UpdateFlashPlayer_######.exe Trojan

Solved
By MattAB
Jun 8, 2014
  1. First of all, I'm running Windows XP 32-bit. Found this (UpdateFlashPlayer_######.exe) in my processes after running my computer for the first time in a few days. I'm assuming it's something my mother accidently clicked and installed while I wasn't at home. This is making my computer extremely sluggish and creating randomly named files in random directories (mainly the System32 and Application Data folders). I've already ran a full scan with Malwarebytes and it found about 80 infections, I've quarantined and deleted them all the problem still is persisting. Now, Malwarebytes keeps generating a pop-up from the taskbar that says that it's protecting from a malicious website, even when my browser isn't running. Help would be very much appreciated, thank you.
  2. MattAB

    MattAB Newcomer, in training Topic Starter Posts: 28

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 6/8/2014
    Scan Time: 3:25:14 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.06.08.06
    Rootkit Database: v2014.06.02.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Matt

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 241273
    Time Elapsed: 24 min, 56 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 8
    Trojan.Agent.ED, C:\WINDOWS\system32\zouvokn.exe, 288, Delete-on-Reboot, [d333601690eb59dd37e971d0bb4544bc]
    Trojan.Agent.ED, C:\WINDOWS\system32\ysaxymaqhe.exe, 436, Delete-on-Reboot, [a75fd3a37b00b086200072cffb0546ba]
    Trojan.Agent.ED, C:\WINDOWS\system32\nonuhoi.exe, 460, Delete-on-Reboot, [1bebf5817704270fbf61b889946c2ed2]
    Trojan.Agent.ED, C:\WINDOWS\system32\buzeo.exe, 480, Delete-on-Reboot, [f1151462641756e03ee26fd24cb4be42]
    Trojan.Agent.ED, C:\WINDOWS\system32\ovezo.exe, 688, Delete-on-Reboot, [fc0a294d6a116dc94bd573cec63ad62a]
    Trojan.Agent.ED, C:\WINDOWS\system32\qovuewyr.exe, 960, Delete-on-Reboot, [27dfeb8bc4b775c1ec34d9684eb2758b]
    Trojan.Agent.ED, C:\Documents and Settings\Matt\Application Data\Ticasif\afogh.exe, 1812, Delete-on-Reboot, [38ce1363d2a945f1889858e909f735cb]
    Trojan.Agent.ED, C:\Documents and Settings\Matt\Application Data\Dyaqyxy\ylelqe.exe, 1520, Delete-on-Reboot, [3ec8c6b0fe7da0969f81c57ce21e619f]

    Modules: 0
    (No malicious items detected)

    Registry Keys: 57
    Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1721869557, Quarantined, [d333601690eb59dd37e971d0bb4544bc],
    Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2219215403, Quarantined, [a75fd3a37b00b086200072cffb0546ba],
    Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2484372270, Quarantined, [1bebf5817704270fbf61b889946c2ed2],
    Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer29711255, Quarantined, [f1151462641756e03ee26fd24cb4be42],
    Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer533481814, Quarantined, [fc0a294d6a116dc94bd573cec63ad62a],
    Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer707576027, Quarantined, [27dfeb8bc4b775c1ec34d9684eb2758b],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, Quarantined, [6c9abdb9097294a27a75e091d42e60a0],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, Quarantined, [6c9abdb9097294a27a75e091d42e60a0],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}, Quarantined, [976fd6a0f685d16534bce78af111e51b],
    PUP.Optional.FunMoods.A, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}, Quarantined, [a660185e4932072fd7077af4cd3532ce],
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}, Quarantined, [a660185e4932072fd7077af4cd3532ce],
    Adware.DealCabby, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0B4A07CF-45EB-4B10-B6BB-35568A2F89BE}, Quarantined, [81858fe7dd9ee254dbb9ea847e84bb45],
    PUP.Optional.FunMoods.A, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [a5615a1c6417132319d3b19aa55dd22e],
    PUP.Optional.Funmoods.A, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Quarantined, [8c7a8de9710a70c646f6d697d230649c],
    Trojan.Downloader, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CA4520F3-AE13-4FB1-A513-58E23991C86D}, Quarantined, [18ee5d19cfac8caab0cc70e14fb3d32d],
    Trojan.Downloader, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{CA4520F3-AE13-4FB1-A513-58E23991C86D}, Quarantined, [18ee5d19cfac8caab0cc70e14fb3d32d],
    Adware.GamePlayLab, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11111111-1111-1111-1111-110011221158}, Quarantined, [8c7a8ee8f289f244683004481ee446ba],
    Adware.GamePlayLab, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158}, Quarantined, [8c7a8ee8f289f244683004481ee446ba],
    Adware.GamePlayLab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158}, Quarantined, [8c7a8ee8f289f244683004481ee446ba],
    PUP.Optional.Mediabar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{28387537-e3f9-4ed7-860c-11e69af4a8a0}, Quarantined, [14f27ef8304bea4c697d4aeeaf532ad6],
    PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [18eee49208731a1cd17c660bf11131cf],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}, Quarantined, [6c9ab5c1b1ca2b0bfdf4d29f04fe2cd4],
    PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [7d89adc99edd9a9c91bdf37e12f0ab55],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc, Quarantined, [3bcb7cfa6a11162041adc4adaf539c64],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc.1, Quarantined, [1de97afc3348ec4aaa4491e0aa58d828],
    PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\b, Quarantined, [6e98a7cf7b0000363db5205125dd7789],
    PUP.Optional.Babylon.A, HKLM\SOFTWARE\BabylonToolbar, Quarantined, [a1657501d6a54beb5ff94d842dd66f91],
    PUP.Optional.DataMangr.A, HKLM\SOFTWARE\DataMngr, Quarantined, [a2645521a5d61323f9abe4b7c042dd23],
    PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, Quarantined, [b2542e48afcc1b1b7e349921fb074bb5],
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, Quarantined, [bc4a482e413a72c49aefd3dc38cbf30d],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\fdloijijlkoblmigdofommgnheckmaki, Quarantined, [ed19d99d2952ca6cf0cf1676eb1809f7],
    PUP.Optional.1ClickDownLoader.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jplinpmadfkdgipabgcdchbdikologlh, Quarantined, [e91d93e397e495a1b5d20f921be7768a],
    PUP.GamesPlayLab, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\mpfapcdfbbledbojijcbcclmlieaoogk, Quarantined, [8c7abbbb502b6fc76d380fb76f938f71],
    PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, Quarantined, [56b073034e2d86b0a70cbf11c1422bd5],
    PUP.GamesPlayLab, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mpfapcdfbbledbojijcbcclmlieaoogk, Quarantined, [a363591dcab1f046644031954ab88878],
    Trojan.Agent.SCS, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3518234236, Quarantined, [8d79b8bee9922f07f5c102c1e81b02fe],
    Trojan.Agent.SCS, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3893759923, Quarantined, [da2c383e1a61ab8bd1e57a49f0137c84],
    Trojan.Agent.SCS, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer52164496, Quarantined, [83833f37d8a378bec8eea81b0bf81fe1],
    PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, Quarantined, [18ee581efa818da9ed8a9d36847fdf21],
    PUP.Optional.DataMngr.A, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Quarantined, [75913244710a49edb6eb903f12f1ff01],
    PUP.Optional.DataMngr.A, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Quarantined, [d333bcba9dde0b2b0c9408c7ce35a45c],
    PUP.Optional.FunMoods.A, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, Quarantined, [a561463085f6d5612e5c941b44bf02fe],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [2fd7c0b6f289c6708243f2dd897aa45c],

    Registry Values: 10
    Trojan.Agent.ED, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Cewipakaonkeemo, "C:\Documents and Settings\Matt\Application Data\Ticasif\afogh.exe", Quarantined, [38ce1363d2a945f1889858e909f735cb]
    Trojan.Agent.ED, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Cewipakaonkeemo, "C:\Documents and Settings\Matt\Application Data\Ticasif\afogh.exe", Quarantined, [38ce1363d2a945f1889858e909f735cb]
    Trojan.Agent.ED, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Exwuqyatamp, "C:\Documents and Settings\Matt\Application Data\Dyaqyxy\ylelqe.exe", Quarantined, [3ec8c6b0fe7da0969f81c57ce21e619f]
    Trojan.Agent.ED, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Exwuqyatamp, "C:\Documents and Settings\Matt\Application Data\Dyaqyxy\ylelqe.exe", Quarantined, [3ec8c6b0fe7da0969f81c57ce21e619f]
    Trojan.Agent.ED, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Bebayqbyyvagbu, "C:\Documents and Settings\Matt\Application Data\Haryko\icmyw.exe", Quarantined, [59ad87efdaa112249b85b28f6a96f60a]
    Trojan.Agent.ED, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Laymsutoezna, "C:\Documents and Settings\Matt\Application Data\Ilazvuw\egifev.exe", Quarantined, [0afcafc7d8a358def030da67b24ebe42]
    Trojan.Agent.ED, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Aqcuabxe, "C:\Documents and Settings\Matt\Application Data\Sewuve\onanxo.exe", Quarantined, [1fe78beb82f9c76f968aaa97bb45768a]
    Trojan.Agent.ED, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Hyvalemy, "C:\Documents and Settings\Matt\Application Data\Ydowbu\bycoo.exe", Quarantined, [fb0bf77f403b71c50d13360bd7296a96]
    PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, 11111111, Quarantined, [56b073034e2d86b0a70cbf11c1422bd5]
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-117609710-1078081533-725345543-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0C1F1M1J0K2Y1T1L2U0NtI0J, Quarantined, [2fd7c0b6f289c6708243f2dd897aa45c]

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 48
    Trojan.Agent.ED, C:\WINDOWS\system32\zouvokn.exe, Delete-on-Reboot, [d333601690eb59dd37e971d0bb4544bc],
    Trojan.Agent.ED, C:\WINDOWS\system32\ysaxymaqhe.exe, Delete-on-Reboot, [a75fd3a37b00b086200072cffb0546ba],
    Trojan.Agent.ED, C:\WINDOWS\system32\nonuhoi.exe, Delete-on-Reboot, [1bebf5817704270fbf61b889946c2ed2],
    Trojan.Agent.ED, C:\WINDOWS\system32\buzeo.exe, Delete-on-Reboot, [f1151462641756e03ee26fd24cb4be42],
    Trojan.Agent.ED, C:\WINDOWS\system32\ovezo.exe, Delete-on-Reboot, [fc0a294d6a116dc94bd573cec63ad62a],
    Trojan.Agent.ED, C:\WINDOWS\system32\qovuewyr.exe, Delete-on-Reboot, [27dfeb8bc4b775c1ec34d9684eb2758b],
    Trojan.Agent.ED, C:\Documents and Settings\Matt\Application Data\Ticasif\afogh.exe, Delete-on-Reboot, [38ce1363d2a945f1889858e909f735cb],
    Trojan.Agent.ED, C:\Documents and Settings\Matt\Application Data\Dyaqyxy\ylelqe.exe, Delete-on-Reboot, [3ec8c6b0fe7da0969f81c57ce21e619f],
    Trojan.Agent.ED, C:\Documents and Settings\Matt\Application Data\Haryko\icmyw.exe, Quarantined, [59ad87efdaa112249b85b28f6a96f60a],
    Trojan.Agent.ED, C:\Documents and Settings\Matt\Application Data\Ilazvuw\egifev.exe, Quarantined, [0afcafc7d8a358def030da67b24ebe42],
    Trojan.Agent.ED, C:\Documents and Settings\Matt\Application Data\Sewuve\onanxo.exe, Quarantined, [1fe78beb82f9c76f968aaa97bb45768a],
    Trojan.Agent.ED, C:\Documents and Settings\Matt\Application Data\Ydowbu\bycoo.exe, Quarantined, [fb0bf77f403b71c50d13360bd7296a96],
    PUP.Optional.InstalleRex, C:\Documents and Settings\Matt\My Documents\Downloads\Downloader_for_Chrono Trigger.exe, Quarantined, [9373e88edba07fb73628046e1fe23ac6],
    PUP.Optional.Amonetize, C:\Documents and Settings\Matt\My Documents\Downloads\super mario land 2 gameboy rom__3039_i687494351_il14644679.exe, Quarantined, [b84ebdb9512a8ea81ce0dd66c83810f0],
    PUP.Optional.Amonetize, C:\Documents and Settings\Matt\My Documents\Downloads\super mario land 2 gameboy rom__3516_i687493814_il14644553.exe, Quarantined, [d531581e42398ea8ec10fa4920e022de],
    PUP.Optional.YourFileDownloader, C:\Documents and Settings\Matt\My Documents\Downloads\Super_Mario_Land_2_Rom_Gameboy_downloader.exe, Quarantined, [50b69ed89ae1181ef41a8d915ba5ab55],
    Trojan.Agent.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_16767923.exe, Quarantined, [6c9af28406753afc42de8db4a65a6c94],
    Trojan.Agent.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_189f51ac.exe, Quarantined, [07ffd79f3744d46227f957ea6c943ac6],
    Spyware.Zbot.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_2c0d072a.exe, Quarantined, [cb3b9cdade9d979f9632d1b2857ccd33],
    Trojan.Inject, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_3f2425d2.exe, Quarantined, [75916f076b1040f653df0f775fa2d22e],
    Spyware.Zbot.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_45e73756.exe, Quarantined, [e6202650a7d4290daee2e69d54adcd33],
    Trojan.Inject, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_466908f2.exe, Quarantined, [877fb7bfaecd92a45ad894f227da39c7],
    Trojan.Agent.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_84b43772.exe, Quarantined, [08fea3d3b6c539fd80a0e45dfb057f81],
    Spyware.Zbot.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_8954ef83.exe, Quarantined, [5ea803730f6cb086444cc1c25aa7eb15],
    Spyware.Zbot.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_b58b4755.exe, Quarantined, [f115027487f44de9ae1ac6bd2bd67888],
    Trojan.Agent.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_c382fc2d.exe, Quarantined, [28de83f3fb8091a5bc649fa214ec1de3],
    Spyware.Zbot.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_c7f2f438.exe, Quarantined, [6c9a5a1ca8d345f13890740f758cbc44],
    Trojan.Agent.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_d91ab8f6.exe, Quarantined, [e125175fb1ca5dd9958b8bb6d12ff20e],
    Trojan.Agent.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_da196a06.exe, Quarantined, [60a64e28205b3ef8d14faa978f717789],
    Spyware.Zbot.ED, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_e4bde519.exe, Quarantined, [9472d6a0cab1b6800c8499ea61a035cb],
    Trojan.Inject, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_e9eaa3cb.exe, Quarantined, [788ee98db1ca7bbbff33186e9c65b64a],
    Trojan.Inject, C:\Documents and Settings\Matt\Local Settings\Temp\UpdateFlashPlayer_1a694187.exe, Quarantined, [c5412353116a85b1ae841b6bd8290000],
    Trojan.Inject, C:\Documents and Settings\Matt\Local Settings\Application Data\bgnaxboa.exe, Quarantined, [cf37adc91f5ced49ed450c7a8978e31d],
    Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 1721869557.job, Quarantined, [f3139fd7b9c242f46858b209dc27d42c],
    Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 2219215403.job, Quarantined, [6e980373b0cb59dd20a092298083b64a],
    Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 2484372270.job, Quarantined, [2fd75422017a999d4779dfdcd92abb45],
    Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 29711255.job, Quarantined, [32d49fd7592268ce4a76bb009b68e020],
    Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 3518234236.job, Quarantined, [19ed94e2b4c7ac8a2997f6c5f11255ab],
    Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 3893759923.job, Quarantined, [23e3beb89ae1a98de0e0714ac2415fa1],
    Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 52164496.job, Quarantined, [d1356511d8a357df9f21e4d78b786f91],
    Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 533481814.job, Quarantined, [b94dfc7a0675b5818040902bc1420ef2],
    Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 707576027.job, Quarantined, [03038de99cdf5dd9c000e9d20bf87f81],
    PUP.Optional.FunMoods.A, C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage, Quarantined, [32d4bdb9275464d235cbdd10ff04857b],
    Trojan.Agent.SCS, C:\WINDOWS\system32\wioggy.exe, Quarantined, [8d79b8bee9922f07f5c102c1e81b02fe],
    Trojan.Agent.SCS, C:\WINDOWS\system32\yclearxu.exe, Quarantined, [da2c383e1a61ab8bd1e57a49f0137c84],
    Trojan.Agent.SCS, C:\WINDOWS\system32\awobosi.exe, Quarantined, [83833f37d8a378bec8eea81b0bf81fe1],
    PUP.Optional.Babylon.A, C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.babylon.com/?affID=11...HP_ss&mntrId=d41f7928000000000000001e902d3d26",), Replaced,[2adce690d5a6280e93904d4f38cc02fe]
    PUP.Optional.Babylon.A, C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.babylon.com/?affID=11...HP_ss&mntrId=d41f7928000000000000001e902d3d26" ],), Replaced,[8c7aacca5625e94d91c42d6f3bc949b7]

    Physical Sectors: 0
    (No malicious items detected)


    (end)
  3. MattAB

    MattAB Newcomer, in training Topic Starter Posts: 28

    ONLY THE ATTACH.TXT FILE WAS GENERATED, NOT THE DDS.TXT. UNSURE WHY, BUT HERE IS THE ATTACH.TXT FILE.

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/5/2011 6:21:00 PM
    System Uptime: 6/8/2014 4:05:51 PM (1 hours ago)
    .
    Motherboard: ELITEGROUP | | 945GCT-M3
    Processor: Intel Celeron processor | Socket 775 | 1999/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 142 GiB total, 114.156 GiB free.
    D: is FIXED (FAT32) - 7 GiB total, 6.434 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_11C1&DEV_0620&SUBSYS_062111C1&REV_00\4&1AF1648C&0&18F0
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_11C1&DEV_0620&SUBSYS_062111C1&REV_00\4&1AF1648C&0&18F0
    Service:
    .
    Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ROOT\PRINTER\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\PRINTER\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Image File Execution Options =============
    .
    IFEO: Your Image File Name Here without a path - ntsd -d
    .
    ==== Installed Programs ======================
    .
    .
    ==== End Of File ===========================
  4. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  5. MattAB

    MattAB Newcomer, in training Topic Starter Posts: 28

    22:27:15.0984 0x0c98 TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:54
    22:27:18.0625 0x0c98 ============================================================
    22:27:18.0625 0x0c98 Current date / time: 2014/06/08 22:27:18.0625
    22:27:18.0625 0x0c98 SystemInfo:
    22:27:18.0625 0x0c98
    22:27:18.0625 0x0c98 OS Version: 5.1.2600 ServicePack: 3.0
    22:27:18.0625 0x0c98 Product type: Workstation
    22:27:18.0625 0x0c98 ComputerName: BOSIACKI-44545F
    22:27:18.0625 0x0c98 UserName: Matt
    22:27:18.0625 0x0c98 Windows directory: C:\WINDOWS
    22:27:18.0625 0x0c98 System windows directory: C:\WINDOWS
    22:27:18.0625 0x0c98 Processor architecture: Intel x86
    22:27:18.0625 0x0c98 Number of processors: 1
    22:27:18.0625 0x0c98 Page size: 0x1000
    22:27:18.0625 0x0c98 Boot type: Normal boot
    22:27:18.0625 0x0c98 ============================================================
    22:27:21.0687 0x0c98 KLMD registered as C:\WINDOWS\system32\drivers\32003976.sys
    22:27:21.0906 0x0c98 System UUID: {B5E97C83-8964-7688-A480-CDF88B298720}
    22:27:22.0921 0x0c98 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    22:27:22.0921 0x0c98 ============================================================
    22:27:22.0921 0x0c98 \Device\Harddisk0\DR0:
    22:27:22.0921 0x0c98 MBR partitions:
    22:27:22.0921 0x0c98 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xDCDD06
    22:27:22.0921 0x0c98 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xDCDD45, BlocksNum 0x11C4AD7C
    22:27:22.0921 0x0c98 ============================================================
    22:27:22.0953 0x0c98 C: <-> \Device\Harddisk0\DR0\Partition2
    22:27:22.0953 0x0c98 D: <-> \Device\Harddisk0\DR0\Partition1
    22:27:22.0953 0x0c98 ============================================================
    22:27:22.0953 0x0c98 Initialize success
    22:27:22.0953 0x0c98 ============================================================
    22:27:53.0593 0x0594 ============================================================
    22:27:53.0593 0x0594 Scan started
    22:27:53.0593 0x0594 Mode: Manual;
    22:27:53.0593 0x0594 ============================================================
    22:27:53.0593 0x0594 KSN ping started
    22:28:08.0140 0x0594 KSN ping finished: true
    22:28:09.0265 0x0594 ================ Scan system memory ========================
    22:28:09.0281 0x0594 System memory - ok
    22:28:09.0281 0x0594 ================ Scan services =============================
    22:28:09.0562 0x0594 Abiosdsk - ok
    22:28:09.0578 0x0594 abp480n5 - ok
    22:28:09.0625 0x0594 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    22:28:09.0625 0x0594 ACPI - ok
    22:28:09.0750 0x0594 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    22:28:09.0750 0x0594 ACPIEC - ok
    22:28:09.0765 0x0594 adpu160m - ok
    22:28:09.0812 0x0594 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
    22:28:09.0812 0x0594 aec - ok
    22:28:09.0875 0x0594 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    22:28:09.0875 0x0594 AFD - ok
    22:28:09.0890 0x0594 Aha154x - ok
    22:28:09.0890 0x0594 aic78u2 - ok
    22:28:09.0906 0x0594 aic78xx - ok
    22:28:09.0953 0x0594 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    22:28:09.0953 0x0594 Alerter - ok
    22:28:09.0984 0x0594 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
    22:28:09.0984 0x0594 ALG - ok
    22:28:09.0984 0x0594 AliIde - ok
    22:28:10.0093 0x0594 [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
    22:28:10.0156 0x0594 Ambfilt - ok
    22:28:10.0171 0x0594 amsint - ok
    22:28:10.0187 0x0594 AppMgmt - ok
    22:28:10.0187 0x0594 asc - ok
    22:28:10.0203 0x0594 asc3350p - ok
    22:28:10.0203 0x0594 asc3550 - ok
    22:28:10.0453 0x0594 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    22:28:10.0453 0x0594 aspnet_state - ok
    22:28:10.0500 0x0594 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    22:28:10.0500 0x0594 AsyncMac - ok
    22:28:10.0515 0x0594 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    22:28:10.0515 0x0594 atapi - ok
    22:28:10.0531 0x0594 Atdisk - ok
    22:28:10.0562 0x0594 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    22:28:10.0562 0x0594 Atmarpc - ok
    22:28:10.0593 0x0594 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    22:28:10.0609 0x0594 AudioSrv - ok
    22:28:10.0640 0x0594 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    22:28:10.0640 0x0594 audstub - ok
    22:28:10.0671 0x0594 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    22:28:10.0671 0x0594 Beep - ok
    22:28:10.0734 0x0594 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
    22:28:10.0781 0x0594 BITS - ok
    22:28:10.0968 0x0594 [ F832F1505AD8B83474BD9A5B1B985E01, 205D9F237DD50FDF84F57CC53476B5ADB218A03A8B68B017AFF7CBD0DCAC71C4 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    22:28:10.0984 0x0594 Bonjour Service - ok
    22:28:11.0015 0x0594 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
    22:28:11.0031 0x0594 Browser - ok
    22:28:11.0046 0x0594 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    22:28:11.0062 0x0594 cbidf2k - ok
    22:28:11.0078 0x0594 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    22:28:11.0078 0x0594 CCDECODE - ok
    22:28:11.0093 0x0594 cd20xrnt - ok
    22:28:11.0125 0x0594 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    22:28:11.0125 0x0594 Cdaudio - ok
    22:28:11.0156 0x0594 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    22:28:11.0156 0x0594 Cdfs - ok
    22:28:11.0171 0x0594 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    22:28:11.0171 0x0594 Cdrom - ok
    22:28:11.0187 0x0594 Changer - ok
    22:28:11.0218 0x0594 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
    22:28:11.0218 0x0594 CiSvc - ok
    22:28:11.0234 0x0594 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    22:28:11.0234 0x0594 ClipSrv - ok
    22:28:11.0296 0x0594 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:28:11.0343 0x0594 clr_optimization_v2.0.50727_32 - ok
    22:28:11.0390 0x0594 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:28:11.0578 0x0594 clr_optimization_v4.0.30319_32 - ok
    22:28:11.0578 0x0594 CmdIde - ok
    22:28:11.0593 0x0594 COMSysApp - ok
    22:28:11.0609 0x0594 Cpqarray - ok
    22:28:11.0640 0x0594 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    22:28:11.0640 0x0594 CryptSvc - ok
    22:28:11.0640 0x0594 dac2w2k - ok
    22:28:11.0656 0x0594 dac960nt - ok
    22:28:11.0718 0x0594 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    22:28:11.0750 0x0594 DcomLaunch - ok
    22:28:11.0796 0x0594 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    22:28:11.0796 0x0594 Dhcp - ok
    22:28:11.0843 0x0594 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    22:28:11.0843 0x0594 Disk - ok
    22:28:11.0859 0x0594 dmadmin - ok
    22:28:11.0906 0x0594 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    22:28:11.0937 0x0594 dmboot - ok
    22:28:11.0953 0x0594 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    22:28:11.0968 0x0594 dmio - ok
    22:28:12.0000 0x0594 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    22:28:12.0000 0x0594 dmload - ok
    22:28:12.0031 0x0594 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
    22:28:12.0031 0x0594 dmserver - ok
    22:28:12.0062 0x0594 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    22:28:12.0062 0x0594 DMusic - ok
    22:28:12.0093 0x0594 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    22:28:12.0093 0x0594 Dnscache - ok
    22:28:12.0140 0x0594 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    22:28:12.0140 0x0594 Dot3svc - ok
    22:28:12.0156 0x0594 dpti2o - ok
    22:28:12.0171 0x0594 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    22:28:12.0171 0x0594 drmkaud - ok
    22:28:12.0187 0x0594 EagleXNt - ok
    22:28:12.0218 0x0594 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
    22:28:12.0218 0x0594 EapHost - ok
    22:28:12.0250 0x0594 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
    22:28:12.0265 0x0594 ERSvc - ok
    22:28:12.0296 0x0594 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
    22:28:12.0296 0x0594 Eventlog - ok
    22:28:12.0343 0x0594 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
    22:28:12.0359 0x0594 EventSystem - ok
    22:28:12.0390 0x0594 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    22:28:12.0390 0x0594 Fastfat - ok
    22:28:12.0437 0x0594 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    22:28:12.0437 0x0594 FastUserSwitchingCompatibility - ok
    22:28:12.0468 0x0594 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    22:28:12.0468 0x0594 Fdc - ok
    22:28:12.0500 0x0594 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    22:28:12.0500 0x0594 Fips - ok
    22:28:12.0515 0x0594 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    22:28:12.0531 0x0594 Flpydisk - ok
    22:28:12.0562 0x0594 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    22:28:12.0578 0x0594 FltMgr - ok
    22:28:12.0671 0x0594 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    22:28:12.0671 0x0594 FontCache3.0.0.0 - ok
    22:28:12.0703 0x0594 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    22:28:12.0703 0x0594 Fs_Rec - ok
    22:28:12.0734 0x0594 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    22:28:12.0734 0x0594 Ftdisk - ok
    22:28:12.0781 0x0594 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    22:28:12.0781 0x0594 Gpc - ok
    22:28:12.0843 0x0594 [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    22:28:12.0843 0x0594 gusvc - ok
    22:28:12.0875 0x0594 [ 833051C6C6C42117191935F734CFBD97, 5EB5672ABC7994A4AFF855A572158B8BE4FC6E541CFD4B9BE4FF2739A9A6AFB8 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
    22:28:12.0875 0x0594 hamachi - ok
    22:28:12.0906 0x0594 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    22:28:12.0921 0x0594 HDAudBus - ok
    22:28:12.0984 0x0594 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    22:28:12.0984 0x0594 helpsvc - ok
    22:28:13.0015 0x0594 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
    22:28:13.0015 0x0594 HidServ - ok
    22:28:13.0046 0x0594 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    22:28:13.0046 0x0594 hidusb - ok
    22:28:13.0093 0x0594 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    22:28:13.0093 0x0594 hkmsvc - ok
    22:28:13.0093 0x0594 hpn - ok
    22:28:13.0140 0x0594 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    22:28:13.0156 0x0594 HTTP - ok
    22:28:13.0171 0x0594 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    22:28:13.0187 0x0594 HTTPFilter - ok
    22:28:13.0187 0x0594 i2omgmt - ok
    22:28:13.0203 0x0594 i2omp - ok
    22:28:13.0218 0x0594 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    22:28:13.0218 0x0594 i8042prt - ok
    22:28:13.0515 0x0594 [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    22:28:13.0781 0x0594 ialm - ok
    22:28:13.0906 0x0594 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    22:28:13.0937 0x0594 idsvc - ok
    22:28:13.0968 0x0594 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    22:28:13.0968 0x0594 Imapi - ok
    22:28:14.0046 0x0594 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
    22:28:14.0046 0x0594 ImapiService - ok
    22:28:14.0062 0x0594 ini910u - ok
    22:28:14.0250 0x0594 [ A30685283F90AE02F1CD50972C6065E3, 4686EE2FA6D738665D1AFA410451D24E60F080BE3EA72DB06AA3941C43C1F3C1 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    22:28:14.0406 0x0594 IntcAzAudAddService - ok
    22:28:14.0437 0x0594 IntelIde - ok
    22:28:14.0468 0x0594 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    22:28:14.0484 0x0594 intelppm - ok
    22:28:14.0500 0x0594 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    22:28:14.0500 0x0594 Ip6Fw - ok
    22:28:14.0531 0x0594 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    22:28:14.0531 0x0594 IpFilterDriver - ok
    22:28:14.0546 0x0594 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    22:28:14.0546 0x0594 IpInIp - ok
    22:28:14.0578 0x0594 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    22:28:14.0578 0x0594 IpNat - ok
    22:28:14.0593 0x0594 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    22:28:14.0609 0x0594 IPSec - ok
    22:28:14.0625 0x0594 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    22:28:14.0625 0x0594 IRENUM - ok
    22:28:14.0656 0x0594 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    22:28:14.0656 0x0594 isapnp - ok
    22:28:14.0812 0x0594 [ B9436A665A8621073A12338B16D7BFD4, 1F1CB4758768BF7B7DDB27BF9DA944D869B561ABF7EC39CEC059044E10C1EA88 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    22:28:14.0828 0x0594 JavaQuickStarterService - ok
    22:28:14.0843 0x0594 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    22:28:14.0843 0x0594 Kbdclass - ok
    22:28:14.0890 0x0594 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    22:28:14.0890 0x0594 kbdhid - ok
    22:28:15.0062 0x0594 [ 19FF9DCCD9EAD8510DD71B594CBD7713, 74F0DD1B05B9D1808CBC20FC5C042250E6111C753DC5FDD6FC0826D9FB52B055 ] kinonivd C:\WINDOWS\system32\DRIVERS\kinonivd.sys
    22:28:15.0171 0x0594 kinonivd - ok
    22:28:15.0218 0x0594 [ BDF0D8FFB6652B885263BAEA6256ACC5, 3BEE9626D629872CAB1EAA1EEA9D0A1524ABAE7CD0279F47324FB109CD6B16B0 ] KINONI_Wave C:\WINDOWS\system32\drivers\kinonivad.sys
    22:28:15.0218 0x0594 KINONI_Wave - ok
    22:28:15.0250 0x0594 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    22:28:15.0250 0x0594 kmixer - ok
    22:28:15.0296 0x0594 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    22:28:15.0296 0x0594 KSecDD - ok
    22:28:15.0343 0x0594 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    22:28:15.0343 0x0594 lanmanserver - ok
    22:28:15.0390 0x0594 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    22:28:15.0406 0x0594 lanmanworkstation - ok
    22:28:15.0406 0x0594 lbrtfdc - ok
    22:28:15.0421 0x0594 LeapFrog Connect Device Service - ok
    22:28:15.0453 0x0594 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    22:28:15.0453 0x0594 LmHosts - ok
    22:28:15.0500 0x0594 [ 8E17D513D8011B0EE03C355EAAB0E0CC, 39EF55FEE27C496E21BD601B3ADC145EDFE9297FFBC20F33160ABE2E7042D4EC ] ManyCam C:\WINDOWS\system32\DRIVERS\mcvidrv.sys
    22:28:15.0500 0x0594 ManyCam - ok
    22:28:15.0531 0x0594 [ 8683C1B450F4B3872839308D836E0F92, C6CEEEA780D2191AEAC2537FD96324FF5501D92CE46313FB95ABB51765D919ED ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    22:28:15.0531 0x0594 MBAMProtector - ok
    22:28:15.0625 0x0594 [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    22:28:15.0703 0x0594 MBAMScheduler - ok
    22:28:15.0796 0x0594 [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    22:28:15.0859 0x0594 MBAMService - ok
    22:28:15.0890 0x0594 [ 12E71DA845D76665B56753AD149E32B3, 0E403710CCBACD5AB85FD4C32AAB6CB2C27BC1F043E8008EE49EE96ECA944146 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    22:28:15.0890 0x0594 MBAMSwissArmy - ok
    22:28:15.0921 0x0594 [ 562D95E00E14A944DEBE655DECBD3F5B, 3F0A58546F1E5B8FD7BDE75C53BD81278DB32A1E67126839763EE438A727F15B ] mcaudrv_simple C:\WINDOWS\system32\drivers\mcaudrv.sys
    22:28:15.0921 0x0594 mcaudrv_simple - ok
    22:28:15.0953 0x0594 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    22:28:15.0953 0x0594 Messenger - ok
    22:28:16.0000 0x0594 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    22:28:16.0000 0x0594 mnmdd - ok
    22:28:16.0031 0x0594 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    22:28:16.0031 0x0594 mnmsrvc - ok
    22:28:16.0109 0x0594 [ D8E559F4CDDBF7BB5A10C373843D8D25, EEA2578A56F8596FCB26E26F9A1A7D0C7E32215094CE0DA300251F6D39FBAB0C ] Mobiola Wave Service C:\Program Files\Common Files\SHAPE Services\Mobiola Wave Service\MobiolaWaveService.exe
    22:28:16.0109 0x0594 Mobiola Wave Service - ok
    22:28:16.0156 0x0594 [ 949DE050E5BA1D48D2EC562DEC0E7307, 10D58F6B15A9D64BA84C5F8B9F2EB93148AEFEF2859C4BA0347643D093B32B72 ] mobiolavs C:\WINDOWS\system32\DRIVERS\mobiolavs.sys
    22:28:16.0156 0x0594 mobiolavs - ok
    22:28:16.0171 0x0594 [ F410E5389661133E60D9D0816D9A5F79, 6D2C18A28F4FCDB3BBB23526DD2020C47CD1F6137D936EB801FDB8D00CD5ABCE ] MOBIOLA_Wave C:\WINDOWS\system32\drivers\mobiolawave.sys
    22:28:16.0187 0x0594 MOBIOLA_Wave - ok
    22:28:16.0203 0x0594 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    22:28:16.0203 0x0594 Modem - ok
    22:28:16.0281 0x0594 [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
    22:28:16.0343 0x0594 Monfilt - ok
    22:28:16.0375 0x0594 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    22:28:16.0375 0x0594 Mouclass - ok
    22:28:16.0406 0x0594 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    22:28:16.0406 0x0594 mouhid - ok
    22:28:16.0437 0x0594 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    22:28:16.0437 0x0594 MountMgr - ok
    22:28:16.0453 0x0594 mraid35x - ok
    22:28:16.0468 0x0594 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    22:28:16.0484 0x0594 MRxDAV - ok
    22:28:16.0531 0x0594 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    22:28:16.0546 0x0594 MRxSmb - ok
    22:28:16.0593 0x0594 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    22:28:16.0593 0x0594 MSDTC - ok
    22:28:16.0609 0x0594 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    22:28:16.0609 0x0594 Msfs - ok
    22:28:16.0625 0x0594 MSIServer - ok
    22:28:16.0656 0x0594 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    22:28:16.0656 0x0594 MSKSSRV - ok
    22:28:16.0687 0x0594 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    22:28:16.0703 0x0594 MSPCLOCK - ok
    22:28:16.0718 0x0594 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    22:28:16.0718 0x0594 MSPQM - ok
    22:28:16.0750 0x0594 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    22:28:16.0750 0x0594 mssmbios - ok
    22:28:16.0781 0x0594 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    22:28:16.0781 0x0594 MSTEE - ok
    22:28:16.0828 0x0594 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    22:28:16.0828 0x0594 Mup - ok
    22:28:16.0875 0x0594 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    22:28:16.0875 0x0594 NABTSFEC - ok
    22:28:16.0921 0x0594 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
    22:28:16.0937 0x0594 napagent - ok
    22:28:16.0984 0x0594 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    22:28:17.0000 0x0594 NDIS - ok
    22:28:17.0015 0x0594 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    22:28:17.0015 0x0594 NdisIP - ok
    22:28:17.0046 0x0594 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    22:28:17.0046 0x0594 NdisTapi - ok
    22:28:17.0062 0x0594 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    22:28:17.0062 0x0594 Ndisuio - ok
    22:28:17.0093 0x0594 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    22:28:17.0093 0x0594 NdisWan - ok
    22:28:17.0125 0x0594 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    22:28:17.0125 0x0594 NDProxy - ok
    22:28:17.0140 0x0594 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    22:28:17.0140 0x0594 NetBIOS - ok
    22:28:17.0171 0x0594 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    22:28:17.0171 0x0594 NetBT - ok
    22:28:17.0218 0x0594 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
    22:28:17.0234 0x0594 NetDDE - ok
    22:28:17.0250 0x0594 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    22:28:17.0250 0x0594 NetDDEdsdm - ok
    22:28:17.0281 0x0594 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB5
  6. MattAB

    MattAB Newcomer, in training Topic Starter Posts: 28

    01 ] Netlogon C:\WINDOWS\system32\lsass.exe
    22:28:17.0296 0x0594 Netlogon - ok
    22:28:17.0312 0x0594 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
    22:28:17.0328 0x0594 Netman - ok
    22:28:17.0375 0x0594 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    22:28:17.0421 0x0594 NetTcpPortSharing - ok
    22:28:17.0468 0x0594 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
    22:28:17.0468 0x0594 Nla - ok
    22:28:17.0500 0x0594 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    22:28:17.0500 0x0594 Npfs - ok
    22:28:17.0546 0x0594 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    22:28:17.0578 0x0594 Ntfs - ok
    22:28:17.0593 0x0594 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    22:28:17.0593 0x0594 NtLmSsp - ok
    22:28:17.0640 0x0594 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    22:28:17.0671 0x0594 NtmsSvc - ok
    22:28:17.0703 0x0594 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
    22:28:17.0703 0x0594 Null - ok
    22:28:17.0765 0x0594 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    22:28:17.0765 0x0594 NwlnkFlt - ok
    22:28:17.0781 0x0594 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    22:28:17.0781 0x0594 NwlnkFwd - ok
    22:28:17.0828 0x0594 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    22:28:17.0828 0x0594 Parport - ok
    22:28:17.0875 0x0594 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    22:28:17.0875 0x0594 PartMgr - ok
    22:28:17.0906 0x0594 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    22:28:17.0906 0x0594 ParVdm - ok
    22:28:17.0937 0x0594 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    22:28:17.0937 0x0594 PCI - ok
    22:28:17.0953 0x0594 PCIDump - ok
    22:28:18.0000 0x0594 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    22:28:18.0000 0x0594 PCIIde - ok
    22:28:18.0015 0x0594 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    22:28:18.0015 0x0594 Pcmcia - ok
    22:28:18.0031 0x0594 PDCOMP - ok
    22:28:18.0031 0x0594 PDFRAME - ok
    22:28:18.0046 0x0594 PDRELI - ok
    22:28:18.0046 0x0594 PDRFRAME - ok
    22:28:18.0062 0x0594 perc2 - ok
    22:28:18.0062 0x0594 perc2hib - ok
    22:28:18.0109 0x0594 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
    22:28:18.0125 0x0594 PlugPlay - ok
    22:28:18.0140 0x0594 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    22:28:18.0140 0x0594 PolicyAgent - ok
    22:28:18.0187 0x0594 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    22:28:18.0187 0x0594 PptpMiniport - ok
    22:28:18.0203 0x0594 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    22:28:18.0203 0x0594 ProtectedStorage - ok
    22:28:18.0234 0x0594 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    22:28:18.0234 0x0594 PSched - ok
    22:28:18.0265 0x0594 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    22:28:18.0265 0x0594 Ptilink - ok
    22:28:18.0281 0x0594 ql1080 - ok
    22:28:18.0281 0x0594 Ql10wnt - ok
    22:28:18.0296 0x0594 ql12160 - ok
    22:28:18.0296 0x0594 ql1240 - ok
    22:28:18.0312 0x0594 ql1280 - ok
    22:28:18.0328 0x0594 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    22:28:18.0328 0x0594 RasAcd - ok
    22:28:18.0375 0x0594 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
    22:28:18.0390 0x0594 RasAuto - ok
    22:28:18.0406 0x0594 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    22:28:18.0406 0x0594 Rasl2tp - ok
    22:28:18.0453 0x0594 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
    22:28:18.0453 0x0594 RasMan - ok
    22:28:18.0484 0x0594 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    22:28:18.0500 0x0594 RasPppoe - ok
    22:28:18.0515 0x0594 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    22:28:18.0515 0x0594 Raspti - ok
    22:28:18.0562 0x0594 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    22:28:18.0562 0x0594 Rdbss - ok
    22:28:18.0593 0x0594 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    22:28:18.0593 0x0594 RDPCDD - ok
    22:28:18.0640 0x0594 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    22:28:18.0656 0x0594 RDPWD - ok
    22:28:18.0703 0x0594 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    22:28:18.0718 0x0594 RDSessMgr - ok
    22:28:18.0750 0x0594 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    22:28:18.0750 0x0594 redbook - ok
    22:28:18.0796 0x0594 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    22:28:18.0796 0x0594 RemoteAccess - ok
    22:28:18.0843 0x0594 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
    22:28:18.0843 0x0594 RpcLocator - ok
    22:28:18.0890 0x0594 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
    22:28:18.0906 0x0594 RpcSs - ok
    22:28:18.0937 0x0594 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
    22:28:18.0953 0x0594 RSVP - ok
    22:28:18.0984 0x0594 [ D507C1400284176573224903819FFDA3, DD0BDB2AB39A8A0A300B6D60FB6A7F5BA08C4DB8F59E0A784FB763EA8AD72AB2 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    22:28:18.0984 0x0594 rtl8139 - ok
    22:28:19.0000 0x0594 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
    22:28:19.0000 0x0594 SamSs - ok
    22:28:19.0046 0x0594 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    22:28:19.0046 0x0594 SCardSvr - ok
    22:28:19.0078 0x0594 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
    22:28:19.0109 0x0594 Schedule - ok
    22:28:19.0125 0x0594 [ A689D522EEDF89401E1DA2FE883AA7EC, 15C03644972C6CD4E2D970F3513793BEF30E2E8F18A78369CCDBD090C3F94AE0 ] SCREAMINGBDRIVER C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
    22:28:19.0125 0x0594 SCREAMINGBDRIVER - ok
    22:28:19.0156 0x0594 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    22:28:19.0156 0x0594 Secdrv - ok
    22:28:19.0187 0x0594 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
    22:28:19.0187 0x0594 seclogon - ok
    22:28:19.0203 0x0594 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
    22:28:19.0218 0x0594 SENS - ok
    22:28:19.0250 0x0594 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    22:28:19.0250 0x0594 serenum - ok
    22:28:19.0265 0x0594 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    22:28:19.0265 0x0594 Serial - ok
    22:28:19.0312 0x0594 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    22:28:19.0312 0x0594 Sfloppy - ok
    22:28:19.0359 0x0594 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    22:28:19.0375 0x0594 SharedAccess - ok
    22:28:19.0406 0x0594 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    22:28:19.0421 0x0594 ShellHWDetection - ok
    22:28:19.0421 0x0594 Simbad - ok
    22:28:19.0453 0x0594 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    22:28:19.0453 0x0594 SLIP - ok
    22:28:19.0468 0x0594 Sparrow - ok
    22:28:19.0484 0x0594 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    22:28:19.0484 0x0594 splitter - ok
    22:28:19.0515 0x0594 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    22:28:19.0531 0x0594 Spooler - ok
    22:28:19.0546 0x0594 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    22:28:19.0546 0x0594 sr - ok
    22:28:19.0593 0x0594 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
    22:28:19.0609 0x0594 srservice - ok
    22:28:19.0656 0x0594 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    22:28:19.0671 0x0594 Srv - ok
    22:28:19.0703 0x0594 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    22:28:19.0703 0x0594 SSDPSRV - ok
    22:28:19.0750 0x0594 [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
    22:28:19.0750 0x0594 StillCam - ok
    22:28:19.0781 0x0594 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    22:28:19.0796 0x0594 stisvc - ok
    22:28:19.0828 0x0594 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    22:28:19.0828 0x0594 streamip - ok
    22:28:19.0859 0x0594 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    22:28:19.0859 0x0594 swenum - ok
    22:28:19.0875 0x0594 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    22:28:19.0875 0x0594 swmidi - ok
    22:28:19.0890 0x0594 SwPrv - ok
    22:28:19.0906 0x0594 symc810 - ok
    22:28:19.0906 0x0594 symc8xx - ok
    22:28:19.0921 0x0594 sym_hi - ok
    22:28:19.0921 0x0594 sym_u3 - ok
    22:28:19.0953 0x0594 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    22:28:19.0953 0x0594 sysaudio - ok
    22:28:20.0000 0x0594 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    22:28:20.0000 0x0594 SysmonLog - ok
    22:28:20.0031 0x0594 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    22:28:20.0046 0x0594 TapiSrv - ok
    22:28:20.0093 0x0594 [ D9F19E78F98834CB411D6AD3C68D181A, 21EB48314D6A96334DCA69390C9E1D36BE28D396A24DB94E72B8BAEAC9CB601A ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    22:28:20.0109 0x0594 Tcpip - ok
    22:28:20.0156 0x0594 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    22:28:20.0156 0x0594 TDPIPE - ok
    22:28:20.0171 0x0594 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    22:28:20.0171 0x0594 TDTCP - ok
    22:28:20.0203 0x0594 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    22:28:20.0203 0x0594 TermDD - ok
    22:28:20.0250 0x0594 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
    22:28:20.0250 0x0594 TermService - ok
    22:28:20.0281 0x0594 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
    22:28:20.0281 0x0594 Themes - ok
    22:28:20.0296 0x0594 TosIde - ok
    22:28:20.0328 0x0594 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
    22:28:20.0328 0x0594 TrkWks - ok
    22:28:20.0359 0x0594 [ 72781580CAAA63B6242F3CDB7B838FC0, CD4721DE66B9234D5EC50BA6BEFF3C6D5AE4E931CB862951A53B0F094A217D52 ] tStLibG C:\WINDOWS\system32\drivers\tStLibG.sys
    22:28:20.0359 0x0594 tStLibG - ok
    22:28:20.0390 0x0594 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    22:28:20.0390 0x0594 Udfs - ok
    22:28:20.0406 0x0594 ultra - ok
    22:28:20.0453 0x0594 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    22:28:20.0453 0x0594 Update - ok
    22:28:20.0484 0x0594 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
    22:28:20.0500 0x0594 upnphost - ok
    22:28:20.0531 0x0594 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
    22:28:20.0531 0x0594 UPS - ok
    22:28:20.0546 0x0594 USBAAPL - ok
    22:28:20.0578 0x0594 [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    22:28:20.0578 0x0594 usbaudio - ok
    22:28:20.0609 0x0594 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    22:28:20.0609 0x0594 usbccgp - ok
    22:28:20.0640 0x0594 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    22:28:20.0640 0x0594 usbehci - ok
    22:28:20.0687 0x0594 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    22:28:20.0687 0x0594 usbhub - ok
    22:28:20.0718 0x0594 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    22:28:20.0718 0x0594 usbprint - ok
    22:28:20.0765 0x0594 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    22:28:20.0765 0x0594 usbscan - ok
    22:28:20.0796 0x0594 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    22:28:20.0796 0x0594 USBSTOR - ok
    22:28:20.0812 0x0594 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    22:28:20.0812 0x0594 usbuhci - ok
    22:28:20.0843 0x0594 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    22:28:20.0843 0x0594 VgaSave - ok
    22:28:20.0859 0x0594 ViaIde - ok
    22:28:20.0890 0x0594 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    22:28:20.0890 0x0594 VolSnap - ok
    22:28:20.0937 0x0594 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
    22:28:20.0937 0x0594 VSS - ok
    22:28:20.0968 0x0594 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
    22:28:20.0984 0x0594 W32Time - ok
    22:28:21.0000 0x0594 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    22:28:21.0000 0x0594 Wanarp - ok
    22:28:21.0015 0x0594 WDICA - ok
    22:28:21.0046 0x0594 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    22:28:21.0046 0x0594 wdmaud - ok
    22:28:21.0078 0x0594 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
    22:28:21.0078 0x0594 WebClient - ok
    22:28:21.0171 0x0594 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    22:28:21.0171 0x0594 winmgmt - ok
    22:28:21.0281 0x0594 WinRing0_1_2_0 - ok
    22:28:21.0359 0x0594 [ 18F347402DA544A780949B8FDF83351B, D1AD972D438A51A4998FEF68670395DAE3353240AD2A17F35794287AF0826FFB ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    22:28:21.0421 0x0594 WinRM - ok
    22:28:21.0484 0x0594 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    22:28:21.0484 0x0594 WmdmPmSN - ok
    22:28:21.0546 0x0594 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    22:28:21.0546 0x0594 WmiApSrv - ok
    22:28:21.0640 0x0594 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    22:28:21.0687 0x0594 WMPNetworkSvc - ok
    22:28:21.0734 0x0594 [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    22:28:21.0734 0x0594 WpdUsb - ok
    22:28:21.0859 0x0594 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    22:28:21.0906 0x0594 WPFFontCache_v0400 - ok
    22:28:21.0953 0x0594 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    22:28:21.0968 0x0594 wscsvc - ok
    22:28:22.0000 0x0594 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    22:28:22.0000 0x0594 WSTCODEC - ok
    22:28:22.0031 0x0594 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    22:28:22.0046 0x0594 wuauserv - ok
    22:28:22.0078 0x0594 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    22:28:22.0078 0x0594 WudfPf - ok
    22:28:22.0109 0x0594 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    22:28:22.0109 0x0594 WudfRd - ok
    22:28:22.0125 0x0594 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    22:28:22.0140 0x0594 WudfSvc - ok
    22:28:22.0187 0x0594 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    22:28:22.0203 0x0594 WZCSVC - ok
    22:28:22.0218 0x0594 XDva397 - ok
    22:28:22.0265 0x0594 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    22:28:22.0265 0x0594 xmlprov - ok
    22:28:22.0281 0x0594 ================ Scan global ===============================
    22:28:22.0328 0x0594 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
    22:28:22.0359 0x0594 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
    22:28:22.0390 0x0594 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
    22:28:22.0437 0x0594 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
    22:28:22.0437 0x0594 [ Global ] - ok
    22:28:22.0437 0x0594 ================ Scan MBR ==================================
    22:28:22.0468 0x0594 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    22:28:22.0656 0x0594 \Device\Harddisk0\DR0 - ok
    22:28:22.0656 0x0594 ================ Scan VBR ==================================
    22:28:22.0671 0x0594 [ C16A89128B77BCCF8D41BE119040740B ] \Device\Harddisk0\DR0\Partition1
    22:28:22.0687 0x0594 \Device\Harddisk0\DR0\Partition1 - ok
    22:28:22.0718 0x0594 [ 481DE038B3C54C51C17A514839DE0549 ] \Device\Harddisk0\DR0\Partition2
    22:28:22.0750 0x0594 \Device\Harddisk0\DR0\Partition2 - detected Rootkit.Boot.Cidox.b ( 0 )
    22:28:22.0750 0x0594 \Device\Harddisk0\DR0\Partition2 ( Rootkit.Boot.Cidox.b ) - infected
    22:28:25.0281 0x0594 ================ Scan generic autorun ======================
    22:28:26.0062 0x0594 [ 8D6C32D982DC380287D446DE1D166E48, FD699F7371B848B39941E88D4B8657508059725CA73DBB29FDC8EE7647359E26 ] C:\WINDOWS\RTHDCPL.EXE
    22:28:26.0750 0x0594 RTHDCPL - ok
    22:28:26.0812 0x0594 [ 8B4CBBA1EA526830C7F97E7822E2493A, 1DFD05B1C0050DB44F5B4293E5574BFC292AF804A63FC0A70131BB498C326977 ] C:\WINDOWS\ALCMTR.EXE
    22:28:26.0828 0x0594 Alcmtr - ok
    22:28:26.0828 0x0594 KernelFaultCheck - ok
    22:28:26.0875 0x0594 [ F38092DE1D6A8CBB11B6B6D0F07E268E, 12D5AA6A51F0807A6DCAED51EB9E35EF8D34CD9C31B628B6EA38421415377BEE ] C:\WINDOWS\system32\igfxtray.exe
    22:28:26.0890 0x0594 IgfxTray - ok
    22:28:26.0921 0x0594 [ 2022C54B3A79A51C9538CE47D1F50BC3, AF3E60CAD38C2FEB6CD1BCFC3546C0D03ABA45E6ADF366E8F44659705F7EF0BA ] C:\WINDOWS\system32\igfxpers.exe
    22:28:26.0921 0x0594 Persistence - ok
    22:28:27.0062 0x0594 [ 86238088054D38A64EAEEC025618F6E3, 42C3315C8971C184A63DFFAF61ABAEE523C79B497AB51273D709F058EB4F6162 ] C:\Documents and Settings\Matt\Application Data\Erlubaa\cyewb.exe
    22:28:27.0062 0x0594 Osinu - ok
    22:28:27.0140 0x0594 [ DAA49E3F22CBD6A5DB803186BD261E7D, 8603F8E8116DF5310E964FD1232EE4B380B37FFDA2358FE242259C307777FB01 ] C:\Documents and Settings\Matt\Application Data\Daycbei\otnib.exe
    22:28:27.0156 0x0594 Kaqyel - ok
    22:28:27.0218 0x0594 [ AF59684E38174416F50D8ED350F45E59, E2CD9BCA16E6038D53A07C7EA2FE3258231AC0F07889771AAA285DEBA8893795 ] C:\Documents and Settings\Matt\Application Data\Yqkeqee\wuupes.exe
    22:28:27.0234 0x0594 Viyfk - ok
    22:28:27.0312 0x0594 [ 9E7FEA30D6FA956CEA87AA12A551BB5E, F384DA561DFA599E82659B3582BD90A89EC2AF2FD64FC10ADB79BE1409E9EFCC ] C:\Documents and Settings\Matt\Local Settings\Application Data\vnbvjjrc.exe
    22:28:27.0312 0x0594 lepvqevc - ok
    22:28:27.0343 0x0594 [ D99326A66611BE5BDF0128FACA199E38, 784DFFA1635013EE82B50CA46F403EE34A0661370734AC22ACEBAFEA613A5A10 ] C:\Documents and Settings\Matt\Local Settings\Application Data\rbasnutj.exe
    22:28:27.0359 0x0594 oognpjsu - ok
    22:28:27.0390 0x0594 [ 7377132BB1AC25D8B3134170B3661BBD, 22B3B108A8D2EE7357C2EAFDAFE788E4C2C2BBB4A92B1724E22B554CBB0481FD ] C:\Documents and Settings\Matt\Local Settings\Application Data\mlxckekp.exe
    22:28:27.0390 0x0594 ckluxijb - ok
    22:28:27.0437 0x0594 [ 86238088054D38A64EAEEC025618F6E3, 42C3315C8971C184A63DFFAF61ABAEE523C79B497AB51273D709F058EB4F6162 ] C:\Documents and Settings\Matt\Application Data\Erlubaa\cyewb.exe
    22:28:27.0437 0x0594 Osinu - ok
    22:28:27.0468 0x0594 [ D2C7F25275D1BF46E7328E90A12A07AB, DA608665F14F128CA3222845B820BAC70407488D40BFFA8E4B64DEEADF41F973 ] C:\Documents and Settings\Matt\Local Settings\Application Data\pplulhgx.exe
    22:28:27.0484 0x0594 vsknfqit - ok
    22:28:27.0531 0x0594 [ AF59684E38174416F50D8ED350F45E59, E2CD9BCA16E6038D53A07C7EA2FE3258231AC0F07889771AAA285DEBA8893795 ] C:\Documents and Settings\Matt\Application Data\Yqkeqee\wuupes.exe
    22:28:27.0531 0x0594 Viyfk - ok
    22:28:27.0546 0x0594 Waiting for KSN requests completion. In queue: 187
    22:28:28.0546 0x0594 Waiting for KSN requests completion. In queue: 187
    22:28:29.0546 0x0594 Waiting for KSN requests completion. In queue: 13
    22:28:30.0984 0x0594 FW detected via SS1: AVG Firewall, 2012.0, disabled
    22:28:31.0000 0x0594 Win FW state via NFM: enabled
    22:28:33.0515 0x0594 ============================================================
    22:28:33.0515 0x0594 Scan finished
    22:28:33.0515 0x0594 ============================================================
    22:28:33.0531 0x0510 Detected object count: 1
    22:28:33.0531 0x0510 Actual detected object count: 1
    22:28:50.0078 0x0510 \Device\Harddisk0\DR0\Partition2 - copied to quarantine
    22:28:50.0109 0x0510 \Device\Harddisk0\DR0\Partition2 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
    22:28:50.0125 0x0510 \Device\Harddisk0\DR0\Partition2 - ok
    22:28:50.0125 0x0510 \Device\Harddisk0\DR0\Partition2 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
    22:28:51.0812 0x0510 KLMD registered as C:\WINDOWS\system32\drivers\51050818.sys
    22:28:55.0140 0x00f0 Deinitialize success
  7. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Good :)

    See if DDS will produce both logs now.
  8. MattAB

    MattAB Newcomer, in training Topic Starter Posts: 28

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 7.0.6000.21376 BrowserJavaVersion: 10.51.2
    Run by Matt at 23:03:06 on 2014-06-08
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.155 [GMT -4:00]
    .
    FW: AVG Firewall *Disabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\SHAPE Services\Mobiola Wave Service\MobiolaWaveService.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Documents and Settings\Matt\Application Data\Erlubaa\cyewb.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Matt\Application Data\Erlubaa\cyewb.exe
    C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/?affID=110803&tt=4812_4&babsrc=HP_ss&mntrId=d41f7928000000000000001e902d3d26
    uSearch Bar = hxxp://dts.search-results.com/sidebar.html?src=ssb&appid=1157&systemid=1&sr=0
    uProxyOverride = <local>;*.local
    uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms}
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [lepvqevc] "c:\documents and settings\matt\local settings\application data\vnbvjjrc.exe"
    uRun: [oognpjsu] "c:\documents and settings\matt\local settings\application data\rbasnutj.exe"
    uRun: [ckluxijb] "c:\documents and settings\matt\local settings\application data\mlxckekp.exe"
    uRun: [Osinu] "c:\documents and settings\matt\application data\erlubaa\cyewb.exe"
    uRun: [vsknfqit] "c:\documents and settings\matt\local settings\application data\pplulhgx.exe"
    uRun: [Viyfk] "c:\documents and settings\matt\application data\yqkeqee\wuupes.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Osinu] "c:\documents and settings\matt\application data\erlubaa\cyewb.exe"
    mRun: [Kaqyel] "c:\documents and settings\matt\application data\daycbei\otnib.exe"
    mRun: [Viyfk] "c:\documents and settings\matt\application data\yqkeqee\wuupes.exe"
    dRunOnce: [RunNarrator] Narrator.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343971702890
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343962434156
    DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{C44DFC31-8F0F-4D29-9DFD-0340E3064217} : DHCPNameServer = 209.18.47.61 209.18.47.62
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs= prio.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [2014-5-17 55224]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-6-8 1809720]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-6-8 860472]
    R2 Mobiola Wave Service;Mobiola Wave Service;c:\program files\common files\shape services\mobiola wave service\MobiolaWaveService.exe [2014-2-24 125088]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-6-8 23256]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-6-8 110296]
    R3 MOBIOLA_Wave;Mobiola Wave Audio Device (WDM);c:\windows\system32\drivers\mobiolawave.sys [2014-2-24 24128]
    R3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\drivers\mobiolavs.sys [2014-2-24 26512]
    R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-10-5 1691480]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 KINONI_Wave;Kinoni Audio Source;c:\windows\system32\drivers\kinonivad.sys [2013-2-26 18432]
    S3 kinonivd;Kinoni Video Source;c:\windows\system32\drivers\kinonivd.sys [2013-2-26 2782080]
    S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2012-1-11 32000]
    S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-2-22 22400]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\program files\razer\razer game booster\driver\winring0.sys --> c:\program files\razer\razer game booster\driver\WinRing0.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
    S3 XDva397;XDva397;\??\c:\windows\system32\xdva397.sys --> c:\windows\system32\XDva397.sys [?]
    .
    =============== Created Last 30 ================
    .
    2014-06-09 02:28:50 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-06-08 20:11:05 155648 ----a-w- c:\documents and settings\matt\local settings\application data\pplulhgx.exe
    2014-06-08 19:23:43 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-06-08 19:22:38 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-06-08 19:22:38 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-06-08 19:22:38 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-06-08 19:22:38 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2014-06-08 19:21:31 -------- d-----w- c:\documents and settings\matt\application data\Yqkeqee
    2014-06-08 19:19:08 -------- d-----w- c:\documents and settings\matt\application data\Daycbei
    2014-06-08 19:16:01 -------- d-----w- c:\documents and settings\matt\application data\Erlubaa
    2014-06-08 05:42:23 -------- d-----w- c:\documents and settings\matt\application data\Ydowbu
    2014-06-08 05:28:44 -------- d-----w- c:\documents and settings\matt\application data\Sewuve
    2014-06-08 05:25:12 -------- d-----w- c:\documents and settings\matt\application data\Ilazvuw
    2014-06-07 23:11:34 -------- d-----w- c:\documents and settings\matt\application data\Dyaqyxy
    2014-06-07 23:09:36 151552 ----a-w- c:\documents and settings\matt\local settings\application data\mlxckekp.exe
    2014-06-07 04:37:47 -------- d-----w- c:\documents and settings\matt\application data\Haryko
    2014-06-07 04:21:27 -------- d-----w- c:\documents and settings\matt\application data\Ticasif
    2014-06-07 03:58:56 151552 ----a-w- c:\documents and settings\matt\local settings\application data\vnbvjjrc.exe
    2014-06-07 03:56:46 227840 ----a-w- c:\documents and settings\matt\local settings\application data\rbasnutj.exe
    2014-06-06 20:02:08 -------- d-----w- c:\documents and settings\matt\local settings\application data\Unity
    2014-06-06 03:56:21 -------- d-----w- c:\documents and settings\matt\.Ambush07
    2014-06-06 01:06:22 -------- d-----w- C:\GOG Games
    2014-05-21 03:29:19 -------- d-----w- c:\documents and settings\matt\application data\.Arios_498
    2014-05-17 18:34:46 55224 ----a-w- c:\windows\system32\drivers\tStLibG.sys
    2014-05-17 17:00:17 -------- d-----w- c:\documents and settings\matt\application data\2657
    2014-05-12 20:34:47 -------- d-----w- c:\documents and settings\matt\.astirch_file_store_32
    2014-05-12 00:37:12 -------- d-----w- c:\documents and settings\matt\.Artemis
    2014-05-11 05:27:05 -------- d-----w- c:\documents and settings\matt\MistexCachev2
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 23:04:08.62 ===============
  9. MattAB

    MattAB Newcomer, in training Topic Starter Posts: 28

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/5/2011 6:21:00 PM
    System Uptime: 6/8/2014 10:35:23 PM (1 hours ago)
    .
    Motherboard: ELITEGROUP | | 945GCT-M3
    Processor: Intel Celeron processor | Socket 775 | 1999/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 142 GiB total, 114.248 GiB free.
    D: is FIXED (FAT32) - 7 GiB total, 6.434 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_11C1&DEV_0620&SUBSYS_062111C1&REV_00\4&1AF1648C&0&18F0
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_11C1&DEV_0620&SUBSYS_062111C1&REV_00\4&1AF1648C&0&18F0
    Service:
    .
    Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ROOT\PRINTER\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\PRINTER\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.07)
    Bonjour
    Canon MP495 series MP Drivers
    CCleaner
    GIMP 2.8.10
    Google Chrome
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB971276-v3)
    Intel(R) Graphics Media Accelerator Driver
    Java 7 Update 51
    Java Auto Updater
    Java DB 10.6.2.1
    Java SE Development Kit 7 Update 6
    LeapFrog Connect
    Malwarebytes Anti-Malware version 2.0.2.1012
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 4.0
    Mobiola WebCamera for iPhone 2.2.0
    MorphVOX Pro
    MSVCRT
    MSXML 6 Service Pack 2 (KB973686)
    Notepad++
    Picasa 3
    Pokemon Online 2.4.1
    Portal
    Prio
    Quake Live Mozilla Plugin
    Realtek High Definition Audio Driver
    RollerCoaster Tycoon Deluxe
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
    Security Update for Windows Internet Explorer 7 (KB2618444)
    Security Update for Windows Internet Explorer 7 (KB2744842)
    Security Update for Windows Internet Explorer 7 (KB2862772)
    Security Update for Windows Internet Explorer 7 (KB2898785)
    Security Update for Windows Internet Explorer 7 (KB2909921)
    Security Update for Windows Internet Explorer 7 (KB2925418)
    Security Update for Windows Internet Explorer 7 (KB2936068)
    Security Update for Windows Internet Explorer 7 (KB2964358)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows XP (KB923789)
    Segoe UI
    Spotify
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR 4.20 (32-bit)
    WOW
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/8/2014 3:22:00 PM, error: Service Control Manager [7034] - The Security Center Server - 3893759923 service terminated unexpectedly. It has done this 1 time(s).
    6/8/2014 3:20:35 PM, error: Service Control Manager [7034] - The Security Center Server - 3518234236 service terminated unexpectedly. It has done this 1 time(s).
    6/8/2014 3:20:29 PM, error: Service Control Manager [7034] - The Security Center Server - 52164496 service terminated unexpectedly. It has done this 1 time(s).
    6/8/2014 10:22:11 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
    6/3/2014 3:32:14 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
    6/2/2014 10:03:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
    .
    ==== End Of File ===========================
  10. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Very good :)

    Step 1 in our preliminaries calls for installing one of proposed AV programs if you don't have any.
    I don't see any AV program running.
    What's up with that?

    I can see some AVG leftovers so before installing any other AV program run AVG Remover: http://www.avg.com/us-en/utilities
  11. MattAB

    MattAB Newcomer, in training Topic Starter Posts: 28

    I thought it would interfere with Malwarebytes, my apologies. I'm removing AVG and downloading Avast.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    OK.
    When done...

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  13. MattAB

    MattAB Newcomer, in training Topic Starter Posts: 28

    RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Matt [Admin rights]
    Mode : Remove -- Date : 06/09/2014 00:09:06

    ¤¤¤ Bad processes : 3 ¤¤¤
    [Suspicious.Path] cyewb.exe -- C:\Documents and Settings\Matt\Application Data\Erlubaa\cyewb.exe[x] -> KILLED [TermProc]
    [SVCHOST] svchost.exe -- C:\WINDOWS\system32\svchost.exe[7] -> KILLED [TermProc]
    [SVCHOST] svchost.exe -- C:\WINDOWS\system32\svchost.exe[7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Osinu : "C:\Documents and Settings\Matt\Application Data\Erlubaa\cyewb.exe" [x] -> DELETED
    [Suspicious.Path] HKEY_USERS\S-1-5-21-117609710-1078081533-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Run | Osinu : "C:\Documents and Settings\Matt\Application Data\Erlubaa\cyewb.exe" [x] -> DELETED
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr -> NOT SELECTED
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr -> NOT SELECTED
    [PUM.SysRestore] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> NOT SELECTED
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 1 ¤¤¤
    [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST3160815AS +++++
    --- User ---
    [MBR] 7fcb9c20f623be3fc15af57388a490c3
    [BSP] 3e1c90f8ffbae10da0f01d5e6725080a : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 63 | Size: 7067 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 14474565 | Size: 145557 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_06092014_000902.log
  14. MattAB

    MattAB Newcomer, in training Topic Starter Posts: 28

    The MBAR scan is taking very long, about 6 hours now.
  15. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Let me know if it eventually finished.
  16. MattAB

    MattAB Newcomer, in training Topic Starter Posts: 28

    I'm just waiting on the cleanup process, it's been taking forever. It found over 5000 malware objects.
  17. Broni

    Broni Malware Annihilator Posts: 46,373   +252

  18. MattAB

    MattAB Newcomer, in training Topic Starter Posts: 28

    My MBAR log files are 783,519 and 553,195 characters each, and it would take 28 posts to separate them. They even exceed the limits for Pastebin. What should I do?
    Last edited: Jun 9, 2014
  19. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Upload the file(s) here: http://www.sendspace.com/
    Click on Browse button and navigate to the file you want to upload.
    Click on Upload button.
    Click on FIRST Copy Link button and paste the link in your next reply.
  20. MattAB

    MattAB Newcomer, in training Topic Starter Posts: 28

  21. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    OK.
    Re-run MBAR one more time and post both logs.
  22. MattAB

    MattAB Newcomer, in training Topic Starter Posts: 28

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.06.10.08

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 7.0.5730.13
    Matt :: BOSIACKI-44545F [administrator]

    6/10/2014 7:00:25 PM
    mbar-log-2014-06-10 (19-00-25).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 243371
    Time elapsed: 32 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
  23. MattAB

    MattAB Newcomer, in training Topic Starter Posts: 28

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 7.0.5730.13

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 1.999000 GHz
    Memory total: 1064812544, free: 523649024

    Downloaded database version: v2014.06.10.01
    Downloaded database version: v2014.06.10.02
    Downloaded database version: v2014.06.10.03
    Downloaded database version: v2014.06.10.04
    Downloaded database version: v2014.06.10.05
    Downloaded database version: v2014.06.10.06
    Downloaded database version: v2014.06.10.07
    Downloaded database version: v2014.06.10.08
    =======================================
    Initializing...
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 23213B72

    Partition information:

    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 14474502

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 14474565 Numsec = 298102140
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 160041885696 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-14474565-I.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
  24. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Very good :)
    We're getting there...

    [​IMG]
    Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  25. MattAB

    MattAB Newcomer, in training Topic Starter Posts: 28

    ComboFix 14-06-12.01 - Matt 06/12/2014 18:29:08.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.493 [GMT -4:00]
    Running from: c:\documents and settings\Matt\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Matt\WINDOWS
    c:\documents and settings\Matt\WINDOWS\crc32.crc
    c:\documents and settings\Matt\WINDOWS\vcredist_32.dll
    c:\windows\system32\SET1AF.tmp
    c:\windows\system32\SET261.tmp
    c:\windows\system32\SET265.tmp
    c:\windows\system32\SET26D.tmp
    c:\windows\XSxS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-05-12 to 2014-06-12 )))))))))))))))))))))))))))))))
    .
    .
    2014-06-09 04:18 . 2014-06-10 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2014-06-09 04:05 . 2014-06-09 04:05 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\Temp
    2014-06-09 03:59 . 2014-06-09 03:59 26624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-06-09 03:59 . 2014-06-09 03:59 -------- d-----w- C:\Documents
    2014-06-09 03:59 . 2014-06-09 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
    2014-06-09 03:54 . 2014-06-09 03:54 -------- d-----w- c:\documents and settings\Matt\Application Data\AVAST Software
    2014-06-09 03:45 . 2014-06-09 03:45 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2014-06-09 03:45 . 2014-06-09 03:46 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2014-06-09 03:45 . 2014-06-09 03:45 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-06-09 03:45 . 2014-06-09 03:46 411680 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2014-06-09 03:45 . 2014-06-09 03:45 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-06-09 03:45 . 2014-06-09 03:45 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-06-09 03:45 . 2014-06-09 03:45 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-06-09 03:45 . 2014-06-09 03:46 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys
    2014-06-09 03:45 . 2014-06-09 03:45 271264 ----a-w- c:\windows\system32\aswBoot.exe
    2014-06-09 03:45 . 2014-06-09 03:45 43152 ----a-w- c:\windows\avastSS.scr
    2014-06-09 02:28 . 2014-06-09 02:28 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-06-08 19:23 . 2014-06-12 21:17 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-06-08 19:22 . 2014-06-10 22:59 54232 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-06-08 19:22 . 2014-06-08 19:22 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-06-08 19:22 . 2014-06-08 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2014-06-08 19:22 . 2014-05-12 11:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-06-08 19:21 . 2014-06-09 03:56 -------- d-----w- c:\documents and settings\Matt\Application Data\Yqkeqee
    2014-06-08 19:19 . 2014-06-09 03:56 -------- d-----w- c:\documents and settings\Matt\Application Data\Daycbei
    2014-06-08 19:16 . 2014-06-10 01:17 -------- d-----w- c:\documents and settings\Matt\Application Data\Erlubaa
    2014-06-08 05:42 . 2014-06-08 20:05 -------- d-----w- c:\documents and settings\Matt\Application Data\Ydowbu
    2014-06-08 05:28 . 2014-06-08 20:05 -------- d-----w- c:\documents and settings\Matt\Application Data\Sewuve
    2014-06-08 05:25 . 2014-06-08 20:05 -------- d-----w- c:\documents and settings\Matt\Application Data\Ilazvuw
    2014-06-07 23:11 . 2014-06-08 20:05 -------- d-----w- c:\documents and settings\Matt\Application Data\Dyaqyxy
    2014-06-07 04:37 . 2014-06-08 20:05 -------- d-----w- c:\documents and settings\Matt\Application Data\Haryko
    2014-06-07 04:21 . 2014-06-08 20:05 -------- d-----w- c:\documents and settings\Matt\Application Data\Ticasif
    2014-06-06 20:02 . 2014-06-06 20:02 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\Unity
    2014-06-06 03:56 . 2014-06-06 03:57 -------- d-----w- c:\documents and settings\Matt\.Ambush07
    2014-06-06 01:06 . 2014-06-06 01:06 -------- d-----w- C:\GOG Games
    2014-05-21 03:29 . 2014-06-08 19:14 -------- d-----w- c:\documents and settings\Matt\Application Data\.Arios_498
    2014-05-17 18:34 . 2014-05-17 18:34 55224 ----a-w- c:\windows\system32\drivers\tStLibG.sys
    2014-05-17 17:00 . 2014-05-19 21:34 -------- d-----w- c:\documents and settings\Matt\Application Data\2657
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-06-09 03:45 . 2014-06-09 03:45 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1402285571437
    2014-06-09 03:45 . 2014-06-09 03:45 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1402285571437
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
    [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
    [-] 2008-06-20 . 0B788EE2A876D7B31DF840C13F08CD2B . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
    [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-06-09 03:45 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-09 3890208]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GB_UPDATE]
    c:\program files\Razer\Razer Game Booster\AutoUpdate.exe/AUTORUN [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2013-12-21 06:04 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2012-05-09 01:12 116648 ----atw- c:\documents and settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-02-15 16:46 159744 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
    2012-12-15 02:32 1199576 ----a-w- c:\documents and settings\Matt\Application Data\Spotify\Data\SpotifyWebHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2013-07-02 14:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XeroxScannerDaemon]
    2001-08-18 03:37 27648 ----a-w- c:\program files\xerox\nwwia\XrxFTPLt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "SkypeUpdate"=2 (0x2)
    "LeapFrog Connect Device Service"=2 (0x2)
    "idsvc"=3 (0x3)
    "gusvc"=3 (0x3)
    "AdvancedSystemCareService5"=2 (0x2)
    "NtLmSsp"=3 (0x3)
    "napagent"=3 (0x3)
    "MSDTC"=3 (0x3)
    "LmHosts"=3 (0x3)
    "lanmanserver"=3 (0x3)
    "ImapiService"=3 (0x3)
    "hkmsvc"=3 (0x3)
    "helpsvc"=3 (0x3)
    "FontCache3.0.0.0"=3 (0x3)
    "EapHost"=3 (0x3)
    "Dot3svc"=3 (0x3)
    "dmserver"=3 (0x3)
    "dmadmin"=3 (0x3)
    "COMSysApp"=3 (0x3)
    "clr_optimization_v4.0.30319_32"=2 (0x2)
    "clr_optimization_v2.0.50727_32"=3 (0x3)
    "BITS"=3 (0x3)
    "aspnet_state"=3 (0x3)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
    "c:\\Documents and Settings\\Matt\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Documents and Settings\\Matt\\Application Data\\Spotify\\spotify.exe"=
    "c:\\Program Files\\xerox\\nwwia\\XrxFTPLt.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Mobiola WebCamera for iPhone\\WebcamForIPhone.exe"=
    "c:\\Documents and Settings\\Matt\\My Documents\\Downloads\\uTorrent.exe"=
    "c:\\Documents and Settings\\Matt\\Application Data\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "443:TCP"= 443:TCP:*:Disabled:eek:oVoo TCP port 443
    "443:UDP"= 443:UDP:*:Disabled:eek:oVoo UDP port 443
    "37674:TCP"= 37674:TCP:*:Disabled:eek:oVoo TCP port 37674
    "37674:UDP"= 37674:UDP:*:Disabled:eek:oVoo UDP port 37674
    "37675:UDP"= 37675:UDP:*:Disabled:eek:oVoo UDP port 37675
    "56232:TCP"= 56232:TCP:pando Media Booster
    "56232:UDP"= 56232:UDP:pando Media Booster
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "1723:TCP"= 1723:TCP:mad:xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:mad:xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:mad:xpsp2res.dll,-22017
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [6/8/2014 11:45 PM 49944]
    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [6/8/2014 11:45 PM 180632]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [6/8/2014 11:45 PM 777488]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [6/8/2014 11:45 PM 411680]
    R1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [6/8/2014 3:22 PM 54232]
    R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [5/17/2014 2:34 PM 55224]
    R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [6/8/2014 11:45 PM 24184]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [6/8/2014 11:45 PM 67824]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [6/8/2014 3:22 PM 860472]
    R2 Mobiola Wave Service;Mobiola Wave Service;c:\program files\Common Files\SHAPE Services\Mobiola Wave Service\MobiolaWaveService.exe [2/24/2014 11:12 PM 125088]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/8/2014 3:22 PM 23256]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [6/8/2014 3:23 PM 110296]
    R3 MOBIOLA_Wave;Mobiola Wave Audio Device (WDM);c:\windows\system32\drivers\mobiolawave.sys [2/24/2014 11:13 PM 24128]
    R3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\drivers\mobiolavs.sys [2/24/2014 11:13 PM 26512]
    R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [7/1/2010 3:21 PM 34896]
    R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [6/8/2014 3:22 PM 1809720]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/5/2011 6:55 PM 1691480]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 KINONI_Wave;Kinoni Audio Source;c:\windows\system32\drivers\kinonivad.sys [2/26/2013 11:34 AM 18432]
    S3 kinonivd;Kinoni Video Source;c:\windows\system32\drivers\kinonivd.sys [2/26/2013 11:34 AM 2782080]
    S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [1/11/2012 2:11 AM 32000]
    S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2/22/2012 6:34 AM 22400]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\program files\Razer\Razer Game Booster\Driver\WinRing0.sys --> c:\program files\Razer\Razer Game Booster\Driver\WinRing0.sys [?]
    S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-06-10 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-09 03:45]
    .
    2014-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1078081533-725345543-1006Core1cf6ac63b5f86be.job
    - c:\documents and settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-09 01:12]
    .
    2013-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1078081533-725345543-1006UA.job
    - c:\documents and settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-09 01:12]
    .
    2014-06-01 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    - c:\windows\system32\xp_eos.exe [2014-03-23 01:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.babylon.com/?affID=110803&tt=4812_4&babsrc=HP_ss&mntrId=d41f7928000000000000001e902d3d26
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms}
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    Trusted Zone: vizzed.com\www
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-Advanced SystemCare 5 - c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
    MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
    MSConfigStartUp-Monitor - c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
    MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
    MSConfigStartUp-TkBellExe - c:\program files\Real\RealPlayer\update\realsched.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-06-12 18:43
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-117609710-1078081533-725345543-1006\Software\÷@*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    Completion time: 2014-06-12 18:46:26
    ComboFix-quarantined-files.txt 2014-06-12 22:46
    .
    Pre-Run: 118,909,755,392 bytes free
    Post-Run: 119,384,162,304 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 44AE7EF264A5C2EDBFB665986A4A8DA0
    8F558EB6672622401DA993E1E865C861


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.