20, C9905638CC3CACAE77E907DAE061EC3D2A8AACC412004E905D0CD2BEA418EC91 ] Avgdiskx        C:\WINDOWS\system32\DRIVERS\avgdiskx.sys
10:28:09.0312 0x0d94  Avgdiskx - ok
10:28:09.0578 0x0d94  [ 332AEB8F6F9595C8886A7AA7A62322DC, CC2F2856257D10B72558660161732EB5FB5D8CCD8AC78EFED8263895A2529CC9 ] AVGIDSAgent     C:\Program Files\AVG\AVG2014\avgidsagent.exe
10:28:09.0765 0x0d94  AVGIDSAgent - ok
10:28:09.0828 0x0d94  [ E2D441E3F58C04DD91286F38916CE102, C03F50CE5BDFCBC2B0DB062D6517ADE99DFF8EB65859CF6122DC95D3167E7C7E ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
10:28:09.0843 0x0d94  AVGIDSDriver - ok
10:28:09.0875 0x0d94  [ 7E7E946C5620BD398BFCFA41E435545B, 0B2F496367F36BE20AD075DF0054E8DE083E690179F9C5C9ECF9B3677069D6CF ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
10:28:09.0875 0x0d94  AVGIDSHX - ok
10:28:09.0921 0x0d94  [ C3828E5C49924969799ED8B1E123A267, 26713E308FC9BBDF28BD4E47234002D6928AAA234F73B2248BB2466EBA41747E ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
10:28:09.0921 0x0d94  AVGIDSShim - ok
10:28:09.0937 0x0d94  [ A997D4A7361F4870A4F13BA5BF36F388, 1DF529F4207081E154BC377154A02FD641C20EF8BDB913C232465519AAC48827 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
10:28:09.0937 0x0d94  Avgldx86 - ok
10:28:09.0968 0x0d94  [ 62C926243D7875BDE097904E4DE4FFAD, 32730FEB5133F51A62DEDB9528EDE5A8F9A3C8121753D09699C5EEB930E4E217 ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
10:28:09.0968 0x0d94  Avglogx - ok
10:28:10.0015 0x0d94  [ 02C25C2974F728391E33A2E45A23FFA4, B36A9601BF855ABAC4855023913A8D977567AD15EDCC3FFAB3028A9B6FE5D2CA ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
10:28:10.0015 0x0d94  Avgmfx86 - ok
10:28:10.0031 0x0d94  [ 9745AD34365318593909EDDEDAE66B9A, 16374BF9789053AA0124CB8437E1192442F44E46D14435BF80A049CD0D47F16A ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
10:28:10.0031 0x0d94  Avgrkx86 - ok
10:28:10.0062 0x0d94  [ E98603F9D1F412F38ADF2F76053F9E5A, 1CE4668E0202ADD8C4C3D7D883DC837F7888F5D6E3B6FEE8338E15A86FE6AC22 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
10:28:10.0078 0x0d94  Avgtdix - ok
10:28:10.0125 0x0d94  [ 15ACA2AD17ACECA4814F249783E63AD3, AB8E74A5B8FC2FD04BA2B495610A8BE76408E9362A447D7069D5AAB8F3512F33 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
10:28:10.0125 0x0d94  avgtp - ok
10:28:10.0156 0x0d94  [ 07646F5F37F18F1F978CE3B0378EF1C9, 0BC440C3E8E617FA5D70D28413F091678E9FD4CF9F87CB8ED686609A0291D95B ] avgwd           C:\Program Files\AVG\AVG2014\avgwdsvc.exe
10:28:10.0171 0x0d94  avgwd - ok
10:28:10.0187 0x0d94  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:28:10.0187 0x0d94  Beep - ok
10:28:10.0250 0x0d94  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
10:28:10.0281 0x0d94  BITS - ok
10:28:10.0328 0x0d94  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
10:28:10.0328 0x0d94  Browser - ok
10:28:10.0406 0x0d94  [ C1A0F4A39DEDE01EF42045F84F1738A0, 525FF79E6C417AA80C9AF779D85D864DF9E393BCABA054552499539249A13403 ] BT Help Wizard  C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\MAHostService.exe
10:28:10.0421 0x0d94  BT Help Wizard - ok
10:28:10.0437 0x0d94  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:28:10.0453 0x0d94  cbidf - ok
10:28:10.0453 0x0d94  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
10:28:10.0453 0x0d94  cbidf2k - ok
10:28:10.0468 0x0d94  [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:28:10.0468 0x0d94  cd20xrnt - ok
10:28:10.0484 0x0d94  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
10:28:10.0484 0x0d94  Cdaudio - ok
10:28:10.0515 0x0d94  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
10:28:10.0515 0x0d94  Cdfs - ok
10:28:10.0562 0x0d94  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:28:10.0562 0x0d94  Cdrom - ok
10:28:10.0578 0x0d94  Changer - ok
10:28:10.0593 0x0d94  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
10:28:10.0593 0x0d94  CiSvc - ok
10:28:10.0640 0x0d94  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
10:28:10.0640 0x0d94  ClipSrv - ok
10:28:10.0687 0x0d94  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:28:10.0687 0x0d94  clr_optimization_v2.0.50727_32 - ok
10:28:10.0796 0x0d94  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:28:10.0812 0x0d94  clr_optimization_v4.0.30319_32 - ok
10:28:10.0812 0x0d94  [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:28:10.0812 0x0d94  CmdIde - ok
10:28:10.0828 0x0d94  COMSysApp - ok
10:28:10.0843 0x0d94  [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:28:10.0843 0x0d94  Cpqarray - ok
10:28:10.0875 0x0d94  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
10:28:10.0875 0x0d94  CryptSvc - ok
10:28:10.0890 0x0d94  [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:28:10.0890 0x0d94  dac2w2k - ok
10:28:10.0906 0x0d94  [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:28:10.0906 0x0d94  dac960nt - ok
10:28:10.0937 0x0d94  [ BB005CB49D0638039703AC4F67FE0A05, 1BDF034CCAF02FB88614485BBECB2C115646F8F892B6B722B8AAFBCE72E6F113 ] DC21x4          C:\WINDOWS\system32\DRIVERS\dc21x4.sys
10:28:10.0953 0x0d94  DC21x4 - ok
10:28:11.0000 0x0d94  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:28:11.0015 0x0d94  DcomLaunch - ok
10:28:11.0078 0x0d94  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
10:28:11.0078 0x0d94  Dhcp - ok
10:28:11.0093 0x0d94  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
10:28:11.0093 0x0d94  Disk - ok
10:28:11.0109 0x0d94  dmadmin - ok
10:28:11.0187 0x0d94  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
10:28:11.0218 0x0d94  dmboot - ok
10:28:11.0234 0x0d94  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
10:28:11.0250 0x0d94  dmio - ok
10:28:11.0265 0x0d94  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
10:28:11.0265 0x0d94  dmload - ok
10:28:11.0296 0x0d94  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
10:28:11.0296 0x0d94  dmserver - ok
10:28:11.0343 0x0d94  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
10:28:11.0343 0x0d94  DMusic - ok
10:28:11.0390 0x0d94  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:28:11.0390 0x0d94  Dnscache - ok
10:28:11.0453 0x0d94  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
10:28:11.0453 0x0d94  Dot3svc - ok
10:28:11.0468 0x0d94  [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:28:11.0468 0x0d94  dpti2o - ok
10:28:11.0531 0x0d94  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
10:28:11.0531 0x0d94  drmkaud - ok
10:28:11.0593 0x0d94  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
10:28:11.0593 0x0d94  EapHost - ok
10:28:11.0625 0x0d94  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
10:28:11.0625 0x0d94  ERSvc - ok
10:28:11.0656 0x0d94  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
10:28:11.0656 0x0d94  Eventlog - ok
10:28:11.0734 0x0d94  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
10:28:11.0734 0x0d94  EventSystem - ok
10:28:11.0750 0x0d94  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
10:28:11.0765 0x0d94  Fastfat - ok
10:28:11.0828 0x0d94  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:28:11.0828 0x0d94  FastUserSwitchingCompatibility - ok
10:28:11.0875 0x0d94  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
10:28:11.0875 0x0d94  Fdc - ok
10:28:11.0890 0x0d94  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
10:28:11.0890 0x0d94  Fips - ok
10:28:11.0921 0x0d94  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:28:11.0921 0x0d94  Flpydisk - ok
10:28:11.0968 0x0d94  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
10:28:11.0968 0x0d94  FltMgr - ok
10:28:12.0062 0x0d94  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:28:12.0062 0x0d94  FontCache3.0.0.0 - ok
10:28:12.0109 0x0d94  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:28:12.0109 0x0d94  Fs_Rec - ok
10:28:12.0156 0x0d94  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:28:12.0156 0x0d94  Ftdisk - ok
10:28:12.0203 0x0d94  [ 4AC51459805264AFFD5F6FDFB9D9235F, E97CB835B85F74FC0814D5E27739E0AABC888EAC3921FDD2AD0473F83BCFF5D9 ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
10:28:12.0203 0x0d94  GEARAspiWDM - ok
10:28:12.0265 0x0d94  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:28:12.0265 0x0d94  Gpc - ok
10:28:12.0359 0x0d94  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
10:28:12.0359 0x0d94  gupdate - ok
10:28:12.0390 0x0d94  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
10:28:12.0390 0x0d94  gupdatem - ok
10:28:12.0484 0x0d94  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:28:12.0484 0x0d94  helpsvc - ok
10:28:12.0531 0x0d94  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
10:28:12.0531 0x0d94  HidServ - ok
10:28:12.0593 0x0d94  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:28:12.0593 0x0d94  HidUsb - ok
10:28:12.0656 0x0d94  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
10:28:12.0656 0x0d94  hkmsvc - ok
10:28:12.0671 0x0d94  [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
10:28:12.0671 0x0d94  hpn - ok
10:28:12.0718 0x0d94  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
10:28:12.0734 0x0d94  HTTP - ok
10:28:12.0765 0x0d94  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
10:28:12.0765 0x0d94  HTTPFilter - ok
10:28:12.0796 0x0d94  [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
10:28:12.0796 0x0d94  i2omgmt - ok
10:28:12.0812 0x0d94  [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:28:12.0812 0x0d94  i2omp - ok
10:28:12.0843 0x0d94  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:28:12.0843 0x0d94  i8042prt - ok
10:28:12.0937 0x0d94  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:28:12.0953 0x0d94  IDriverT - ok
10:28:13.0046 0x0d94  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:28:13.0093 0x0d94  idsvc - ok
10:28:13.0109 0x0d94  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
10:28:13.0109 0x0d94  Imapi - ok
10:28:13.0156 0x0d94  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
10:28:13.0171 0x0d94  ImapiService - ok
10:28:13.0218 0x0d94  [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:28:13.0218 0x0d94  ini910u - ok
10:28:13.0234 0x0d94  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
10:28:13.0234 0x0d94  IntelIde - ok
10:28:13.0281 0x0d94  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
10:28:13.0281 0x0d94  Ip6Fw - ok
10:28:13.0296 0x0d94  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:28:13.0296 0x0d94  IpFilterDriver - ok
10:28:13.0312 0x0d94  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:28:13.0312 0x0d94  IpInIp - ok
10:28:13.0359 0x0d94  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:28:13.0359 0x0d94  IpNat - ok
10:28:13.0437 0x0d94  [ B960FA3B5A10588DC00BBECB662A9397, 2CD1D055F403971FF202D4AE5A02E91EEFCED203A5CA4252A8F34BC4BD86FB32 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:28:13.0453 0x0d94  iPod Service - ok
10:28:13.0500 0x0d94  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:28:13.0515 0x0d94  IPSec - ok
10:28:13.0531 0x0d94  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
10:28:13.0531 0x0d94  IRENUM - ok
10:28:13.0546 0x0d94  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:28:13.0546 0x0d94  isapnp - ok
10:28:13.0609 0x0d94  [ C2C1660DDCC9BD67EB98D6D5F91C107F, 42061FF740DD549513117857CF504AE227944AF4C14143273B4C8CBFBB7A6E27 ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
10:28:13.0609 0x0d94  JavaQuickStarterService - ok
10:28:13.0656 0x0d94  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:28:13.0656 0x0d94  Kbdclass - ok
10:28:13.0703 0x0d94  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:28:13.0703 0x0d94  kbdhid - ok
10:28:13.0765 0x0d94  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
10:28:13.0781 0x0d94  kmixer - ok
10:28:13.0812 0x0d94  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
10:28:13.0812 0x0d94  KSecDD - ok
10:28:13.0859 0x0d94  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
10:28:13.0859 0x0d94  lanmanserver - ok
10:28:13.0921 0x0d94  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:28:13.0937 0x0d94  lanmanworkstation - ok
10:28:13.0937 0x0d94  lbrtfdc - ok
10:28:14.0000 0x0d94  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
10:28:14.0015 0x0d94  LmHosts - ok
10:28:14.0046 0x0d94  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
10:28:14.0046 0x0d94  Messenger - ok
10:28:14.0062 0x0d94  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
10:28:14.0062 0x0d94  mnmdd - ok
10:28:14.0109 0x0d94  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
10:28:14.0109 0x0d94  mnmsrvc - ok
10:28:14.0156 0x0d94  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
10:28:14.0156 0x0d94  Modem - ok
10:28:14.0203 0x0d94  [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:28:14.0203 0x0d94  MODEMCSA - ok
10:28:14.0218 0x0d94  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:28:14.0218 0x0d94  Mouclass - ok
10:28:14.0250 0x0d94  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:28:14.0250 0x0d94  mouhid - ok
10:28:14.0281 0x0d94  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
10:28:14.0281 0x0d94  MountMgr - ok
10:28:14.0312 0x0d94  [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:28:14.0312 0x0d94  mraid35x - ok
10:28:14.0375 0x0d94  [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
10:28:14.0375 0x0d94  MREMP50 - ok
10:28:14.0390 0x0d94  MREMP50a64 - ok
10:28:14.0406 0x0d94  MREMPR5 - ok
10:28:14.0406 0x0d94  MRENDIS5 - ok
10:28:14.0421 0x0d94  [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
10:28:14.0421 0x0d94  MRESP50 - ok
10:28:14.0437 0x0d94  MRESP50a64 - ok
10:28:14.0468 0x0d94  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:28:14.0484 0x0d94  MRxDAV - ok
10:28:14.0546 0x0d94  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:28:14.0578 0x0d94  MRxSmb - ok
10:28:14.0593 0x0d94  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
10:28:14.0593 0x0d94  MSDTC - ok
10:28:14.0609 0x0d94  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:28:14.0609 0x0d94  Msfs - ok
10:28:14.0625 0x0d94  MSIServer - ok
10:28:14.0640 0x0d94  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:28:14.0640 0x0d94  MSKSSRV - ok
10:28:14.0671 0x0d94  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:28:14.0671 0x0d94  MSPCLOCK - ok
10:28:14.0687 0x0d94  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
10:28:14.0687 0x0d94  MSPQM - ok
10:28:14.0734 0x0d94  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:28:14.0734 0x0d94  mssmbios - ok
10:28:14.0781 0x0d94  [ 1216D4313E1860DA4BC449AE3CA2DEC5, 12C53E9A3F8956457DF5D1B9940B1B7370E9A61C4AF1C37DAE1FC6CE7FB0159B ] Mtlmnt5         C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
10:28:14.0796 0x0d94  Mtlmnt5 - ok
10:28:14.0875 0x0d94  [ 130992C33BC9161B17211793DAFC95BE, DDEA0EF00741F93BB0B9306CA589C1930FF1121215E5F2360EF83112F2B29213 ] Mtlstrm         C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
10:28:14.0937 0x0d94  Mtlstrm - ok
10:28:14.0968 0x0d94  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
10:28:14.0968 0x0d94  Mup - ok
10:28:15.0046 0x0d94  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
10:28:15.0062 0x0d94  napagent - ok
10:28:15.0078 0x0d94  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
10:28:15.0093 0x0d94  NDIS - ok
10:28:15.0140 0x0d94  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:28:15.0140 0x0d94  NdisTapi - ok
10:28:15.0156 0x0d94  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:28:15.0156 0x0d94  Ndisuio - ok
10:28:15.0171 0x0d94  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:28:15.0171 0x0d94  NdisWan - ok
10:28:15.0203 0x0d94  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
10:28:15.0218 0x0d94  NDProxy - ok
10:28:15.0218 0x0d94  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
10:28:15.0218 0x0d94  NetBIOS - ok
10:28:15.0265 0x0d94  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
10:28:15.0281 0x0d94  NetBT - ok
10:28:15.0328 0x0d94  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
10:28:15.0343 0x0d94  NetDDE - ok
10:28:15.0343 0x0d94  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
10:28:15.0359 0x0d94  NetDDEdsdm - ok
10:28:15.0406 0x0d94  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
10:28:15.0406 0x0d94  Netlogon - ok
10:28:15.0453 0x0d94  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
10:28:15.0468 0x0d94  Netman - ok
10:28:15.0531 0x0d94  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:28:15.0546 0x0d94  NetTcpPortSharing - ok
10:28:15.0578 0x0d94  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:28:15.0578 0x0d94  NIC1394 - ok
10:28:15.0625 0x0d94  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
10:28:15.0640 0x0d94  Nla - ok
10:28:15.0671 0x0d94  [ F6C40E0A565EE3CE5AEEB325E10054F2, 30C8BA41B1C235ECB2C7F29CD76C8F41B8D705BE7DD44F66666C28275EA56BAC ] nmwcd           C:\WINDOWS\system32\drivers\ccdcmb.sys
10:28:15.0671 0x0d94  nmwcd - ok
10:28:15.0687 0x0d94  [ 2A394E9E1FA3565E4B2FEA470FFE4D6B, 879BE61C4256C9B855AA269C241A0D24E9ECE3CA0F3AFFB2E11D9340C0428D31 ] nmwcdc          C:\WINDOWS\system32\drivers\ccdcmbo.sys
10:28:15.0687 0x0d94  nmwcdc - ok
10:28:15.0734 0x0d94  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:28:15.0734 0x0d94  Npfs - ok
10:28:15.0796 0x0d94  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
10:28:15.0828 0x0d94  Ntfs - ok
10:28:15.0843 0x0d94  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
10:28:15.0843 0x0d94  NtLmSsp - ok
10:28:15.0906 0x0d94  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
10:28:15.0921 0x0d94  NtmsSvc - ok
10:28:15.0968 0x0d94  [ 1B073810EE2270CAC9E532D1BCD826CF, 63B69C24A21651914AB2A29C096B3819C7342E385C06B29CB3D4D2C0EDE74BEB ] NtMtlFax        C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
10:28:15.0984 0x0d94  NtMtlFax - ok
10:28:16.0015 0x0d94  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:28:16.0015 0x0d94  Null - ok
10:28:16.0125 0x0d94  [ 2B298519EDBFCF451D43E0F1E8F1006D, 67F3F2001F4C8DABD253D60AB3222793635532DC51AD977954286F8A246F5592 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:28:16.0203 0x0d94  nv - ok
10:28:16.0234 0x0d94  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:28:16.0234 0x0d94  NwlnkFlt - ok
10:28:16.0250 0x0d94  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:28:16.0250 0x0d94  NwlnkFwd - ok
10:28:16.0265 0x0d94  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:28:16.0265 0x0d94  ohci1394 - ok
10:28:16.0343 0x0d94  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:28:16.0343 0x0d94  ose - ok
10:28:16.0375 0x0d94  [ C90018BAFDC7098619A4A95B046B30F3, 1826E46F237AD65BA189B83803A46A6C2B29089C1BA146106ADD9F2B04D4A89D ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
10:28:16.0375 0x0d94  P3 - ok
10:28:16.0390 0x0d94  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
10:28:16.0406 0x0d94  Parport - ok
10:28:16.0406 0x0d94  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
10:28:16.0406 0x0d94  PartMgr - ok
10:28:16.0437 0x0d94  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
10:28:16.0437 0x0d94  ParVdm - ok
10:28:16.0500 0x0d94  [ ACFF877F5C17B9360919919F10DD6072, C85CAC263038DBCAF86E5709378D92FDD122A33025DA2FDE4016409D2BF758B0 ] pcCMService     C:\Program Files\Common Files\Motive\pcCMService.exe
10:28:16.0546 0x0d94  pcCMService - ok
10:28:16.0593 0x0d94  [ FD2041E9BA03DB7764B2248F02475079, DECEED110524BF83B4097188BF24BF0DDE1CE838DF7748B0DC807ABE351EB20A ] pccsmcfd        C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
10:28:16.0593 0x0d94  pccsmcfd - ok
10:28:16.0609 0x0d94  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
10:28:16.0609 0x0d94  PCI - ok
10:28:16.0625 0x0d94  PCIDump - ok
10:28:16.0640 0x0d94  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
10:28:16.0640 0x0d94  PCIIde - ok
10:28:16.0671 0x0d94  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
10:28:16.0671 0x0d94  Pcmcia - ok
10:28:16.0687 0x0d94  PDCOMP - ok
10:28:16.0687 0x0d94  PDFRAME - ok
10:28:16.0703 0x0d94  PDRELI - ok
10:28:16.0703 0x0d94  PDRFRAME - ok
10:28:16.0734 0x0d94  [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
10:28:16.0734 0x0d94  perc2 - ok
10:28:16.0750 0x0d94  [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:28:16.0750 0x0d94  perc2hib - ok
10:28:16.0796 0x0d94  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
10:28:16.0796 0x0d94  PlugPlay - ok
10:28:16.0843 0x0d94  [ 7E6EE233B06A921F44E98720990F1F75, 935F015543FD136B006D345071C8332C78CB0C7427E2F3C3E822E8C8BA407D59 ] Point32         C:\WINDOWS\system32\DRIVERS\point32.sys
10:28:16.0843 0x0d94  Point32 - ok
10:28:16.0859 0x0d94  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
10:28:16.0859 0x0d94  PolicyAgent - ok
10:28:16.0906 0x0d94  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:28:16.0906 0x0d94  PptpMiniport - ok
10:28:16.0968 0x0d94  [ 33D7285F12D934268A34206DFC4AD1B3, 2BC473E85BFB428602FC7091690DEC9CCE1E00C0904C24BC756FC145660F2387 ] PrismXL         C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
10:28:16.0984 0x0d94  PrismXL - ok
10:28:17.0000 0x0d94  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
10:28:17.0000 0x0d94  Processor - ok
10:28:17.0015 0x0d94  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:28:17.0015 0x0d94  ProtectedStorage - ok
10:28:17.0031 0x0d94  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
10:28:17.0031 0x0d94  PSched - ok
10:28:17.0046 0x0d94  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:28:17.0046 0x0d94  Ptilink - ok
10:28:17.0078 0x0d94  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:28:17.0078 0x0d94  PxHelp20 - ok
10:28:17.0093 0x0d94  [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:28:17.0093 0x0d94  ql1080 - ok
10:28:17.0109 0x0d94  [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:28:17.0109 0x0d94  Ql10wnt - ok
10:28:17.0125 0x0d94  [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:28:17.0125 0x0d94  ql12160 - ok
10:28:17.0156 0x0d94  [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:28:17.0156 0x0d94  ql1240 - ok
10:28:17.0187 0x0d94  [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:28:17.0203 0x0d94  ql1280 - ok
10:28:17.0312 0x0d94  [ B5909D985716A9CD8B75C12D6581426D, C8FF9936C77A840A9E3AB5D7393C4F142BA7DD3B542228B2A0DB85B732A4BFFB ] RapportCerberus_56758 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys
10:28:17.0343 0x0d94  RapportCerberus_56758 - ok
10:28:17.0437 0x0d94  [ A0F0C41EE3F367CF71B9A50388E77CFA, 7B08B0A725C26EFE4351707704775474B41FD2BC59F0BAC36ADFA0CC2D336C4A ] RapportEI       C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
10:28:17.0453 0x0d94  RapportEI - ok
10:28:17.0468 0x0d94  [ 7E2C84E45379406B74117D86C40048DA, A359953A2C1E7C5DEEF8E8D5082425C04064661B5D37ADAE6A3FD5CCDC4D3E5C ] RapportKELL     C:\WINDOWS\system32\Drivers\RapportKELL.sys
10:28:17.0468 0x0d94  RapportKELL - ok
10:28:17.0546 0x0d94  [ 96759B4647AC26E2FA9F8D256700B5DC, 6E8C0B42D2F0D0AAF4F3013AE25357D23EF796AEDA8DCD71C19113165168C1EF ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
10:28:17.0640 0x0d94  RapportMgmtService - ok
10:28:17.0687 0x0d94  [ 21FD14972C7E0DE6966463F823F97881, F5C863E711B54B0EDD26E907495A793077D980AA16F824AB9B4B74060C544ACF ] RapportPG       C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
10:28:17.0687 0x0d94  RapportPG - ok
10:28:17.0703 0x0d94  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:28:17.0703 0x0d94  RasAcd - ok
10:28:17.0750 0x0d94  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
10:28:17.0750 0x0d94  RasAuto - ok
10:28:17.0781 0x0d94  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:28:17.0796 0x0d94  Rasl2tp - ok
10:28:17.0843 0x0d94  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:28:17.0859 0x0d94  RasMan - ok
10:28:17.0875 0x0d94  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:28:17.0875 0x0d94  RasPppoe - ok
10:28:17.0890 0x0d94  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
10:28:17.0890 0x0d94  Raspti - ok
10:28:17.0906 0x0d94  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:28:17.0921 0x0d94  Rdbss - ok
10:28:17.0937 0x0d94  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:28:17.0937 0x0d94  RDPCDD - ok
10:28:17.0968 0x0d94  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:28:18.0000 0x0d94  rdpdr - ok
10:28:18.0031 0x0d94  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
10:28:18.0031 0x0d94  RDPWD - ok
10:28:18.0078 0x0d94  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
10:28:18.0093 0x0d94  RDSessMgr - ok
10:28:18.0187 0x0d94  [ B2D01290C0E0465ACA54C2088E947823, 6FB6E6CFAF3F2F948B753A0CFF6F9058BF3ED0E421204EE58848F0DFD694A747 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
10:28:18.0187 0x0d94  RealNetworks Downloader Resolver Service - ok
10:28:18.0218 0x0d94  [ 822BF566B72CAE7CA1D93B69BD706075, ADCB5EE2DEF78C5DC73E29F495121D872E653A4FEBED5302E2269FD7890E1A77 ] RecAgent        C:\WINDOWS\system32\DRIVERS\RecAgent.sys
10:28:18.0218 0x0d94  RecAgent - ok
10:28:18.0234 0x0d94  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
10:28:18.0234 0x0d94  redbook - ok
10:28:18.0296 0x0d94  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:28:18.0296 0x0d94  RemoteAccess - ok
10:28:18.0312 0x0d94  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
10:28:18.0328 0x0d94  RpcLocator - ok
10:28:18.0359 0x0d94  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
10:28:18.0375 0x0d94  RpcSs - ok
10:28:18.0406 0x0d94  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
10:28:18.0406 0x0d94  RSVP - ok
10:28:18.0437 0x0d94  [ D507C1400284176573224903819FFDA3, DD0BDB2AB39A8A0A300B6D60FB6A7F5BA08C4DB8F59E0A784FB763EA8AD72AB2 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
10:28:18.0437 0x0d94  rtl8139 - ok
10:28:18.0453 0x0d94  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
10:28:18.0453 0x0d94  SamSs - ok
10:28:18.0468 0x0d94  [ B244960E5A1DB8E9D5D17086DE37C1E4, E0E2984DEA1BD4C321C0491C431CD3C05673A67DCD385843559A06FE2146C876 ] sbp2port        C:\WINDOWS\system32\DRIVERS\sbp2port.sys
10:28:18.0468 0x0d94  sbp2port - ok
10:28:18.0484 0x0d94  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
10:28:18.0500 0x0d94  SCardSvr - ok
10:28:18.0562 0x0d94  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:28:18.0578 0x0d94  Schedule - ok
10:28:18.0625 0x0d94  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:28:18.0625 0x0d94  Secdrv - ok
10:28:18.0671 0x0d94  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
10:28:18.0671 0x0d94  seclogon - ok
10:28:18.0718 0x0d94  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
10:28:18.0718 0x0d94  SENS - ok
10:28:18.0765 0x0d94  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
10:28:18.0765 0x0d94  Serenum - ok
10:28:18.0812 0x0d94  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
10:28:18.0812 0x0d94  Serial - ok
10:28:18.0921 0x0d94  [ F31E9531AF225CA25350D5E87E999B31, 69BA311E15C9E819AFD8150344498B549B0C47B332EF26346A24B89B6E7C3A44 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
10:28:18.0953 0x0d94  ServiceLayer - ok
10:28:19.0000 0x0d94  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
10:28:19.0000 0x0d94  Sfloppy - ok
10:28:19.0062 0x0d94  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
10:28:19.0078 0x0d94  SharedAccess - ok
10:28:19.0109 0x0d94  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:28:19.0109 0x0d94  ShellHWDetection - ok
10:28:19.0125 0x0d94  Simbad - ok
10:28:19.0171 0x0d94  [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:28:19.0171 0x0d94  sisagp - ok
10:28:19.0421 0x0d94  [ 73E3B5D1F1EB5FDC51A5C3437EEE3348, AE4059D62AF5AC6F6174EE39CEA5B4DFBD7B91DDAD7D6BC4E38173221EAAE7AC ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:28:19.0562 0x0d94  Skype C2C Service - ok
10:28:19.0656 0x0d94  [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
10:28:19.0671 0x0d94  SkypeUpdate - ok
10:28:19.0750 0x0d94  [ 6F09397BEB4CC95A2466E8780F2D4587, A141DB7667C649985996CEC00059671DA3B2A2A8E2BD89257866B4F6064CBF1E ] Slntamr         C:\WINDOWS\system32\DRIVERS\slntamr.sys
10:28:19.0781 0x0d94  Slntamr - ok
10:28:19.0812 0x0d94  [ DAA2B185B94D955FD8EBBF163418B7A7, F1329CB0431ED45FF1486B4CC31D582A9B1C9D1C001D03AC000E97AC50167B0A ] SlNtHal         C:\WINDOWS\system32\DRIVERS\Slnthal.sys
10:28:19.0812 0x0d94  SlNtHal - ok
10:28:19.0828 0x0d94  SLService - ok
10:28:19.0828 0x0d94  [ 97D37E0AF55256BF7307805654DFD472, B299E8A56DB3AF0847348A6938BF2327BE92DE8C480F19FEAD3862DF356516F8 ] SlWdmSup        C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
10:28:19.0843 0x0d94  SlWdmSup - ok
10:28:19.0859 0x0d94  [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:28:19.0875 0x0d94  Sparrow - ok
10:28:19.0890 0x0d94  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
10:28:19.0890 0x0d94  splitter - ok
10:28:19.0953 0x0d94  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
10:28:19.0953 0x0d94  Spooler - ok
10:28:19.0968 0x0d94  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
10:28:19.0968 0x0d94  sr - ok
10:28:20.0031 0x0d94  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
10:28:20.0062 0x0d94  srservice - ok
10:28:20.0125 0x0d94  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
10:28:20.0156 0x0d94  Srv - ok
10:28:20.0187 0x0d94  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
10:28:20.0187 0x0d94  SSDPSRV - ok
10:28:20.0234 0x0d94  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
10:28:20.0265 0x0d94  stisvc - ok
10:28:20.0312 0x0d94  [ 86CA1A5C15A5A98D5533945FB1120B05, FFAA8F42D88A69B6893343A61DE5F34AAA04400BF9EAC7A2A6469D001FD9C0DC ] SunkFilt        C:\WINDOWS\System32\Drivers\sunkfilt.sys
10:28:20.0328 0x0d94  SunkFilt - ok
10:28:20.0328 0x0d94  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
10:28:20.0343 0x0d94  swenum - ok
10:28:20.0359 0x0d94  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
10:28:20.0359 0x0d94  swmidi - ok
10:28:20.0375 0x0d94  SwPrv - ok
10:28:20.0390 0x0d94  [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
10:28:20.0390 0x0d94  symc810 - ok
10:28:20.0406 0x0d94  [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:28:20.0406 0x0d94  symc8xx - ok
10:28:20.0406 0x0d94  [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:28:20.0421 0x0d94  sym_hi - ok
10:28:20.0421 0x0d94  [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:28:20.0437 0x0d94  sym_u3 - ok
10:28:20.0453 0x0d94  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
10:28:20.0453 0x0d94  sysaudio - ok
10:28:20.0484 0x0d94  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
10:28:20.0484 0x0d94  SysmonLog - ok
10:28:20.0546 0x0d94  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
10:28:20.0562 0x0d94  TapiSrv - ok
10:28:20.0625 0x0d94  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:28:20.0671 0x0d94  Tcpip - ok
10:28:20.0703 0x0d94  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
10:28:20.0703 0x0d94  TDPIPE - ok
10:28:20.0718 0x0d94  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
10:28:20.0718 0x0d94  TDTCP - ok
10:28:20.0750 0x0d94  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
10:28:20.0750 0x0d94  TermDD - ok
10:28:20.0812 0x0d94  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
10:28:20.0828 0x0d94  TermService - ok
10:28:20.0875 0x0d94  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
10:28:20.0875 0x0d94  Themes - ok
10:28:20.0921 0x0d94  [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
10:28:20.0921 0x0d94  TosIde - ok
10:28:20.0953 0x0d94  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
10:28:20.0953 0x0d94  TrkWks - ok
10:28:21.0000 0x0d94  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
10:28:21.0000 0x0d94  Udfs - ok
10:28:21.0046 0x0d94  [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
10:28:21.0046 0x0d94  ultra - ok
10:28:21.0125 0x0d94  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
10:28:21.0140 0x0d94  Update - ok
10:28:21.0187 0x0d94  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:28:21.0218 0x0d94  upnphost - ok
10:28:21.0250 0x0d94  [ 47F5F9D837D80FFD5882A14DB9DA0A67, 3B32E69B77E21CF98ED6E97B231B9633BE39D74328152EDFA7656FB16E3FF93A ] upperdev        C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
10:28:21.0250 0x0d94  upperdev - ok
10:28:21.0265 0x0d94  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
10:28:21.0265 0x0d94  UPS - ok
10:28:21.0312 0x0d94  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:28:21.0312 0x0d94  usbccgp - ok
10:28:21.0328 0x0d94  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:28:21.0328 0x0d94  usbehci - ok
10:28:21.0359 0x0d94  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:28:21.0359 0x0d94  usbhub - ok
10:28:21.0406 0x0d94  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:28:21.0406 0x0d94  usbohci - ok
10:28:21.0437 0x0d94  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:28:21.0437 0x0d94  usbprint - ok
10:28:21.0468 0x0d94  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:28:21.0468 0x0d94  usbscan - ok
10:28:21.0500 0x0d94  [ 84C44D720655A8AA475E57A9E764D675, 2D450199338A217FBD951317812A74223E8B477974C7634667E8896316C3FEA0 ] usbser          C:\WINDOWS\system32\drivers\usbser.sys
10:28:21.0500 0x0d94  usbser - ok
10:28:21.0531 0x0d94  [ E44F0D17BE0908B58DCC99CCB99C6C32, 6C5E62A688CD3A299FBE2C8CD87F2A860340CDE4616348D83C6FB3DDB561E6C9 ] UsbserFilt      C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
10:28:21.0531 0x0d94  UsbserFilt - ok
10:28:21.0531 0x0d94  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:28:21.0546 0x0d94  USBSTOR - ok
10:28:21.0562 0x0d94  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:28:21.0562 0x0d94  usbuhci - ok
10:28:21.0593 0x0d94  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
10:28:21.0593 0x0d94  VgaSave - ok
10:28:21.0625 0x0d94  [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:28:21.0625 0x0d94  viaagp - ok
10:28:21.0640 0x0d94  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
10:28:21.0640 0x0d94  ViaIde - ok
10:28:21.0656 0x0d94  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
10:28:21.0656 0x0d94  VolSnap - ok
10:28:21.0687 0x0d94  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
10:28:21.0703 0x0d94  VSS - ok
10:28:21.0875 0x0d94  [ D6BFF86F1946B0E473BAE244FB1BB07F, 999FAD22E6238DA418F1D489CC5FB5815EA879156AD5FF7280C664468B443B8F ] vToolbarUpdater17.1.2 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
10:28:21.0953 0x0d94  vToolbarUpdater17.1.2 - ok
10:28:22.0000 0x0d94  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
10:28:22.0015 0x0d94  W32Time - ok
10:28:22.0031 0x0d94  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:28:22.0046 0x0d94  Wanarp - ok
10:28:22.0046 0x0d94  wanatw - ok
10:28:22.0109 0x0d94  [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
10:28:22.0156 0x0d94  Wdf01000 - ok
10:28:22.0156 0x0d94  WDICA - ok
10:28:22.0187 0x0d94  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
10:28:22.0203 0x0d94  wdmaud - ok
10:28:22.0203 0x0d94  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
10:28:22.0218 0x0d94  WebClient - ok
10:28:22.0296 0x0d94  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
10:28:22.0296 0x0d94  winmgmt - ok
10:28:22.0343 0x0d94  [ 051B1BDECD6DEE18C771B5D5EC7F044D, E9D4870C7E4E6119B274CF788D564BE9C48EA63790F5D6A2E987EB6DF7C93200 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
10:28:22.0343 0x0d94  WmdmPmSN - ok
10:28:22.0375 0x0d94  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:28:22.0375 0x0d94  WmiApSrv - ok
10:28:22.0484 0x0d94  [ 6BAB4DC65515A098505F8B3D01FB6FE5, 52AA14777920753A8AF76072216A266F5D0036F112F671E7104E1F4C04AE499E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
10:28:22.0515 0x0d94  WMPNetworkSvc - ok
10:28:22.0562 0x0d94  [ C60DC16D4E406810FAD54B98DC92D5EC, 43E7DF323BBD7C889CAD078176E239319A40EE4BEBC7BD753012B94CF5E48551 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:28:22.0562 0x0d94  WpdUsb - ok
10:28:22.0656 0x0d94  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:28:22.0718 0x0d94  WPFFontCache_v0400 - ok
10:28:22.0781 0x0d94  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
10:28:22.0781 0x0d94  wscsvc - ok
10:28:22.0796 0x0d94  WSearch - ok
10:28:22.0828 0x0d94  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
10:28:22.0828 0x0d94  wuauserv - ok
10:28:22.0890 0x0d94  [ EAA6324F51214D2F6718977EC9CE0DEF, B9DE1521395E09233FE519873702979C3EAF65FEC4B94B12A46CECB16C488543 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:28:22.0937 0x0d94  WudfPf - ok
10:28:22.0968 0x0d94  [ F91FF1E51FCA30B3C3981DB7D5924252, D7052B58F22638CA8B59C6FD7408D6D6DD1C33910912CACC05C133472CE0DDCE ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:28:22.0984 0x0d94  WudfRd - ok
10:28:23.0015 0x0d94  [ DDEE3682FE97037C45F4D7AB467CB8B6, D5A8F07AF4EDD9D7E17FEC6222D187E2981C177A479511E407756E0E5CB8D387 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
10:28:23.0015 0x0d94  WudfSvc - ok
10:28:23.0078 0x0d94  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
10:28:23.0109 0x0d94  WZCSVC - ok
10:28:23.0140 0x0d94  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
10:28:23.0156 0x0d94  xmlprov - ok
10:28:23.0171 0x0d94  ================ Scan global ===============================
10:28:23.0203 0x0d94  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
10:28:23.0265 0x0d94  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
10:28:23.0359 0x0d94  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
10:28:23.0390 0x0d94  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
10:28:23.0390 0x0d94  [ Global ] - ok
10:28:23.0390 0x0d94  ================ Scan MBR ==================================
10:28:23.0421 0x0d94  [ B20939CD98B7710036274839082AE757 ] \Device\Harddisk0\DR0
10:28:23.0609 0x0d94  \Device\Harddisk0\DR0 - ok
10:28:23.0609 0x0d94  [ 6856AA672EB3A2A11A48911FF64A9C05 ] \Device\Harddisk1\DR1
10:28:23.0656 0x0d94  \Device\Harddisk1\DR1 - ok
10:28:23.0656 0x0d94  ================ Scan VBR ==================================
10:28:23.0656 0x0d94  [ 61EF4A9559B612754C8F6B25BBF8CEF9 ] \Device\Harddisk0\DR0\Partition1
10:28:23.0671 0x0d94  \Device\Harddisk0\DR0\Partition1 - ok
10:28:23.0671 0x0d94  [ DE6E875276C74825CB7D7AF5750E8460 ] \Device\Harddisk0\DR0\Partition2
10:28:23.0671 0x0d94  \Device\Harddisk0\DR0\Partition2 - ok
10:28:23.0671 0x0d94  Waiting for KSN requests completion. In queue: 254
10:28:24.0671 0x0d94  Waiting for KSN requests completion. In queue: 254
10:28:25.0671 0x0d94  Waiting for KSN requests completion. In queue: 254
10:28:26.0703 0x0d94  AV detected via SS1: AVG AntiVirus Free Edition 2014, 2014.0, enabled, updated
10:28:26.0703 0x0d94  Win FW state via NFM: enabled
10:28:29.0125 0x0d94  ============================================================
10:28:29.0125 0x0d94  Scan finished
10:28:29.0125 0x0d94  ============================================================
10:28:29.0125 0x0a40  Detected object count: 0
10:28:29.0125 0x0a40  Actual detected object count: 0
 

Link to post
Share on other sites

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

I Marius

I downloaded Combofix.exe. I could see no sign of MS Recovery Console on my sys after Combofix was installed.

I tried to save it to my desktop as advised, but it disappeared before it asked me to scan for malware.  All I did was Agree to the Licence. 

I can see in the Prefetch folder in Windows that it must have installed: Combofix[1].exe-0EDE2FD8.pf

I cannot see it has generated any .txt files as yet.

I noticed as at 24/11/2013 on C:\Windows there are three recent log files WIADEBUG.log  WIASERVC.log & WindowsUpdate.log

Are these relevent?

Sorry, I can't see ComboFix.txt anywhere on C:\

Link to post
Share on other sites

Marius

Success at the 2nd attempt with Combofix.exe.

The file generated is copied below:

 

Your next step/advice is welcomed.

Thanks

 

ComboFix 13-11-23.02 - Default 25/11/2013  16:08:58.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.1406.751 [GMT 0:00]
Running from: c:\documents and settings\Default\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\SPL59.tmp
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc10.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc105.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc108.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc11.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc12.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc120.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc122.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc13.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc135.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc14.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc15.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc16.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc165.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc16A.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc17.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc18.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc19.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc1A.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc1B.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc1C.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc1D.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc1D4.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc1E.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc1E0.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc1F.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc22.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc22F.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc23C.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc28A.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc28E.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc2B0.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc2C.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc383.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc48.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc4A.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc4D.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc6AB.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc8.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc8C.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc9.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mccA.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mccB.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mccC.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mccC3.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mccD.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mccE.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mccF.tmp
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mccF2.tmp
c:\documents and settings\Default\WINDOWS
c:\windows\system32\Cache
c:\windows\system32\Cache\13bfc6c31ca8ee14.fb
c:\windows\system32\Cache\1cd130473540b606.fb
c:\windows\system32\Cache\1f58ffd8b6ecc189.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\39b43daf419f0a76.fb
c:\windows\system32\Cache\44997ba583cdb3c5.fb
c:\windows\system32\Cache\488df906248df106.fb
c:\windows\system32\Cache\574f3ab1740544e8.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\5b3c49e167d58868.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\69bd6078e1fb160e.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7733d29b99a4e90a.fb
c:\windows\system32\Cache\7a153972fd867d5f.fb
c:\windows\system32\Cache\83fbc17ab7f93099.fb
c:\windows\system32\Cache\8687a1e08f64fd60.fb
c:\windows\system32\Cache\92f339cc60e04125.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\97ab9d814e9422da.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\acb254613d2169f3.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\af4876a6c5473e6f.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\cf0b80cc05960985.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\e6e9f1d0a5e60e06.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\FlashPlayerApp.exe
c:\windows\system32\SET7B.tmp
c:\windows\system32\SET80.tmp
D:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PCCMSERVICE
-------\Service_pcCMService
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-25 to 2013-11-25  )))))))))))))))))))))))))))))))
.
.
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-10 15:13 . 2012-11-09 14:25 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-10-13 07:25 . 2004-09-06 16:33 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2004-09-06 16:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2004-09-06 16:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2004-09-06 16:32 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2004-09-06 16:32 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2004-09-06 16:33 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2004-09-06 16:32 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-09 12:24 . 2011-06-15 16:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 10:59 . 2004-09-06 16:32 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2009-04-14 17:55 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-25 19:57 . 2013-08-01 15:06 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-09-10 22:18 . 2013-09-10 22:18 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-09-10 21:11 . 2011-12-23 12:32 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-08 21:12 . 2010-09-07 03:48 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 09:39 . 2010-09-07 03:48 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-09-02 09:28 . 2012-04-19 03:50 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 09:28 . 2011-12-23 12:32 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 09:28 . 2012-09-21 03:46 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-29 01:31 . 2004-09-06 16:33 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-29 00:56 . 2011-07-16 15:44 26240 ----a-w- c:\windows\system32\drivers\usbser.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2012-03-19 1937736]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-11-10 15:13 3353624 ----a-w- c:\program files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll" [2013-11-10 3353624]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"CHotkey"="zHotkey.exe" [2004-05-17 543232]
"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-11 344064]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 1505144]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2012-11-23 2011824]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-11-10 2420248]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-06-23 295512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
2012-02-28 14:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 10:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Scansoft\\PaperPort\\PPScanMg.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\AVG Secure Search\\vprot.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\MA\\8.3.1.7.bt.1.3\\ma\\bin\\node.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 03:50 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 223032]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 27448]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [10/09/2013 22:18 97008]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 15:06 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12:32 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12:32 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09/11/2010 22:20 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [09/11/2012 14:25 37664]
R1 RapportCerberus_56758;RapportCerberus_56758;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [15/08/2013 08:40 330960]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [10/09/2013 22:18 148688]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/09/2013 22:18 222416]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [03/10/2013 21:00 3538480]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [25/09/2013 20:47 301152]
R2 BT Help Wizard;BT Help Wizard;c:\program files\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\MAHostService.exe [02/10/2013 22:30 321024]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/09/2013 22:18 1435928]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [16/04/2013 02:07 39056]
R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [10/11/2013 15:14 1734680]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [16/09/2013 11:29 3273088]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [05/09/2013 10:34 171680]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 11:31 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 12:24]
.
2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 20:18]
.
2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 20:18]
.
2010-08-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 11:56]
.
2010-08-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-11-11 17:04]
.
2013-10-21 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-706994516-3426036256-1752556398-1007.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16 02:09]
.
2013-11-25 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-706994516-3426036256-1752556398-1007.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 02:07]
.
2013-11-25 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-706994516-3426036256-1752556398-1007.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 02:07]
.
.
------- Supplementary Scan -------
.



mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1


IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\office
Trusted Zone: motive.com\pbttbc.bt
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Default\Application Data\Mozilla\Firefox\Profiles\3ynhiq9z.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search


FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: AVG Security Toolbar: avg@toolbar - c:\documents and settings\All Users\Application Data\AVG Secure Search\FireFoxExt\15.5.0.2
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-25 16:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1136)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3720)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\node.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
c:\windows\zHotkey.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
.
**************************************************************************
.
Completion time: 2013-11-25  16:36:34 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-25 16:36
.
Pre-Run: 269,130,055,680 bytes free
Post-Run: 269,973,852,160 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
.
- - End Of File - - DD490A468E312BC2B4991900DAAADB7A
B20939CD98B7710036274839082AE757
 

Link to post
Share on other sites

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

CFScript.txt

Link to post
Share on other sites

Marius

I have followed the steps you advised.

 

Below is the MBAM log, then the Combofix.txt (combinded CFScript.txt)

 

I removed 2 Objects found in the scan:

Trojan.P2P.WORM

PUP.Optical.OpenCandy

 

Please advise if any further steps in this process?

 

Thanks again.

==========================================

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.26.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Default :: YOUR-ABF4F98234 [administrator]

26/11/2013 18:14:53
mbam-log-2013-11-26 (18-14-53).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 409853
Time elapsed: 2 hour(s), 1 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\20111710_105239_Backup Oct 2011\C\DOCUME~1\Default\LOCALS~1\APPLIC~1\Temp\{41BBC~1.nco (Trojan.P2P.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-uk.cab (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)

 

===============================================

ComboFix 13-11-23.02 - Default 26/11/2013  17:58:22.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.1406.773 [GMT 0:00]
Running from: c:\documents and settings\Default\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Default\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc8.tmp
c:\program files\Winamp Toolbar
c:\program files\Winamp Toolbar\install.log
c:\program files\Winamp Toolbar\uninstall.exe
c:\program files\Winamp Toolbar\winamptb.dll
c:\program files\Winamp Toolbar\winamptbServer.exe
c:\program files\Winamp Toolbar\winamptbServerPS.dll
c:\program files\Winamp Toolbar\xprt6.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-26 to 2013-11-26  )))))))))))))))))))))))))))))))
.
.
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-10 15:13 . 2012-11-09 14:25 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-10-13 07:25 . 2004-09-06 16:33 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2004-09-06 16:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2004-09-06 16:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2004-09-06 16:32 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2004-09-06 16:32 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2004-09-06 16:33 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2004-09-06 16:32 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-09 12:24 . 2011-06-15 16:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 10:59 . 2004-09-06 16:32 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2009-04-14 17:55 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-25 19:57 . 2013-08-01 15:06 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-09-10 22:18 . 2013-09-10 22:18 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-09-10 21:11 . 2011-12-23 12:32 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-08 21:12 . 2010-09-07 03:48 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 09:39 . 2010-09-07 03:48 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-09-02 09:28 . 2012-04-19 03:50 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 09:28 . 2011-12-23 12:32 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 09:28 . 2012-09-21 03:46 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-29 01:31 . 2004-09-06 16:33 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-29 00:56 . 2011-07-16 15:44 26240 ----a-w- c:\windows\system32\drivers\usbser.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-11-10 15:13 3353624 ----a-w- c:\program files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll" [2013-11-10 3353624]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"CHotkey"="zHotkey.exe" [2004-05-17 543232]
"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-11 344064]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 1505144]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2012-11-23 2011824]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-11-10 2420248]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-06-23 295512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
2012-02-28 14:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 10:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Scansoft\\PaperPort\\PPScanMg.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\AVG Secure Search\\vprot.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\MA\\8.3.1.7.bt.1.3\\ma\\bin\\node.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 03:50 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 223032]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 27448]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [10/09/2013 22:18 97008]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 15:06 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12:32 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12:32 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09/11/2010 22:20 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [09/11/2012 14:25 37664]
R1 RapportCerberus_56758;RapportCerberus_56758;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [15/08/2013 08:40 330960]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [10/09/2013 22:18 148688]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/09/2013 22:18 222416]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [25/09/2013 20:47 301152]
R2 BT Help Wizard;BT Help Wizard;c:\program files\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\MAHostService.exe [02/10/2013 22:30 321024]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/09/2013 22:18 1435928]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [16/04/2013 02:07 39056]
R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [10/11/2013 15:14 1734680]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [03/10/2013 21:00 3538480]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [16/09/2013 11:29 3273088]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [05/09/2013 10:34 171680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 11:31 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 12:24]
.
2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 20:18]
.
2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 20:18]
.
2010-08-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 11:56]
.
2010-08-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-11-11 17:04]
.
2013-10-21 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-706994516-3426036256-1752556398-1007.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16 02:09]
.
2013-11-26 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-706994516-3426036256-1752556398-1007.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 02:07]
.
2013-11-26 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-706994516-3426036256-1752556398-1007.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 02:07]
.
.
------- Supplementary Scan -------
.



mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1


IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\office
Trusted Zone: motive.com\pbttbc.bt
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Default\Application Data\Mozilla\Firefox\Profiles\3ynhiq9z.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search


FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: AVG Security Toolbar: avg@toolbar - c:\documents and settings\All Users\Application Data\AVG Secure Search\FireFoxExt\15.5.0.2
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
AddRemove-Winamp Toolbar - c:\program files\Winamp Toolbar\uninstall.exe
.
.
.
**************************************************************************

ComboFix 13-11-23.02 - Default 26/11/2013  17:58:22.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.1406.773 [GMT 0:00]
Running from: c:\documents and settings\Default\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Default\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc8.tmp
c:\program files\Winamp Toolbar
c:\program files\Winamp Toolbar\install.log
c:\program files\Winamp Toolbar\uninstall.exe
c:\program files\Winamp Toolbar\winamptb.dll
c:\program files\Winamp Toolbar\winamptbServer.exe
c:\program files\Winamp Toolbar\winamptbServerPS.dll
c:\program files\Winamp Toolbar\xprt6.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-26 to 2013-11-26  )))))))))))))))))))))))))))))))
.
.
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-10 15:13 . 2012-11-09 14:25 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-10-13 07:25 . 2004-09-06 16:33 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2004-09-06 16:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2004-09-06 16:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2004-09-06 16:32 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2004-09-06 16:32 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2004-09-06 16:33 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2004-09-06 16:32 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-09 12:24 . 2011-06-15 16:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 10:59 . 2004-09-06 16:32 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2009-04-14 17:55 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-25 19:57 . 2013-08-01 15:06 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-09-10 22:18 . 2013-09-10 22:18 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-09-10 21:11 . 2011-12-23 12:32 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-08 21:12 . 2010-09-07 03:48 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 09:39 . 2010-09-07 03:48 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-09-02 09:28 . 2012-04-19 03:50 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 09:28 . 2011-12-23 12:32 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 09:28 . 2012-09-21 03:46 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-29 01:31 . 2004-09-06 16:33 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-29 00:56 . 2011-07-16 15:44 26240 ----a-w- c:\windows\system32\drivers\usbser.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-11-10 15:13 3353624 ----a-w- c:\program files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll" [2013-11-10 3353624]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"CHotkey"="zHotkey.exe" [2004-05-17 543232]
"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-11 344064]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 1505144]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2012-11-23 2011824]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-11-10 2420248]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-06-23 295512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
2012-02-28 14:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 10:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Scansoft\\PaperPort\\PPScanMg.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\AVG Secure Search\\vprot.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\MA\\8.3.1.7.bt.1.3\\ma\\bin\\node.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 03:50 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 223032]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 27448]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [10/09/2013 22:18 97008]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 15:06 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12:32 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12:32 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09/11/2010 22:20 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [09/11/2012 14:25 37664]
R1 RapportCerberus_56758;RapportCerberus_56758;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [15/08/2013 08:40 330960]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [10/09/2013 22:18 148688]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/09/2013 22:18 222416]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [25/09/2013 20:47 301152]
R2 BT Help Wizard;BT Help Wizard;c:\program files\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\MAHostService.exe [02/10/2013 22:30 321024]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/09/2013 22:18 1435928]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [16/04/2013 02:07 39056]
R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [10/11/2013 15:14 1734680]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [03/10/2013 21:00 3538480]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [16/09/2013 11:29 3273088]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [05/09/2013 10:34 171680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 11:31 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 12:24]
.
2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 20:18]
.
2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 20:18]
.
2010-08-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 11:56]
.
2010-08-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-11-11 17:04]
.
2013-10-21 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-706994516-3426036256-1752556398-1007.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16 02:09]
.
2013-11-26 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-706994516-3426036256-1752556398-1007.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 02:07]
.
2013-11-26 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-706994516-3426036256-1752556398-1007.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 02:07]
.
.
------- Supplementary Scan -------
.



mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1


IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\office
Trusted Zone: motive.com\pbttbc.bt
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Default\Application Data\Mozilla\Firefox\Profiles\3ynhiq9z.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search


FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: AVG Security Toolbar: avg@toolbar - c:\documents and settings\All Users\Application Data\AVG Secure Search\FireFoxExt\15.5.0.2
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
AddRemove-Winamp Toolbar - c:\program files\Winamp Toolbar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-26 18:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-11-26  18:09:34
ComboFix-quarantined-files.txt  2013-11-26 18:09
ComboFix2.txt  2013-11-25 16:36
.
Pre-Run: 269,819,981,824 bytes free
Post-Run: 269,824,253,952 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 1E9555C28B73D42D71D4CE0F948DC913
B20939CD98B7710036274839082AE757
 

Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Marius

I ran the ESET online scan as advised.

It took a couple of hours. The outcome, NO THREATS FOUND.

 

Is this the end of the process?

 

If so, what if anything should I be doing to try to prevent this happening in the future?

I have Free AVG 2014 installed.  AVG didn't stop this getting through & nothing showed on the AVG scan I ran at the time it. Hence, I ran a scan on MBAM, which then found the PUM.HiJack.Start Menu.

 

Your advice would be welcome.

 

Thanks once again.

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

Marius

 

AdwCleaner produced two log files. AdwCleaner[s0] & [R0].  I've copied [s0] only as they both appear to be identical, see below:

 

SecurityCheck,  Link 1 produced the log file checkup.txt, see below. 

 

Link 2 took me to the 'bleeping computers' website with displaying information about Security Check.

 

Thanks

 

# AdwCleaner v3.013 - Report created 28/11/2013 at 10:02:38
# Updated 24/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Default - YOUR-ABF4F98234
# Running from : C:\Documents and Settings\Default\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Default\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Default\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Default\Local Settings\Application Data\Winamp Toolbar
Folder Deleted : C:\Documents and Settings\Default\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Default\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\3ynhiq9z.default\WinampToolbarData
Folder Deleted : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\3ynhiq9z.default\Extensions\{0B38152B-1B20-484D-A11F-5E04A9B0661F}
[!] Folder Deleted : C:\Documents and Settings\Default\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\3ynhiq9z.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\AVG Secure Search\vprot.exe]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\Software\Winamp Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v3.6.13 (en-GB)

[ File : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\3ynhiq9z.default\prefs.js ]

Line Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AVG Secure Search\\10.0.0.7");
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Documents and Settings\Default\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [15303 octets] - [28/11/2013 10:01:12]
AdwCleaner[s0].txt - [15577 octets] - [28/11/2013 10:02:38]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [15638 octets] ##########

 

 

======================================================================

 Results of screen317's Security Check version 0.99.77 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 AVG 2014    
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 JavaFX 2.1.1   
 Java 6 Update 19 
 Java 7 Update 5 
 Java 2 Runtime Environment, SE v1.4.2
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 9 
 Adobe Reader XI 
 Mozilla Firefox (3.6.13) Firefox out of Date! 
 Google Chrome 30.0.1599.101 
 Google Chrome 31.0.1650.57 
````````Process Check: objlist.exe by Laurent```````` 
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Your computer is clean now! :)

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.


After the reboot

  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

Adobe Flash Player out of date

Your Adobe flash player is outdated. We will fix this.

  • Get the actual player from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Mozilla Firefox out of date

Your Firefox browser is outdated. Please follow these instructions to update it:

  • Get the actual firefox from here.
  • Run setup and follow the instructions on your monitor.
  • Report any problems you have with the update.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.


    [*]Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

    [*]Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help you if aren´t careful enough.

    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.



Link to post
Share on other sites

Marius

I've updated & removed/uninstalled as requested, however I tried to download the delfix tool, but my browser would not allow download, saying it is an unsafe website.

 

I will follow the recommendations you give on protection.

 

My system is still very slow at startup, it takes up to 30 mins to activate/open anything.

The mouse does not allow me to click on anything on my desktop for almost 30 mins. For example, when the mouse hovers over the taskbar the egg timer displays, but when it points to any icons on the desktop the arrow displays, but nothing can be opened or clicked on for up to 30 mins. 

This was happening before the PUM was detected and is still occurring .  Have any advice on this please?

Thanks

Link to post
Share on other sites

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"




Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Link to post
Share on other sites

Marius

 

Thanks for this.

 

I have received a msg from MS support saying that I should be aware when running sfc /scannow I may need a genuine bootable XP installation CD that is the same Service Pack as my installed Service Pack, (I have SP3). I don't have this installation disk.

 

MS Support also suggest that If I don't have one, sfc /scannow is going to complain - a lot & will not help with my slow startup time anyway.

 

I have used AVG's 'Fix Performance' tool some months ago. This produces a log of Registry errors, Junk Files, Fragmentation & Broken Shortcuts.  Of course, the Free AVG Ver will only fix what you pay for.  Will this produce what is needed for you or is this nieve of me?

Link to post
Share on other sites

Marius

I have followed your instructions to open sfc /scannow.

A Windows msg came up 'Windows File Protection: Please wait while Windows verifies that all protected Windows Files are intact & in their original versions'.

Next msg says Insert original Windows XP disk.

System then says there is a conflict with your disk

When I tried to come out Windows msg says choose normal startup mode & undo the changes you made using sys conf utility.

 

I've returned it to normal startup mode, did a restart.

 

Sorry, but I can't seem to get any further.  Your further advice please.

Thanks

Link to post
Share on other sites

I wanted you to use the system file check because I expected damaged system files that could slow down your boot. As expected, some issues were found but without a disk it makes no sense to repair them.

Registry cleaning/optimizing tools are always a risk - if these tools remove the wrong entries your system may become unbootable or unstable.

 

As a free soultion, use CCleaner to purge unneeded files: http://download.piriform.com/ccsetup408.exe

Remember not to use the registry function.

 

If that won´t help, we should check if your hard disk i functioning right:

 

 

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the StartBtn.gif button
  • Click My Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.



A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the StartBtn.gif button
  • Click Run.
  • Type "eventvwr" without the quotes and press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Event Viewer (local)" then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Winlogon", with an entry corresponding to the date and time of the disk check.
  • Click on that Winlogon entry to select it.
  • In the box below "Description", Copy all of the contents.
  • Paste the contents into your next reply.

Link to post
Share on other sites

Marius

I ran the Windows Error Checking utility, the Winlogin 5/12/2013 from Event Viewer is copied below:

 

Event Type:   Information

Event Source:           Winlogon

Event Category:       None

Event ID:        1001

Date:               05/12/2013

Time:              17:42:50

User:               N/A

Computer:     YOUR-ABF4F98234

Description:

Checking file system on C:

The type of the file system is NTFS.

 

A disk check has been scheduled.

Windows will now check the disk.                        

Cleaning up minor inconsistencies on the drive.

Cleaning up 2011 unused index entries from index $SII of file 0x9.

Cleaning up 2011 unused index entries from index $SDH of file 0x9.

Cleaning up 2011 unused security descriptors.

CHKDSK is verifying Usn Journal...

Usn Journal verification completed.

CHKDSK is verifying file data (stage 4 of 5)...

File data verification completed.

CHKDSK is verifying free space (stage 5 of 5)...

Free space verification is complete.

CHKDSK discovered free space marked as allocated in the

master file table (MFT) bitmap.

Windows has made corrections to the file system.

 

 309098632 KB total disk space.

  35646372 KB in 146282 files.

     66196 KB in 17233 indexes.

         0 KB in bad sectors.

    511404 KB in use by the system.

     65536 KB occupied by the log file.

 272874660 KB available on disk.

 

      4096 bytes in each allocation unit.

  77274658 total allocation units on disk.

  68218665 allocation units available on disk.

 

Internal Info:

f0 ef 04 00 c7 7e 02 00 e6 fc 03 00 00 00 00 00  .....~..........

c5 4d 00 00 03 00 00 00 93 0f 00 00 00 00 00 00  .M..............

66 33 a7 05 00 00 00 00 cc 87 8f 5d 00 00 00 00  f3.........]....

78 8a 4a 12 00 00 00 00 40 ee b4 a5 03 00 00 00  x.J.....@.......

ea f3 25 27 0c 00 00 00 e4 ed 44 4c 10 00 00 00  ..%'......DL....

99 9e 36 00 00 00 00 00 48 3e 07 00 6a 3b 02 00  ..6.....H>..j;..

00 00 00 00 00 90 ae 7f 08 00 00 00 51 43 00 00  ............QC..

 

Windows has finished checking your disk.

Please wait while your computer restarts.

 

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

When you have looked over the above, I will run the CCleaner, although curiously AVG 'Fix Slow Computer' msg popped up when the Win Error Checking finished. I have not done anything yet.

Will wait to try CCleaner on your reply.

 

Thanks

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.