Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page have internet connection but browsers do not work

        
Join Tech Support Forum Today

 
 
Thread Tools Search this Thread


Old 04-11-2012, 05:11 PM   #1
Registered Member
 
Join Date: Apr 2012
Posts: 6
OS: W-XP


have internet connection but browsers do not work
Hello, I can get a network connection but no internet browser. I have been trying everything including reinstalling W-XP but still have no browser..I have the DDS report below..

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Matt at 19:01:32 on 2012-04-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.647 [GMT -4:00]
.
.
============== Running Processes ===============
.
F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Java\jre7\bin\jqs.exe
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Common Files\Java\Java Update\jusched.exe
F:\WINDOWS\system32\igfxtray.exe
F:\WINDOWS\system32\hkcmd.exe
F:\WINDOWS\system32\igfxpers.exe
F:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGA.EXE
F:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe
F:\Program Files\OpenOffice.org 3\program\soffice.exe
F:\Program Files\OpenOffice.org 3\program\soffice.bin
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - f:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [AnyDVD] f:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [DW6] "f:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
uRun: [cdloader] "f:\documents and settings\matt\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [EPSON Stylus NX400 Series] f:\windows\system32\spool\drivers\w32x86\3\e_fatiega.exe /fu "f:\windows\temp\E_S4E.tmp" /EF "HKCU"
mRun: [Adobe ARM] "f:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "f:\program files\common files\java\java update\jusched.exe"
mRun: [igfxtray] f:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] f:\windows\system32\hkcmd.exe
mRun: [igfxpers] f:\windows\system32\igfxpers.exe
dRun: [DWQueuedReporting] "f:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: f:\docume~1\matt\startm~1\programs\startup\openof~1.lnk - f:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - f:\program files\belkin\belkin 802.11g wireless pci card configuration utility\Belkinwcui.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1296512312562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0D59585E-CF63-4A3E-AA00-7DC54B256F42} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6A24073F-A4D0-425E-AA87-E86324DA97CC} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E6A15520-0D3F-4FF5-90CD-FC24378F46CD} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - f:\documents and settings\matt\application data\mozilla\firefox\profiles\klwt21j5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: f:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: f:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: f:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: f:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: f:\windows\system32\macromed\flash\NPSWF32_11_2_202_160.dll
.
============= SERVICES / DRIVERS ===============
.
S1 yppbzkpj;yppbzkpj;\??\f:\windows\system32\drivers\yppbzkpj.sys --> f:\windows\system32\drivers\yppbzkpj.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);f:\program files\google\update\GoogleUpdate.exe [2011-2-3 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;f:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-2-5 253600]
S3 gupdatem;Google Update Service (gupdatem);f:\program files\google\update\GoogleUpdate.exe [2011-2-3 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;f:\program files\mozilla maintenance service\maintenanceservice.exe [2012-3-20 129976]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;f:\windows\system32\drivers\wg111v2.sys [2007-12-26 272128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-06 18:33:41 20747 ----a-w- f:\windows\system32\drivers\AegisP.sys
2012-04-06 18:33:36 81920 ----a-w- f:\windows\system32\brdcm2k.dll
2012-04-06 18:33:36 61440 ----a-w- f:\windows\system32\BelkinHWStatus.dll
2012-04-06 18:33:36 53248 ----a-w- f:\windows\system32\preflib.dll
2012-04-06 18:33:36 204800 ----a-w- f:\windows\system32\UploadDLL.dll
2012-04-06 18:33:36 192512 ----a-w- f:\windows\system32\blkwcd.dll
2012-04-06 18:33:36 167936 ----a-w- f:\windows\system32\BelkinwcuiDLL.dll
2012-04-06 18:33:36 101888 ----a-w- f:\windows\system32\CrashRpt.dll
2012-04-06 18:33:36 -------- d-----w- f:\program files\Belkin
2012-04-06 17:01:35 116224 -c--a-w- f:\windows\system32\dllcache\xrxwiadr.dll
2012-04-06 17:01:34 23040 -c--a-w- f:\windows\system32\dllcache\xrxwbtmp.dll
2012-04-06 17:01:33 4608 -c--a-w- f:\windows\system32\dllcache\xrxflnch.exe
2012-04-06 17:01:33 27648 -c--a-w- f:\windows\system32\dllcache\xrxftplt.exe
2012-04-06 17:01:33 18944 -c--a-w- f:\windows\system32\dllcache\xrxscnui.dll
2012-04-06 17:01:01 99865 -c--a-w- f:\windows\system32\dllcache\xlog.exe
2012-04-06 16:59:57 25471 -c--a-w- f:\windows\system32\dllcache\watv10nt.sys
2012-04-06 16:58:53 166784 -c--a-w- f:\windows\system32\dllcache\tridxpm.sys
2012-04-06 16:57:56 48736 -c--a-w- f:\windows\system32\dllcache\srwlnd5.sys
2012-04-06 16:56:55 18400 -c--a-w- f:\windows\system32\dllcache\sgsmld.sys
2012-04-06 16:55:53 19584 -c--a-w- f:\windows\system32\dllcache\rasirda.sys
2012-04-06 16:54:56 41984 -c--a-w- f:\windows\system32\dllcache\ovui2rc.dll
2012-04-06 16:53:56 91488 -c--a-w- f:\windows\system32\dllcache\n9i3disp.dll
2012-04-06 16:52:57 35200 -c--a-w- f:\windows\system32\dllcache\msgame.sys
2012-04-06 16:51:59 802683 -c--a-w- f:\windows\system32\dllcache\ltsm.sys
2012-04-06 16:50:53 90200 -c--a-w- f:\windows\system32\dllcache\io8ports.dll
2012-04-06 16:49:43 1041536 -c--a-w- f:\windows\system32\dllcache\hsfdpsp2.sys
2012-04-06 16:48:53 92160 -c--a-w- f:\windows\system32\dllcache\fuusd.dll
2012-04-06 16:47:59 19594 -c--a-w- f:\windows\system32\dllcache\e100isa4.sys
2012-04-06 16:46:55 179584 -c--a-w- f:\windows\system32\dllcache\dac2w2k.sys
2012-04-06 16:45:58 7680 -c--a-w- f:\windows\system32\dllcache\cd20xrnt.sys
2012-04-06 16:44:59 13696 -c--a-w- f:\windows\system32\dllcache\avcstrm.sys
2012-04-06 16:43:57 3775 -c--a-w- f:\windows\system32\dllcache\adv11nt5.dll
2012-04-06 16:42:49 66048 -c--a-w- f:\windows\system32\dllcache\s3legacy.dll
2012-04-06 16:42:43 2188928 -c--a-w- f:\windows\system32\dllcache\ntoskrnl.exe
2012-04-06 16:15:55 135168 ----a-r- f:\windows\system32\igfxres.dll
2012-04-06 16:05:59 8704 -c--a-w- f:\windows\system32\dllcache\snmptrap.exe
2012-04-06 16:04:59 5632 -c--a-w- f:\windows\system32\dllcache\kbdfa.dll
2012-04-06 16:03:55 45568 -c--a-w- f:\windows\system32\dllcache\browscap.dll
2012-04-06 15:52:21 24661 -c--a-w- f:\windows\system32\dllcache\spxcoins.dll
2012-04-06 15:52:21 24661 ----a-w- f:\windows\system32\spxcoins.dll
2012-04-06 15:52:21 13312 -c--a-w- f:\windows\system32\dllcache\irclass.dll
2012-04-06 15:52:21 13312 ----a-w- f:\windows\system32\irclass.dll
2012-04-06 15:52:05 16535 ----a-r- f:\windows\SETB7.tmp
2012-04-06 15:52:00 1088840 ----a-r- f:\windows\SETAB.tmp
2012-04-06 15:51:58 1296669 ----a-r- f:\windows\SETA8.tmp
2012-04-04 21:11:16 17149 ----a-w- f:\windows\system32\DNINDIS5.SYS
2012-03-28 19:05:02 -------- d-----w- f:\program files\AVAST Software
2012-03-28 19:05:02 -------- d-----w- f:\documents and settings\all users\application data\AVAST Software
2012-03-28 18:21:45 -------- d-----w- f:\documents and settings\all users\application data\IObit
2012-03-28 18:21:28 -------- d-----w- f:\documents and settings\matt\application data\IObit
2012-03-28 18:21:06 -------- d-----w- f:\program files\IObit
2012-03-28 13:55:37 0 --sha-w- f:\windows\system32\dds_trash_log.cmd
2012-03-20 13:56:00 -------- d-----w- f:\program files\Mozilla Maintenance Service
2012-03-20 13:55:59 145960 ----a-w- f:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-03-20 13:55:59 129976 ----a-w- f:\program files\mozilla firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-03-09 14:12:36 121208 ----a-w- f:\windows\system32\drivers\AnyDVD.sys
2012-02-05 10:51:09 70304 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-05 10:51:09 417440 ----a-w- f:\windows\system32\FlashPlayerApp.exe
2012-01-29 10:10:42 237072 ------w- f:\windows\system32\MpSigStub.exe
.
============= FINISH: 19:01:44.90 ===============
Attached Files
File Type: zip attach.zip (2.8 KB, 4 views)

__________________
palicea is offline  
Old 04-14-2012, 08:04 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 24,371
OS: XP SP3; Win7 32/64-bit


Re: have internet connection but browsers do not work
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please explain why you have no antivirus installed and running. It appears you had avast! previously.

------------------------------------------------------

Please explain what you mean by no browser working. What happens when you open IE or FF? Any error messages?

------------------------------------------------------

When you run this tool, remember to choose 'Skip' not 'Cure' if it finds something. We just want a scan, not a fix.

Download tdsskiller.exe and Save it to your Desktop.

Double-click tdsskiller.exe and click 'Run'

Click 'Change parameters' then under 'Additional options' tick both boxes > OK.

Click 'Start scan'.

If no infection is found, click 'Close' and let me know.

If an infection is found, select 'Skip' from the dropdown menu under 'Cure' then click 'Continue' > 'Close' > 'Close'.

It will produce a log here > F:\TDSSKiller.2.7.28.0_date_time_log.txt

Please navigate to the file, double-click to open it, and copy/paste the contents in your next reply.

------------------------------------------------------

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the Internet Services option remains checked.
  • Check all the other boxes.
  • Click Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Old 04-15-2012, 10:35 AM   #3
Registered Member
 
Join Date: Apr 2012
Posts: 6
OS: W-XP


Re: have internet connection but browsers do not work
Please explain why you have no antivirus installed and running. It appears you had avast! previously.

Answer: The initial instructions stated to disable all antispyware.

Please explain what you mean by no browser working. What happens when you open IE or FF? Any error messages?

Answer: Both browsers showed "cannot connect to server" errors.

I now have internet connection and browser connection on both FF and IE, which I am unable to explain , except that possibly the initial "fixes" that I ran may have cured the problem. I closed the browsers and have the two logs that you have requested. I will not open the browsers until you tell me that it is ok. Thanks for your help..

TDS file:
13:19:30.0522 2876 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
13:19:30.0850 2876 ============================================================
13:19:30.0850 2876 Current date / time: 2012/04/15 13:19:30.0850
13:19:30.0850 2876 SystemInfo:
13:19:30.0850 2876
13:19:30.0850 2876 OS Version: 5.1.2600 ServicePack: 3.0
13:19:30.0850 2876 Product type: Workstation
13:19:30.0850 2876 ComputerName: HOME-1
13:19:30.0850 2876 UserName: Matt
13:19:30.0850 2876 Windows directory: F:\WINDOWS
13:19:30.0850 2876 System windows directory: F:\WINDOWS
13:19:30.0850 2876 Processor architecture: Intel x86
13:19:30.0850 2876 Number of processors: 2
13:19:30.0850 2876 Page size: 0x1000
13:19:30.0850 2876 Boot type: Normal boot
13:19:30.0850 2876 ============================================================
13:19:33.0459 2876 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:19:33.0475 2876 Drive \Device\Harddisk1\DR1 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:19:33.0678 2876 \Device\Harddisk0\DR0:
13:19:33.0678 2876 MBR used
13:19:33.0678 2876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
13:19:33.0678 2876 \Device\Harddisk1\DR1:
13:19:33.0678 2876 MBR used
13:19:33.0678 2876 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F
13:19:33.0944 2876 Initialize success
13:19:33.0944 2876 ============================================================
13:19:55.0412 2468 ============================================================
13:19:55.0412 2468 Scan started
13:19:55.0412 2468 Mode: Manual; SigCheck; TDLFS;
13:19:55.0412 2468 ============================================================
13:19:58.0147 2468 Abiosdsk - ok
13:19:58.0381 2468 abp480n5 - ok
13:19:58.0662 2468 ACPI (8fd99680a539792a30e97944fdaecf17) F:\WINDOWS\system32\DRIVERS\ACPI.sys
13:19:59.0178 2468 ACPI - ok
13:19:59.0381 2468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) F:\WINDOWS\system32\drivers\ACPIEC.sys
13:19:59.0928 2468 ACPIEC - ok
13:19:59.0990 2468 AdobeFlashPlayerUpdateSvc (300b79deceef4f385523765acc4f351a) F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:20:00.0006 2468 AdobeFlashPlayerUpdateSvc - ok
13:20:00.0475 2468 adpu160m - ok
13:20:00.0803 2468 aec (8bed39e3c35d6a489438b8141717a557) F:\WINDOWS\system32\drivers\aec.sys
13:20:01.0209 2468 aec - ok
13:20:01.0647 2468 AegisP (2f7f3e8da380325866e566f5d5ec23d5) F:\WINDOWS\system32\DRIVERS\AegisP.sys
13:20:01.0647 2468 AegisP ( UnsignedFile.Multi.Generic ) - warning
13:20:01.0647 2468 AegisP - detected UnsignedFile.Multi.Generic (1)
13:20:02.0303 2468 AFD (322d0e36693d6e24a2398bee62a268cd) F:\WINDOWS\System32\drivers\afd.sys
13:20:02.0444 2468 AFD - ok
13:20:02.0553 2468 Aha154x - ok
13:20:02.0803 2468 aic78u2 - ok
13:20:03.0069 2468 aic78xx - ok
13:20:03.0350 2468 Alerter (a9a3daa780ca6c9671a19d52456705b4) F:\WINDOWS\system32\alrsvc.dll
13:20:03.0506 2468 Alerter - ok
13:20:03.0662 2468 ALG (8c515081584a38aa007909cd02020b3d) F:\WINDOWS\System32\alg.exe
13:20:03.0740 2468 ALG - ok
13:20:04.0006 2468 AliIde - ok
13:20:04.0287 2468 amsint - ok
13:20:04.0334 2468 AnyDVD (1b1d306ef7518274835cc765a3902be9) F:\WINDOWS\system32\Drivers\AnyDVD.sys
13:20:14.0522 2468 AnyDVD - ok
13:20:14.0990 2468 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) F:\WINDOWS\System32\appmgmts.dll
13:20:15.0303 2468 AppMgmt - ok
13:20:15.0537 2468 asc - ok
13:20:15.0553 2468 asc3350p - ok
13:20:16.0084 2468 asc3550 - ok
13:20:16.0459 2468 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:20:16.0475 2468 aspnet_state - ok
13:20:16.0787 2468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) F:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:20:16.0944 2468 AsyncMac - ok
13:20:17.0412 2468 atapi (9f3a2f5aa6875c72bf062c712cfa2674) F:\WINDOWS\system32\DRIVERS\atapi.sys
13:20:17.0584 2468 atapi - ok
13:20:17.0819 2468 Atdisk - ok
13:20:18.0115 2468 Atmarpc (9916c1225104ba14794209cfa8012159) F:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:20:18.0490 2468 Atmarpc - ok
13:20:18.0631 2468 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) F:\WINDOWS\System32\audiosrv.dll
13:20:18.0803 2468 AudioSrv - ok
13:20:19.0272 2468 audstub (d9f724aa26c010a217c97606b160ed68) F:\WINDOWS\system32\DRIVERS\audstub.sys
13:20:19.0397 2468 audstub - ok
13:20:19.0569 2468 b57w2k (e5359a62ef537c4c25e364029272b439) F:\WINDOWS\system32\DRIVERS\b57xp32.sys
13:20:19.0881 2468 b57w2k - ok
13:20:20.0178 2468 Beep (da1f27d85e0d1525f6621372e7b685e9) F:\WINDOWS\system32\drivers\Beep.sys
13:20:20.0319 2468 Beep - ok
13:20:20.0537 2468 BITS (574738f61fca2935f5265dc4e5691314) F:\WINDOWS\system32\qmgr.dll
13:20:20.0975 2468 BITS - ok
13:20:21.0209 2468 Browser (a06ce3399d16db864f55faeb1f1927a9) F:\WINDOWS\System32\browser.dll
13:20:21.0615 2468 Browser - ok
13:20:22.0100 2468 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) F:\WINDOWS\system32\drivers\BVRPMPR5.SYS
13:20:22.0131 2468 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
13:20:22.0131 2468 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
13:20:22.0131 2468 catchme - ok
13:20:22.0444 2468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) F:\WINDOWS\system32\drivers\cbidf2k.sys
13:20:22.0569 2468 cbidf2k - ok
13:20:23.0006 2468 cd20xrnt - ok
13:20:23.0303 2468 Cdaudio (c1b486a7658353d33a10cc15211a873b) F:\WINDOWS\system32\drivers\Cdaudio.sys
13:20:23.0428 2468 Cdaudio - ok
13:20:23.0912 2468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) F:\WINDOWS\system32\drivers\Cdfs.sys
13:20:24.0334 2468 Cdfs - ok
13:20:24.0522 2468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) F:\WINDOWS\system32\DRIVERS\cdrom.sys
13:20:25.0037 2468 Cdrom - ok
13:20:25.0240 2468 Changer - ok
13:20:25.0522 2468 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) F:\WINDOWS\system32\cisvc.exe
13:20:25.0647 2468 CiSvc - ok
13:20:25.0850 2468 ClipSrv (34cbe729f38138217f9c80212a2a0c82) F:\WINDOWS\system32\clipsrv.exe
13:20:26.0272 2468 ClipSrv - ok
13:20:26.0772 2468 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:20:26.0772 2468 clr_optimization_v2.0.50727_32 - ok
13:20:27.0162 2468 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:20:27.0178 2468 clr_optimization_v4.0.30319_32 - ok
13:20:27.0459 2468 CmdIde - ok
13:20:27.0787 2468 COMSysApp - ok
13:20:28.0178 2468 Cpqarray - ok
13:20:28.0490 2468 CryptSvc (3d4e199942e29207970e04315d02ad3b) F:\WINDOWS\System32\cryptsvc.dll
13:20:28.0615 2468 CryptSvc - ok
13:20:29.0194 2468 dac2w2k - ok
13:20:29.0194 2468 dac960nt - ok
13:20:29.0272 2468 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) F:\WINDOWS\system32\rpcss.dll
13:20:30.0006 2468 DcomLaunch - ok
13:20:30.0100 2468 Dhcp (5e38d7684a49cacfb752b046357e0589) F:\WINDOWS\System32\dhcpcsvc.dll
13:20:30.0537 2468 Dhcp - ok
13:20:30.0803 2468 Disk (044452051f3e02e7963599fc8f4f3e25) F:\WINDOWS\system32\DRIVERS\disk.sys
13:20:31.0194 2468 Disk - ok
13:20:31.0334 2468 dmadmin - ok
13:20:32.0053 2468 dmboot (d992fe1274bde0f84ad826acae022a41) F:\WINDOWS\system32\drivers\dmboot.sys
13:20:32.0772 2468 dmboot - ok
13:20:33.0287 2468 dmio (7c824cf7bbde77d95c08005717a95f6f) F:\WINDOWS\system32\DRIVERS\dmio.sys
13:20:33.0928 2468 dmio - ok
13:20:33.0944 2468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) F:\WINDOWS\system32\drivers\dmload.sys
13:20:34.0069 2468 dmload - ok
13:20:34.0537 2468 dmserver (57edec2e5f59f0335e92f35184bc8631) F:\WINDOWS\System32\dmserver.dll
13:20:34.0662 2468 dmserver - ok
13:20:35.0147 2468 DMusic (8a208dfcf89792a484e76c40e5f50b45) F:\WINDOWS\system32\drivers\DMusic.sys
13:20:35.0287 2468 DMusic - ok
13:20:35.0490 2468 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) F:\WINDOWS\System32\dnsrslvr.dll
13:20:35.0897 2468 Dnscache - ok
13:20:36.0444 2468 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) F:\WINDOWS\System32\dot3svc.dll
13:20:36.0569 2468 Dot3svc - ok
13:20:36.0990 2468 dpti2o - ok
13:20:37.0303 2468 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) F:\WINDOWS\system32\drivers\drmkaud.sys
13:20:37.0428 2468 drmkaud - ok
13:20:38.0194 2468 EapHost (2187855a7703adef0cef9ee4285182cc) F:\WINDOWS\System32\eapsvc.dll
13:20:38.0600 2468 EapHost - ok
13:20:38.0865 2468 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) F:\WINDOWS\system32\Drivers\ElbyCDIO.sys
13:20:38.0865 2468 ElbyCDIO - ok
13:20:39.0459 2468 ERSvc (bc93b4a066477954555966d77fec9ecb) F:\WINDOWS\System32\ersvc.dll
13:20:39.0584 2468 ERSvc - ok
13:20:40.0162 2468 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) F:\WINDOWS\system32\services.exe
13:20:40.0350 2468 Eventlog - ok
13:20:40.0412 2468 EventSystem (19a799805b24990867b00c120d300c3a) F:\WINDOWS\system32\es.dll
13:20:40.0819 2468 EventSystem - ok
13:20:41.0084 2468 Fastfat (38d332a6d56af32635675f132548343e) F:\WINDOWS\system32\drivers\Fastfat.sys
13:20:41.0209 2468 Fastfat - ok
13:20:41.0397 2468 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) F:\WINDOWS\System32\shsvcs.dll
13:20:41.0522 2468 FastUserSwitchingCompatibility - ok
13:20:41.0709 2468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) F:\WINDOWS\system32\DRIVERS\fdc.sys
13:20:42.0131 2468 Fdc - ok
13:20:42.0350 2468 Fips (d45926117eb9fa946a6af572fbe1caa3) F:\WINDOWS\system32\drivers\Fips.sys
13:20:42.0756 2468 Fips - ok
13:20:43.0037 2468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) F:\WINDOWS\system32\drivers\Flpydisk.sys
13:20:43.0225 2468 Flpydisk - ok
13:20:43.0865 2468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) F:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:20:44.0069 2468 FltMgr - ok
13:20:44.0256 2468 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) f:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:20:44.0272 2468 FontCache3.0.0.0 - ok
13:20:44.0303 2468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) F:\WINDOWS\system32\drivers\Fs_Rec.sys
13:20:44.0506 2468 Fs_Rec - ok
13:20:44.0553 2468 Ftdisk (6ac26732762483366c3969c9e4d2259d) F:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:20:44.0756 2468 Ftdisk - ok
13:20:44.0787 2468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) F:\WINDOWS\system32\DRIVERS\msgpc.sys
13:20:45.0006 2468 Gpc - ok
13:20:45.0100 2468 gupdate (f02a533f517eb38333cb12a9e8963773) F:\Program Files\Google\Update\GoogleUpdate.exe
13:20:45.0115 2468 gupdate - ok
13:20:45.0147 2468 gupdatem (f02a533f517eb38333cb12a9e8963773) F:\Program Files\Google\Update\GoogleUpdate.exe
13:20:45.0162 2468 gupdatem - ok
13:20:45.0194 2468 gusvc (cc839e8d766cc31a7710c9f38cf3e375) F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:20:45.0209 2468 gusvc - ok
13:20:45.0256 2468 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) F:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:20:45.0459 2468 helpsvc - ok
13:20:45.0490 2468 HidServ (deb04da35cc871b6d309b77e1443c796) F:\WINDOWS\System32\hidserv.dll
13:20:45.0678 2468 HidServ - ok
13:20:45.0725 2468 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) F:\WINDOWS\system32\DRIVERS\hidusb.sys
13:20:45.0928 2468 HidUsb - ok
13:20:45.0959 2468 hkmsvc (8878bd685e490239777bfe51320b88e9) F:\WINDOWS\System32\kmsvc.dll
13:20:46.0162 2468 hkmsvc - ok
13:20:46.0162 2468 hpn - ok
13:20:46.0256 2468 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) F:\WINDOWS\system32\Drivers\HTTP.sys
13:20:46.0506 2468 HTTP - ok
13:20:46.0537 2468 HTTPFilter (6100a808600f44d999cebdef8841c7a3) F:\WINDOWS\System32\w3ssl.dll
13:20:46.0725 2468 HTTPFilter - ok
13:20:46.0740 2468 i2omgmt - ok
13:20:46.0740 2468 i2omp - ok
13:20:46.0819 2468 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) F:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:20:47.0022 2468 i8042prt - ok
13:20:47.0100 2468 ialm (240d0f5d7caafd87bd8d801a97bbe041) F:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:20:47.0209 2468 ialm - ok
13:20:47.0365 2468 idsvc (c01ac32dc5c03076cfb852cb5da5229c) F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:20:47.0522 2468 idsvc - ok
13:20:47.0553 2468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) F:\WINDOWS\system32\DRIVERS\imapi.sys
13:20:47.0678 2468 Imapi - ok
13:20:47.0756 2468 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) F:\WINDOWS\system32\imapi.exe
13:20:48.0194 2468 ImapiService - ok
13:20:48.0381 2468 ini910u - ok
13:20:48.0756 2468 IntelIde (b5466a9250342a7aa0cd1fba13420678) F:\WINDOWS\system32\DRIVERS\intelide.sys
13:20:48.0897 2468 IntelIde - ok
13:20:49.0100 2468 intelppm (8c953733d8f36eb2133f5bb58808b66b) F:\WINDOWS\system32\DRIVERS\intelppm.sys
13:20:49.0209 2468 intelppm - ok
13:20:49.0740 2468 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) F:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:20:49.0850 2468 Ip6Fw - ok
13:20:50.0381 2468 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) F:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:20:50.0506 2468 IpFilterDriver - ok
13:20:51.0115 2468 IpInIp (b87ab476dcf76e72010632b5550955f5) F:\WINDOWS\system32\DRIVERS\ipinip.sys
13:20:51.0240 2468 IpInIp - ok
13:20:51.0787 2468 IpNat (cc748ea12c6effde940ee98098bf96bb) F:\WINDOWS\system32\DRIVERS\ipnat.sys
13:20:52.0225 2468 IpNat - ok
13:20:52.0459 2468 IPSec (23c74d75e36e7158768dd63d92789a91) F:\WINDOWS\system32\DRIVERS\ipsec.sys
13:20:52.0865 2468 IPSec - ok
13:20:53.0131 2468 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) F:\WINDOWS\system32\DRIVERS\irenum.sys
13:20:53.0475 2468 IRENUM - ok
13:20:53.0787 2468 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) F:\WINDOWS\system32\DRIVERS\isapnp.sys
13:20:54.0256 2468 isapnp - ok
13:20:54.0569 2468 JavaQuickStarterService (973db7ac74c554c546f8b0b7b98fb855) F:\Program Files\Java\jre7\bin\jqs.exe
13:20:54.0584 2468 JavaQuickStarterService - ok
13:20:55.0272 2468 Kbdclass (463c1ec80cd17420a542b7f36a36f128) F:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:20:55.0897 2468 Kbdclass - ok
13:20:55.0928 2468 kbdhid (9ef487a186dea361aa06913a75b3fa99) F:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:20:56.0037 2468 kbdhid - ok
13:20:56.0303 2468 kmixer (692bcf44383d056aed41b045a323d378) F:\WINDOWS\system32\drivers\kmixer.sys
13:20:56.0428 2468 kmixer - ok
13:20:57.0037 2468 KSecDD (1705745d900dabf2d89f90ebaddc7517) F:\WINDOWS\system32\drivers\KSecDD.sys
13:20:57.0506 2468 KSecDD - ok
13:20:57.0787 2468 LanmanServer (f385f4b02c535bffe1d70cab80838123) F:\WINDOWS\System32\srvsvc.dll
13:20:58.0209 2468 LanmanServer - ok
13:20:58.0819 2468 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) F:\WINDOWS\System32\wkssvc.dll
13:20:59.0256 2468 lanmanworkstation - ok
13:20:59.0490 2468 lbrtfdc - ok
13:20:59.0803 2468 LmHosts (a7db739ae99a796d91580147e919cc59) F:\WINDOWS\System32\lmhsvc.dll
13:21:00.0209 2468 LmHosts - ok
13:21:00.0444 2468 Messenger (986b1ff5814366d71e0ac5755c88f2d3) F:\WINDOWS\System32\msgsvc.dll
13:21:00.0850 2468 Messenger - ok
13:21:01.0131 2468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) F:\WINDOWS\system32\drivers\mnmdd.sys
13:21:01.0537 2468 mnmdd - ok
13:21:02.0100 2468 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) F:\WINDOWS\system32\mnmsrvc.exe
13:21:02.0209 2468 mnmsrvc - ok
13:21:02.0459 2468 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) F:\WINDOWS\system32\drivers\Modem.sys
13:21:02.0553 2468 Modem - ok
13:21:02.0819 2468 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) F:\WINDOWS\system32\DRIVERS\mouclass.sys
13:21:02.0944 2468 Mouclass - ok
13:21:03.0428 2468 mouhid (b1c303e17fb9d46e87a98e4ba6769685) F:\WINDOWS\system32\DRIVERS\mouhid.sys
13:21:03.0537 2468 mouhid - ok
13:21:04.0084 2468 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) F:\WINDOWS\system32\drivers\MountMgr.sys
13:21:04.0209 2468 MountMgr - ok
13:21:04.0803 2468 MozillaMaintenance (65f455520aeaaccfb1bdf47f8ab308ee) F:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:21:04.0819 2468 MozillaMaintenance - ok
13:21:05.0131 2468 mraid35x - ok
13:21:05.0475 2468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) F:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:21:05.0881 2468 MRxDAV - ok
13:21:06.0225 2468 MRxSmb (68755f0ff16070178b54674fe5b847b0) F:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:21:06.0865 2468 MRxSmb - ok
13:21:07.0194 2468 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) F:\WINDOWS\system32\msdtc.exe
13:21:07.0287 2468 MSDTC - ok
13:21:07.0522 2468 Msfs (c941ea2454ba8350021d774daf0f1027) F:\WINDOWS\system32\drivers\Msfs.sys
13:21:07.0975 2468 Msfs - ok
13:21:08.0256 2468 MSIServer - ok
13:21:08.0553 2468 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) F:\WINDOWS\system32\drivers\MSKSSRV.sys
13:21:08.0881 2468 MSKSSRV - ok
13:21:09.0225 2468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) F:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:21:09.0350 2468 MSPCLOCK - ok
13:21:09.0569 2468 MSPQM (bad59648ba099da4a17680b39730cb3d) F:\WINDOWS\system32\drivers\MSPQM.sys
13:21:10.0006 2468 MSPQM - ok
13:21:10.0319 2468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) F:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:21:10.0740 2468 mssmbios - ok
13:21:10.0990 2468 Mup (2f625d11385b1a94360bfc70aaefdee1) F:\WINDOWS\system32\drivers\Mup.sys
13:21:11.0100 2468 Mup - ok
13:21:11.0334 2468 napagent (0102140028fad045756796e1c685d695) F:\WINDOWS\System32\qagentrt.dll
13:21:11.0725 2468 napagent - ok
13:21:12.0037 2468 NDIS (1df7f42665c94b825322fae71721130d) F:\WINDOWS\system32\drivers\NDIS.sys
13:21:12.0428 2468 NDIS - ok
13:21:12.0709 2468 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) F:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:21:12.0819 2468 NdisTapi - ok
13:21:13.0584 2468 Ndisuio (f927a4434c5028758a842943ef1a3849) F:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:21:13.0881 2468 Ndisuio - ok
13:21:14.0272 2468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) F:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:21:14.0865 2468 NdisWan - ok
13:21:15.0162 2468 NDProxy (6215023940cfd3702b46abc304e1d45a) F:\WINDOWS\system32\drivers\NDProxy.sys
13:21:15.0287 2468 NDProxy - ok
13:21:15.0569 2468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) F:\WINDOWS\system32\DRIVERS\netbios.sys
13:21:16.0006 2468 NetBIOS - ok
13:21:16.0319 2468 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) F:\WINDOWS\system32\DRIVERS\netbt.sys
13:21:16.0912 2468 NetBT - ok
13:21:17.0287 2468 NetDDE (b857ba82860d7ff85ae29b095645563b) F:\WINDOWS\system32\netdde.exe
13:21:17.0959 2468 NetDDE - ok
13:21:17.0975 2468 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) F:\WINDOWS\system32\netdde.exe
13:21:18.0084 2468 NetDDEdsdm - ok
13:21:18.0647 2468 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) F:\WINDOWS\system32\lsass.exe
13:21:18.0819 2468 Netlogon - ok
13:21:19.0100 2468 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) F:\WINDOWS\System32\netman.dll
13:21:19.0287 2468 Netman - ok
13:21:19.0975 2468 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:21:20.0006 2468 NetTcpPortSharing - ok
13:21:20.0131 2468 Nla (b4138e99236f0f57d4cf49bae98a0746) F:\WINDOWS\System32\mswsock.dll
13:21:20.0334 2468 Nla - ok
13:21:20.0397 2468 Npfs (3182d64ae053d6fb034f44b6def8034a) F:\WINDOWS\system32\drivers\Npfs.sys
13:21:20.0584 2468 Npfs - ok
13:21:20.0631 2468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) F:\WINDOWS\system32\drivers\Ntfs.sys
13:21:20.0850 2468 Ntfs - ok
13:21:20.0881 2468 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) F:\WINDOWS\system32\lsass.exe
13:21:21.0037 2468 NtLmSsp - ok
13:21:21.0100 2468 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) F:\WINDOWS\system32\ntmssvc.dll
13:21:21.0287 2468 NtmsSvc - ok
13:21:21.0303 2468 Null (73c1e1f395918bc2c6dd67af7591a3ad) F:\WINDOWS\system32\drivers\Null.sys
13:21:21.0475 2468 Null - ok
13:21:21.0522 2468 NWCWorkstation (2c2fd0e6b0180f94c260dd26706aa5f4) F:\WINDOWS\System32\nwwks.dll
13:21:21.0600 2468 NWCWorkstation - ok
13:21:21.0631 2468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) F:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:21:21.0819 2468 NwlnkFlt - ok
13:21:21.0897 2468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) F:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:21:22.0006 2468 NwlnkFwd - ok
13:21:22.0037 2468 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) F:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
13:21:22.0178 2468 NwlnkIpx - ok
13:21:22.0209 2468 NwlnkNb (56d34a67c05e94e16377c60609741ff8) F:\WINDOWS\system32\DRIVERS\nwlnknb.sys
13:21:22.0365 2468 NwlnkNb - ok
13:21:22.0397 2468 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) F:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
13:21:22.0506 2468 NwlnkSpx - ok
13:21:22.0819 2468 NWRDR (36b9b950e3d2e100970a48d8bad86740) F:\WINDOWS\system32\DRIVERS\nwrdr.sys
13:21:22.0897 2468 NWRDR - ok
13:21:22.0959 2468 Parport (5575faf8f97ce5e713d108c2a58d7c7c) F:\WINDOWS\system32\DRIVERS\parport.sys
13:21:23.0069 2468 Parport - ok
13:21:23.0740 2468 PartMgr (beb3ba25197665d82ec7065b724171c6) F:\WINDOWS\system32\drivers\PartMgr.sys
13:21:23.0928 2468 PartMgr - ok
13:21:23.0959 2468 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) F:\WINDOWS\system32\drivers\ParVdm.sys
13:21:24.0131 2468 ParVdm - ok
13:21:24.0209 2468 PCI (a219903ccf74233761d92bef471a07b1) F:\WINDOWS\system32\DRIVERS\pci.sys
13:21:24.0631 2468 PCI - ok
13:21:24.0647 2468 PCIDump - ok
13:21:24.0662 2468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) F:\WINDOWS\system32\drivers\PCIIde.sys
13:21:24.0772 2468 PCIIde - ok
13:21:25.0053 2468 pclepci (c62f76344cd3a3a6314055b4929e529d) F:\WINDOWS\system32\BrSerIf.dll
13:21:25.0194 2468 pclepci - ok
13:21:25.0834 2468 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) F:\WINDOWS\system32\drivers\Pcmcia.sys
13:21:26.0006 2468 Pcmcia - ok
13:21:26.0022 2468 PDCOMP - ok
13:21:26.0037 2468 PDFRAME - ok
13:21:26.0037 2468 PDRELI - ok
13:21:26.0053 2468 PDRFRAME - ok
13:21:26.0084 2468 perc2 - ok
13:21:26.0428 2468 perc2hib - ok
13:21:26.0490 2468 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) F:\WINDOWS\system32\services.exe
13:21:26.0631 2468 PlugPlay - ok
13:21:26.0678 2468 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) F:\WINDOWS\system32\lsass.exe
13:21:26.0834 2468 PolicyAgent - ok
13:21:26.0881 2468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) F:\WINDOWS\system32\DRIVERS\raspptp.sys
13:21:27.0069 2468 PptpMiniport - ok
13:21:27.0069 2468 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) F:\WINDOWS\system32\lsass.exe
13:21:27.0240 2468 ProtectedStorage - ok
13:21:27.0287 2468 PSched (09298ec810b07e5d582cb3a3f9255424) F:\WINDOWS\system32\DRIVERS\psched.sys
13:21:27.0459 2468 PSched - ok
13:21:27.0490 2468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) F:\WINDOWS\system32\DRIVERS\ptilink.sys
13:21:27.0678 2468 Ptilink - ok
13:21:27.0694 2468 ql1080 - ok
13:21:27.0694 2468 Ql10wnt - ok
13:21:27.0709 2468 ql12160 - ok
13:21:27.0725 2468 ql1240 - ok
13:21:27.0740 2468 ql1280 - ok
13:21:27.0756 2468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) F:\WINDOWS\system32\DRIVERS\rasacd.sys
13:21:27.0928 2468 RasAcd - ok
13:21:27.0959 2468 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) F:\WINDOWS\System32\rasauto.dll
13:21:28.0131 2468 RasAuto - ok
13:21:28.0162 2468 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) F:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:21:28.0350 2468 Rasl2tp - ok
13:21:28.0397 2468 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) F:\WINDOWS\System32\rasmans.dll
13:21:28.0600 2468 RasMan - ok
13:21:28.0647 2468 RasPppoe (5bc962f2654137c9909c3d4603587dee) F:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:21:28.0787 2468 RasPppoe - ok
13:21:28.0912 2468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) F:\WINDOWS\system32\DRIVERS\raspti.sys
13:21:29.0053 2468 Raspti - ok
13:21:29.0162 2468 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) F:\WINDOWS\system32\DRIVERS\rdbss.sys
13:21:29.0303 2468 Rdbss - ok
13:21:29.0334 2468 RDPCDD (4912d5b403614ce99c28420f75353332) F:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:21:29.0475 2468 RDPCDD - ok
13:21:29.0631 2468 rdpdr (15cabd0f7c00c47c70124907916af3f1) F:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:21:29.0850 2468 rdpdr - ok
13:21:29.0912 2468 RDPWD (6728e45b66f93c08f11de2e316fc70dd) F:\WINDOWS\system32\drivers\RDPWD.sys
13:21:30.0069 2468 RDPWD - ok
13:21:30.0162 2468 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) F:\WINDOWS\system32\sessmgr.exe
13:21:30.0272 2468 RDSessMgr - ok
13:21:30.0350 2468 redbook (f828dd7e1419b6653894a8f97a0094c5) F:\WINDOWS\system32\DRIVERS\redbook.sys
13:21:30.0506 2468 redbook - ok
13:21:30.0553 2468 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) F:\WINDOWS\System32\mprdim.dll
13:21:30.0694 2468 RemoteAccess - ok
13:21:30.0834 2468 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) F:\WINDOWS\system32\regsvc.dll
13:21:30.0975 2468 RemoteRegistry - ok
13:21:31.0022 2468 RpcLocator (aaed593f84afa419bbae8572af87cf6a) F:\WINDOWS\system32\locator.exe
13:21:31.0162 2468 RpcLocator - ok
13:21:31.0381 2468 RpcSs (2589fe6015a316c0f5d5112b4da7b509) F:\WINDOWS\System32\rpcss.dll
13:21:31.0569 2468 RpcSs - ok
13:21:31.0647 2468 RSVP (471b3f9741d762abe75e9deea4787e47) F:\WINDOWS\system32\rsvp.exe
13:21:31.0787 2468 RSVP - ok
13:21:31.0865 2468 RT61 - ok
13:21:31.0944 2468 RTLWUSB (c3880bf1bad0b8eb69efb07a9c3fa7d9) F:\WINDOWS\system32\DRIVERS\wg111v2.sys
13:21:31.0990 2468 RTLWUSB - ok
13:21:32.0053 2468 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) F:\WINDOWS\system32\lsass.exe
13:21:32.0209 2468 SamSs - ok
13:21:32.0287 2468 SCardSvr (86d007e7a654b9a71d1d7d856b104353) F:\WINDOWS\System32\SCardSvr.exe
13:21:32.0459 2468 SCardSvr - ok
13:21:32.0569 2468 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) F:\WINDOWS\system32\schedsvc.dll
13:21:32.0725 2468 Schedule - ok
13:21:32.0803 2468 Secdrv (90a3935d05b494a5a39d37e71f09a677) F:\WINDOWS\system32\DRIVERS\secdrv.sys
13:21:32.0881 2468 Secdrv - ok
13:21:32.0912 2468 seclogon (cbe612e2bb6a10e3563336191eda1250) F:\WINDOWS\System32\seclogon.dll
13:21:33.0069 2468 seclogon - ok
13:21:33.0147 2468 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) F:\WINDOWS\system32\sens.dll
13:21:33.0303 2468 SENS - ok
13:21:33.0381 2468 serenum (0f29512ccd6bead730039fb4bd2c85ce) F:\WINDOWS\system32\DRIVERS\serenum.sys
13:21:33.0553 2468 serenum - ok
13:21:33.0678 2468 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) F:\WINDOWS\system32\DRIVERS\serial.sys
13:21:35.0397 2468 Serial - ok
13:21:35.0678 2468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) F:\WINDOWS\system32\drivers\Sfloppy.sys
13:21:35.0897 2468 Sfloppy - ok
13:21:36.0084 2468 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) F:\WINDOWS\System32\ipnathlp.dll
13:21:36.0225 2468 SharedAccess - ok
13:21:36.0287 2468 ShellHWDetection (1926899bf9ffe2602b63074971700412) F:\WINDOWS\System32\shsvcs.dll
13:21:36.0397 2468 ShellHWDetection - ok
13:21:36.0584 2468 Simbad - ok
13:21:37.0303 2468 Sparrow - ok
13:21:37.0615 2468 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) F:\WINDOWS\system32\drivers\splitter.sys
13:21:37.0740 2468 splitter - ok
13:21:38.0006 2468 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) F:\WINDOWS\system32\spoolsv.exe
13:21:38.0459 2468 Spooler - ok
13:21:38.0709 2468 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) F:\WINDOWS\system32\DRIVERS\sr.sys
13:21:38.0803 2468 sr - ok
13:21:38.0850 2468 srservice (3805df0ac4296a34ba4bf93b346cc378) F:\WINDOWS\system32\srsvc.dll
13:21:38.0897 2468 srservice - ok
13:21:39.0209 2468 Srv (5252605079810904e31c332e241cd59b) F:\WINDOWS\system32\DRIVERS\srv.sys
13:21:39.0381 2468 Srv - ok
13:21:40.0037 2468 SSDPSRV (0a5679b3714edab99e357057ee88fca6) F:\WINDOWS\System32\ssdpsrv.dll
13:21:40.0147 2468 SSDPSRV - ok
13:21:40.0240 2468 stisvc (8bad69cbac032d4bbacfce0306174c30) F:\WINDOWS\system32\wiaservc.dll
13:21:40.0412 2468 stisvc - ok
13:21:40.0490 2468 swenum (3941d127aef12e93addf6fe6ee027e0f) F:\WINDOWS\system32\DRIVERS\swenum.sys
13:21:40.0662 2468 swenum - ok
13:21:40.0725 2468 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) F:\WINDOWS\system32\drivers\swmidi.sys
13:21:40.0897 2468 swmidi - ok
13:21:40.0897 2468 SwPrv - ok
13:21:40.0912 2468 symc810 - ok
13:21:40.0928 2468 symc8xx - ok
13:21:40.0944 2468 sym_hi - ok
13:21:40.0959 2468 sym_u3 - ok
13:21:41.0006 2468 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) F:\WINDOWS\system32\drivers\sysaudio.sys
13:21:41.0162 2468 sysaudio - ok
13:21:41.0209 2468 SysmonLog (c7abbc59b43274b1109df6b24d617051) F:\WINDOWS\system32\smlogsvc.exe
13:21:41.0381 2468 SysmonLog - ok
13:21:41.0444 2468 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) F:\WINDOWS\System32\tapisrv.dll
13:21:41.0615 2468 TapiSrv - ok
13:21:41.0694 2468 Tcpip (93ea8d04ec73a85db02eb8805988f733) F:\WINDOWS\system32\DRIVERS\tcpip.sys
13:21:41.0881 2468 Tcpip - ok
13:21:42.0287 2468 TDPIPE (6471a66807f5e104e4885f5b67349397) F:\WINDOWS\system32\drivers\TDPIPE.sys
13:21:42.0490 2468 TDPIPE - ok
13:21:42.0506 2468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) F:\WINDOWS\system32\drivers\TDTCP.sys
13:21:42.0709 2468 TDTCP - ok
13:21:42.0803 2468 TermDD (88155247177638048422893737429d9e) F:\WINDOWS\system32\DRIVERS\termdd.sys
13:21:42.0912 2468 TermDD - ok
13:21:42.0944 2468 TermService (ff3477c03be7201c294c35f684b3479f) F:\WINDOWS\System32\termsrv.dll
13:21:43.0069 2468 TermService - ok
13:21:43.0725 2468 Themes (1926899bf9ffe2602b63074971700412) F:\WINDOWS\System32\shsvcs.dll
13:21:43.0834 2468 Themes - ok
13:21:44.0069 2468 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) F:\WINDOWS\system32\tlntsvr.exe
13:21:44.0381 2468 TlntSvr - ok
13:21:44.0662 2468 TosIde - ok
13:21:44.0990 2468 TrkWks (55bca12f7f523d35ca3cb833c725f54e) F:\WINDOWS\system32\trkwks.dll
13:21:45.0428 2468 TrkWks - ok
13:21:45.0490 2468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) F:\WINDOWS\system32\drivers\Udfs.sys
13:21:45.0944 2468 Udfs - ok
13:21:45.0959 2468 ultra - ok
13:21:46.0037 2468 Update (402ddc88356b1bac0ee3dd1580c76a31) F:\WINDOWS\system32\DRIVERS\update.sys
13:21:46.0459 2468 Update - ok
13:21:46.0772 2468 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) F:\WINDOWS\System32\upnphost.dll
13:21:46.0850 2468 upnphost - ok
13:21:46.0881 2468 UPS (05365fb38fca1e98f7a566aaaf5d1815) F:\WINDOWS\System32\ups.exe
13:21:47.0053 2468 UPS - ok
13:21:47.0100 2468 usbaudio (e919708db44ed8543a7c017953148330) F:\WINDOWS\system32\drivers\usbaudio.sys
13:21:47.0272 2468 usbaudio - ok
13:21:47.0319 2468 usbccgp (173f317ce0db8e21322e71b7e60a27e8) F:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:21:47.0412 2468 usbccgp - ok
13:21:47.0615 2468 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) F:\WINDOWS\system32\DRIVERS\usbehci.sys
13:21:47.0772 2468 usbehci - ok
13:21:47.0803 2468 usbhub (1ab3cdde553b6e064d2e754efe20285c) F:\WINDOWS\system32\DRIVERS\usbhub.sys
13:21:47.0912 2468 usbhub - ok
13:21:48.0444 2468 usbprint (a717c8721046828520c9edf31288fc00) F:\WINDOWS\system32\DRIVERS\usbprint.sys
13:21:48.0615 2468 usbprint - ok
13:21:48.0662 2468 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) F:\WINDOWS\system32\DRIVERS\usbscan.sys
13:21:48.0787 2468 usbscan - ok
13:21:48.0803 2468 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:21:48.0975 2468 USBSTOR - ok
13:21:49.0006 2468 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) F:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:21:49.0162 2468 usbuhci - ok
13:21:49.0194 2468 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) F:\WINDOWS\system32\DRIVERS\usb8023.sys
13:21:49.0397 2468 USB_RNDIS_XP - ok
13:21:49.0428 2468 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) F:\WINDOWS\System32\drivers\vga.sys
13:21:49.0600 2468 VgaSave - ok
13:21:49.0600 2468 ViaIde - ok
13:21:49.0662 2468 VIAudio (a1abff7b96be4cbe5e902feffb9125d9) F:\WINDOWS\system32\drivers\vinyl97.sys
13:21:49.0678 2468 VIAudio ( UnsignedFile.Multi.Generic ) - warning
13:21:49.0678 2468 VIAudio - detected UnsignedFile.Multi.Generic (1)
13:21:49.0725 2468 VolSnap (4c8fcb5cc53aab716d810740fe59d025) F:\WINDOWS\system32\drivers\VolSnap.sys
13:21:49.0881 2468 VolSnap - ok
13:21:49.0959 2468 VSS (7a9db3a67c333bf0bd42e42b8596854b) F:\WINDOWS\System32\vssvc.exe
13:21:50.0053 2468 VSS - ok
13:21:50.0147 2468 W32Time (54af4b1d5459500ef0937f6d33b1914f) F:\WINDOWS\system32\w32time.dll
13:21:50.0350 2468 W32Time - ok
13:21:50.0459 2468 Wanarp (e20b95baedb550f32dd489265c1da1f6) F:\WINDOWS\system32\DRIVERS\wanarp.sys
13:21:50.0694 2468 Wanarp - ok
13:21:50.0740 2468 WDICA - ok
13:21:50.0787 2468 wdmaud (6768acf64b18196494413695f0c3a00f) F:\WINDOWS\system32\drivers\wdmaud.sys
13:21:50.0881 2468 wdmaud - ok
13:21:50.0928 2468 WebClient (77a354e28153ad2d5e120a5a8687bc06) F:\WINDOWS\System32\webclnt.dll
13:21:51.0053 2468 WebClient - ok
13:21:51.0350 2468 winmgmt (2d0e4ed081963804ccc196a0929275b5) F:\WINDOWS\system32\wbem\WMIsvc.dll
13:21:51.0756 2468 winmgmt - ok
13:21:52.0365 2468 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) F:\WINDOWS\system32\mspmsnsv.dll
13:21:52.0475 2468 WmdmPmSN - ok
13:21:52.0772 2468 Wmi (bab489a5fe26f2d0c910cf7af7e4cf92) F:\WINDOWS\System32\advapi32.dll
13:21:53.0553 2468 Wmi - ok
13:21:53.0787 2468 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) F:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:21:53.0928 2468 WmiAcpi - ok
13:21:54.0287 2468 WmiApSrv (e0673f1106e62a68d2257e376079f821) F:\WINDOWS\system32\wbem\wmiapsrv.exe
13:21:54.0459 2468 WmiApSrv - ok
13:21:55.0178 2468 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) F:\Program Files\Windows Media Player\WMPNetwk.exe
13:21:55.0569 2468 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
13:21:55.0569 2468 WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
13:21:55.0772 2468 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:21:55.0803 2468 WPFFontCache_v0400 - ok
13:21:55.0912 2468 wscsvc (7c278e6408d1dce642230c0585a854d5) F:\WINDOWS\system32\wscsvc.dll
13:21:56.0100 2468 wscsvc - ok
13:21:56.0209 2468 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) F:\WINDOWS\system32\wuauserv.dll
13:21:56.0365 2468 wuauserv - ok
13:21:56.0428 2468 WudfPf (f15feafffbb3644ccc80c5da584e6311) F:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:21:56.0475 2468 WudfPf - ok
13:21:56.0490 2468 WudfRd (28b524262bce6de1f7ef9f510ba3985b) F:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:21:56.0522 2468 WudfRd - ok
13:21:56.0553 2468 WudfSvc (05231c04253c5bc30b26cbaae680ed89) F:\WINDOWS\System32\WUDFSvc.dll
13:21:56.0584 2468 WudfSvc - ok
13:21:56.0709 2468 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) F:\WINDOWS\System32\wzcsvc.dll
13:21:57.0147 2468 WZCSVC - ok
13:21:57.0225 2468 xmlprov (295d21f14c335b53cb8154e5b1f892b9) F:\WINDOWS\System32\xmlprov.dll
13:21:57.0334 2468 xmlprov - ok
13:21:57.0553 2468 yppbzkpj - ok
13:21:57.0600 2468 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:21:58.0881 2468 \Device\Harddisk0\DR0 - ok
13:21:58.0897 2468 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
13:21:59.0162 2468 \Device\Harddisk1\DR1 - ok
13:21:59.0162 2468 Boot (0x1200) (b581b01fe378cc3dd20baf42e9c5e4aa) \Device\Harddisk0\DR0\Partition0
13:21:59.0162 2468 \Device\Harddisk0\DR0\Partition0 - ok
13:21:59.0194 2468 Boot (0x1200) (028d3b8927d8fd3c673462011d942b18) \Device\Harddisk1\DR1\Partition0
13:21:59.0194 2468 \Device\Harddisk1\DR1\Partition0 - ok
13:21:59.0194 2468 ============================================================
13:21:59.0194 2468 Scan finished
13:21:59.0194 2468 ============================================================
13:21:59.0303 2480 Detected object count: 4
13:21:59.0303 2480 Actual detected object count: 4
13:22:03.0834 2480 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:03.0834 2480 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:22:03.0834 2480 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:03.0834 2480 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:22:03.0834 2480 VIAudio ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:03.0834 2480 VIAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:22:03.0834 2480 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:03.0834 2480 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:22:08.0162 2260 Deinitialize success

FSS log:

Farbar Service Scanner Version: 01-03-2012
Ran by Matt (administrator) on 15-04-2012 at 13:24:48
Running from "F:\Documents and Settings\Matt\Desktop\NewAntiSpySyuff"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
File Check:
========
F:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
F:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
F:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
F:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
F:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
F:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
F:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
F:\WINDOWS\system32\netman.dll => MD5 is legit
F:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
F:\WINDOWS\system32\srsvc.dll => MD5 is legit
F:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
F:\WINDOWS\system32\wscsvc.dll => MD5 is legit
F:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
F:\WINDOWS\system32\wuauserv.dll => MD5 is legit
F:\WINDOWS\system32\qmgr.dll => MD5 is legit
F:\WINDOWS\system32\es.dll
[2008-04-14 05:41] - [2008-04-14 05:41] - 0246272 ____A (Microsoft Corporation) 19A799805B24990867B00C120D300C3A
F:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
F:\WINDOWS\system32\svchost.exe => MD5 is legit
F:\WINDOWS\system32\rpcss.dll => MD5 is legit
F:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
AegisP(13) Gpc(3) IPSec(10) NetBT(12) NwlnkIpx(8) NwlnkNb(9) PSched(7) Tcpip(4)
0x0D0000000A0000000500000001000000020000000300000004000000060000000700000008000000090000000B0000000C0000000D000000

**** End of log ****
__________________
palicea is offline  
Old 04-15-2012, 01:57 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 24,371
OS: XP SP3; Win7 32/64-bit


Re: have internet connection but browsers do not work
Hello palicea. It was only necessary to disable your antivirus, not uninstall it. Please reinstall avast! or another of your preference.

How is the machine behaving? Any remaining problems?

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

Coupon Printer for Windows<<Please read here

If you decide to uninstall it, also delete the following Folder if it still exists:

F:\Program Files\Coupons

------------------------------------------------------

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

sc delete yppbzkpj

A DOS window will open and close again, this is normal.

------------------------------------------------------

Please download Malwarebytes' Anti-Malware and Save it to your Desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Under the Scanner tab, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

------------------------------------------------------

Your Java is out of date.

Java(TM) 7 Update 2 can be updated from the Java Control Panel. Go Start > Control Panel(Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish, then click 'Finish'.
  • Use Notepad to open the logfile located at F:\Program Files\Eset\Eset Online Scanner\log.txt
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Copy/paste that log as a reply to this topic.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Old 04-15-2012, 04:54 PM   #5
Registered Member
 
Join Date: Apr 2012
Posts: 6
OS: W-XP


Re: have internet connection but browsers do not work
The system is operating very good, thank you. Below are the MBAM and ESET scans:

MBAM:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.15.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Matt :: HOME-1 [administrator]
4/15/2012 6:19:48 PM
mbam-log-2012-04-15 (18-19-48).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209823
Time elapsed: 10 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


ESET scan:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cef4704ac919ed4f930f2bf322b87e92
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-15 11:46:43
# local_time=2012-04-15 07:46:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 9612116 9612116 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=93985
# found=8
# cleaned=0
# scan_time=3617
C:\WINDOWS\eregafey.dll Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\ilixevokoxa.dll Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\iqeqeribeciduwa.dll Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\ixodowubucudiro.dll Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\otomamum.dll Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\ovexuyoy.dll Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I
F:\Documents and Settings\Matt\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\25\77faa0d9-48a6df9d a variant of Java/Exploit.CVE-2012-0507.B trojan (unable to clean) 00000000000000000000000000000000 I
F:\RECYCLER\S-1-5-21-796845957-1229272821-1644491937-1003\Df5.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
__________________
palicea is offline  
Old 04-15-2012, 06:47 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 24,371
OS: XP SP3; Win7 32/64-bit


Re: have internet connection but browsers do not work
Hello again, palicea.

Please download Temp File Cleaner and save it to your desktop.
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run it then click 'Run' then 'Start'.
  • Your desktop will disappear, this is normal, it will return.
  • If prompted, click "Yes" to reboot.
------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\WINDOWS\eregafey.dll"
"C:\WINDOWS\ilixevokoxa.dll"
"C:\WINDOWS\iqeqeribeciduwa.dll"
"C:\WINDOWS\ixodowubucudiro.dll"
"C:\WINDOWS\otomamum.dll"
"C:\WINDOWS\ovexuyoy.dll"
"F:\Documents and Settings\Matt\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\25\77faa0d9-48a6df9d"
"F:\RECYCLER\S-1-5-21-796845957-1229272821-1644491937-1003\Df5.exe"


) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.bat to run it.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------

Please run dds again and post/attach the logs as before.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Old 04-16-2012, 02:26 PM   #7
Registered Member
 
Join Date: Apr 2012
Posts: 6
OS: W-XP


Re: have internet connection but browsers do not work
Hello Chemist...The fix.bat file showed "Deleted Sucessfully" :)
Below are the DDS and Attach reports..

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.3.1
Run by Matt at 17:05:40 on 2012-04-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.672 [GMT -4:00]
.
.
============== Running Processes ===============
.
F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\WINDOWS\system32\spoolsv.exe
svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\igfxtray.exe
F:\WINDOWS\system32\hkcmd.exe
F:\WINDOWS\system32\igfxpers.exe
F:\Program Files\Common Files\Java\Java Update\jusched.exe
F:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe
F:\Program Files\OpenOffice.org 3\program\soffice.exe
F:\Program Files\Java\jre7\bin\jqs.exe
F:\Program Files\OpenOffice.org 3\program\soffice.bin
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - f:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [AnyDVD] f:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [DW6] "f:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
uRun: [cdloader] "f:\documents and settings\matt\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [EPSON Stylus NX400 Series] f:\windows\system32\spool\drivers\w32x86\3\e_fatiega.exe /fu "f:\windows\temp\E_S4E.tmp" /EF "HKCU"
mRun: [Adobe ARM] "f:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [igfxtray] f:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] f:\windows\system32\hkcmd.exe
mRun: [igfxpers] f:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "f:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "f:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: f:\docume~1\matt\startm~1\programs\startup\openof~1.lnk - f:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - f:\program files\belkin\belkin 802.11g wireless pci card configuration utility\Belkinwcui.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1296512312562
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0D59585E-CF63-4A3E-AA00-7DC54B256F42} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6A24073F-A4D0-425E-AA87-E86324DA97CC} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E6A15520-0D3F-4FF5-90CD-FC24378F46CD} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - f:\documents and settings\matt\application data\mozilla\firefox\profiles\klwt21j5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: f:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: f:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: f:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: f:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: f:\windows\system32\macromed\flash\NPSWF32_11_2_202_160.dll
.
============= SERVICES / DRIVERS ===============
.
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);f:\program files\google\update\GoogleUpdate.exe [2011-2-3 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;f:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-2-5 253088]
S3 gupdatem;Google Update Service (gupdatem);f:\program files\google\update\GoogleUpdate.exe [2011-2-3 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;f:\program files\mozilla maintenance service\maintenanceservice.exe [2012-3-20 129976]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;f:\windows\system32\drivers\wg111v2.sys [2007-12-26 272128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-15 22:36:09 -------- d-----w- f:\program files\ESET
2012-04-15 22:18:54 22344 ----a-w- f:\windows\system32\drivers\mbam.sys
2012-04-15 22:11:20 -------- d-----w- f:\program files\Oracle
2012-04-15 22:11:06 141312 ----a-w- f:\windows\system32\javacpl.cpl
2012-04-15 17:28:41 55296 -c----w- f:\windows\system32\dllcache\msfeedsbs.dll
2012-04-15 17:28:40 743424 -c----w- f:\windows\system32\dllcache\iedvtool.dll
2012-04-15 17:28:40 247808 -c----w- f:\windows\system32\dllcache\ieproxy.dll
2012-04-15 17:28:40 12800 -c----w- f:\windows\system32\dllcache\xpshims.dll
2012-04-15 17:28:39 602112 -c----w- f:\windows\system32\dllcache\msfeeds.dll
2012-04-15 17:28:38 2000384 -c----w- f:\windows\system32\dllcache\iertutil.dll
2012-04-06 18:33:41 20747 ----a-w- f:\windows\system32\drivers\AegisP.sys
2012-04-06 18:33:36 81920 ----a-w- f:\windows\system32\brdcm2k.dll
2012-04-06 18:33:36 61440 ----a-w- f:\windows\system32\BelkinHWStatus.dll
2012-04-06 18:33:36 53248 ----a-w- f:\windows\system32\preflib.dll
2012-04-06 18:33:36 204800 ----a-w- f:\windows\system32\UploadDLL.dll
2012-04-06 18:33:36 192512 ----a-w- f:\windows\system32\blkwcd.dll
2012-04-06 18:33:36 167936 ----a-w- f:\windows\system32\BelkinwcuiDLL.dll
2012-04-06 18:33:36 101888 ----a-w- f:\windows\system32\CrashRpt.dll
2012-04-06 18:33:36 -------- d-----w- f:\program files\Belkin
2012-04-06 17:01:35 116224 -c--a-w- f:\windows\system32\dllcache\xrxwiadr.dll
2012-04-06 17:01:34 23040 -c--a-w- f:\windows\system32\dllcache\xrxwbtmp.dll
2012-04-06 17:01:33 4608 -c--a-w- f:\windows\system32\dllcache\xrxflnch.exe
2012-04-06 17:01:33 27648 -c--a-w- f:\windows\system32\dllcache\xrxftplt.exe
2012-04-06 17:01:33 18944 -c--a-w- f:\windows\system32\dllcache\xrxscnui.dll
2012-04-06 17:01:01 99865 -c--a-w- f:\windows\system32\dllcache\xlog.exe
2012-04-06 16:59:57 25471 -c--a-w- f:\windows\system32\dllcache\watv10nt.sys
2012-04-06 16:58:53 166784 -c--a-w- f:\windows\system32\dllcache\tridxpm.sys
2012-04-06 16:57:56 48736 -c--a-w- f:\windows\system32\dllcache\srwlnd5.sys
2012-04-06 16:56:55 18400 -c--a-w- f:\windows\system32\dllcache\sgsmld.sys
2012-04-06 16:55:53 19584 -c--a-w- f:\windows\system32\dllcache\rasirda.sys
2012-04-06 16:54:56 41984 -c--a-w- f:\windows\system32\dllcache\ovui2rc.dll
2012-04-06 16:53:56 91488 -c--a-w- f:\windows\system32\dllcache\n9i3disp.dll
2012-04-06 16:52:57 35200 -c--a-w- f:\windows\system32\dllcache\msgame.sys
2012-04-06 16:51:59 802683 -c--a-w- f:\windows\system32\dllcache\ltsm.sys
2012-04-06 16:50:53 90200 -c--a-w- f:\windows\system32\dllcache\io8ports.dll
2012-04-06 16:49:43 1041536 -c--a-w- f:\windows\system32\dllcache\hsfdpsp2.sys
2012-04-06 16:48:53 92160 -c--a-w- f:\windows\system32\dllcache\fuusd.dll
2012-04-06 16:47:59 19594 -c--a-w- f:\windows\system32\dllcache\e100isa4.sys
2012-04-06 16:46:55 179584 -c--a-w- f:\windows\system32\dllcache\dac2w2k.sys
2012-04-06 16:45:58 7680 -c--a-w- f:\windows\system32\dllcache\cd20xrnt.sys
2012-04-06 16:44:59 13696 -c--a-w- f:\windows\system32\dllcache\avcstrm.sys
2012-04-06 16:43:57 3775 -c--a-w- f:\windows\system32\dllcache\adv11nt5.dll
2012-04-06 16:42:49 66048 -c--a-w- f:\windows\system32\dllcache\s3legacy.dll
2012-04-06 16:42:43 2192768 -c--a-w- f:\windows\system32\dllcache\ntoskrnl.exe
2012-04-06 16:15:55 135168 ----a-r- f:\windows\system32\igfxres.dll
2012-04-06 16:05:59 8704 -c--a-w- f:\windows\system32\dllcache\snmptrap.exe
2012-04-06 16:04:59 5632 -c--a-w- f:\windows\system32\dllcache\kbdfa.dll
2012-04-06 16:03:55 45568 -c--a-w- f:\windows\system32\dllcache\browscap.dll
2012-04-06 15:52:21 24661 -c--a-w- f:\windows\system32\dllcache\spxcoins.dll
2012-04-06 15:52:21 24661 ----a-w- f:\windows\system32\spxcoins.dll
2012-04-06 15:52:21 13312 -c--a-w- f:\windows\system32\dllcache\irclass.dll
2012-04-06 15:52:21 13312 ----a-w- f:\windows\system32\irclass.dll
2012-04-04 21:11:16 17149 ----a-w- f:\windows\system32\DNINDIS5.SYS
2012-03-28 19:05:02 -------- d-----w- f:\program files\AVAST Software
2012-03-28 19:05:02 -------- d-----w- f:\documents and settings\all users\application data\AVAST Software
2012-03-28 18:21:45 -------- d-----w- f:\documents and settings\all users\application data\IObit
2012-03-28 18:21:28 -------- d-----w- f:\documents and settings\matt\application data\IObit
2012-03-28 18:21:06 -------- d-----w- f:\program files\IObit
2012-03-28 13:55:37 0 --sha-w- f:\windows\system32\dds_trash_log.cmd
2012-03-20 13:56:00 -------- d-----w- f:\program files\Mozilla Maintenance Service
2012-03-20 13:55:59 145960 ----a-w- f:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-03-20 13:55:59 129976 ----a-w- f:\program files\mozilla firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-04-15 22:51:24 70304 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-15 22:51:24 418464 ----a-w- f:\windows\system32\FlashPlayerApp.exe
2012-03-09 14:12:36 121208 ----a-w- f:\windows\system32\drivers\AnyDVD.sys
2012-03-01 11:01:32 916992 ----a-w- f:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- f:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- f:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- f:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- f:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- f:\windows\system32\html.iec
2012-02-03 09:22:18 1860096 ----a-w- f:\windows\system32\win32k.sys
2012-01-29 10:10:42 237072 ------w- f:\windows\system32\MpSigStub.exe
.
============= FINISH: 1717.26 ===============
Attached Files
File Type: zip Newattach.zip (2.2 KB, 2 views)
__________________
palicea is offline  
Old 04-16-2012, 06:40 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 24,371
OS: XP SP3; Win7 32/64-bit


Re: have internet connection but browsers do not work
Hello again, palicea. It appears you haven't reinstalled avast!, or another antivirus of your choice.

Please do so, update and run a full system scan.

Then let me know and I will give you some final instructions.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Old 04-17-2012, 03:58 PM   #9
Registered Member
 
Join Date: Apr 2012
Posts: 6
OS: W-XP


Re: have internet connection but browsers do not work
Hello Chemist...I did reinstall Avast, and did an update.. The scan took 49 minutes and showed the message " No Virus Found".. Thank You so much for your help...
__________________
palicea is offline  
Old 04-17-2012, 05:11 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 24,371
OS: XP SP3; Win7 32/64-bit


Re: have internet connection but browsers do not work
Hello again, palicea. Your'e very welcome.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.
  • Go to Start > Run then copy/paste SYSDM.CPL into the Run box and click 'OK'.
  • Select the 'System Restore Tab'.
  • Tick on the checkbox - 'Turn off System Restore on all drives'
  • Click 'Apply'.
  • Then untick the same checkbox and click 'OK'.
This will flush out older, possibly infected System Restore Points and create one fresh, clean System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Make sure all your applications and browsers are up-to-date by visiting Secunia Online Software Inspector here:

Free Online Computer Scan - Online Software Inspector (OSI) - Secunia
  • Click 'Start Scanner'
  • Wait for Status/Currently Processing: at the lower left to say 'Java Applet loaded successfully. Press "Start" to begin.'
  • Click 'Start'.
  • The scan should take less than a minute or so.
  • When done, download and install all the recommended updates.
  • This will help ensure the malware writers cannot use exploits(bugs) in older versions of your applications to infect your computer in the future.
------------------------------------------------------

Also, support is ending for some versions of Windows > Windows End of Support Information - Windows Help & How-to

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for both Firefox and IE.
  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
    • Download Host.zip and Save it to your Desktop.
    • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
    • Follow the prompts and click 'Finish'.
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Old 04-17-2012, 07:28 PM   #11
Registered Member
 
Join Date: Apr 2012
Posts: 6
OS: W-XP


Re: have internet connection but browsers do not work
Hello again, Chemist...I ran Secunia and all is well !! Thank You for helping me through this problem..
__________________
palicea is offline  
Old 04-17-2012, 07:59 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 24,371
OS: XP SP3; Win7 32/64-bit


Re: have internet connection but browsers do not work
You're very welcome, palicea! Glad to have helped.

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of ASAP
Proud member of UNITE
chemist is offline  
 

« Cant open any Browsers other than IE | Virus slowing down my PC and blocking me out to remove it. »
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Post a Question




All times are GMT -7. The time now is 12:43 AM.

Contact Us - Tech Support Forum - Site Map - Community Rules - Terms of Service - Privacy - Privacy Statement - Top

Copyright 2001 - 2012, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security