Solved UpdateFlashPlayer_######.exe Trojan

MattAB

Posts: 28   +0
First of all, I'm running Windows XP 32-bit. Found this (UpdateFlashPlayer_######.exe) in my processes after running my computer for the first time in a few days. I'm assuming it's something my mother accidently clicked and installed while I wasn't at home. This is making my computer extremely sluggish and creating randomly named files in random directories (mainly the System32 and Application Data folders). I've already ran a full scan with Malwarebytes and it found about 80 infections, I've quarantined and deleted them all the problem still is persisting. Now, Malwarebytes keeps generating a pop-up from the taskbar that says that it's protecting from a malicious website, even when my browser isn't running. Help would be very much appreciated, thank you.
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/8/2014
Scan Time: 3:25:14 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.08.06
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Matt

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 241273
Time Elapsed: 24 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 8
Trojan.Agent.ED, C:\WINDOWS\system32\zouvokn.exe, 288, Delete-on-Reboot, [d333601690eb59dd37e971d0bb4544bc]
Trojan.Agent.ED, C:\WINDOWS\system32\ysaxymaqhe.exe, 436, Delete-on-Reboot, [a75fd3a37b00b086200072cffb0546ba]
Trojan.Agent.ED, C:\WINDOWS\system32\nonuhoi.exe, 460, Delete-on-Reboot, [1bebf5817704270fbf61b889946c2ed2]
Trojan.Agent.ED, C:\WINDOWS\system32\buzeo.exe, 480, Delete-on-Reboot, [f1151462641756e03ee26fd24cb4be42]
Trojan.Agent.ED, C:\WINDOWS\system32\ovezo.exe, 688, Delete-on-Reboot, [fc0a294d6a116dc94bd573cec63ad62a]
Trojan.Agent.ED, C:\WINDOWS\system32\qovuewyr.exe, 960, Delete-on-Reboot, [27dfeb8bc4b775c1ec34d9684eb2758b]
Trojan.Agent.ED, C:\Documents and Settings\Matt\Application Data\Ticasif\afogh.exe, 1812, Delete-on-Reboot, [38ce1363d2a945f1889858e909f735cb]
Trojan.Agent.ED, C:\Documents and Settings\Matt\Application Data\Dyaqyxy\ylelqe.exe, 1520, Delete-on-Reboot, [3ec8c6b0fe7da0969f81c57ce21e619f]

Modules: 0
(No malicious items detected)

Registry Keys: 57
Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1721869557, Quarantined, [d333601690eb59dd37e971d0bb4544bc],
Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2219215403, Quarantined, [a75fd3a37b00b086200072cffb0546ba],
Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2484372270, Quarantined, [1bebf5817704270fbf61b889946c2ed2],
Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer29711255, Quarantined, [f1151462641756e03ee26fd24cb4be42],
Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer533481814, Quarantined, [fc0a294d6a116dc94bd573cec63ad62a],
Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer707576027, Quarantined, [27dfeb8bc4b775c1ec34d9684eb2758b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, Quarantined, [6c9abdb9097294a27a75e091d42e60a0],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, Quarantined, [6c9abdb9097294a27a75e091d42e60a0],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
PUP.Optional.FunMoods.A, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}, Quarantined, [a660185e4932072fd7077af4cd3532ce],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}, Quarantined, [a660185e4932072fd7077af4cd3532ce],
Adware.DealCabby, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0B4A07CF-45EB-4B10-B6BB-35568A2F89BE}, Quarantined, [81858fe7dd9ee254dbb9ea847e84bb45],
PUP.Optional.FunMoods.A, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [a5615a1c6417132319d3b19aa55dd22e],
PUP.Optional.Funmoods.A, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Quarantined, [8c7a8de9710a70c646f6d697d230649c],
Trojan.Downloader, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CA4520F3-AE13-4FB1-A513-58E23991C86D}, Quarantined, [18ee5d19cfac8caab0cc70e14fb3d32d],
Trojan.Downloader, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{CA4520F3-AE13-4FB1-A513-58E23991C86D}, Quarantined, [18ee5d19cfac8caab0cc70e14fb3d32d],
Adware.GamePlayLab, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11111111-1111-1111-1111-110011221158}, Quarantined, [8c7a8ee8f289f244683004481ee446ba],
Adware.GamePlayLab, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158}, Quarantined, [8c7a8ee8f289f244683004481ee446ba],
Adware.GamePlayLab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158}, Quarantined, [8c7a8ee8f289f244683004481ee446ba],
PUP.Optional.Mediabar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{28387537-e3f9-4ed7-860c-11e69af4a8a0}, Quarantined, [14f27ef8304bea4c697d4aeeaf532ad6],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [18eee49208731a1cd17c660bf11131cf],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}, Quarantined, [6c9ab5c1b1ca2b0bfdf4d29f04fe2cd4],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [7d89adc99edd9a9c91bdf37e12f0ab55],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc, Quarantined, [3bcb7cfa6a11162041adc4adaf539c64],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc.1, Quarantined, [1de97afc3348ec4aaa4491e0aa58d828],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\b, Quarantined, [6e98a7cf7b0000363db5205125dd7789],
PUP.Optional.Babylon.A, HKLM\SOFTWARE\BabylonToolbar, Quarantined, [a1657501d6a54beb5ff94d842dd66f91],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\DataMngr, Quarantined, [a2645521a5d61323f9abe4b7c042dd23],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, Quarantined, [b2542e48afcc1b1b7e349921fb074bb5],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, Quarantined, [bc4a482e413a72c49aefd3dc38cbf30d],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\fdloijijlkoblmigdofommgnheckmaki, Quarantined, [ed19d99d2952ca6cf0cf1676eb1809f7],
PUP.Optional.1ClickDownLoader.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jplinpmadfkdgipabgcdchbdikologlh, Quarantined, [e91d93e397e495a1b5d20f921be7768a],
PUP.GamesPlayLab, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\mpfapcdfbbledbojijcbcclmlieaoogk, Quarantined, [8c7abbbb502b6fc76d380fb76f938f71],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, Quarantined, [56b073034e2d86b0a70cbf11c1422bd5],
PUP.GamesPlayLab, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mpfapcdfbbledbojijcbcclmlieaoogk, Quarantined, [a363591dcab1f046644031954ab88878],
Trojan.Agent.SCS, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3518234236, Quarantined, [8d79b8bee9922f07f5c102c1e81b02fe],
Trojan.Agent.SCS, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3893759923, Quarantined, [da2c383e1a61ab8bd1e57a49f0137c84],
Trojan.Agent.SCS, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer52164496, Quarantined, [83833f37d8a378bec8eea81b0bf81fe1],
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, Quarantined, [18ee581efa818da9ed8a9d36847fdf21],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Quarantined, [75913244710a49edb6eb903f12f1ff01],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Quarantined, [d333bcba9dde0b2b0c9408c7ce35a45c],
PUP.Optional.FunMoods.A, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, Quarantined, [a561463085f6d5612e5c941b44bf02fe],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [2fd7c0b6f289c6708243f2dd897aa45c],

Registry Values: 10
Trojan.Agent.ED, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Cewipakaonkeemo, "C:\Documents and Settings\Matt\Application Data\Ticasif\afogh.exe", Quarantined, [38ce1363d2a945f1889858e909f735cb]
Trojan.Agent.ED, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Cewipakaonkeemo, "C:\Documents and Settings\Matt\Application Data\Ticasif\afogh.exe", Quarantined, [38ce1363d2a945f1889858e909f735cb]
Trojan.Agent.ED, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Exwuqyatamp, "C:\Documents and Settings\Matt\Application Data\Dyaqyxy\ylelqe.exe", Quarantined, [3ec8c6b0fe7da0969f81c57ce21e619f]
Trojan.Agent.ED, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Exwuqyatamp, "C:\Documents and Settings\Matt\Application Data\Dyaqyxy\ylelqe.exe", Quarantined, [3ec8c6b0fe7da0969f81c57ce21e619f]
Trojan.Agent.ED, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Bebayqbyyvagbu, "C:\Documents and Settings\Matt\Application Data\Haryko\icmyw.exe", Quarantined, [59ad87efdaa112249b85b28f6a96f60a]
Trojan.Agent.ED, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Laymsutoezna, "C:\Documents and Settings\Matt\Application Data\Ilazvuw\egifev.exe", Quarantined, [0afcafc7d8a358def030da67b24ebe42]
Trojan.Agent.ED, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Aqcuabxe, "C:\Documents and Settings\Matt\Application Data\Sewuve\onanxo.exe", Quarantined, [1fe78beb82f9c76f968aaa97bb45768a]
Trojan.Agent.ED, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Hyvalemy, "C:\Documents and Settings\Matt\Application Data\Ydowbu\bycoo.exe", Quarantined, [fb0bf77f403b71c50d13360bd7296a96]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, 11111111, Quarantined, [56b073034e2d86b0a70cbf11c1422bd5]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0C1F1M1J0K2Y1T1L2U0NtI0J, Quarantined, [2fd7c0b6f289c6708243f2dd897aa45c]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 48
Trojan.Agent.ED, C:\WINDOWS\system32\zouvokn.exe, Delete-on-Reboot, [d333601690eb59dd37e971d0bb4544bc],
Trojan.Agent.ED, C:\WINDOWS\system32\ysaxymaqhe.exe, Delete-on-Reboot, [a75fd3a37b00b086200072cffb0546ba],
Trojan.Agent.ED, C:\WINDOWS\system32\nonuhoi.exe, Delete-on-Reboot, [1bebf5817704270fbf61b889946c2ed2],
Trojan.Agent.ED, C:\WINDOWS\system32\buzeo.exe, Delete-on-Reboot, [f1151462641756e03ee26fd24cb4be42],
Trojan.Agent.ED, C:\WINDOWS\system32\ovezo.exe, Delete-on-Reboot, [fc0a294d6a116dc94bd573cec63ad62a],
Trojan.Agent.ED, C:\WINDOWS\system32\qovuewyr.exe, Delete-on-Reboot, [27dfeb8bc4b775c1ec34d9684eb2758b],
Trojan.Agent.ED, C:\Documents and Settings\Matt\Application Data\Ticasif\afogh.exe, Delete-on-Reboot, [38ce1363d2a945f1889858e909f735cb],
Trojan.Agent.ED, C:\Documents and Settings\Matt\Application Data\Dyaqyxy\ylelqe.exe, Delete-on-Reboot, [3ec8c6b0fe7da0969f81c57ce21e619f],
Trojan.Agent.ED, C:\Documents and Settings\Matt\Application Data\Haryko\icmyw.exe, Quarantined, [59ad87efdaa112249b85b28f6a96f60a],
Trojan.Agent.ED, C:\Documents and Settings\Matt\Application Data\Ilazvuw\egifev.exe, Quarantined, [0afcafc7d8a358def030da67b24ebe42],
Trojan.Agent.ED, C:\Documents and Settings\Matt\Application Data\Sewuve\onanxo.exe, Quarantined, [1fe78beb82f9c76f968aaa97bb45768a],
Trojan.Agent.ED, C:\Documents and Settings\Matt\Application Data\Ydowbu\bycoo.exe, Quarantined, [fb0bf77f403b71c50d13360bd7296a96],
PUP.Optional.InstalleRex, C:\Documents and Settings\Matt\My Documents\Downloads\Downloader_for_Chrono Trigger.exe, Quarantined, [9373e88edba07fb73628046e1fe23ac6],
PUP.Optional.Amonetize, C:\Documents and Settings\Matt\My Documents\Downloads\super mario land 2 gameboy rom__3039_i687494351_il14644679.exe, Quarantined, [b84ebdb9512a8ea81ce0dd66c83810f0],
PUP.Optional.Amonetize, C:\Documents and Settings\Matt\My Documents\Downloads\super mario land 2 gameboy rom__3516_i687493814_il14644553.exe, Quarantined, [d531581e42398ea8ec10fa4920e022de],
PUP.Optional.YourFileDownloader, C:\Documents and Settings\Matt\My Documents\Downloads\Super_Mario_Land_2_Rom_Gameboy_downloader.exe, Quarantined, [50b69ed89ae1181ef41a8d915ba5ab55],
Trojan.Agent.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_16767923.exe, Quarantined, [6c9af28406753afc42de8db4a65a6c94],
Trojan.Agent.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_189f51ac.exe, Quarantined, [07ffd79f3744d46227f957ea6c943ac6],
Spyware.Zbot.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_2c0d072a.exe, Quarantined, [cb3b9cdade9d979f9632d1b2857ccd33],
Trojan.Inject, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_3f2425d2.exe, Quarantined, [75916f076b1040f653df0f775fa2d22e],
Spyware.Zbot.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_45e73756.exe, Quarantined, [e6202650a7d4290daee2e69d54adcd33],
Trojan.Inject, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_466908f2.exe, Quarantined, [877fb7bfaecd92a45ad894f227da39c7],
Trojan.Agent.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_84b43772.exe, Quarantined, [08fea3d3b6c539fd80a0e45dfb057f81],
Spyware.Zbot.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_8954ef83.exe, Quarantined, [5ea803730f6cb086444cc1c25aa7eb15],
Spyware.Zbot.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_b58b4755.exe, Quarantined, [f115027487f44de9ae1ac6bd2bd67888],
Trojan.Agent.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_c382fc2d.exe, Quarantined, [28de83f3fb8091a5bc649fa214ec1de3],
Spyware.Zbot.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_c7f2f438.exe, Quarantined, [6c9a5a1ca8d345f13890740f758cbc44],
Trojan.Agent.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_d91ab8f6.exe, Quarantined, [e125175fb1ca5dd9958b8bb6d12ff20e],
Trojan.Agent.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_da196a06.exe, Quarantined, [60a64e28205b3ef8d14faa978f717789],
Spyware.Zbot.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_e4bde519.exe, Quarantined, [9472d6a0cab1b6800c8499ea61a035cb],
Trojan.Inject, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_e9eaa3cb.exe, Quarantined, [788ee98db1ca7bbbff33186e9c65b64a],
Trojan.Inject, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_1a694187.exe, Quarantined, [c5412353116a85b1ae841b6bd8290000],
Trojan.Inject, C:\Documents and Settings\Matt\Local Settings\Application Data\bgnaxboa.exe, Quarantined, [cf37adc91f5ced49ed450c7a8978e31d],
Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 1721869557.job, Quarantined, [f3139fd7b9c242f46858b209dc27d42c],
Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 2219215403.job, Quarantined, [6e980373b0cb59dd20a092298083b64a],
Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 2484372270.job, Quarantined, [2fd75422017a999d4779dfdcd92abb45],
Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 29711255.job, Quarantined, [32d49fd7592268ce4a76bb009b68e020],
Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 3518234236.job, Quarantined, [19ed94e2b4c7ac8a2997f6c5f11255ab],
Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 3893759923.job, Quarantined, [23e3beb89ae1a98de0e0714ac2415fa1],
Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 52164496.job, Quarantined, [d1356511d8a357df9f21e4d78b786f91],
Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 533481814.job, Quarantined, [b94dfc7a0675b5818040902bc1420ef2],
Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 707576027.job, Quarantined, [03038de99cdf5dd9c000e9d20bf87f81],
PUP.Optional.FunMoods.A, C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage, Quarantined, [32d4bdb9275464d235cbdd10ff04857b],
Trojan.Agent.SCS, C:\WINDOWS\system32\wioggy.exe, Quarantined, [8d79b8bee9922f07f5c102c1e81b02fe],
Trojan.Agent.SCS, C:\WINDOWS\system32\yclearxu.exe, Quarantined, [da2c383e1a61ab8bd1e57a49f0137c84],
Trojan.Agent.SCS, C:\WINDOWS\system32\awobosi.exe, Quarantined, [83833f37d8a378bec8eea81b0bf81fe1],
PUP.Optional.Babylon.A, C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.babylon.com/?affID=11...HP_ss&mntrId=d41f7928000000000000001e902d3d26",), Replaced,[2adce690d5a6280e93904d4f38cc02fe]
PUP.Optional.Babylon.A, C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.babylon.com/?affID=11...HP_ss&mntrId=d41f7928000000000000001e902d3d26" ],), Replaced,[8c7aacca5625e94d91c42d6f3bc949b7]

Physical Sectors: 0
(No malicious items detected)


(end)
 
ONLY THE ATTACH.TXT FILE WAS GENERATED, NOT THE DDS.TXT. UNSURE WHY, BUT HERE IS THE ATTACH.TXT FILE.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/5/2011 6:21:00 PM
System Uptime: 6/8/2014 4:05:51 PM (1 hours ago)
.
Motherboard: ELITEGROUP | | 945GCT-M3
Processor: Intel Celeron processor | Socket 775 | 1999/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 114.156 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 6.434 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_11C1&DEV_0620&SUBSYS_062111C1&REV_00\4&1AF1648C&0&18F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_11C1&DEV_0620&SUBSYS_062111C1&REV_00\4&1AF1648C&0&18F0
Service:
.
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\PRINTER\0000
Manufacturer:
Name:
PNP Device ID: ROOT\PRINTER\0000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Image File Execution Options =============
.
IFEO: Your Image File Name Here without a path - ntsd -d
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
22:27:15.0984 0x0c98 TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:54
22:27:18.0625 0x0c98 ============================================================
22:27:18.0625 0x0c98 Current date / time: 2014/06/08 22:27:18.0625
22:27:18.0625 0x0c98 SystemInfo:
22:27:18.0625 0x0c98
22:27:18.0625 0x0c98 OS Version: 5.1.2600 ServicePack: 3.0
22:27:18.0625 0x0c98 Product type: Workstation
22:27:18.0625 0x0c98 ComputerName: BOSIACKI-44545F
22:27:18.0625 0x0c98 UserName: Matt
22:27:18.0625 0x0c98 Windows directory: C:\WINDOWS
22:27:18.0625 0x0c98 System windows directory: C:\WINDOWS
22:27:18.0625 0x0c98 Processor architecture: Intel x86
22:27:18.0625 0x0c98 Number of processors: 1
22:27:18.0625 0x0c98 Page size: 0x1000
22:27:18.0625 0x0c98 Boot type: Normal boot
22:27:18.0625 0x0c98 ============================================================
22:27:21.0687 0x0c98 KLMD registered as C:\WINDOWS\system32\drivers\32003976.sys
22:27:21.0906 0x0c98 System UUID: {B5E97C83-8964-7688-A480-CDF88B298720}
22:27:22.0921 0x0c98 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:27:22.0921 0x0c98 ============================================================
22:27:22.0921 0x0c98 \Device\Harddisk0\DR0:
22:27:22.0921 0x0c98 MBR partitions:
22:27:22.0921 0x0c98 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xDCDD06
22:27:22.0921 0x0c98 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xDCDD45, BlocksNum 0x11C4AD7C
22:27:22.0921 0x0c98 ============================================================
22:27:22.0953 0x0c98 C: <-> \Device\Harddisk0\DR0\Partition2
22:27:22.0953 0x0c98 D: <-> \Device\Harddisk0\DR0\Partition1
22:27:22.0953 0x0c98 ============================================================
22:27:22.0953 0x0c98 Initialize success
22:27:22.0953 0x0c98 ============================================================
22:27:53.0593 0x0594 ============================================================
22:27:53.0593 0x0594 Scan started
22:27:53.0593 0x0594 Mode: Manual;
22:27:53.0593 0x0594 ============================================================
22:27:53.0593 0x0594 KSN ping started
22:28:08.0140 0x0594 KSN ping finished: true
22:28:09.0265 0x0594 ================ Scan system memory ========================
22:28:09.0281 0x0594 System memory - ok
22:28:09.0281 0x0594 ================ Scan services =============================
22:28:09.0562 0x0594 Abiosdsk - ok
22:28:09.0578 0x0594 abp480n5 - ok
22:28:09.0625 0x0594 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:28:09.0625 0x0594 ACPI - ok
22:28:09.0750 0x0594 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:28:09.0750 0x0594 ACPIEC - ok
22:28:09.0765 0x0594 adpu160m - ok
22:28:09.0812 0x0594 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:28:09.0812 0x0594 aec - ok
22:28:09.0875 0x0594 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:28:09.0875 0x0594 AFD - ok
22:28:09.0890 0x0594 Aha154x - ok
22:28:09.0890 0x0594 aic78u2 - ok
22:28:09.0906 0x0594 aic78xx - ok
22:28:09.0953 0x0594 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:28:09.0953 0x0594 Alerter - ok
22:28:09.0984 0x0594 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
22:28:09.0984 0x0594 ALG - ok
22:28:09.0984 0x0594 AliIde - ok
22:28:10.0093 0x0594 [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
22:28:10.0156 0x0594 Ambfilt - ok
22:28:10.0171 0x0594 amsint - ok
22:28:10.0187 0x0594 AppMgmt - ok
22:28:10.0187 0x0594 asc - ok
22:28:10.0203 0x0594 asc3350p - ok
22:28:10.0203 0x0594 asc3550 - ok
22:28:10.0453 0x0594 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:28:10.0453 0x0594 aspnet_state - ok
22:28:10.0500 0x0594 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:28:10.0500 0x0594 AsyncMac - ok
22:28:10.0515 0x0594 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:28:10.0515 0x0594 atapi - ok
22:28:10.0531 0x0594 Atdisk - ok
22:28:10.0562 0x0594 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:28:10.0562 0x0594 Atmarpc - ok
22:28:10.0593 0x0594 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:28:10.0609 0x0594 AudioSrv - ok
22:28:10.0640 0x0594 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:28:10.0640 0x0594 audstub - ok
22:28:10.0671 0x0594 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:28:10.0671 0x0594 Beep - ok
22:28:10.0734 0x0594 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
22:28:10.0781 0x0594 BITS - ok
22:28:10.0968 0x0594 [ F832F1505AD8B83474BD9A5B1B985E01, 205D9F237DD50FDF84F57CC53476B5ADB218A03A8B68B017AFF7CBD0DCAC71C4 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:28:10.0984 0x0594 Bonjour Service - ok
22:28:11.0015 0x0594 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
22:28:11.0031 0x0594 Browser - ok
22:28:11.0046 0x0594 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:28:11.0062 0x0594 cbidf2k - ok
22:28:11.0078 0x0594 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:28:11.0078 0x0594 CCDECODE - ok
22:28:11.0093 0x0594 cd20xrnt - ok
22:28:11.0125 0x0594 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:28:11.0125 0x0594 Cdaudio - ok
22:28:11.0156 0x0594 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:28:11.0156 0x0594 Cdfs - ok
22:28:11.0171 0x0594 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:28:11.0171 0x0594 Cdrom - ok
22:28:11.0187 0x0594 Changer - ok
22:28:11.0218 0x0594 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:28:11.0218 0x0594 CiSvc - ok
22:28:11.0234 0x0594 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:28:11.0234 0x0594 ClipSrv - ok
22:28:11.0296 0x0594 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:28:11.0343 0x0594 clr_optimization_v2.0.50727_32 - ok
22:28:11.0390 0x0594 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:28:11.0578 0x0594 clr_optimization_v4.0.30319_32 - ok
22:28:11.0578 0x0594 CmdIde - ok
22:28:11.0593 0x0594 COMSysApp - ok
22:28:11.0609 0x0594 Cpqarray - ok
22:28:11.0640 0x0594 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:28:11.0640 0x0594 CryptSvc - ok
22:28:11.0640 0x0594 dac2w2k - ok
22:28:11.0656 0x0594 dac960nt - ok
22:28:11.0718 0x0594 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:28:11.0750 0x0594 DcomLaunch - ok
22:28:11.0796 0x0594 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:28:11.0796 0x0594 Dhcp - ok
22:28:11.0843 0x0594 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:28:11.0843 0x0594 Disk - ok
22:28:11.0859 0x0594 dmadmin - ok
22:28:11.0906 0x0594 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:28:11.0937 0x0594 dmboot - ok
22:28:11.0953 0x0594 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:28:11.0968 0x0594 dmio - ok
22:28:12.0000 0x0594 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:28:12.0000 0x0594 dmload - ok
22:28:12.0031 0x0594 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
22:28:12.0031 0x0594 dmserver - ok
22:28:12.0062 0x0594 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:28:12.0062 0x0594 DMusic - ok
22:28:12.0093 0x0594 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:28:12.0093 0x0594 Dnscache - ok
22:28:12.0140 0x0594 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:28:12.0140 0x0594 Dot3svc - ok
22:28:12.0156 0x0594 dpti2o - ok
22:28:12.0171 0x0594 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:28:12.0171 0x0594 drmkaud - ok
22:28:12.0187 0x0594 EagleXNt - ok
22:28:12.0218 0x0594 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:28:12.0218 0x0594 EapHost - ok
22:28:12.0250 0x0594 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:28:12.0265 0x0594 ERSvc - ok
22:28:12.0296 0x0594 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
22:28:12.0296 0x0594 Eventlog - ok
22:28:12.0343 0x0594 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
22:28:12.0359 0x0594 EventSystem - ok
22:28:12.0390 0x0594 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:28:12.0390 0x0594 Fastfat - ok
22:28:12.0437 0x0594 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:28:12.0437 0x0594 FastUserSwitchingCompatibility - ok
22:28:12.0468 0x0594 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
22:28:12.0468 0x0594 Fdc - ok
22:28:12.0500 0x0594 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:28:12.0500 0x0594 Fips - ok
22:28:12.0515 0x0594 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:28:12.0531 0x0594 Flpydisk - ok
22:28:12.0562 0x0594 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:28:12.0578 0x0594 FltMgr - ok
22:28:12.0671 0x0594 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:28:12.0671 0x0594 FontCache3.0.0.0 - ok
22:28:12.0703 0x0594 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:28:12.0703 0x0594 Fs_Rec - ok
22:28:12.0734 0x0594 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:28:12.0734 0x0594 Ftdisk - ok
22:28:12.0781 0x0594 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:28:12.0781 0x0594 Gpc - ok
22:28:12.0843 0x0594 [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:28:12.0843 0x0594 gusvc - ok
22:28:12.0875 0x0594 [ 833051C6C6C42117191935F734CFBD97, 5EB5672ABC7994A4AFF855A572158B8BE4FC6E541CFD4B9BE4FF2739A9A6AFB8 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
22:28:12.0875 0x0594 hamachi - ok
22:28:12.0906 0x0594 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:28:12.0921 0x0594 HDAudBus - ok
22:28:12.0984 0x0594 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:28:12.0984 0x0594 helpsvc - ok
22:28:13.0015 0x0594 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
22:28:13.0015 0x0594 HidServ - ok
22:28:13.0046 0x0594 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:28:13.0046 0x0594 hidusb - ok
22:28:13.0093 0x0594 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:28:13.0093 0x0594 hkmsvc - ok
22:28:13.0093 0x0594 hpn - ok
22:28:13.0140 0x0594 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:28:13.0156 0x0594 HTTP - ok
22:28:13.0171 0x0594 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:28:13.0187 0x0594 HTTPFilter - ok
22:28:13.0187 0x0594 i2omgmt - ok
22:28:13.0203 0x0594 i2omp - ok
22:28:13.0218 0x0594 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:28:13.0218 0x0594 i8042prt - ok
22:28:13.0515 0x0594 [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:28:13.0781 0x0594 ialm - ok
22:28:13.0906 0x0594 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:28:13.0937 0x0594 idsvc - ok
22:28:13.0968 0x0594 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:28:13.0968 0x0594 Imapi - ok
22:28:14.0046 0x0594 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
22:28:14.0046 0x0594 ImapiService - ok
22:28:14.0062 0x0594 ini910u - ok
22:28:14.0250 0x0594 [ A30685283F90AE02F1CD50972C6065E3, 4686EE2FA6D738665D1AFA410451D24E60F080BE3EA72DB06AA3941C43C1F3C1 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:28:14.0406 0x0594 IntcAzAudAddService - ok
22:28:14.0437 0x0594 IntelIde - ok
22:28:14.0468 0x0594 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:28:14.0484 0x0594 intelppm - ok
22:28:14.0500 0x0594 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:28:14.0500 0x0594 Ip6Fw - ok
22:28:14.0531 0x0594 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:28:14.0531 0x0594 IpFilterDriver - ok
22:28:14.0546 0x0594 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:28:14.0546 0x0594 IpInIp - ok
22:28:14.0578 0x0594 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:28:14.0578 0x0594 IpNat - ok
22:28:14.0593 0x0594 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:28:14.0609 0x0594 IPSec - ok
22:28:14.0625 0x0594 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:28:14.0625 0x0594 IRENUM - ok
22:28:14.0656 0x0594 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:28:14.0656 0x0594 isapnp - ok
22:28:14.0812 0x0594 [ B9436A665A8621073A12338B16D7BFD4, 1F1CB4758768BF7B7DDB27BF9DA944D869B561ABF7EC39CEC059044E10C1EA88 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
22:28:14.0828 0x0594 JavaQuickStarterService - ok
22:28:14.0843 0x0594 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:28:14.0843 0x0594 Kbdclass - ok
22:28:14.0890 0x0594 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:28:14.0890 0x0594 kbdhid - ok
22:28:15.0062 0x0594 [ 19FF9DCCD9EAD8510DD71B594CBD7713, 74F0DD1B05B9D1808CBC20FC5C042250E6111C753DC5FDD6FC0826D9FB52B055 ] kinonivd C:\WINDOWS\system32\DRIVERS\kinonivd.sys
22:28:15.0171 0x0594 kinonivd - ok
22:28:15.0218 0x0594 [ BDF0D8FFB6652B885263BAEA6256ACC5, 3BEE9626D629872CAB1EAA1EEA9D0A1524ABAE7CD0279F47324FB109CD6B16B0 ] KINONI_Wave C:\WINDOWS\system32\drivers\kinonivad.sys
22:28:15.0218 0x0594 KINONI_Wave - ok
22:28:15.0250 0x0594 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:28:15.0250 0x0594 kmixer - ok
22:28:15.0296 0x0594 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:28:15.0296 0x0594 KSecDD - ok
22:28:15.0343 0x0594 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:28:15.0343 0x0594 lanmanserver - ok
22:28:15.0390 0x0594 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:28:15.0406 0x0594 lanmanworkstation - ok
22:28:15.0406 0x0594 lbrtfdc - ok
22:28:15.0421 0x0594 LeapFrog Connect Device Service - ok
22:28:15.0453 0x0594 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:28:15.0453 0x0594 LmHosts - ok
22:28:15.0500 0x0594 [ 8E17D513D8011B0EE03C355EAAB0E0CC, 39EF55FEE27C496E21BD601B3ADC145EDFE9297FFBC20F33160ABE2E7042D4EC ] ManyCam C:\WINDOWS\system32\DRIVERS\mcvidrv.sys
22:28:15.0500 0x0594 ManyCam - ok
22:28:15.0531 0x0594 [ 8683C1B450F4B3872839308D836E0F92, C6CEEEA780D2191AEAC2537FD96324FF5501D92CE46313FB95ABB51765D919ED ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
22:28:15.0531 0x0594 MBAMProtector - ok
22:28:15.0625 0x0594 [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
22:28:15.0703 0x0594 MBAMScheduler - ok
22:28:15.0796 0x0594 [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
22:28:15.0859 0x0594 MBAMService - ok
22:28:15.0890 0x0594 [ 12E71DA845D76665B56753AD149E32B3, 0E403710CCBACD5AB85FD4C32AAB6CB2C27BC1F043E8008EE49EE96ECA944146 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
22:28:15.0890 0x0594 MBAMSwissArmy - ok
22:28:15.0921 0x0594 [ 562D95E00E14A944DEBE655DECBD3F5B, 3F0A58546F1E5B8FD7BDE75C53BD81278DB32A1E67126839763EE438A727F15B ] mcaudrv_simple C:\WINDOWS\system32\drivers\mcaudrv.sys
22:28:15.0921 0x0594 mcaudrv_simple - ok
22:28:15.0953 0x0594 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:28:15.0953 0x0594 Messenger - ok
22:28:16.0000 0x0594 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:28:16.0000 0x0594 mnmdd - ok
22:28:16.0031 0x0594 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:28:16.0031 0x0594 mnmsrvc - ok
22:28:16.0109 0x0594 [ D8E559F4CDDBF7BB5A10C373843D8D25, EEA2578A56F8596FCB26E26F9A1A7D0C7E32215094CE0DA300251F6D39FBAB0C ] Mobiola Wave Service C:\Program Files\Common Files\SHAPE Services\Mobiola Wave Service\MobiolaWaveService.exe
22:28:16.0109 0x0594 Mobiola Wave Service - ok
22:28:16.0156 0x0594 [ 949DE050E5BA1D48D2EC562DEC0E7307, 10D58F6B15A9D64BA84C5F8B9F2EB93148AEFEF2859C4BA0347643D093B32B72 ] mobiolavs C:\WINDOWS\system32\DRIVERS\mobiolavs.sys
22:28:16.0156 0x0594 mobiolavs - ok
22:28:16.0171 0x0594 [ F410E5389661133E60D9D0816D9A5F79, 6D2C18A28F4FCDB3BBB23526DD2020C47CD1F6137D936EB801FDB8D00CD5ABCE ] MOBIOLA_Wave C:\WINDOWS\system32\drivers\mobiolawave.sys
22:28:16.0187 0x0594 MOBIOLA_Wave - ok
22:28:16.0203 0x0594 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:28:16.0203 0x0594 Modem - ok
22:28:16.0281 0x0594 [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
22:28:16.0343 0x0594 Monfilt - ok
22:28:16.0375 0x0594 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:28:16.0375 0x0594 Mouclass - ok
22:28:16.0406 0x0594 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:28:16.0406 0x0594 mouhid - ok
22:28:16.0437 0x0594 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:28:16.0437 0x0594 MountMgr - ok
22:28:16.0453 0x0594 mraid35x - ok
22:28:16.0468 0x0594 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:28:16.0484 0x0594 MRxDAV - ok
22:28:16.0531 0x0594 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:28:16.0546 0x0594 MRxSmb - ok
22:28:16.0593 0x0594 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:28:16.0593 0x0594 MSDTC - ok
22:28:16.0609 0x0594 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:28:16.0609 0x0594 Msfs - ok
22:28:16.0625 0x0594 MSIServer - ok
22:28:16.0656 0x0594 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:28:16.0656 0x0594 MSKSSRV - ok
22:28:16.0687 0x0594 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:28:16.0703 0x0594 MSPCLOCK - ok
22:28:16.0718 0x0594 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:28:16.0718 0x0594 MSPQM - ok
22:28:16.0750 0x0594 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:28:16.0750 0x0594 mssmbios - ok
22:28:16.0781 0x0594 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:28:16.0781 0x0594 MSTEE - ok
22:28:16.0828 0x0594 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:28:16.0828 0x0594 Mup - ok
22:28:16.0875 0x0594 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:28:16.0875 0x0594 NABTSFEC - ok
22:28:16.0921 0x0594 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:28:16.0937 0x0594 napagent - ok
22:28:16.0984 0x0594 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:28:17.0000 0x0594 NDIS - ok
22:28:17.0015 0x0594 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:28:17.0015 0x0594 NdisIP - ok
22:28:17.0046 0x0594 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:28:17.0046 0x0594 NdisTapi - ok
22:28:17.0062 0x0594 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:28:17.0062 0x0594 Ndisuio - ok
22:28:17.0093 0x0594 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:28:17.0093 0x0594 NdisWan - ok
22:28:17.0125 0x0594 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:28:17.0125 0x0594 NDProxy - ok
22:28:17.0140 0x0594 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:28:17.0140 0x0594 NetBIOS - ok
22:28:17.0171 0x0594 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:28:17.0171 0x0594 NetBT - ok
22:28:17.0218 0x0594 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
22:28:17.0234 0x0594 NetDDE - ok
22:28:17.0250 0x0594 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:28:17.0250 0x0594 NetDDEdsdm - ok
22:28:17.0281 0x0594 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB5
 
01 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:28:17.0296 0x0594 Netlogon - ok
22:28:17.0312 0x0594 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
22:28:17.0328 0x0594 Netman - ok
22:28:17.0375 0x0594 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:28:17.0421 0x0594 NetTcpPortSharing - ok
22:28:17.0468 0x0594 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
22:28:17.0468 0x0594 Nla - ok
22:28:17.0500 0x0594 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:28:17.0500 0x0594 Npfs - ok
22:28:17.0546 0x0594 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:28:17.0578 0x0594 Ntfs - ok
22:28:17.0593 0x0594 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:28:17.0593 0x0594 NtLmSsp - ok
22:28:17.0640 0x0594 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:28:17.0671 0x0594 NtmsSvc - ok
22:28:17.0703 0x0594 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
22:28:17.0703 0x0594 Null - ok
22:28:17.0765 0x0594 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:28:17.0765 0x0594 NwlnkFlt - ok
22:28:17.0781 0x0594 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:28:17.0781 0x0594 NwlnkFwd - ok
22:28:17.0828 0x0594 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:28:17.0828 0x0594 Parport - ok
22:28:17.0875 0x0594 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:28:17.0875 0x0594 PartMgr - ok
22:28:17.0906 0x0594 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:28:17.0906 0x0594 ParVdm - ok
22:28:17.0937 0x0594 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:28:17.0937 0x0594 PCI - ok
22:28:17.0953 0x0594 PCIDump - ok
22:28:18.0000 0x0594 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:28:18.0000 0x0594 PCIIde - ok
22:28:18.0015 0x0594 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:28:18.0015 0x0594 Pcmcia - ok
22:28:18.0031 0x0594 PDCOMP - ok
22:28:18.0031 0x0594 PDFRAME - ok
22:28:18.0046 0x0594 PDRELI - ok
22:28:18.0046 0x0594 PDRFRAME - ok
22:28:18.0062 0x0594 perc2 - ok
22:28:18.0062 0x0594 perc2hib - ok
22:28:18.0109 0x0594 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
22:28:18.0125 0x0594 PlugPlay - ok
22:28:18.0140 0x0594 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:28:18.0140 0x0594 PolicyAgent - ok
22:28:18.0187 0x0594 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:28:18.0187 0x0594 PptpMiniport - ok
22:28:18.0203 0x0594 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:28:18.0203 0x0594 ProtectedStorage - ok
22:28:18.0234 0x0594 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:28:18.0234 0x0594 PSched - ok
22:28:18.0265 0x0594 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:28:18.0265 0x0594 Ptilink - ok
22:28:18.0281 0x0594 ql1080 - ok
22:28:18.0281 0x0594 Ql10wnt - ok
22:28:18.0296 0x0594 ql12160 - ok
22:28:18.0296 0x0594 ql1240 - ok
22:28:18.0312 0x0594 ql1280 - ok
22:28:18.0328 0x0594 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:28:18.0328 0x0594 RasAcd - ok
22:28:18.0375 0x0594 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:28:18.0390 0x0594 RasAuto - ok
22:28:18.0406 0x0594 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:28:18.0406 0x0594 Rasl2tp - ok
22:28:18.0453 0x0594 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:28:18.0453 0x0594 RasMan - ok
22:28:18.0484 0x0594 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:28:18.0500 0x0594 RasPppoe - ok
22:28:18.0515 0x0594 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:28:18.0515 0x0594 Raspti - ok
22:28:18.0562 0x0594 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:28:18.0562 0x0594 Rdbss - ok
22:28:18.0593 0x0594 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:28:18.0593 0x0594 RDPCDD - ok
22:28:18.0640 0x0594 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:28:18.0656 0x0594 RDPWD - ok
22:28:18.0703 0x0594 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:28:18.0718 0x0594 RDSessMgr - ok
22:28:18.0750 0x0594 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:28:18.0750 0x0594 redbook - ok
22:28:18.0796 0x0594 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:28:18.0796 0x0594 RemoteAccess - ok
22:28:18.0843 0x0594 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
22:28:18.0843 0x0594 RpcLocator - ok
22:28:18.0890 0x0594 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:28:18.0906 0x0594 RpcSs - ok
22:28:18.0937 0x0594 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:28:18.0953 0x0594 RSVP - ok
22:28:18.0984 0x0594 [ D507C1400284176573224903819FFDA3, DD0BDB2AB39A8A0A300B6D60FB6A7F5BA08C4DB8F59E0A784FB763EA8AD72AB2 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:28:18.0984 0x0594 rtl8139 - ok
22:28:19.0000 0x0594 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
22:28:19.0000 0x0594 SamSs - ok
22:28:19.0046 0x0594 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:28:19.0046 0x0594 SCardSvr - ok
22:28:19.0078 0x0594 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:28:19.0109 0x0594 Schedule - ok
22:28:19.0125 0x0594 [ A689D522EEDF89401E1DA2FE883AA7EC, 15C03644972C6CD4E2D970F3513793BEF30E2E8F18A78369CCDBD090C3F94AE0 ] SCREAMINGBDRIVER C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
22:28:19.0125 0x0594 SCREAMINGBDRIVER - ok
22:28:19.0156 0x0594 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:28:19.0156 0x0594 Secdrv - ok
22:28:19.0187 0x0594 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:28:19.0187 0x0594 seclogon - ok
22:28:19.0203 0x0594 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
22:28:19.0218 0x0594 SENS - ok
22:28:19.0250 0x0594 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:28:19.0250 0x0594 serenum - ok
22:28:19.0265 0x0594 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:28:19.0265 0x0594 Serial - ok
22:28:19.0312 0x0594 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:28:19.0312 0x0594 Sfloppy - ok
22:28:19.0359 0x0594 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:28:19.0375 0x0594 SharedAccess - ok
22:28:19.0406 0x0594 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:28:19.0421 0x0594 ShellHWDetection - ok
22:28:19.0421 0x0594 Simbad - ok
22:28:19.0453 0x0594 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:28:19.0453 0x0594 SLIP - ok
22:28:19.0468 0x0594 Sparrow - ok
22:28:19.0484 0x0594 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:28:19.0484 0x0594 splitter - ok
22:28:19.0515 0x0594 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:28:19.0531 0x0594 Spooler - ok
22:28:19.0546 0x0594 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:28:19.0546 0x0594 sr - ok
22:28:19.0593 0x0594 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
22:28:19.0609 0x0594 srservice - ok
22:28:19.0656 0x0594 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:28:19.0671 0x0594 Srv - ok
22:28:19.0703 0x0594 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:28:19.0703 0x0594 SSDPSRV - ok
22:28:19.0750 0x0594 [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
22:28:19.0750 0x0594 StillCam - ok
22:28:19.0781 0x0594 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:28:19.0796 0x0594 stisvc - ok
22:28:19.0828 0x0594 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:28:19.0828 0x0594 streamip - ok
22:28:19.0859 0x0594 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:28:19.0859 0x0594 swenum - ok
22:28:19.0875 0x0594 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:28:19.0875 0x0594 swmidi - ok
22:28:19.0890 0x0594 SwPrv - ok
22:28:19.0906 0x0594 symc810 - ok
22:28:19.0906 0x0594 symc8xx - ok
22:28:19.0921 0x0594 sym_hi - ok
22:28:19.0921 0x0594 sym_u3 - ok
22:28:19.0953 0x0594 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:28:19.0953 0x0594 sysaudio - ok
22:28:20.0000 0x0594 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:28:20.0000 0x0594 SysmonLog - ok
22:28:20.0031 0x0594 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:28:20.0046 0x0594 TapiSrv - ok
22:28:20.0093 0x0594 [ D9F19E78F98834CB411D6AD3C68D181A, 21EB48314D6A96334DCA69390C9E1D36BE28D396A24DB94E72B8BAEAC9CB601A ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:28:20.0109 0x0594 Tcpip - ok
22:28:20.0156 0x0594 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:28:20.0156 0x0594 TDPIPE - ok
22:28:20.0171 0x0594 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:28:20.0171 0x0594 TDTCP - ok
22:28:20.0203 0x0594 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:28:20.0203 0x0594 TermDD - ok
22:28:20.0250 0x0594 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
22:28:20.0250 0x0594 TermService - ok
22:28:20.0281 0x0594 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
22:28:20.0281 0x0594 Themes - ok
22:28:20.0296 0x0594 TosIde - ok
22:28:20.0328 0x0594 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:28:20.0328 0x0594 TrkWks - ok
22:28:20.0359 0x0594 [ 72781580CAAA63B6242F3CDB7B838FC0, CD4721DE66B9234D5EC50BA6BEFF3C6D5AE4E931CB862951A53B0F094A217D52 ] tStLibG C:\WINDOWS\system32\drivers\tStLibG.sys
22:28:20.0359 0x0594 tStLibG - ok
22:28:20.0390 0x0594 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:28:20.0390 0x0594 Udfs - ok
22:28:20.0406 0x0594 ultra - ok
22:28:20.0453 0x0594 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:28:20.0453 0x0594 Update - ok
22:28:20.0484 0x0594 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
22:28:20.0500 0x0594 upnphost - ok
22:28:20.0531 0x0594 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
22:28:20.0531 0x0594 UPS - ok
22:28:20.0546 0x0594 USBAAPL - ok
22:28:20.0578 0x0594 [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
22:28:20.0578 0x0594 usbaudio - ok
22:28:20.0609 0x0594 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:28:20.0609 0x0594 usbccgp - ok
22:28:20.0640 0x0594 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:28:20.0640 0x0594 usbehci - ok
22:28:20.0687 0x0594 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:28:20.0687 0x0594 usbhub - ok
22:28:20.0718 0x0594 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:28:20.0718 0x0594 usbprint - ok
22:28:20.0765 0x0594 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:28:20.0765 0x0594 usbscan - ok
22:28:20.0796 0x0594 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:28:20.0796 0x0594 USBSTOR - ok
22:28:20.0812 0x0594 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:28:20.0812 0x0594 usbuhci - ok
22:28:20.0843 0x0594 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:28:20.0843 0x0594 VgaSave - ok
22:28:20.0859 0x0594 ViaIde - ok
22:28:20.0890 0x0594 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:28:20.0890 0x0594 VolSnap - ok
22:28:20.0937 0x0594 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
22:28:20.0937 0x0594 VSS - ok
22:28:20.0968 0x0594 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
22:28:20.0984 0x0594 W32Time - ok
22:28:21.0000 0x0594 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:28:21.0000 0x0594 Wanarp - ok
22:28:21.0015 0x0594 WDICA - ok
22:28:21.0046 0x0594 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:28:21.0046 0x0594 wdmaud - ok
22:28:21.0078 0x0594 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
22:28:21.0078 0x0594 WebClient - ok
22:28:21.0171 0x0594 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:28:21.0171 0x0594 winmgmt - ok
22:28:21.0281 0x0594 WinRing0_1_2_0 - ok
22:28:21.0359 0x0594 [ 18F347402DA544A780949B8FDF83351B, D1AD972D438A51A4998FEF68670395DAE3353240AD2A17F35794287AF0826FFB ] WinRM C:\WINDOWS\system32\WsmSvc.dll
22:28:21.0421 0x0594 WinRM - ok
22:28:21.0484 0x0594 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:28:21.0484 0x0594 WmdmPmSN - ok
22:28:21.0546 0x0594 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:28:21.0546 0x0594 WmiApSrv - ok
22:28:21.0640 0x0594 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
22:28:21.0687 0x0594 WMPNetworkSvc - ok
22:28:21.0734 0x0594 [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:28:21.0734 0x0594 WpdUsb - ok
22:28:21.0859 0x0594 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:28:21.0906 0x0594 WPFFontCache_v0400 - ok
22:28:21.0953 0x0594 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:28:21.0968 0x0594 wscsvc - ok
22:28:22.0000 0x0594 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:28:22.0000 0x0594 WSTCODEC - ok
22:28:22.0031 0x0594 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:28:22.0046 0x0594 wuauserv - ok
22:28:22.0078 0x0594 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:28:22.0078 0x0594 WudfPf - ok
22:28:22.0109 0x0594 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:28:22.0109 0x0594 WudfRd - ok
22:28:22.0125 0x0594 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:28:22.0140 0x0594 WudfSvc - ok
22:28:22.0187 0x0594 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:28:22.0203 0x0594 WZCSVC - ok
22:28:22.0218 0x0594 XDva397 - ok
22:28:22.0265 0x0594 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:28:22.0265 0x0594 xmlprov - ok
22:28:22.0281 0x0594 ================ Scan global ===============================
22:28:22.0328 0x0594 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
22:28:22.0359 0x0594 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
22:28:22.0390 0x0594 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
22:28:22.0437 0x0594 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
22:28:22.0437 0x0594 [ Global ] - ok
22:28:22.0437 0x0594 ================ Scan MBR ==================================
22:28:22.0468 0x0594 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:28:22.0656 0x0594 \Device\Harddisk0\DR0 - ok
22:28:22.0656 0x0594 ================ Scan VBR ==================================
22:28:22.0671 0x0594 [ C16A89128B77BCCF8D41BE119040740B ] \Device\Harddisk0\DR0\Partition1
22:28:22.0687 0x0594 \Device\Harddisk0\DR0\Partition1 - ok
22:28:22.0718 0x0594 [ 481DE038B3C54C51C17A514839DE0549 ] \Device\Harddisk0\DR0\Partition2
22:28:22.0750 0x0594 \Device\Harddisk0\DR0\Partition2 - detected Rootkit.Boot.Cidox.b ( 0 )
22:28:22.0750 0x0594 \Device\Harddisk0\DR0\Partition2 ( Rootkit.Boot.Cidox.b ) - infected
22:28:25.0281 0x0594 ================ Scan generic autorun ======================
22:28:26.0062 0x0594 [ 8D6C32D982DC380287D446DE1D166E48, FD699F7371B848B39941E88D4B8657508059725CA73DBB29FDC8EE7647359E26 ] C:\WINDOWS\RTHDCPL.EXE
22:28:26.0750 0x0594 RTHDCPL - ok
22:28:26.0812 0x0594 [ 8B4CBBA1EA526830C7F97E7822E2493A, 1DFD05B1C0050DB44F5B4293E5574BFC292AF804A63FC0A70131BB498C326977 ] C:\WINDOWS\ALCMTR.EXE
22:28:26.0828 0x0594 Alcmtr - ok
22:28:26.0828 0x0594 KernelFaultCheck - ok
22:28:26.0875 0x0594 [ F38092DE1D6A8CBB11B6B6D0F07E268E, 12D5AA6A51F0807A6DCAED51EB9E35EF8D34CD9C31B628B6EA38421415377BEE ] C:\WINDOWS\system32\igfxtray.exe
22:28:26.0890 0x0594 IgfxTray - ok
22:28:26.0921 0x0594 [ 2022C54B3A79A51C9538CE47D1F50BC3, AF3E60CAD38C2FEB6CD1BCFC3546C0D03ABA45E6ADF366E8F44659705F7EF0BA ] C:\WINDOWS\system32\igfxpers.exe
22:28:26.0921 0x0594 Persistence - ok
22:28:27.0062 0x0594 [ 86238088054D38A64EAEEC025618F6E3, 42C3315C8971C184A63DFFAF61ABAEE523C79B497AB51273D709F058EB4F6162 ] C:\Documents and Settings\Matt\Application Data\Erlubaa\cyewb.exe
22:28:27.0062 0x0594 Osinu - ok
22:28:27.0140 0x0594 [ DAA49E3F22CBD6A5DB803186BD261E7D, 8603F8E8116DF5310E964FD1232EE4B380B37FFDA2358FE242259C307777FB01 ] C:\Documents and Settings\Matt\Application Data\Daycbei\otnib.exe
22:28:27.0156 0x0594 Kaqyel - ok
22:28:27.0218 0x0594 [ AF59684E38174416F50D8ED350F45E59, E2CD9BCA16E6038D53A07C7EA2FE3258231AC0F07889771AAA285DEBA8893795 ] C:\Documents and Settings\Matt\Application Data\Yqkeqee\wuupes.exe
22:28:27.0234 0x0594 Viyfk - ok
22:28:27.0312 0x0594 [ 9E7FEA30D6FA956CEA87AA12A551BB5E, F384DA561DFA599E82659B3582BD90A89EC2AF2FD64FC10ADB79BE1409E9EFCC ] C:\Documents and Settings\Matt\Local Settings\Application Data\vnbvjjrc.exe
22:28:27.0312 0x0594 lepvqevc - ok
22:28:27.0343 0x0594 [ D99326A66611BE5BDF0128FACA199E38, 784DFFA1635013EE82B50CA46F403EE34A0661370734AC22ACEBAFEA613A5A10 ] C:\Documents and Settings\Matt\Local Settings\Application Data\rbasnutj.exe
22:28:27.0359 0x0594 oognpjsu - ok
22:28:27.0390 0x0594 [ 7377132BB1AC25D8B3134170B3661BBD, 22B3B108A8D2EE7357C2EAFDAFE788E4C2C2BBB4A92B1724E22B554CBB0481FD ] C:\Documents and Settings\Matt\Local Settings\Application Data\mlxckekp.exe
22:28:27.0390 0x0594 ckluxijb - ok
22:28:27.0437 0x0594 [ 86238088054D38A64EAEEC025618F6E3, 42C3315C8971C184A63DFFAF61ABAEE523C79B497AB51273D709F058EB4F6162 ] C:\Documents and Settings\Matt\Application Data\Erlubaa\cyewb.exe
22:28:27.0437 0x0594 Osinu - ok
22:28:27.0468 0x0594 [ D2C7F25275D1BF46E7328E90A12A07AB, DA608665F14F128CA3222845B820BAC70407488D40BFFA8E4B64DEEADF41F973 ] C:\Documents and Settings\Matt\Local Settings\Application Data\pplulhgx.exe
22:28:27.0484 0x0594 vsknfqit - ok
22:28:27.0531 0x0594 [ AF59684E38174416F50D8ED350F45E59, E2CD9BCA16E6038D53A07C7EA2FE3258231AC0F07889771AAA285DEBA8893795 ] C:\Documents and Settings\Matt\Application Data\Yqkeqee\wuupes.exe
22:28:27.0531 0x0594 Viyfk - ok
22:28:27.0546 0x0594 Waiting for KSN requests completion. In queue: 187
22:28:28.0546 0x0594 Waiting for KSN requests completion. In queue: 187
22:28:29.0546 0x0594 Waiting for KSN requests completion. In queue: 13
22:28:30.0984 0x0594 FW detected via SS1: AVG Firewall, 2012.0, disabled
22:28:31.0000 0x0594 Win FW state via NFM: enabled
22:28:33.0515 0x0594 ============================================================
22:28:33.0515 0x0594 Scan finished
22:28:33.0515 0x0594 ============================================================
22:28:33.0531 0x0510 Detected object count: 1
22:28:33.0531 0x0510 Actual detected object count: 1
22:28:50.0078 0x0510 \Device\Harddisk0\DR0\Partition2 - copied to quarantine
22:28:50.0109 0x0510 \Device\Harddisk0\DR0\Partition2 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
22:28:50.0125 0x0510 \Device\Harddisk0\DR0\Partition2 - ok
22:28:50.0125 0x0510 \Device\Harddisk0\DR0\Partition2 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
22:28:51.0812 0x0510 KLMD registered as C:\WINDOWS\system32\drivers\51050818.sys
22:28:55.0140 0x00f0 Deinitialize success
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.21376 BrowserJavaVersion: 10.51.2
Run by Matt at 23:03:06 on 2014-06-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.155 [GMT -4:00]
.
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\SHAPE Services\Mobiola Wave Service\MobiolaWaveService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Documents and Settings\Matt\Application Data\Erlubaa\cyewb.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Application Data\Erlubaa\cyewb.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=110803&tt=4812_4&babsrc=HP_ss&mntrId=d41f7928000000000000001e902d3d26
uSearch Bar = hxxp://dts.search-results.com/sidebar.html?src=ssb&appid=1157&systemid=1&sr=0
uProxyOverride = <local>;*.local
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms}
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [lepvqevc] "c:\documents and settings\matt\local settings\application data\vnbvjjrc.exe"
uRun: [oognpjsu] "c:\documents and settings\matt\local settings\application data\rbasnutj.exe"
uRun: [ckluxijb] "c:\documents and settings\matt\local settings\application data\mlxckekp.exe"
uRun: [Osinu] "c:\documents and settings\matt\application data\erlubaa\cyewb.exe"
uRun: [vsknfqit] "c:\documents and settings\matt\local settings\application data\pplulhgx.exe"
uRun: [Viyfk] "c:\documents and settings\matt\application data\yqkeqee\wuupes.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Osinu] "c:\documents and settings\matt\application data\erlubaa\cyewb.exe"
mRun: [Kaqyel] "c:\documents and settings\matt\application data\daycbei\otnib.exe"
mRun: [Viyfk] "c:\documents and settings\matt\application data\yqkeqee\wuupes.exe"
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343971702890
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343962434156
DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C44DFC31-8F0F-4D29-9DFD-0340E3064217} : DHCPNameServer = 209.18.47.61 209.18.47.62
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= prio.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [2014-5-17 55224]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-6-8 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-6-8 860472]
R2 Mobiola Wave Service;Mobiola Wave Service;c:\program files\common files\shape services\mobiola wave service\MobiolaWaveService.exe [2014-2-24 125088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-6-8 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-6-8 110296]
R3 MOBIOLA_Wave;Mobiola Wave Audio Device (WDM);c:\windows\system32\drivers\mobiolawave.sys [2014-2-24 24128]
R3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\drivers\mobiolavs.sys [2014-2-24 26512]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-10-5 1691480]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 KINONI_Wave;Kinoni Audio Source;c:\windows\system32\drivers\kinonivad.sys [2013-2-26 18432]
S3 kinonivd;Kinoni Video Source;c:\windows\system32\drivers\kinonivd.sys [2013-2-26 2782080]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2012-1-11 32000]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-2-22 22400]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\program files\razer\razer game booster\driver\winring0.sys --> c:\program files\razer\razer game booster\driver\WinRing0.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 XDva397;XDva397;\??\c:\windows\system32\xdva397.sys --> c:\windows\system32\XDva397.sys [?]
.
=============== Created Last 30 ================
.
2014-06-09 02:28:50 -------- d-----w- C:\TDSSKiller_Quarantine
2014-06-08 20:11:05 155648 ----a-w- c:\documents and settings\matt\local settings\application data\pplulhgx.exe
2014-06-08 19:23:43 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-08 19:22:38 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-08 19:22:38 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-08 19:22:38 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-08 19:22:38 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-06-08 19:21:31 -------- d-----w- c:\documents and settings\matt\application data\Yqkeqee
2014-06-08 19:19:08 -------- d-----w- c:\documents and settings\matt\application data\Daycbei
2014-06-08 19:16:01 -------- d-----w- c:\documents and settings\matt\application data\Erlubaa
2014-06-08 05:42:23 -------- d-----w- c:\documents and settings\matt\application data\Ydowbu
2014-06-08 05:28:44 -------- d-----w- c:\documents and settings\matt\application data\Sewuve
2014-06-08 05:25:12 -------- d-----w- c:\documents and settings\matt\application data\Ilazvuw
2014-06-07 23:11:34 -------- d-----w- c:\documents and settings\matt\application data\Dyaqyxy
2014-06-07 23:09:36 151552 ----a-w- c:\documents and settings\matt\local settings\application data\mlxckekp.exe
2014-06-07 04:37:47 -------- d-----w- c:\documents and settings\matt\application data\Haryko
2014-06-07 04:21:27 -------- d-----w- c:\documents and settings\matt\application data\Ticasif
2014-06-07 03:58:56 151552 ----a-w- c:\documents and settings\matt\local settings\application data\vnbvjjrc.exe
2014-06-07 03:56:46 227840 ----a-w- c:\documents and settings\matt\local settings\application data\rbasnutj.exe
2014-06-06 20:02:08 -------- d-----w- c:\documents and settings\matt\local settings\application data\Unity
2014-06-06 03:56:21 -------- d-----w- c:\documents and settings\matt\.Ambush07
2014-06-06 01:06:22 -------- d-----w- C:\GOG Games
2014-05-21 03:29:19 -------- d-----w- c:\documents and settings\matt\application data\.Arios_498
2014-05-17 18:34:46 55224 ----a-w- c:\windows\system32\drivers\tStLibG.sys
2014-05-17 17:00:17 -------- d-----w- c:\documents and settings\matt\application data\2657
2014-05-12 20:34:47 -------- d-----w- c:\documents and settings\matt\.astirch_file_store_32
2014-05-12 00:37:12 -------- d-----w- c:\documents and settings\matt\.Artemis
2014-05-11 05:27:05 -------- d-----w- c:\documents and settings\matt\MistexCachev2
.
==================== Find3M ====================
.
.
============= FINISH: 23:04:08.62 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/5/2011 6:21:00 PM
System Uptime: 6/8/2014 10:35:23 PM (1 hours ago)
.
Motherboard: ELITEGROUP | | 945GCT-M3
Processor: Intel Celeron processor | Socket 775 | 1999/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 114.248 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 6.434 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_11C1&DEV_0620&SUBSYS_062111C1&REV_00\4&1AF1648C&0&18F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_11C1&DEV_0620&SUBSYS_062111C1&REV_00\4&1AF1648C&0&18F0
Service:
.
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\PRINTER\0000
Manufacturer:
Name:
PNP Device ID: ROOT\PRINTER\0000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.07)
Bonjour
Canon MP495 series MP Drivers
CCleaner
GIMP 2.8.10
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB971276-v3)
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 51
Java Auto Updater
Java DB 10.6.2.1
Java SE Development Kit 7 Update 6
LeapFrog Connect
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Mobiola WebCamera for iPhone 2.2.0
MorphVOX Pro
MSVCRT
MSXML 6 Service Pack 2 (KB973686)
Notepad++
Picasa 3
Pokemon Online 2.4.1
Portal
Prio
Quake Live Mozilla Plugin
Realtek High Definition Audio Driver
RollerCoaster Tycoon Deluxe
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB2862772)
Security Update for Windows Internet Explorer 7 (KB2898785)
Security Update for Windows Internet Explorer 7 (KB2909921)
Security Update for Windows Internet Explorer 7 (KB2925418)
Security Update for Windows Internet Explorer 7 (KB2936068)
Security Update for Windows Internet Explorer 7 (KB2964358)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows XP (KB923789)
Segoe UI
Spotify
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.20 (32-bit)
WOW
.
==== Event Viewer Messages From Past Week ========
.
6/8/2014 3:22:00 PM, error: Service Control Manager [7034] - The Security Center Server - 3893759923 service terminated unexpectedly. It has done this 1 time(s).
6/8/2014 3:20:35 PM, error: Service Control Manager [7034] - The Security Center Server - 3518234236 service terminated unexpectedly. It has done this 1 time(s).
6/8/2014 3:20:29 PM, error: Service Control Manager [7034] - The Security Center Server - 52164496 service terminated unexpectedly. It has done this 1 time(s).
6/8/2014 10:22:11 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
6/3/2014 3:32:14 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
6/2/2014 10:03:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
.
==== End Of File ===========================
 
Very good :)

Step 1 in our preliminaries calls for installing one of proposed AV programs if you don't have any.
I don't see any AV program running.
What's up with that?

I can see some AVG leftovers so before installing any other AV program run AVG Remover: http://www.avg.com/us-en/utilities
 
I thought it would interfere with Malwarebytes, my apologies. I'm removing AVG and downloading Avast.
 
OK.
When done...

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Matt [Admin rights]
Mode : Remove -- Date : 06/09/2014 00:09:06

¤¤¤ Bad processes : 3 ¤¤¤
[Suspicious.Path] cyewb.exe -- C:\Documents and Settings\Matt\Application Data\Erlubaa\cyewb.exe[x] -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\WINDOWS\system32\svchost.exe[7] -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\WINDOWS\system32\svchost.exe[7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Osinu : "C:\Documents and Settings\Matt\Application Data\Erlubaa\cyewb.exe" [x] -> DELETED
[Suspicious.Path] HKEY_USERS\S-1-5-21-117609710-1078081533-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Run | Osinu : "C:\Documents and Settings\Matt\Application Data\Erlubaa\cyewb.exe" [x] -> DELETED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr -> NOT SELECTED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr -> NOT SELECTED
[PUM.SysRestore] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3160815AS +++++
--- User ---
[MBR] 7fcb9c20f623be3fc15af57388a490c3
[BSP] 3e1c90f8ffbae10da0f01d5e6725080a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 63 | Size: 7067 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 14474565 | Size: 145557 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_06092014_000902.log
 
I'm just waiting on the cleanup process, it's been taking forever. It found over 5000 malware objects.
 
My MBAR log files are 783,519 and 553,195 characters each, and it would take 28 posts to separate them. They even exceed the limits for Pastebin. What should I do?
 
Last edited:
Upload the file(s) here: http://www.sendspace.com/
Click on Browse button and navigate to the file you want to upload.
Click on Upload button.
Click on FIRST Copy Link button and paste the link in your next reply.
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.06.10.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Matt :: BOSIACKI-44545F [administrator]

6/10/2014 7:00:25 PM
mbar-log-2014-06-10 (19-00-25).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 243371
Time elapsed: 32 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.999000 GHz
Memory total: 1064812544, free: 523649024

Downloaded database version: v2014.06.10.01
Downloaded database version: v2014.06.10.02
Downloaded database version: v2014.06.10.03
Downloaded database version: v2014.06.10.04
Downloaded database version: v2014.06.10.05
Downloaded database version: v2014.06.10.06
Downloaded database version: v2014.06.10.07
Downloaded database version: v2014.06.10.08
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 23213B72

Partition information:

Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 14474502

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 14474565 Numsec = 298102140
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-14474565-I.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
Very good :)
We're getting there...

redtarget.gif

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

redtarget.gif
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 14-06-12.01 - Matt 06/12/2014 18:29:08.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.493 [GMT -4:00]
Running from: c:\documents and settings\Matt\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Matt\WINDOWS
c:\documents and settings\Matt\WINDOWS\crc32.crc
c:\documents and settings\Matt\WINDOWS\vcredist_32.dll
c:\windows\system32\SET1AF.tmp
c:\windows\system32\SET261.tmp
c:\windows\system32\SET265.tmp
c:\windows\system32\SET26D.tmp
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2014-05-12 to 2014-06-12 )))))))))))))))))))))))))))))))
.
.
2014-06-09 04:18 . 2014-06-10 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-06-09 04:05 . 2014-06-09 04:05 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\Temp
2014-06-09 03:59 . 2014-06-09 03:59 26624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-06-09 03:59 . 2014-06-09 03:59 -------- d-----w- C:\Documents
2014-06-09 03:59 . 2014-06-09 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
2014-06-09 03:54 . 2014-06-09 03:54 -------- d-----w- c:\documents and settings\Matt\Application Data\AVAST Software
2014-06-09 03:45 . 2014-06-09 03:45 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-06-09 03:45 . 2014-06-09 03:46 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-06-09 03:45 . 2014-06-09 03:45 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-06-09 03:45 . 2014-06-09 03:46 411680 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-06-09 03:45 . 2014-06-09 03:45 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-06-09 03:45 . 2014-06-09 03:45 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-06-09 03:45 . 2014-06-09 03:45 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-06-09 03:45 . 2014-06-09 03:46 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-06-09 03:45 . 2014-06-09 03:45 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-06-09 03:45 . 2014-06-09 03:45 43152 ----a-w- c:\windows\avastSS.scr
2014-06-09 02:28 . 2014-06-09 02:28 -------- d-----w- C:\TDSSKiller_Quarantine
2014-06-08 19:23 . 2014-06-12 21:17 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-08 19:22 . 2014-06-10 22:59 54232 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-08 19:22 . 2014-06-08 19:22 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-08 19:22 . 2014-06-08 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-06-08 19:22 . 2014-05-12 11:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-08 19:21 . 2014-06-09 03:56 -------- d-----w- c:\documents and settings\Matt\Application Data\Yqkeqee
2014-06-08 19:19 . 2014-06-09 03:56 -------- d-----w- c:\documents and settings\Matt\Application Data\Daycbei
2014-06-08 19:16 . 2014-06-10 01:17 -------- d-----w- c:\documents and settings\Matt\Application Data\Erlubaa
2014-06-08 05:42 . 2014-06-08 20:05 -------- d-----w- c:\documents and settings\Matt\Application Data\Ydowbu
2014-06-08 05:28 . 2014-06-08 20:05 -------- d-----w- c:\documents and settings\Matt\Application Data\Sewuve
2014-06-08 05:25 . 2014-06-08 20:05 -------- d-----w- c:\documents and settings\Matt\Application Data\Ilazvuw
2014-06-07 23:11 . 2014-06-08 20:05 -------- d-----w- c:\documents and settings\Matt\Application Data\Dyaqyxy
2014-06-07 04:37 . 2014-06-08 20:05 -------- d-----w- c:\documents and settings\Matt\Application Data\Haryko
2014-06-07 04:21 . 2014-06-08 20:05 -------- d-----w- c:\documents and settings\Matt\Application Data\Ticasif
2014-06-06 20:02 . 2014-06-06 20:02 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\Unity
2014-06-06 03:56 . 2014-06-06 03:57 -------- d-----w- c:\documents and settings\Matt\.Ambush07
2014-06-06 01:06 . 2014-06-06 01:06 -------- d-----w- C:\GOG Games
2014-05-21 03:29 . 2014-06-08 19:14 -------- d-----w- c:\documents and settings\Matt\Application Data\.Arios_498
2014-05-17 18:34 . 2014-05-17 18:34 55224 ----a-w- c:\windows\system32\drivers\tStLibG.sys
2014-05-17 17:00 . 2014-05-19 21:34 -------- d-----w- c:\documents and settings\Matt\Application Data\2657
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-09 03:45 . 2014-06-09 03:45 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1402285571437
2014-06-09 03:45 . 2014-06-09 03:45 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1402285571437
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 0B788EE2A876D7B31DF840C13F08CD2B . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-06-09 03:45 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-09 3890208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GB_UPDATE]
c:\program files\Razer\Razer Game Booster\AutoUpdate.exe/AUTORUN [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-12-21 06:04 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-05-09 01:12 116648 ----atw- c:\documents and settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-15 16:46 159744 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-12-15 02:32 1199576 ----a-w- c:\documents and settings\Matt\Application Data\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 14:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XeroxScannerDaemon]
2001-08-18 03:37 27648 ----a-w- c:\program files\xerox\nwwia\XrxFTPLt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"LeapFrog Connect Device Service"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"AdvancedSystemCareService5"=2 (0x2)
"NtLmSsp"=3 (0x3)
"napagent"=3 (0x3)
"MSDTC"=3 (0x3)
"LmHosts"=3 (0x3)
"lanmanserver"=3 (0x3)
"ImapiService"=3 (0x3)
"hkmsvc"=3 (0x3)
"helpsvc"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v4.0.30319_32"=2 (0x2)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"BITS"=3 (0x3)
"aspnet_state"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Documents and Settings\\Matt\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Matt\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\xerox\\nwwia\\XrxFTPLt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mobiola WebCamera for iPhone\\WebcamForIPhone.exe"=
"c:\\Documents and Settings\\Matt\\My Documents\\Downloads\\uTorrent.exe"=
"c:\\Documents and Settings\\Matt\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:eek:oVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:eek:oVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:eek:oVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:eek:oVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:eek:oVoo UDP port 37675
"56232:TCP"= 56232:TCP:pando Media Booster
"56232:UDP"= 56232:UDP:pando Media Booster
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:mad:xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:mad:xpsp2res.dll,-22016
"500:UDP"= 500:UDP:mad:xpsp2res.dll,-22017
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [6/8/2014 11:45 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [6/8/2014 11:45 PM 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [6/8/2014 11:45 PM 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [6/8/2014 11:45 PM 411680]
R1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [6/8/2014 3:22 PM 54232]
R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [5/17/2014 2:34 PM 55224]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [6/8/2014 11:45 PM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [6/8/2014 11:45 PM 67824]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [6/8/2014 3:22 PM 860472]
R2 Mobiola Wave Service;Mobiola Wave Service;c:\program files\Common Files\SHAPE Services\Mobiola Wave Service\MobiolaWaveService.exe [2/24/2014 11:12 PM 125088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/8/2014 3:22 PM 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [6/8/2014 3:23 PM 110296]
R3 MOBIOLA_Wave;Mobiola Wave Audio Device (WDM);c:\windows\system32\drivers\mobiolawave.sys [2/24/2014 11:13 PM 24128]
R3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\drivers\mobiolavs.sys [2/24/2014 11:13 PM 26512]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [7/1/2010 3:21 PM 34896]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [6/8/2014 3:22 PM 1809720]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/5/2011 6:55 PM 1691480]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 KINONI_Wave;Kinoni Audio Source;c:\windows\system32\drivers\kinonivad.sys [2/26/2013 11:34 AM 18432]
S3 kinonivd;Kinoni Video Source;c:\windows\system32\drivers\kinonivd.sys [2/26/2013 11:34 AM 2782080]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [1/11/2012 2:11 AM 32000]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2/22/2012 6:34 AM 22400]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\program files\Razer\Razer Game Booster\Driver\WinRing0.sys --> c:\program files\Razer\Razer Game Booster\Driver\WinRing0.sys [?]
S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-09 03:45]
.
2014-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1078081533-725345543-1006Core1cf6ac63b5f86be.job
- c:\documents and settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-09 01:12]
.
2013-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1078081533-725345543-1006UA.job
- c:\documents and settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-09 01:12]
.
2014-06-01 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-23 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=110803&tt=4812_4&babsrc=HP_ss&mntrId=d41f7928000000000000001e902d3d26
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms}
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: vizzed.com\www
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Advanced SystemCare 5 - c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-Monitor - c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-TkBellExe - c:\program files\Real\RealPlayer\update\realsched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-12 18:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-117609710-1078081533-725345543-1006\Software\÷@*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2014-06-12 18:46:26
ComboFix-quarantined-files.txt 2014-06-12 22:46
.
Pre-Run: 118,909,755,392 bytes free
Post-Run: 119,384,162,304 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 44AE7EF264A5C2EDBFB665986A4A8DA0
8F558EB6672622401DA993E1E865C861
 
Back