Tech Support Forum banner
Cancel

I think I have a virus that is messing with lots of files

Jump to Latest Follow
Status
Not open for further replies.
1 - 15 of 15 Posts
D

· Registered
Joined
·
48 Posts
Discussion Starter · #1 ·
I have no idea what happened to cause it, but all of a sudden I can't open up many of my programs from the desktop (firefox and IE included) My wifi will keep disabling itself. I tried to do a system restore but found out that system restore had some how suddenly been turned off and all my restore points were gone.

Here is DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Ryan at 19:06:37 on 2013-03-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1341 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\DOCUME~1\Ryan\LOCALS~1\Temp\clclean.0001
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ryan\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14196
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uWinlogon: Shell = explorer.exe,c:\documents and settings\ryan\application data\skype.dat
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\ryan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Spotify] "c:\documents and settings\ryan\application data\spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "c:\documents and settings\ryan\application data\spotify\data\SpotifyWebHelper.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/OneClickFix/tgctlsr.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{1E9C1DE4-D4EC-448A-9FFF-7F525DAF10FC} : DHCPNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-15 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-15 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-15 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-15 44808]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2011-12-12 6609920]
S3 ExpressInvoiceService;Express Invoice;c:\program files\nch software\expressinvoice\expressinvoice.exe [2013-3-16 2234560]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-2-26 18560]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-5 22344]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-5 655944]
.
=============== File Associations ===============
.
ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-03-13 16:33:24 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 16:33:24 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-12-05 11:41:58 3552208 ----a-w- c:\program files\ccsetup313.exe
2011-12-02 18:22:59 6585536 ----a-w- c:\program files\yusetup7cnet.exe
2010-10-15 03:51:36 895256 ----a-w- c:\program files\DivXInstaller.exe
.
============= FINISH: 19:13:18.67 ===============
 

Attachments

ryder

· Registered
Joined
·
564 Posts
#2 ·
Hello!

I am currently reviewing your logfiles and will assist you shortly with instructions. Please be patient.

Meanwhile: Please subscribe to this thread if you have not done already and please don't do any other scans on your own and don't install or remove software. Thank you!
 
Save Share
ryder

· Registered
Joined
·
564 Posts
#3 ·
Hello Danigir1!

I'm going to help you with your malware related problem. Please read the following carefully, since it will help both of us to finish the job as fast as possible :)


  • Sometimes I will give you several steps for you to process. Please handle them in the mentioned order and copy either the logfile that is created into your thread or report if the step went well or what happened. If you don't understand either one step or a part of it: Please ask. Usually the people who ask for help are no computer experts and we are very good in explaining of what to do. :)
  • It is very important for me that your system does not change fast. Don't install or remove programms, don't run scans you were not instructed to either by me or a team member of TechSupportForum.
  • Please follow my instructions until the end. Even if you think the symptoms went away, the infection might still be present. I will tell you explicit once we are finished and will add tips for you how you can avoid future infections with malware.
  • We expect you to answer within 48 hrs after my last answer. Please be sure to subscribe to your thread so the forum will send you an email if a new answer has been written. In the case I won't answer within two days after your last answer please notify me by sending me a private message.
  • At last please note that I am not a native speaker (my mother language is German). So please avoid any slang words or odd expressions, because I won't understand them. Thank you!


Now its time to start: First we clear out the malware, then we run some checks and last we will update your system for safety.


Step 1:
Scan with aswMBR
Please download aswMBR.exe and save it to your desktop.

  • Start aswMBR.exe by doubleclick.
  • The tool will ask you if you like to scan with the latest virus definitions. Please allow that! This can also take a while. Please be patient.
  • Click Scan.
  • Wait until it tells you Scan finished successfully.
  • Click on Save Log, save it to your desktop and copy the aswMBR.txt into your answer.


Important: Do not click one of the Fix buttons without beeing told to do so!

Note: Should aswMBR crash during the scan please tell me and choose (none) from the dropdown menu.


Step 2:
Scan with TDSSKiller

Note: At this time we only want a scan - do not cure or repair anything.

Please download TDSSKiller.exe to your desktop.

  • Start the TDSSKiller.exe
  • Click Start Scan
  • If malicious objects were found, do NOT select Cure. Change the action to Skip and save the logfile. TDSSKiller will save the logfile usually in C:\
    Please post your logfile.
 
Save Share
D

· Registered
Joined
·
48 Posts
Discussion Starter · #4 ·
Thank you for the speedy response. Here are the logs you requested.

aswMBR:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-19 12:01:34
-----------------------------
12:01:34.906 OS Version: Windows 5.1.2600 Service Pack 3
12:01:34.906 Number of processors: 2 586 0xF06
12:01:34.906 ComputerName: LAPPY UserName: Ryan
12:01:40.250 Initialize success
12:01:40.468 AVAST engine defs: 13031800
12:01:59.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:01:59.968 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC74P Size: 152627MB BusType: 3
12:02:00.562 Disk 0 MBR read successfully
12:02:00.578 Disk 0 MBR scan
12:02:00.578 Disk 0 unknown MBR code
12:02:00.593 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
12:02:00.640 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145675 MB offset 96390
12:02:00.640 Disk 0 Partition - 00 0F Extended LBA 2047 MB offset 298439505
12:02:00.687 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4855 MB offset 302632470
12:02:00.750 Disk 0 Partition 4 00 DD MSWIN4.1 2047 MB offset 298439568
12:02:00.812 Disk 0 scanning sectors +312576705
12:02:01.593 Disk 0 scanning C:\WINDOWS\system32\drivers
12:03:28.156 Service scanning
12:04:59.593 Modules scanning
12:06:22.359 Disk 0 trace - called modules:
12:06:22.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
12:06:22.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a553ab8]
12:06:22.453 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000007b[0x8a59b250]
12:06:22.468 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5c3d98]
12:06:27.437 AVAST engine scan C:\WINDOWS
12:07:20.421 AVAST engine scan C:\WINDOWS\system32
12:27:18.250 AVAST engine scan C:\WINDOWS\system32\drivers
12:29:09.812 AVAST engine scan C:\Documents and Settings\Ryan
13:06:20.671 AVAST engine scan C:\Documents and Settings\All Users
13:14:45.968 Scan finished successfully
13:36:11.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ryan\Desktop\MBR.dat"
13:36:11.015 The log file has been saved successfully to "C:\Documents and Settings\Ryan\Desktop\aswMBR.txt"


TDSSkiller:

13:47:42.0062 4496 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:47:43.0421 4496 ============================================================
13:47:43.0421 4496 Current date / time: 2013/03/19 13:47:43.0421
13:47:43.0421 4496 SystemInfo:
13:47:43.0421 4496
13:47:43.0421 4496 OS Version: 5.1.2600 ServicePack: 3.0
13:47:43.0421 4496 Product type: Workstation
13:47:43.0421 4496 ComputerName: LAPPY
13:47:43.0421 4496 UserName: Ryan
13:47:43.0421 4496 Windows directory: C:\WINDOWS
13:47:43.0421 4496 System windows directory: C:\WINDOWS
13:47:43.0421 4496 Processor architecture: Intel x86
13:47:43.0421 4496 Number of processors: 2
13:47:43.0421 4496 Page size: 0x1000
13:47:43.0421 4496 Boot type: Normal boot
13:47:43.0421 4496 ============================================================
13:47:46.0437 4496 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:47:46.0453 4496 ============================================================
13:47:46.0453 4496 \Device\Harddisk0\DR0:
13:47:46.0453 4496 MBR partitions:
13:47:46.0453 4496 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x11C85ACB
13:47:46.0500 4496 ============================================================
13:47:46.0578 4496 C: <-> \Device\Harddisk0\DR0\Partition1
13:47:46.0578 4496 ============================================================
13:47:46.0578 4496 Initialize success
13:47:46.0578 4496 ============================================================
13:50:55.0453 5900 ============================================================
13:50:55.0453 5900 Scan started
13:50:55.0453 5900 Mode: Manual;
13:50:55.0453 5900 ============================================================
13:50:58.0656 5900 ================ Scan system memory ========================
13:50:58.0671 5900 System memory - ok
13:50:58.0671 5900 ================ Scan services =============================
13:50:59.0453 5900 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
13:50:59.0468 5900 Aavmker4 - ok
13:50:59.0468 5900 Abiosdsk - ok
13:50:59.0546 5900 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:50:59.0562 5900 abp480n5 - ok
13:50:59.0781 5900 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:50:59.0937 5900 ACPI - ok
13:50:59.0968 5900 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:50:59.0984 5900 ACPIEC - ok
13:51:00.0281 5900 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:51:00.0484 5900 AdobeFlashPlayerUpdateSvc - ok
13:51:00.0578 5900 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:51:00.0734 5900 adpu160m - ok
13:51:00.0937 5900 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:51:01.0046 5900 aec - ok
13:51:01.0109 5900 [ 2F7F3E8DA380325866E566F5D5EC23D5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
13:51:01.0125 5900 AegisP - ok
13:51:01.0296 5900 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:51:01.0390 5900 AFD - ok
13:51:02.0062 5900 [ 91637684AFBC847A563654C9B39A642C ] AffinegyService C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
13:51:02.0515 5900 AffinegyService - ok
13:51:02.0531 5900 AFGMp50 - ok
13:51:02.0593 5900 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] AFGSp50 C:\WINDOWS\system32\Drivers\AFGSp50.sys
13:51:02.0609 5900 AFGSp50 - ok
13:51:02.0703 5900 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
13:51:02.0734 5900 agp440 - ok
13:51:02.0781 5900 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:51:02.0828 5900 agpCPQ - ok
13:51:02.0859 5900 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:51:02.0875 5900 Aha154x - ok
13:51:02.0937 5900 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:51:02.0968 5900 aic78u2 - ok
13:51:03.0046 5900 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:51:03.0093 5900 aic78xx - ok
13:51:03.0156 5900 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:51:03.0156 5900 Alerter - ok
13:51:03.0218 5900 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:51:03.0250 5900 ALG - ok
13:51:03.0265 5900 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
13:51:03.0281 5900 AliIde - ok
13:51:03.0328 5900 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:51:03.0359 5900 alim1541 - ok
13:51:03.0406 5900 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:51:03.0453 5900 amdagp - ok
13:51:03.0468 5900 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
13:51:03.0484 5900 amsint - ok
13:51:03.0546 5900 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
13:51:03.0546 5900 APPDRV - ok
13:51:03.0812 5900 [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
13:51:03.0937 5900 Apple Mobile Device - ok
13:51:04.0109 5900 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:51:04.0203 5900 AppMgmt - ok
13:51:04.0281 5900 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:51:04.0328 5900 Arp1394 - ok
13:51:04.0390 5900 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
13:51:04.0406 5900 asc - ok
13:51:04.0437 5900 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:51:04.0468 5900 asc3350p - ok
13:51:04.0484 5900 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:51:04.0500 5900 asc3550 - ok
13:51:04.0546 5900 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
13:51:04.0562 5900 ASCTRM - ok
13:51:04.0796 5900 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:51:04.0875 5900 aspnet_state - ok
13:51:05.0000 5900 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:51:05.0015 5900 aswFsBlk - ok
13:51:05.0125 5900 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
13:51:05.0187 5900 aswMon2 - ok
13:51:05.0250 5900 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
13:51:05.0281 5900 aswRdr - ok
13:51:05.0953 5900 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
13:51:06.0562 5900 aswSnx - ok
13:51:06.0890 5900 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
13:51:07.0187 5900 aswSP - ok
13:51:07.0312 5900 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
13:51:07.0359 5900 aswTdi - ok
13:51:07.0406 5900 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:51:07.0421 5900 AsyncMac - ok
13:51:07.0546 5900 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:51:07.0546 5900 atapi - ok
13:51:07.0562 5900 Atdisk - ok
13:51:08.0000 5900 [ 3B11BE07AF444314794372AF5D7C9A5A ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
13:51:08.0296 5900 Ati HotKey Poller - ok
13:51:09.0656 5900 [ 2573C08729DD52B7B4F18DF1592E0B37 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:51:11.0250 5900 ati2mtag - ok
13:51:11.0328 5900 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:51:11.0390 5900 Atmarpc - ok
13:51:11.0468 5900 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:51:11.0468 5900 AudioSrv - ok
13:51:11.0515 5900 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:51:11.0531 5900 audstub - ok
13:51:11.0656 5900 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:51:11.0656 5900 avast! Antivirus - ok
13:51:11.0718 5900 [ 6489310D11971F6BA6C7F49BE0BAF6E0 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
13:51:11.0750 5900 bcm4sbxp - ok
13:51:11.0812 5900 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:51:11.0812 5900 Beep - ok
13:51:12.0218 5900 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:51:12.0593 5900 BITS - ok
13:51:12.0843 5900 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:51:13.0062 5900 Bonjour Service - ok
13:51:13.0171 5900 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:51:13.0187 5900 Browser - ok
13:51:13.0609 5900 catchme - ok
13:51:13.0671 5900 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:51:13.0671 5900 cbidf - ok
13:51:13.0703 5900 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:51:13.0703 5900 cbidf2k - ok
13:51:13.0750 5900 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:51:13.0765 5900 CCDECODE - ok
13:51:13.0781 5900 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:51:13.0796 5900 cd20xrnt - ok
13:51:13.0828 5900 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:51:13.0843 5900 Cdaudio - ok
13:51:13.0953 5900 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:51:14.0000 5900 Cdfs - ok
13:51:14.0078 5900 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:51:14.0125 5900 Cdrom - ok
13:51:14.0140 5900 Changer - ok
13:51:14.0187 5900 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:51:14.0187 5900 CiSvc - ok
13:51:14.0234 5900 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:51:14.0234 5900 ClipSrv - ok
13:51:14.0343 5900 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:51:14.0437 5900 clr_optimization_v2.0.50727_32 - ok
13:51:14.0500 5900 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:51:14.0500 5900 CmBatt - ok
13:51:14.0546 5900 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:51:14.0546 5900 CmdIde - ok
13:51:14.0593 5900 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:51:14.0593 5900 Compbatt - ok
13:51:14.0625 5900 COMSysApp - ok
13:51:14.0703 5900 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:51:14.0718 5900 Cpqarray - ok
13:51:14.0890 5900 [ 7DB5E3F44D797BD38B8E336CCC2E49D5 ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
13:51:15.0000 5900 Creative Labs Licensing Service - ok
13:51:15.0078 5900 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
13:51:15.0093 5900 Creative Service for CDROM Access - ok
13:51:15.0156 5900 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:51:15.0171 5900 CryptSvc - ok
13:51:15.0312 5900 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
13:51:15.0421 5900 ctsfm2k - ok
13:51:15.0578 5900 [ 4EE8822ADB764EDD28CE44E808097995 ] CTUSFSYN C:\WINDOWS\system32\drivers\ctusfsyn.sys
13:51:15.0703 5900 CTUSFSYN - ok
13:51:15.0921 5900 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:51:16.0218 5900 dac2w2k - ok
13:51:16.0250 5900 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:51:16.0265 5900 dac960nt - ok
13:51:16.0625 5900 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:51:16.0953 5900 DcomLaunch - ok
13:51:17.0109 5900 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:51:17.0296 5900 Dhcp - ok
13:51:17.0359 5900 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:51:17.0390 5900 Disk - ok
13:51:17.0390 5900 dlcf_device - ok
13:51:17.0406 5900 dmadmin - ok
13:51:18.0125 5900 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:51:18.0765 5900 dmboot - ok
13:51:18.0906 5900 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:51:19.0156 5900 dmio - ok
13:51:19.0234 5900 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:51:19.0250 5900 dmload - ok
13:51:19.0312 5900 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:51:19.0312 5900 dmserver - ok
13:51:19.0375 5900 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:51:19.0421 5900 DMusic - ok
13:51:19.0578 5900 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:51:19.0609 5900 Dnscache - ok
13:51:19.0765 5900 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:51:19.0828 5900 Dot3svc - ok
13:51:19.0890 5900 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:51:19.0906 5900 dpti2o - ok
13:51:19.0953 5900 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:51:19.0968 5900 drmkaud - ok
13:51:20.0187 5900 [ 2AC2372FFAD9ADC85672CC8E8AE14BE9 ] DSproct C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
13:51:20.0203 5900 DSproct - ok
13:51:20.0312 5900 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:51:20.0421 5900 E100B - ok
13:51:20.0484 5900 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:51:20.0500 5900 EapHost - ok
13:51:20.0796 5900 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
13:51:20.0937 5900 ehRecvr - ok
13:51:21.0062 5900 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
13:51:21.0406 5900 ehSched - ok
13:51:21.0468 5900 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:51:21.0468 5900 ERSvc - ok
13:51:21.0593 5900 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:51:21.0656 5900 Eventlog - ok
13:51:21.0890 5900 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
13:51:22.0156 5900 EventSystem - ok
13:51:24.0531 5900 [ 3CEFFC26C180D0909015BF34F4E93E6C ] ExpressInvoiceService C:\Program Files\NCH Software\ExpressInvoice\expressinvoice.exe
13:51:26.0703 5900 ExpressInvoiceService - ok
13:51:26.0843 5900 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:51:26.0953 5900 Fastfat - ok
13:51:27.0109 5900 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:51:27.0203 5900 FastUserSwitchingCompatibility - ok
13:51:27.0578 5900 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
13:51:28.0109 5900 Fax - ok
13:51:28.0171 5900 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:51:28.0203 5900 Fdc - ok
13:51:28.0265 5900 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:51:28.0296 5900 Fips - ok
13:51:28.0875 5900 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:51:29.0531 5900 FLEXnet Licensing Service - ok
13:51:29.0578 5900 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:51:29.0609 5900 Flpydisk - ok
13:51:29.0765 5900 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:51:29.0859 5900 FltMgr - ok
13:51:29.0906 5900 [ 8EFA9BFC940D9EB9348D9DAFB839FE25 ] FlyUsb C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
13:51:29.0921 5900 FlyUsb - ok
13:51:30.0015 5900 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:51:30.0046 5900 FontCache3.0.0.0 - ok
13:51:30.0093 5900 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:51:30.0109 5900 Fs_Rec - ok
13:51:30.0265 5900 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:51:30.0406 5900 Ftdisk - ok
13:51:30.0484 5900 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:51:30.0546 5900 Gpc - ok
13:51:30.0765 5900 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:51:30.0859 5900 gupdate - ok
13:51:30.0968 5900 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:51:30.0968 5900 gupdatem - ok
13:51:31.0218 5900 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:51:31.0390 5900 HDAudBus - ok
13:51:31.0515 5900 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:51:31.0546 5900 helpsvc - ok
13:51:31.0593 5900 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
13:51:31.0609 5900 HidServ - ok
13:51:31.0640 5900 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:51:31.0671 5900 HidUsb - ok
13:51:31.0812 5900 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:51:31.0828 5900 hkmsvc - ok
13:51:31.0890 5900 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
13:51:31.0906 5900 hpn - ok
13:51:32.0765 5900 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
13:51:33.0640 5900 HSF_DPV - ok
13:51:33.0843 5900 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
13:51:34.0000 5900 HSXHWAZL - ok
13:51:34.0281 5900 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:51:34.0500 5900 HTTP - ok
13:51:34.0546 5900 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:51:34.0578 5900 HTTPFilter - ok
13:51:34.0625 5900 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
13:51:34.0656 5900 i2omgmt - ok
13:51:34.0718 5900 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:51:34.0734 5900 i2omp - ok
13:51:34.0843 5900 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:51:34.0875 5900 i8042prt - ok
13:51:35.0031 5900 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:51:35.0093 5900 IDriverT - ok
13:51:36.0031 5900 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:51:36.0953 5900 idsvc - ok
13:51:37.0031 5900 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:51:37.0109 5900 Imapi - ok
13:51:37.0296 5900 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:51:37.0375 5900 ImapiService - ok
13:51:37.0421 5900 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:51:37.0437 5900 ini910u - ok
13:51:37.0484 5900 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
13:51:37.0578 5900 IntelIde - ok
13:51:37.0671 5900 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:51:37.0703 5900 intelppm - ok
13:51:37.0734 5900 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:51:37.0765 5900 Ip6Fw - ok
13:51:37.0843 5900 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:51:37.0859 5900 IpFilterDriver - ok
13:51:37.0937 5900 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:51:38.0250 5900 IpInIp - ok
13:51:38.0453 5900 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:51:38.0593 5900 IpNat - ok
13:51:38.0687 5900 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:51:38.0750 5900 IPSec - ok
13:51:38.0781 5900 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:51:38.0796 5900 IRENUM - ok
13:51:38.0875 5900 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:51:38.0906 5900 isapnp - ok
13:51:38.0937 5900 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:51:38.0968 5900 Kbdclass - ok
13:51:39.0000 5900 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:51:39.0015 5900 kbdhid - ok
13:51:39.0187 5900 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:51:39.0187 5900 kmixer - ok
13:51:39.0296 5900 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:51:39.0375 5900 KSecDD - ok
13:51:39.0500 5900 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:51:39.0593 5900 lanmanserver - ok
13:51:39.0750 5900 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:51:39.0843 5900 lanmanworkstation - ok
13:51:39.0843 5900 lbrtfdc - ok
13:51:40.0140 5900 [ DB0B6D9FD8ABE89B7E29341A6B876970 ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
13:51:47.0031 5900 Suspicious file (Forged): C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe. Real md5: DB0B6D9FD8ABE89B7E29341A6B876970, Fake md5: 32F1B95C60042F3D95FC8AB43559B3B1
13:51:47.0109 5900 LeapFrog Connect Device Service ( ForgedFile.Multi.Generic ) - warning
13:51:47.0109 5900 LeapFrog Connect Device Service - detected ForgedFile.Multi.Generic (1)
13:51:47.0171 5900 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:51:47.0187 5900 LmHosts - ok
13:51:47.0296 5900 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
13:51:47.0343 5900 MBAMProtector - ok
13:51:48.0359 5900 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:51:48.0968 5900 MBAMService - ok
13:51:49.0125 5900 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\WINDOWS\system32\DRIVERS\mcdbus.sys
13:51:49.0218 5900 mcdbus - ok
13:51:49.0343 5900 [ BEC8D118490817F93FBE620B30EC7264 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
13:51:49.0421 5900 McrdSvc - ok
13:51:49.0828 5900 [ E198E3D789C423D1EA2D5C4C6314553F ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
13:51:50.0078 5900 MDM - ok
13:51:50.0125 5900 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:51:50.0140 5900 mdmxsdk - ok
13:51:50.0218 5900 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:51:50.0234 5900 Messenger - ok
13:51:50.0359 5900 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
13:51:50.0453 5900 MHN - ok
13:51:50.0500 5900 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
13:51:50.0515 5900 MHNDRV - ok
13:51:50.0562 5900 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:51:50.0562 5900 mnmdd - ok
13:51:50.0640 5900 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:51:50.0656 5900 mnmsrvc - ok
13:51:50.0718 5900 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:51:50.0765 5900 Modem - ok
13:51:52.0187 5900 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] monfilt C:\WINDOWS\system32\drivers\monfilt.sys
13:51:53.0468 5900 monfilt - ok
13:51:53.0546 5900 [ FE80C18BA448DDD76B7BEAD9EB203D37 ] motmodem C:\WINDOWS\system32\DRIVERS\motmodem.sys
13:51:53.0562 5900 motmodem - ok
13:51:53.0609 5900 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:51:53.0640 5900 Mouclass - ok
13:51:53.0687 5900 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:51:53.0703 5900 mouhid - ok
13:51:53.0750 5900 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:51:53.0796 5900 MountMgr - ok
13:51:54.0031 5900 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:51:54.0187 5900 MozillaMaintenance - ok
13:51:54.0328 5900 [ 6AA46F9896D3C9E5A00E01BB416C707B ] mr7910 C:\WINDOWS\system32\DRIVERS\mr7910.sys
13:51:54.0421 5900 mr7910 - ok
13:51:54.0468 5900 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:51:54.0484 5900 mraid35x - ok
13:51:54.0671 5900 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:51:54.0906 5900 MRxDAV - ok
13:51:55.0312 5900 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:51:55.0750 5900 MRxSmb - ok
13:51:55.0843 5900 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:51:55.0859 5900 MSDTC - ok
13:51:55.0921 5900 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:51:55.0921 5900 Msfs - ok
13:51:55.0937 5900 MSIServer - ok
13:51:55.0984 5900 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:51:56.0000 5900 MSKSSRV - ok
13:51:56.0015 5900 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:51:56.0015 5900 MSPCLOCK - ok
13:51:56.0062 5900 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:51:56.0062 5900 MSPQM - ok
13:51:56.0093 5900 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:51:56.0109 5900 mssmbios - ok
13:51:56.0171 5900 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:51:56.0187 5900 MSTEE - ok
13:51:56.0296 5900 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:51:56.0375 5900 Mup - ok
13:51:56.0500 5900 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:51:56.0578 5900 NABTSFEC - ok
13:51:56.0984 5900 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:51:57.0203 5900 napagent - ok
13:51:57.0453 5900 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:51:57.0640 5900 NDIS - ok
13:51:57.0671 5900 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:51:57.0703 5900 NdisIP - ok
13:51:57.0765 5900 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:51:57.0765 5900 NdisTapi - ok
13:51:57.0796 5900 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:51:57.0812 5900 Ndisuio - ok
13:51:57.0906 5900 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:51:58.0046 5900 NdisWan - ok
13:51:58.0203 5900 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:51:58.0562 5900 NDProxy - ok
13:51:58.0640 5900 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:51:58.0671 5900 NetBIOS - ok
13:51:58.0859 5900 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\drivers\netbt.sys
13:51:59.0015 5900 NetBT - ok
13:51:59.0140 5900 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:51:59.0484 5900 NetDDE - ok
13:51:59.0625 5900 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:51:59.0703 5900 NetDDEdsdm - ok
13:51:59.0765 5900 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:51:59.0781 5900 Netlogon - ok
13:52:00.0015 5900 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:52:00.0203 5900 Netman - ok
13:52:00.0656 5900 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:52:00.0765 5900 NetTcpPortSharing - ok
13:52:00.0765 5900 NETw5x32 - ok
13:52:00.0921 5900 [ FCCB0342BE282B3E3BB7F7295A7FECA4 ] NETwLx32 C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
13:52:10.0328 5900 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\NETwLx32.sys. Real md5: FCCB0342BE282B3E3BB7F7295A7FECA4, Fake md5: 72062B53186E4A3F5FCBC41EBB62B905
13:52:10.0406 5900 NETwLx32 ( ForgedFile.Multi.Generic ) - warning
13:52:10.0406 5900 NETwLx32 - detected ForgedFile.Multi.Generic (1)
13:52:10.0671 5900 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:52:10.0718 5900 NIC1394 - ok
13:52:10.0968 5900 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:52:11.0281 5900 Nla - ok
13:52:11.0359 5900 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:52:11.0390 5900 Npfs - ok
13:52:11.0875 5900 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:52:12.0515 5900 Ntfs - ok
13:52:12.0562 5900 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:52:12.0562 5900 NtLmSsp - ok
13:52:12.0953 5900 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:52:13.0375 5900 NtmsSvc - ok
13:52:13.0421 5900 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:52:13.0437 5900 Null - ok
13:52:15.0203 5900 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:52:17.0062 5900 nv - ok
13:52:17.0156 5900 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:52:17.0203 5900 NwlnkFlt - ok
13:52:17.0250 5900 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:52:17.0296 5900 NwlnkFwd - ok
13:52:17.0375 5900 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:52:17.0421 5900 ohci1394 - ok
13:52:17.0796 5900 [ B17228142CEC9B3C222239FD935A37CA ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
13:52:17.0812 5900 omci - ok
13:52:17.0921 5900 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
13:52:18.0015 5900 ossrv - ok
13:52:18.0109 5900 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:52:18.0171 5900 Parport - ok
13:52:18.0203 5900 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:52:18.0234 5900 PartMgr - ok
13:52:18.0250 5900 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:52:18.0265 5900 ParVdm - ok
13:52:18.0375 5900 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:52:18.0500 5900 PCI - ok
13:52:18.0515 5900 PCIDump - ok
13:52:18.0750 5900 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:52:18.0765 5900 PCIIde - ok
13:52:18.0890 5900 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:52:19.0062 5900 Pcmcia - ok
13:52:19.0078 5900 PDCOMP - ok
13:52:19.0093 5900 PDFRAME - ok
13:52:19.0109 5900 PDRELI - ok
13:52:19.0125 5900 PDRFRAME - ok
13:52:19.0187 5900 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
13:52:19.0218 5900 perc2 - ok
13:52:19.0265 5900 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:52:19.0265 5900 perc2hib - ok
13:52:19.0421 5900 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:52:19.0453 5900 PlugPlay - ok
13:52:19.0468 5900 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:52:19.0484 5900 PolicyAgent - ok
13:52:19.0578 5900 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:52:19.0609 5900 PptpMiniport - ok
13:52:19.0640 5900 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:52:19.0656 5900 ProtectedStorage - ok
13:52:19.0718 5900 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:52:19.0781 5900 PSched - ok
13:52:19.0843 5900 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:52:19.0859 5900 Ptilink - ok
13:52:19.0953 5900 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:52:19.0984 5900 PxHelp20 - ok
13:52:20.0031 5900 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:52:20.0062 5900 ql1080 - ok
13:52:20.0125 5900 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:52:20.0156 5900 Ql10wnt - ok
13:52:20.0203 5900 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:52:20.0250 5900 ql12160 - ok
13:52:20.0328 5900 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:52:20.0375 5900 ql1240 - ok
13:52:20.0437 5900 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:52:20.0484 5900 ql1280 - ok
13:52:20.0718 5900 [ D2EA58899FCF66539FAD12897B787216 ] QWAVE C:\WINDOWS\system32\qwave.dll
13:52:20.0906 5900 QWAVE - ok
13:52:20.0953 5900 [ 2BB1D2BAF3493362E5C1949C5F210D5F ] QWAVEDRV C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
13:52:20.0968 5900 QWAVEDRV - ok
13:52:21.0046 5900 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:52:21.0046 5900 RasAcd - ok
13:52:21.0156 5900 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:52:21.0203 5900 RasAuto - ok
13:52:21.0250 5900 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:52:21.0343 5900 Rasl2tp - ok
13:52:21.0609 5900 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:52:21.0734 5900 RasMan - ok
13:52:21.0781 5900 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:52:21.0812 5900 RasPppoe - ok
13:52:21.0843 5900 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:52:21.0859 5900 Raspti - ok
13:52:22.0140 5900 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:52:22.0281 5900 Rdbss - ok
13:52:22.0296 5900 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:52:22.0312 5900 RDPCDD - ok
13:52:22.0531 5900 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:52:22.0765 5900 rdpdr - ok
13:52:22.0953 5900 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:52:23.0062 5900 RDPWD - ok
13:52:23.0218 5900 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:52:23.0390 5900 RDSessMgr - ok
13:52:23.0500 5900 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:52:23.0562 5900 redbook - ok
13:52:23.0640 5900 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:52:23.0656 5900 RemoteAccess - ok
13:52:23.0734 5900 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:52:23.0765 5900 RemoteRegistry - ok
13:52:23.0843 5900 [ 24ED7AF20651F9FA1F249482E7C1F165 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
13:52:23.0875 5900 rimmptsk - ok
13:52:23.0921 5900 [ 1BDBA2D2D402415A78A4BA766DFE0F7B ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
13:52:23.0968 5900 rimsptsk - ok
13:52:24.0218 5900 [ F774ECD11A064F0DEBB2D4395418153C ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
13:52:24.0562 5900 rismxdp - ok
13:52:24.0640 5900 [ 868E6C58E9B301A768AE50E2A8E3C5D5 ] RMSvc C:\WINDOWS\ehome\RMSvc.exe
13:52:24.0671 5900 RMSvc - ok
13:52:24.0765 5900 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:52:24.0781 5900 RpcLocator - ok
13:52:25.0140 5900 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
13:52:25.0171 5900 RpcSs - ok
13:52:25.0312 5900 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:52:25.0390 5900 RSVP - ok
13:52:25.0906 5900 [ 4F153709D0691C6DE8C9A4C5E813907C ] RT73 C:\WINDOWS\system32\DRIVERS\rt73.sys
13:52:26.0312 5900 RT73 - ok
13:52:26.0359 5900 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:52:26.0375 5900 SamSs - ok
13:52:26.0500 5900 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:52:26.0562 5900 SCardSvr - ok
13:52:26.0765 5900 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:52:26.0890 5900 Schedule - ok
13:52:26.0984 5900 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
13:52:27.0062 5900 sdbus - ok
13:52:27.0125 5900 [ 8EDD7B9E4A4B4C16E2DAB9188CAA861B ] SDDMI2 C:\WINDOWS\system32\DDMI2.sys
13:52:27.0125 5900 SDDMI2 - ok
13:52:27.0312 5900 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:52:27.0375 5900 Secdrv - ok
13:52:27.0437 5900 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:52:27.0468 5900 seclogon - ok
13:52:27.0515 5900 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:52:27.0609 5900 SENS - ok
13:52:27.0875 5900 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:52:27.0968 5900 serenum - ok
13:52:28.0046 5900 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:52:28.0093 5900 Serial - ok
13:52:28.0140 5900 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
13:52:28.0156 5900 sffdisk - ok
13:52:28.0187 5900 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
13:52:28.0203 5900 sffp_sd - ok
13:52:28.0234 5900 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:52:28.0250 5900 Sfloppy - ok
13:52:28.0578 5900 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:52:28.0812 5900 SharedAccess - ok
13:52:28.0953 5900 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:52:28.0984 5900 ShellHWDetection - ok
13:52:28.0984 5900 Simbad - ok
13:52:29.0031 5900 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:52:29.0078 5900 sisagp - ok
13:52:29.0125 5900 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:52:29.0140 5900 SLIP - ok
13:52:29.0296 5900 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:52:29.0343 5900 Sparrow - ok
13:52:29.0406 5900 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:52:29.0437 5900 splitter - ok
13:52:29.0531 5900 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:52:29.0578 5900 Spooler - ok
13:52:29.0671 5900 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:52:29.0734 5900 sr - ok
13:52:30.0000 5900 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:52:30.0171 5900 srservice - ok
13:52:30.0531 5900 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:52:30.0828 5900 Srv - ok
13:52:30.0921 5900 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:52:30.0953 5900 SSDPSRV - ok
13:52:32.0093 5900 [ 3AD78E22210D3FBD9F76DE84A8DF19B5 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
13:52:33.0250 5900 STHDA - ok
13:52:33.0671 5900 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:52:33.0968 5900 stisvc - ok
13:52:34.0062 5900 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:52:34.0125 5900 streamip - ok
13:52:34.0187 5900 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:52:34.0187 5900 swenum - ok
13:52:34.0281 5900 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:52:34.0328 5900 swmidi - ok
13:52:34.0343 5900 SwPrv - ok
13:52:34.0375 5900 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
13:52:34.0390 5900 symc810 - ok
13:52:34.0437 5900 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:52:34.0468 5900 symc8xx - ok
13:52:34.0500 5900 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:52:34.0562 5900 sym_hi - ok
13:52:34.0593 5900 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:52:34.0625 5900 sym_u3 - ok
13:52:34.0828 5900 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:52:34.0984 5900 SynTP - ok
13:52:35.0062 5900 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:52:35.0109 5900 sysaudio - ok
13:52:35.0234 5900 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:52:35.0281 5900 SysmonLog - ok
13:52:35.0562 5900 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:52:35.0796 5900 TapiSrv - ok
13:52:36.0156 5900 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:52:36.0453 5900 Tcpip - ok
13:52:36.0515 5900 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:52:36.0531 5900 TDPIPE - ok
13:52:36.0578 5900 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:52:36.0609 5900 TDTCP - ok
13:52:36.0671 5900 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:52:36.0703 5900 TermDD - ok
13:52:37.0000 5900 [ 7A014D2211FF90C76F20B776822B332E ] TermService C:\WINDOWS\System32\termsrv.dll
13:52:37.0218 5900 TermService - ok
13:52:37.0390 5900 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:52:37.0437 5900 Themes - ok
13:52:37.0625 5900 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
13:52:38.0031 5900 TlntSvr - ok
13:52:38.0093 5900 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
13:52:38.0109 5900 TosIde - ok
13:52:38.0218 5900 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:52:38.0296 5900 TrkWks - ok
13:52:38.0375 5900 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:52:38.0437 5900 Udfs - ok
13:52:38.0484 5900 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
13:52:38.0531 5900 ultra - ok
13:52:38.0953 5900 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:52:39.0375 5900 Update - ok
13:52:39.0578 5900 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:52:39.0765 5900 upnphost - ok
13:52:39.0812 5900 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:52:39.0859 5900 UPS - ok
13:52:40.0046 5900 [ 1DF89C499BF45D878B87EBD4421D462D ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
13:52:40.0078 5900 USBAAPL - ok
13:52:40.0156 5900 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
13:52:40.0218 5900 usbaudio - ok
13:52:40.0343 5900 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:52:40.0375 5900 usbccgp - ok
13:52:40.0453 5900 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:52:40.0484 5900 usbehci - ok
13:52:40.0609 5900 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:52:40.0671 5900 usbhub - ok
13:52:40.0750 5900 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:52:40.0781 5900 usbprint - ok
13:52:40.0843 5900 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:52:40.0859 5900 usbscan - ok
13:52:40.0921 5900 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:52:40.0953 5900 USBSTOR - ok
13:52:41.0031 5900 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:52:41.0062 5900 usbuhci - ok
13:52:41.0156 5900 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
13:52:41.0265 5900 usbvideo - ok
13:52:41.0312 5900 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:52:41.0375 5900 VgaSave - ok
13:52:41.0437 5900 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:52:41.0484 5900 viaagp - ok
13:52:41.0515 5900 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
13:52:41.0531 5900 ViaIde - ok
13:52:41.0593 5900 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:52:41.0656 5900 VolSnap - ok
13:52:41.0921 5900 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:52:42.0125 5900 VSS - ok
13:52:42.0328 5900 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
13:52:42.0562 5900 w32time - ok
13:52:43.0968 5900 [ 95C7421F8BAFC85BA09D33364058937D ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
13:52:45.0281 5900 w39n51 - ok
13:52:45.0375 5900 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:52:45.0406 5900 Wanarp - ok
13:52:45.0421 5900 wanatw - ok
13:52:45.0937 5900 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
13:52:46.0343 5900 Wdf01000 - ok
13:52:46.0359 5900 WDICA - ok
13:52:46.0468 5900 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:52:46.0546 5900 wdmaud - ok
13:52:46.0687 5900 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:52:46.0765 5900 WebClient - ok
13:52:47.0390 5900 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
13:52:48.0437 5900 winachsf - ok
13:52:48.0687 5900 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:52:48.0812 5900 winmgmt - ok
13:52:48.0875 5900 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:52:48.0906 5900 WmdmPmSN - ok
13:52:49.0515 5900 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
13:52:50.0093 5900 Wmi - ok
13:52:50.0140 5900 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:52:50.0156 5900 WmiAcpi - ok
13:52:50.0359 5900 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:52:50.0500 5900 WmiApSrv - ok
13:52:51.0453 5900 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:52:52.0234 5900 WMPNetworkSvc - ok
13:52:52.0281 5900 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:52:52.0343 5900 WpdUsb - ok
13:52:52.0390 5900 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:52:52.0406 5900 WS2IFSL - ok
13:52:52.0515 5900 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:52:52.0562 5900 wscsvc - ok
13:52:52.0640 5900 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:52:52.0671 5900 WSTCODEC - ok
13:52:52.0703 5900 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:52:52.0734 5900 wuauserv - ok
13:52:52.0968 5900 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:52:53.0109 5900 WudfPf - ok
13:52:53.0234 5900 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:52:53.0359 5900 WudfRd - ok
13:52:53.0453 5900 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:52:53.0484 5900 WudfSvc - ok
13:52:53.0921 5900 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:52:54.0453 5900 WZCSVC - ok
13:52:54.0593 5900 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:52:54.0656 5900 xmlprov - ok
13:52:54.0718 5900 ================ Scan global ===============================
13:52:54.0796 5900 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:52:55.0078 5900 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:52:55.0531 5900 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:52:55.0703 5900 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:52:55.0812 5900 [Global] - ok
13:52:55.0812 5900 ================ Scan MBR ==================================
13:52:55.0859 5900 [ 91722E6BC3A2B40FF00222DCA4A3DB3E ] \Device\Harddisk0\DR0
13:52:56.0484 5900 \Device\Harddisk0\DR0 - ok
13:52:56.0500 5900 ================ Scan VBR ==================================
13:52:56.0531 5900 [ 33ED1AC519D09DE1FF68800602075319 ] \Device\Harddisk0\DR0\Partition1
13:52:56.0531 5900 \Device\Harddisk0\DR0\Partition1 - ok
13:52:56.0531 5900 ============================================================
13:52:56.0531 5900 Scan finished
13:52:56.0531 5900 ============================================================
13:52:56.0562 3612 Detected object count: 2
13:52:56.0562 3612 Actual detected object count: 2
14:02:18.0812 3612 LeapFrog Connect Device Service ( ForgedFile.Multi.Generic ) - skipped by user
14:02:18.0812 3612 LeapFrog Connect Device Service ( ForgedFile.Multi.Generic ) - User select action: Skip
14:02:18.0812 3612 NETwLx32 ( ForgedFile.Multi.Generic ) - skipped by user
14:02:18.0812 3612 NETwLx32 ( ForgedFile.Multi.Generic ) - User select action: Skip
14:03:14.0140 4276 Deinitialize success
 
ryder

· Registered
Joined
·
564 Posts
#5 ·
Hi danigir1,

those logfiles did not show something too nasty. Let's clean out some malware and see if your situation will be better afterwards.

Scan with Combofix

Warning: Combofix shall only be run under the assistance of a trained helper!

Please download the latest version of Combofix to your desktop: LINK

  • Deactivate your security software during the run of Combofix (Instructions)
  • Start Combofix by doubleclicking and follow the instructions on screen.
  • If you have Windows XP: Combofix will try to download and install the recovery console during the first run. Please allow that.
  • While Combofix is running: Please don't use your computer and don't click anywhere with your mouse.
  • After a successful scan Combofix will open a logfile. Please copy it here into your thread. You can find it later here: c:\combofix.txt
  • Reactivate your security software now.


NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
Save Share
D

· Registered
Joined
·
48 Posts
Discussion Starter · #6 ·
ComboFix 13-03-19.01 - Ryan 03/19/2013 16:52:28.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.994 [GMT -4:00]
Running from: c:\documents and settings\Ryan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Ryan\LOCALS~1\Temp\AFF1.tmp\F_IN_BOX.dll
c:\documents and settings\All Users\Application Data\153818s7x458i353e555m5iun5f5
c:\documents and settings\Ryan\Application Data\skype.ini
c:\documents and settings\Ryan\Local Settings\temp\AFF1.tmp\F_IN_BOX.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\etc\lmhosts
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-02-19 to 2013-03-19 )))))))))))))))))))))))))))))))
.
.
2013-03-19 01:59 . 2013-03-19 01:59 -------- d-----w- C:\Temp
2013-03-18 17:33 . 2013-03-18 17:33 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2013-03-17 15:04 . 2013-03-17 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\APN
2013-03-16 19:59 . 2013-03-16 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2013-03-16 19:59 . 2013-03-16 20:23 -------- d-----w- c:\program files\NCH Software
2013-03-16 18:07 . 2013-03-16 18:07 -------- d-----w- c:\documents and settings\Ryan\Local Settings\Application Data\HP
2013-03-16 18:07 . 2012-01-31 16:51 506728 ----a-r- c:\windows\system32\hpinkstsAC11.dll
2013-03-16 18:07 . 2012-01-31 16:51 266088 ----a-r- c:\windows\system32\hpinkstsAC11LM.dll
2013-03-16 18:07 . 2012-01-31 16:51 2214248 ----a-r- c:\windows\system32\hpinkinsAC11.exe
2013-03-16 18:07 . 2012-01-31 16:51 219496 ----a-r- c:\windows\system32\hpinkcoiAC11.dll
2013-03-16 18:06 . 2013-03-16 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2013-03-16 18:05 . 2012-01-31 16:51 1960808 ----a-r- c:\windows\system32\HPScanTRDrv_DJ2510.dll
2013-03-16 18:05 . 2012-01-31 16:51 494952 ----a-r- c:\windows\system32\HPWia1_DJ2510.dll
2013-03-14 15:28 . 2013-03-14 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Belkin
2013-03-14 15:24 . 2010-08-23 00:01 27072 ----a-w- c:\windows\system32\drivers\AFGSp50.sys
2013-03-14 15:24 . 2013-03-14 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Affinegy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 16:33 . 2012-06-28 13:48 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 16:33 . 2012-06-28 13:48 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-05 20:05 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2005-08-16 10:18 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2005-08-16 10:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2005-08-16 10:18 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2005-08-16 10:18 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2005-08-16 10:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-04 04:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2005-08-16 10:18 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2005-08-16 10:18 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-12-05 11:41 . 2011-12-05 11:41 3552208 ----a-w- c:\program files\ccsetup313.exe
2011-12-02 18:22 . 2011-12-02 18:21 6585536 ----a-w- c:\program files\yusetup7cnet.exe
2010-10-15 03:51 . 2010-10-15 03:45 895256 ----a-w- c:\program files\DivXInstaller.exe
2013-03-08 00:57 . 2013-03-08 00:56 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Ryan\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Ryan\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Ryan\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Ryan\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"Spotify"="c:\documents and settings\Ryan\Application Data\Spotify\Spotify.exe" [2012-12-07 7880664]
"Spotify Web Helper"="c:\documents and settings\Ryan\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-12-07 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"MBMon"="CTMBHA.DLL" [2006-06-29 1355042]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-31 1654784]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-11-18 901800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2012-02-23 1885088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Ryan\Start Menu\Programs\Startup\
Dropbox.lnk - [N/A]
OpenOffice.org 3.4.1.lnk - [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - [N/A]
Extender Resource Monitor.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCFCATS]
2006-10-20 22:48 73728 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\dlcftime.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlcfcoms.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
"c:\\Documents and Settings\\Ryan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Ryan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Ryan\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/15/2011 5:45 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/15/2011 5:45 PM 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/15/2011 5:45 PM 21256]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [12/12/2011 12:01 PM 6609920]
S3 ExpressInvoiceService;Express Invoice;c:\program files\NCH Software\ExpressInvoice\expressinvoice.exe [3/16/2013 4:00 PM 2234560]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2/26/2008 8:33 PM 18560]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/5/2011 2:14 AM 22344]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/5/2011 2:14 AM 655944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sonicatheaterinstallerservice
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 16:33]
.
2013-03-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-23 23:50]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-01 16:39]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-01 16:39]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-213038204-917305889-292109868-1005Core.job
- c:\documents and settings\Ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-24 15:58]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-213038204-917305889-292109868-1005UA.job
- c:\documents and settings\Ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-24 15:58]
.
2013-03-19 c:\windows\Tasks\PixillionReminder.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2013-03-16 16:25]
.
2012-01-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-11-18 00:29]
.
2013-03-19 c:\windows\Tasks\User_Feed_Synchronization-{FEB093ED-48D7-470E-9DA9-F91BFBB21E21}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14196
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-03-19 17:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1144)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3468)
c:\windows\system32\WININET.dll
c:\documents and settings\Ryan\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\dlcfcoms.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\system32\Rundll32.exe
c:\docume~1\Ryan\LOCALS~1\Temp\clclean.0001
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
.
**************************************************************************
.
Completion time: 2013-03-19 17:58:46 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-19 21:58
ComboFix2.txt 2012-04-17 18:03
.
Pre-Run: 99,444,453,376 bytes free
Post-Run: 100,056,383,488 bytes free
.
- - End Of File - - 0F1B4B1664E0FA70C26F67A53C779C6E
 
D

· Registered
Joined
·
48 Posts
Discussion Starter · #7 ·
it was working better yesterday. I could click on the icons on the desktop and my internet stayed connected. But this morning I get on and I can't click anything on the desktop and my wifi was disabled for no reason again.
 
ryder

· Registered
Joined
·
564 Posts
#8 ·
Hi danigir1,

looks fine. Let's remove some leftovers and go on.

Note: PUP - Potentially Unwanted Program
As I see in your logfiles there are PUPs present on your computer (see: explanation). Those usually consume system resources, provide adverts and/or sniff for personal data on your computer. I strongy recommend to remove them.

I noticed you have Ask Toolbar installed
Please read this and decide if you want to keep it.
Current Practices of IAC/Ask Toolbars
SystemLookup - D4027C7F-154A-4066-A1AD-4243D8127440


Step 1:
Uninstall Software

Please go to the control panel and remove the following entries:
Code: 
Ask Toolbar
If asked by the uninstaller please reboot your machine. Did all went well?



Step 2:
Run a Combofix-Script

Warning: The following script was created for this user and this case of malware only!


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix (Instructions).
  • Open notepad and copy/paste the text in the quotebox below into it:
    Folder::
    c:\program files\bae
    Click to expand...
    Save this as CFScript.txt, in the same location as ComboFix.exe
  • Now to start the script:

    Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Step 3:
Double Check with ESET

Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan. If you use Firefox you have to download an installer application and start it.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.




Step 4:
Scan with SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.



Step 5:
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 
Save Share
D

· Registered
Joined
·
48 Posts
Discussion Starter · #9 · (Edited)
I just tried to uninstall the ask toolbar and I realized that whenever I try to do something, such as uninstall a program or download an update of some sort, it comes up saying that I can't do that when in safe mode or something about a windows installer not being installed correctly. I'm not in safe mode. So it won't let me uninstall the ask toolbar. says it can't be done in safe mode or the windows installer isn't correctly installed. I'll go ahead and run the other things you asked me too.

I also can't open up notepad. So I can't do the combofix you're requesting. I also tried to do the scan in IE but when I click on IE it'll pop up and then close right away.
 
ryder

· Registered
Joined
·
564 Posts
#10 ·
Hi Danigir1,

you can bypass that by pressing windowskey + R. Type notepad and press Enter.
 
Save Share
D

· Registered
Joined
·
48 Posts
Discussion Starter · #11 ·
Sorry it took so long to reply. The eset scan took a LONG time. I started it once and thought it had frozen up because it said it only took 2 hours to do the last scan and it was at 4 hours and stayed at 28 percent for 2 of those hours. So I ran it yesterday afternoon and this morning....10 hours later and 11 infections found. Plus my wifi kept disabling itself and not letting me enable it. Had to restart the computer to get it to work. I still couldn't get the ask toolbar uninstalled. it comes up saying "The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance" That message or similar message pops up a lot when I try to install updates or in this case uninstall a program. I keep getting a message to update my router drivers but it will pop up saying the update was cancelled. Here are the logs you requested:

Combofix:

ComboFix 13-03-21.02 - Ryan 03/22/2013 16:02:27.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1486 [GMT -4:00]
Running from: c:\documents and settings\Ryan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ryan\Desktop\CFscript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Ryan\LOCALS~1\Temp\AFF1.tmp\F_IN_BOX.dll
c:\docume~1\Ryan\LOCALS~1\Temp\clclean.0001.dir.0001\~df394b.tmp
c:\documents and settings\Ryan\Local Settings\temp\AFF1.tmp\F_IN_BOX.dll
c:\documents and settings\Ryan\Local Settings\temp\clclean.0001.dir.0001\~df394b.tmp
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2013-02-22 to 2013-03-22 )))))))))))))))))))))))))))))))
.
.
2013-03-19 01:59 . 2013-03-19 01:59 -------- d-----w- C:\Temp
2013-03-18 17:33 . 2013-03-18 17:33 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2013-03-17 15:04 . 2013-03-17 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\APN
2013-03-16 19:59 . 2013-03-16 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2013-03-16 19:59 . 2013-03-16 20:23 -------- d-----w- c:\program files\NCH Software
2013-03-16 18:07 . 2013-03-16 18:07 -------- d-----w- c:\documents and settings\Ryan\Local Settings\Application Data\HP
2013-03-16 18:07 . 2012-01-31 16:51 506728 ----a-r- c:\windows\system32\hpinkstsAC11.dll
2013-03-16 18:07 . 2012-01-31 16:51 266088 ----a-r- c:\windows\system32\hpinkstsAC11LM.dll
2013-03-16 18:07 . 2012-01-31 16:51 2214248 ----a-r- c:\windows\system32\hpinkinsAC11.exe
2013-03-16 18:07 . 2012-01-31 16:51 219496 ----a-r- c:\windows\system32\hpinkcoiAC11.dll
2013-03-16 18:06 . 2013-03-16 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2013-03-16 18:05 . 2012-01-31 16:51 1960808 ----a-r- c:\windows\system32\HPScanTRDrv_DJ2510.dll
2013-03-16 18:05 . 2012-01-31 16:51 494952 ----a-r- c:\windows\system32\HPWia1_DJ2510.dll
2013-03-14 15:28 . 2013-03-14 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Belkin
2013-03-14 15:24 . 2010-08-23 00:01 27072 ----a-w- c:\windows\system32\drivers\AFGSp50.sys
2013-03-14 15:24 . 2013-03-14 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Affinegy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 16:33 . 2012-06-28 13:48 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 16:33 . 2012-06-28 13:48 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-12 00:32 . 2009-12-04 00:51 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2005-08-16 10:18 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2005-08-16 10:18 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2005-08-16 10:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2005-08-16 10:18 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2005-08-16 10:18 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2005-08-16 10:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-04 04:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2005-08-16 10:18 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2005-08-16 10:18 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-12-05 11:41 . 2011-12-05 11:41 3552208 ----a-w- c:\program files\ccsetup313.exe
2011-12-02 18:22 . 2011-12-02 18:21 6585536 ----a-w- c:\program files\yusetup7cnet.exe
2010-10-15 03:51 . 2010-10-15 03:45 895256 ----a-w- c:\program files\DivXInstaller.exe
2013-03-08 00:57 . 2013-03-08 00:56 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Ryan\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Ryan\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Ryan\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Ryan\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"Spotify Web Helper"="c:\documents and settings\Ryan\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2013-03-21 1104280]
"Spotify"="c:\documents and settings\Ryan\Application Data\Spotify\Spotify.exe" [2013-03-21 4480920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"MBMon"="CTMBHA.DLL" [2006-06-29 1355042]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-31 1654784]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-11-18 901800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2012-02-23 1885088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Ryan\Start Menu\Programs\Startup\
Dropbox.lnk - [N/A]
OpenOffice.org 3.4.1.lnk - [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - [N/A]
Extender Resource Monitor.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCFCATS]
2006-10-20 22:48 73728 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\dlcftime.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlcfcoms.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
"c:\\Documents and Settings\\Ryan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Ryan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Ryan\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/15/2011 5:45 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/15/2011 5:45 PM 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/15/2011 5:45 PM 21256]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [12/12/2011 12:01 PM 6609920]
S3 ExpressInvoiceService;Express Invoice;c:\program files\NCH Software\ExpressInvoice\expressinvoice.exe [3/16/2013 4:00 PM 2234560]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2/26/2008 8:33 PM 18560]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/5/2011 2:14 AM 22344]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/5/2011 2:14 AM 655944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sonicatheaterinstallerservice
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 16:33]
.
2013-03-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-23 23:50]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-01 16:39]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-01 16:39]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-213038204-917305889-292109868-1005Core.job
- c:\documents and settings\Ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-24 15:58]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-213038204-917305889-292109868-1005UA.job
- c:\documents and settings\Ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-24 15:58]
.
2013-03-19 c:\windows\Tasks\PixillionReminder.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2013-03-16 16:25]
.
2012-01-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-11-18 00:29]
.
2013-03-22 c:\windows\Tasks\User_Feed_Synchronization-{FEB093ED-48D7-470E-9DA9-F91BFBB21E21}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14196
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-03-22 17:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1144)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3060)
c:\windows\system32\WININET.dll
c:\documents and settings\Ryan\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\dlcfcoms.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\stsystra.exe
c:\windows\system32\Rundll32.exe
c:\docume~1\Ryan\LOCALS~1\Temp\clclean.0001
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
.
**************************************************************************
.
Completion time: 2013-03-22 18:05:13 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-22 22:05
ComboFix2.txt 2013-03-22 10:38
ComboFix3.txt 2013-03-19 21:58
ComboFix4.txt 2012-04-17 18:03
.
Pre-Run: 99,831,631,872 bytes free
Post-Run: 99,815,997,440 bytes free
.
- - End Of File - - B38A159CFB27B7BF0547897D80A4723A

eset:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0b1be799ca3f2f478bb3ae80405810f7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-16 04:22:53
# local_time=2011-12-16 11:22:53 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=105015
# found=4
# cleaned=0
# scan_time=8533
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP485\A0175999.exe a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP485\A0176001.dll a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP485\A0176002.exe a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP485\A0176003.exe a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0b1be799ca3f2f478bb3ae80405810f7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-16 11:29:03
# local_time=2012-04-16 07:29:03 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 9645624 9645624 0 0
# scanned=99780
# found=23
# cleaned=0
# scan_time=8341
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ryan\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ryan\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\6.0\46\2fd1b4ee-183913bb a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\6.0\53\43508bf5-61b2f291 Java/Exploit.Agent.NAT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ryan\My Documents\Downloads\GoogleBar.exe MSIL/Solimba application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\yusetup7cnet.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP572\A0194549.dll a variant of Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP572\A0194550.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP572\A0194554.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP616\A0205431.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP616\A0205452.dll Win32/Sirefef.ER trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP616\A0205464.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP618\A0205489.dll Win32/Sirefef.ER trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP618\A0205497.new Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP619\A0205516.dll Win32/Sirefef.ER trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP619\A0205524.new Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP620\A0205543.dll Win32/Sirefef.ER trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP620\A0205551.new Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP620\A0205560.dll Win32/Sirefef.ER trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP622\A0205599.new Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0b1be799ca3f2f478bb3ae80405810f7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-17 02:26:18
# local_time=2012-04-17 10:26:18 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 9699504 9699504 0 0
# scanned=100426
# found=23
# cleaned=0
# scan_time=8295
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ryan\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ryan\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\6.0\46\2fd1b4ee-183913bb a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\6.0\53\43508bf5-61b2f291 Java/Exploit.Agent.NAT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ryan\My Documents\Downloads\GoogleBar.exe MSIL/Solimba application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\yusetup7cnet.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP572\A0194549.dll a variant of Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP572\A0194550.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP572\A0194554.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP616\A0205431.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP616\A0205452.dll Win32/Sirefef.ER trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP616\A0205464.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP618\A0205489.dll Win32/Sirefef.ER trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP618\A0205497.new Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP619\A0205516.dll Win32/Sirefef.ER trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP619\A0205524.new Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP620\A0205543.dll Win32/Sirefef.ER trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP620\A0205551.new Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP620\A0205560.dll Win32/Sirefef.ER trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP622\A0205599.new Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0b1be799ca3f2f478bb3ae80405810f7
# engine=13453
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-22 04:24:17
# local_time=2013-03-22 12:24:17 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=774 16777213 85 94 195107 139714529 0 0
# scanned=7069
# found=1
# cleaned=0
# scan_time=12250
sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll"
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0b1be799ca3f2f478bb3ae80405810f7
# engine=13455
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-22 03:27:52
# local_time=2013-03-22 11:27:52 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=774 16777213 85 94 234922 139754344 0 0
# scanned=9931
# found=3
# cleaned=0
# scan_time=15873
sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll"
sh=111F5DC9E5B567C87978FF6589C6DE2E65BD7C46 ft=1 fh=c056d298663d36dd vn="multiple threats" ac=I fn="C:\Documents and Settings\Ryan\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe"
sh=70568D59C1CDFB7ADE43CBC12B7261ADC1975909 ft=1 fh=58fccf99ea53b1a1 vn="multiple threats" ac=I fn="C:\Documents and Settings\Ryan\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe"
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0b1be799ca3f2f478bb3ae80405810f7
# engine=13463
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-23 09:16:36
# local_time=2013-03-23 05:16:36 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=774 16777213 85 94 299046 139818468 0 0
# scanned=100296
# found=11
# cleaned=0
# scan_time=38805
sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll"
sh=111F5DC9E5B567C87978FF6589C6DE2E65BD7C46 ft=1 fh=c056d298663d36dd vn="multiple threats" ac=I fn="C:\Documents and Settings\Ryan\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe"
sh=70568D59C1CDFB7ADE43CBC12B7261ADC1975909 ft=1 fh=58fccf99ea53b1a1 vn="multiple threats" ac=I fn="C:\Documents and Settings\Ryan\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe"
sh=E8C0B6ACA8DDA57B58137DFBF72B3917D4000319 ft=1 fh=2356e94b48ea31ea vn="probably a variant of Win32/InstallIQ application" ac=I fn="C:\Documents and Settings\Ryan\My Documents\Downloads\7zip_installer_d162802.exe"
sh=F8B6F178AF529A0EE72920099C6C9A8E86105826 ft=1 fh=3e6423048db84890 vn="a variant of Win32/InstallCore.AZ application" ac=I fn="C:\Documents and Settings\Ryan\My Documents\Downloads\angry-birds-rio.exe"
sh=40D202A651FC7C6AE8C6773B0CD3FA8B652BCE09 ft=1 fh=9e25b6ea9088c4c6 vn="Win32/DownloadAdmin.G application" ac=I fn="C:\Documents and Settings\Ryan\My Documents\Downloads\cbsidlm-tr1_11-Business_Card_Designer_Plus-ORG-10005759.exe"
sh=A152670DED90CB649C380EF532A211DF8381CD60 ft=1 fh=e46ae670adf33920 vn="a variant of Win32/Soft32Downloader.C application" ac=I fn="C:\Documents and Settings\Ryan\My Documents\Downloads\dvd shrink setup.exe"
sh=CA5653424824A6C9437B6E8F76B453402E427F5F ft=1 fh=d10b7a04555ad0ad vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Documents and Settings\Ryan\My Documents\Downloads\frostwire-5.2.11.windows.exe"
sh=1C8DDED9F089F84721DB1BEA054B4B0B15C5A6CA ft=1 fh=ecff276ca1e29e8e vn="MSIL/Solimba application" ac=I fn="C:\Documents and Settings\Ryan\My Documents\Downloads\GoogleBar.exe"
sh=67C8E48529889F3C4D92348254B5889FFDC84A54 ft=1 fh=0e6c53368ebfdea8 vn="Win32/Toolbar.Zugo application" ac=I fn="C:\Program Files\yusetup7cnet.exe"
sh=AAC20AA5A24E6D5258A9EEACF399A09EC63DC9B4 ft=1 fh=761f52bbd8f193b0 vn="multiple threats" ac=I fn="C:\Program Files\FrostWire 5\frostwire-installer.exe"


Security Check:

Results of screen317's Security Check version 0.99.61
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (19.0.2)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````


FSS:

Farbar Service Scanner Version: 03-03-2013
Ran by Ryan (administrator) on 23-03-2013 at 07:15:22
Running from "C:\Documents and Settings\Ryan\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2005-08-16 06:18] - [2009-02-06 07:11] - 0110592 ____N (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
AegisP(13) aswTdi(15) Gpc(6) IPSec(5) NetBT(16) PSched(7) Tcpip(3)
0x0F00000005000000040000000100000002000000030000000F0000000B0000000E000000060000000700000008000000090000000A0000000C0000000D000000
IpSec Tag value is correct.

**** End of log ****
 
ryder

· Registered
Joined
·
564 Posts
#12 ·
Hi Danigir1,

good and bad news. The good one is - I don't see more malware on your computer. The bad one is I don't see a solution to your problems either. We can try something to help you with the Microsoft Installer and we will try to update some of your programs.

Step 1:
Remove Adware with AdwCleaner

Please download AdwCleaner to your desktop.

  • Start AdwCleaner with a double click and click on delete.
  • Your computer will be restartet once and sometimes more often. That is quite normal.
  • After the reboot you will find a logfile open, it can be found also here C:\AdwCleaner[R1].txt (or higher number). Please paste your logfile here.




Step 2:
Try to fix the Windows Installer

Please see this Link

Try both methods to restore your Installer service.


Step 3:
Your Downloads

While looking in your log file I noticed that you downloaded a lot of adware infected programs. Please delete the files from your downloads folder. Be more careful from where you download software. Free software is often bundeled with adware. Always thoose the custom install routine and deselect toolbars or other free helpers. Please be also careful with filesharing. Your Frostwire software is also full of adware and filesharing is always full of riscs since you never know from where the file came originally.

I list the files for you to delete:
C:\Documents and Settings\Ryan\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe
C:\Documents and Settings\Ryan\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe
C:\Documents and Settings\Ryan\My Documents\Downloads\7zip_installer_d162802.exe
C:\Documents and Settings\Ryan\My Documents\Downloads\angry-birds-rio.exe
C:\Documents and Settings\Ryan\My Documents\Downloads\cbsidlm-tr1_11-Business_Card_Designer_Plus-ORG-10005759.exe
C:\Documents and Settings\Ryan\My Documents\Downloads\dvd shrink setup.exe
C:\Documents and Settings\Ryan\My Documents\Downloads\frostwire-5.2.11.windows.exe
C:\Documents and Settings\Ryan\My Documents\Downloads\GoogleBar.exe
C:\Program Files\yusetup7cnet.exe
C:\Program Files\FrostWire 5\frostwire-installer.exe
Click to expand...
Step 4:
Updating Java and Clearing Cache

Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
  • Scroll down to where it says Java SE 7u17
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u15-windows-i586.exe to install the newest version.


  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are three options in the window to clear the cache - Leave these two Checked
      • Trace and Log Files
        Cached Applications and Applets

      • Click OK on Delete Temporary Files Window
        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.




Step 5:
Update Adobe Reader

Visit get.adobe.com/reader/ , uncheck the McAfee Security Scan Plus and download the latest version and install it.

Please report how that went.
 
Save Share
D

· Registered
Joined
·
48 Posts
Discussion Starter · #13 ·
I still can't click on my shortcuts on the desktop. And internet explorer still doesn't load up. It starts then shuts off. I was able to uninstall programs finally. But I still can't get my belt router firmware update to install. It keeps cancelling for no reason.



# AdwCleaner v2.115 - Logfile created 03/25/2013 at 16:53:06
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ryan - LAPPY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Ryan\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\58ddjh3b.default-1348222926194\searchplugins\Askcom.xml
File Deleted : C:\END
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Documents and Settings\dude\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Ryan\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Ryan\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Ryan\Local Settings\Application Data\Vuze_Remote
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/?l=dis&o=14196 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\58ddjh3b.default-1348222926194\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\dude\Application Data\Mozilla\Firefox\Profiles\byda3pgr.default\prefs.js

Deleted : user_pref("browser.startup.homepage", "hxxp://www.ask.com/?l=dis&o=14196");

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [10972 octets] - [25/03/2013 16:53:06]

########## EOF - C:\AdwCleaner[S1].txt - [11033 octets] ##########
 
ryder

· Registered
Joined
·
564 Posts
#14 ·
Hi Danigir1,

this part looks fine for me now. For your other problem I am sorry to tell you that I have no ideas left to help you and I'm sure it is not malware related anymore.

I sugest you to open a new thread in the XP section and tell the collegues that you already hat a malware removal. Maybe they are able to help you.
 
Save Share
1 - 15 of 15 Posts
Status
Not open for further replies.
About this Discussion
14 Replies
2 Participants
Last post:
Danigir1
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top