Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE8 history fills itself with entries from "ad.helpertrack.com" and other sites


  • This topic is locked This topic is locked
21 replies to this topic

#1 Forzaholland

Forzaholland

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:02:20 PM

Posted 13 June 2013 - 02:19 PM

This thread is in response to: http://www.bleepingcomputer.com/forums/t/497513/ie8-history-fills-itself-with-entries-from-adhelpertrackcom-and-other-sites/
 
Since Sunday June 9 I am encountering a serious issue with Internet Explorer 8. This is what happens:
 
-I start Internet Explorer 8.
-About 20 seconds later, a second "iexplore.exe" process pops up in Windows Task Manager (this is normal; iexplore always has two processes running)
-Another 20 seconds later a third process pops up.
-Once this third process has spawned, the history of IE starts to fill itself with entries from "ad.helpertrack.com" as well as seemingly random other sites (see attached pictures).
-When manually closing down the third "iexplore.exe", the history stops filling itself and IE works normally again.
 
This seems to be some sort of malware that is used to generate clicks for advertisement sites. The third process is unwindowed, but does use up part of the CPU capacity and memory.
 
I have run AVG free and used Malwarebytes Anti-Malware, but unfortunately this did not help. The virus scanner nor the anti-malware software come up with anything, while there is clearly something wrong. In the attachment I've posted two pictures that show today's history. I haven't visited any other sites besides google, yet it is full with random stuff.
 
As requested here is the DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Forza at 20:56:06 on 2013-06-13
#Option MBR scan  is disabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1093 [GMT 2:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ENAgent.exe
C:\WINDOWS\system32\EscSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome\application\27.0.1453.110\npchrome_frame.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [TortoiseHgOverlayIconServer] c:\program files\tortoisehg\TortoiseHgOverlayServer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1370702600796
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
TCP: Interfaces\{85696BCC-FC5E-4EA3-A5D9-6D9725FC5985} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome\application\27.0.1453.110\npchrome_frame.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
Hosts: 127.0.0.1 mpa.one.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\forza\application data\mozilla\firefox\profiles\60670lbd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-06-11 18:32; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\forza\application data\mozilla\firefox\profiles\60670lbd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-7-5 63352]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-6-23 20072]
R2 ENAgent;Epson Redirect Agent;c:\windows\system32\ENAgent.exe [2013-5-2 4209856]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2013-5-13 122000]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-9 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-9 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-9 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-4-19 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-28 1691480]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-11-19 1435568]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-5-3 55296]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\wpro_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
.
=============== Created Last 30 ================
.
2013-06-09 18:55:20    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-06-09 18:45:54    --------    d-----w-    c:\documents and settings\forza\application data\Malwarebytes
2013-06-09 18:45:47    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-06-09 18:45:47    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-06-09 18:45:47    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-06-09 18:34:23    --------    d-----w-    C:\FRST
2013-06-08 15:43:59    920472    ----a-w-    c:\program files\mozilla firefox\firefox.exe
.
==================== Find3M  ====================
.
2013-06-08 15:12:08    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-08 15:12:07    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30:06    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-05-07 22:30:05    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29    385024    ----a-w-    c:\windows\system32\html.iec
2013-05-03 01:30:20    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31:19    1876352    ----a-w-    c:\windows\system32\win32k.sys
.
============= FINISH: 20:58:00,70 ===============
 
 
 
 
EDIT:
By the looks of it, it's probably this that's causing the problem:
2013-06-08 15:12:08    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-08 15:12:07    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 28-5-2010 18:08:47
System Uptime: 13-6-2013 20:47:18 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | P43-ES3G
Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2666/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 50,848 GiB free.
D: is FIXED (NTFS) - 147 GiB total, 109,181 GiB free.
E: is FIXED (NTFS) - 118 GiB total, 48,029 GiB free.
F: is FIXED (FAT32) - 33 GiB total, 32,615 GiB free.
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP628: 16-3-2013 13:33:57 - System Checkpoint
RP629: 17-3-2013 19:16:09 - System Checkpoint
RP630: 20-3-2013 10:29:05 - System Checkpoint
RP631: 20-3-2013 17:10:49 - Geïnstalleerd AVG 2013
RP632: 20-3-2013 17:11:23 - Geïnstalleerd AVG 2013
RP633: 20-3-2013 18:17:55 - Verwijderd AVG 2013
RP634: 20-3-2013 18:19:27 - Verwijderd AVG 2013
RP635: 21-3-2013 18:58:55 - Software Distribution Service 3.0
RP636: 22-3-2013 21:25:38 - Software Distribution Service 3.0
RP637: 24-3-2013 12:43:16 - System Checkpoint
RP638: 27-3-2013 12:48:46 - System Checkpoint
RP639: 29-3-2013 17:32:42 - System Checkpoint
RP640: 3-4-2013 19:25:49 - System Checkpoint
RP641: 7-4-2013 17:39:18 - System Checkpoint
RP642: 10-4-2013 12:52:28 - System Checkpoint
RP643: 10-4-2013 19:32:18 - Software Distribution Service 3.0
RP644: 12-4-2013 18:32:54 - System Checkpoint
RP645: 13-4-2013 19:33:17 - System Checkpoint
RP646: 16-4-2013 21:30:15 - System Checkpoint
RP647: 19-4-2013 18:10:15 - System Checkpoint
RP648: 24-4-2013 10:14:08 - System Checkpoint
RP649: 28-4-2013 15:44:06 - System Checkpoint
RP650: 2-5-2013 12:49:24 - Installed DirectX
RP651: 5-5-2013 12:59:28 - System Checkpoint
RP652: 6-5-2013 21:42:31 - System Checkpoint
RP653: 9-5-2013 13:01:06 - System Checkpoint
RP654: 11-5-2013 15:34:51 - System Checkpoint
RP655: 13-5-2013 18:08:28 - Unsigned printer driver EPSON XP-205 207 Series installed.
RP656: 13-5-2013 18:09:18 - Installed EpsonNet Print
RP657: 13-5-2013 18:09:37 - Geïnstalleerd: Epson Event Manager
RP658: 13-5-2013 18:10:48 - Geïnstalleerd: ABBYY FineReader 9.0 Sprint
RP659: 15-5-2013 22:27:50 - Software Distribution Service 3.0
RP660: 17-5-2013 19:27:16 - System Checkpoint
RP661: 20-5-2013 13:45:27 - Verwijderd: ABBYY FineReader 9.0 Sprint
RP662: 20-5-2013 13:46:43 - Verwijderd: Download Navigator
RP663: 20-5-2013 13:47:10 - Verwijderd: Epson Event Manager
RP664: 24-5-2013 12:46:29 - System Checkpoint
RP665: 26-5-2013 14:56:49 - System Checkpoint
RP666: 28-5-2013 18:23:52 - System Checkpoint
RP667: 30-5-2013 21:31:57 - System Checkpoint
RP668: 1-6-2013 13:42:11 - System Checkpoint
RP669: 3-6-2013 20:18:25 - System Checkpoint
RP670: 4-6-2013 20:44:05 - System Checkpoint
RP671: 5-6-2013 21:04:43 - System Checkpoint
RP672: 6-6-2013 21:13:48 - System Checkpoint
RP673: 7-6-2013 23:30:59 - System Checkpoint
RP674: 8-6-2013 14:40:43 - Geïnstalleerd AVG 2013
RP675: 8-6-2013 14:41:16 - Geïnstalleerd AVG 2013
RP676: 8-6-2013 16:15:41 - Verwijderd AVG 2013
RP677: 8-6-2013 16:18:34 - Verwijderd AVG 2013
RP678: 10-6-2013 17:42:57 - Removed Adobe Reader 9.3.
RP679: 10-6-2013 17:44:12 - Removed Java™ 6 Update 33
RP680: 11-6-2013 20:02:36 - System Checkpoint
RP681: 12-6-2013 19:45:25 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
µTorrent
Aangifte inkomstenbelasting 2010
Aangifte inkomstenbelasting 2011
Aangifte inkomstenbelasting 2012
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader XI - Nederlands
Age of Wonders Shadow Magic
Borderlands 2
Canon MP520 series
CCleaner
Chess Mentor 3.0
Compatibility Pack for the 2007 Office system
CPUID HWMonitor 1.16
Deep Shredder 12
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dungeon Siege Legends of Aranna
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.11.00.812
Dynasty Warriors 6
EPSON Scan
EpsonNet Print
GameCenter
Google Chrome Frame
Google Talk (remove only)
Google Update Helper
Heroes of Might and Magic V Collector Edition
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
IrfanView (remove only)
L.A. Noire
Logic3 PC PowerPad (JP283)
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MioMore Desktop 7.50
Mozilla Firefox 21.0 (x86 nl)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Control Panel 285.58
NVIDIA Display Control Panel
NVIDIA Graphics Driver 285.58
NVIDIA Install Application
NVIDIA nView 135.95
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
OGA Notifier 2.0.0048.0
Printer EPSON XP-205 207 Series verwijderen
Pro Cycling Manager - Saison 2006
Pro Cycling Manager - Season 2012 version 1.2.0.0
Pro Evolution Soccer 5
Python 2.7 matplotlib-1.2.0
Python 2.7 NLopt-2.2.4
Python 2.7 numpy-1.6.1
Python 2.7 pysparse-1.1.1
Python 2.7 scipy-0.10.1
Python 2.7 setuptools-0.6c11
Python 2.7.3
R for Windows 3.0.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RoadRash
Rockstar Games Social Club
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype™ 6.3
SopCast 3.2.9
System Requirements Lab for Intel
TeamSpeak 3 Client
TeX Live 2009
TeXnicCenter Version 1.0 Stable RC1
The Witcher 2 - Assassins of Kings Enhanced Edition
TortoiseHg 2.6.2 (x86)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
VLC media player 1.1.11
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Grep 2.3
Windows Internet Explorer 8
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
8-6-2013 21:57:51, error: MRxSmb [8003] - The master browser has received a server announcement from the computer KEES that believes that it is the master browser for the domain on transport NetBT_Tcpip_{85696BCC-FC5E-4EA3-A5D9. The master browser is stopping or an election is being forced.
8-6-2013 16:22:15, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.
.
==== End Of File ===========================

Attached Files


Edited by Oh My, 19 June 2013 - 09:15 AM.
Attach log posted


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:20 AM

Posted 18 June 2013 - 02:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/497967 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Forzaholland

Forzaholland
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:02:20 PM

Posted 19 June 2013 - 02:32 AM

1. The details are in the first post, including some pictures. I have run AVG free, MBAR and some of tools from bleepingcomputer but with no success. See also:  http://www.bleepingcomputer.com/forums/t/497513/ie8-history-fills-itself-with-entries-from-adhelpertrackcom-and-other-sites/

 

2. New DDS log can be found below.

 

3. I have a Windows XP cd somewhere if needed

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Forza at 9:24:48 on 2013-06-19
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1183 [GMT 2:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ENAgent.exe
C:\WINDOWS\system32\EscSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome\application\27.0.1453.110\npchrome_frame.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [TortoiseHgOverlayIconServer] c:\program files\tortoisehg\TortoiseHgOverlayServer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1370702600796
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
TCP: Interfaces\{85696BCC-FC5E-4EA3-A5D9-6D9725FC5985} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome\application\27.0.1453.110\npchrome_frame.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
Hosts: 127.0.0.1 mpa.one.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\forza\application data\mozilla\firefox\profiles\60670lbd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-06-11 18:32; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\forza\application data\mozilla\firefox\profiles\60670lbd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-7-5 63352]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-6-23 20072]
R2 ENAgent;Epson Redirect Agent;c:\windows\system32\ENAgent.exe [2013-5-2 4209856]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2013-5-13 122000]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-9 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-9 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-9 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-4-19 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-28 1691480]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-11-19 1435568]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-5-3 55296]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\wpro_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
.
=============== Created Last 30 ================
.
2013-06-09 18:55:20    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-06-09 18:45:54    --------    d-----w-    c:\documents and settings\forza\application data\Malwarebytes
2013-06-09 18:45:47    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-06-09 18:45:47    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-06-09 18:45:47    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-06-09 18:34:23    --------    d-----w-    C:\FRST
2013-06-08 15:43:59    920472    ----a-w-    c:\program files\mozilla firefox\firefox.exe
.
==================== Find3M  ====================
.
2013-06-08 15:12:08    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-08 15:12:07    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30:06    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-05-07 22:30:05    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29    385024    ----a-w-    c:\windows\system32\html.iec
2013-05-03 01:30:20    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31:19    1876352    ----a-w-    c:\windows\system32\win32k.sys
.
============= FINISH:  9:26:12,67 ===============
 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:20 AM

Posted 19 June 2013 - 08:59 AM

Greetings Forzaholland and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Forzaholland

Forzaholland
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:02:20 PM

Posted 19 June 2013 - 09:06 AM

Thanks in advance, Gary.

 

You can call me Gerlach (which is more or less the Dutch version of Gary :P ).



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:20 AM

Posted 19 June 2013 - 01:15 PM

Greetings Gerlach!

I have asked my wife to call me Gerlach. It just sounds better... :)

Thanks once again for your patience. I have a couple questions. Do you have any issues with Firefox? Are you connecting through a router and if so are there other computers that are having problems?

Please start off by running this program for me.

===================================================

Run TDSSKiller by Kaspersky on XP

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Double-click on TDSSKiller.exe.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


tdss2.png


  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


tdss4.png


  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log

Edited by Oh My, 19 June 2013 - 01:23 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Forzaholland

Forzaholland
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:02:20 PM

Posted 19 June 2013 - 02:13 PM

Hey Gary,

 

The name is usually difficult to pronounce for english people, but i guess it sounds quite funny :). On a more serious note, I'll answer your questions and post corresponding logs now.

 

 

Thanks once again for your patience. I have a couple questions. Do you have any issues with Firefox? Are you connecting through a router and if so are there other computers that are having problems?

 

There are no issues with firefox; only with internet explorer. The computer is connected through a router, but the problem does not occur on the other computer in the network.

 

The TDSSkiller scan only finds one suspicious file: the SPTD driver for daemon tools. Here is the log:

 

21:00:45.0135 4068  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:00:47.0135 4068  ============================================================
21:00:47.0135 4068  Current date / time: 2013/06/19 21:00:47.0135
21:00:47.0135 4068  SystemInfo:
21:00:47.0135 4068  
21:00:47.0135 4068  OS Version: 5.1.2600 ServicePack: 3.0
21:00:47.0135 4068  Product type: Workstation
21:00:47.0135 4068  ComputerName: GERLACH
21:00:47.0135 4068  UserName: Forza
21:00:47.0135 4068  Windows directory: C:\WINDOWS
21:00:47.0135 4068  System windows directory: C:\WINDOWS
21:00:47.0135 4068  Processor architecture: Intel x86
21:00:47.0135 4068  Number of processors: 2
21:00:47.0135 4068  Page size: 0x1000
21:00:47.0135 4068  Boot type: Normal boot
21:00:47.0135 4068  ============================================================
21:00:48.0432 4068  Drive \Device\Harddisk1\DR1 - Size: 0x3A3092D400 (232.76 Gb), SectorSize: 0x200, Cylinders: 0x76B0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:00:48.0432 4068  Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:00:48.0432 4068  ============================================================
21:00:48.0432 4068  \Device\Harddisk1\DR1:
21:00:48.0432 4068  MBR partitions:
21:00:48.0432 4068  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D17DBB0
21:00:48.0432 4068  \Device\Harddisk0\DR0:
21:00:48.0432 4068  MBR partitions:
21:00:48.0448 4068  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12574491, BlocksNum 0xEC52AC2
21:00:48.0463 4068  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x211C6F92, BlocksNum 0x426672F
21:00:48.0463 4068  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12574413
21:00:48.0463 4068  ============================================================
21:00:48.0526 4068  D: <-> \Device\Harddisk0\DR0\Partition3
21:00:48.0870 4068  E: <-> \Device\Harddisk0\DR0\Partition1
21:00:48.0870 4068  F: <-> \Device\Harddisk0\DR0\Partition2
21:00:48.0901 4068  C: <-> \Device\Harddisk1\DR1\Partition1
21:00:48.0932 4068  ============================================================
21:00:48.0932 4068  Initialize success
21:00:48.0932 4068  ============================================================
21:01:01.0745 2324  ============================================================
21:01:01.0745 2324  Scan started
21:01:01.0745 2324  Mode: Manual;
21:01:01.0745 2324  ============================================================
21:01:02.0135 2324  ================ Scan system memory ========================
21:01:02.0135 2324  System memory - ok
21:01:02.0135 2324  ================ Scan services =============================
21:01:02.0323 2324  [ C07D5197410AAB28D0D93F943F59656D ] 6to4            C:\WINDOWS\System32\6to4svc.dll
21:01:02.0323 2324  6to4 - ok
21:01:02.0338 2324  Abiosdsk - ok
21:01:02.0338 2324  abp480n5 - ok
21:01:02.0385 2324  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:01:02.0385 2324  ACPI - ok
21:01:02.0432 2324  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
21:01:02.0432 2324  ACPIEC - ok
21:01:02.0432 2324  adpu160m - ok
21:01:02.0463 2324  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
21:01:02.0463 2324  aec - ok
21:01:02.0510 2324  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
21:01:02.0510 2324  AFD - ok
21:01:02.0510 2324  Aha154x - ok
21:01:02.0510 2324  aic78u2 - ok
21:01:02.0526 2324  aic78xx - ok
21:01:02.0573 2324  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
21:01:02.0573 2324  Alerter - ok
21:01:02.0573 2324  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
21:01:02.0573 2324  ALG - ok
21:01:02.0573 2324  AliIde - ok
21:01:02.0635 2324  [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
21:01:02.0713 2324  Ambfilt - ok
21:01:02.0713 2324  amsint - ok
21:01:02.0745 2324  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
21:01:02.0745 2324  AppMgmt - ok
21:01:02.0745 2324  asc - ok
21:01:02.0745 2324  asc3350p - ok
21:01:02.0760 2324  asc3550 - ok
21:01:02.0885 2324  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:01:02.0917 2324  aspnet_state - ok
21:01:02.0948 2324  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:01:02.0948 2324  AsyncMac - ok
21:01:02.0979 2324  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
21:01:02.0979 2324  atapi - ok
21:01:02.0979 2324  Atdisk - ok
21:01:03.0010 2324  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:01:03.0010 2324  Atmarpc - ok
21:01:03.0042 2324  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
21:01:03.0042 2324  AudioSrv - ok
21:01:03.0088 2324  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
21:01:03.0104 2324  audstub - ok
21:01:03.0151 2324  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
21:01:03.0151 2324  Beep - ok
21:01:03.0213 2324  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
21:01:03.0213 2324  BITS - ok
21:01:03.0276 2324  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
21:01:03.0276 2324  Browser - ok
21:01:03.0307 2324  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
21:01:03.0307 2324  cbidf2k - ok
21:01:03.0323 2324  cd20xrnt - ok
21:01:03.0323 2324  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
21:01:03.0323 2324  Cdaudio - ok
21:01:03.0354 2324  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
21:01:03.0354 2324  Cdfs - ok
21:01:03.0385 2324  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:01:03.0385 2324  Cdrom - ok
21:01:03.0385 2324  Changer - ok
21:01:03.0432 2324  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
21:01:03.0432 2324  CiSvc - ok
21:01:03.0463 2324  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
21:01:03.0463 2324  ClipSrv - ok
21:01:03.0557 2324  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:01:03.0557 2324  clr_optimization_v2.0.50727_32 - ok
21:01:03.0588 2324  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:01:03.0635 2324  clr_optimization_v4.0.30319_32 - ok
21:01:03.0635 2324  CmdIde - ok
21:01:03.0635 2324  COMSysApp - ok
21:01:03.0635 2324  Cpqarray - ok
21:01:03.0713 2324  [ 743C403D20A89DB5ED84C874768B7119 ] cpuz133         C:\WINDOWS\system32\drivers\cpuz133_x32.sys
21:01:03.0713 2324  cpuz133 - ok
21:01:03.0729 2324  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
21:01:03.0745 2324  CryptSvc - ok
21:01:03.0745 2324  dac2w2k - ok
21:01:03.0745 2324  dac960nt - ok
21:01:03.0807 2324  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
21:01:03.0823 2324  DcomLaunch - ok
21:01:03.0870 2324  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
21:01:03.0870 2324  Dhcp - ok
21:01:03.0870 2324  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
21:01:03.0870 2324  Disk - ok
21:01:03.0885 2324  dmadmin - ok
21:01:03.0917 2324  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
21:01:03.0917 2324  dmboot - ok
21:01:03.0948 2324  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
21:01:03.0948 2324  dmio - ok
21:01:03.0979 2324  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
21:01:03.0979 2324  dmload - ok
21:01:03.0995 2324  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
21:01:03.0995 2324  dmserver - ok
21:01:04.0010 2324  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
21:01:04.0010 2324  DMusic - ok
21:01:04.0073 2324  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
21:01:04.0073 2324  Dnscache - ok
21:01:04.0104 2324  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
21:01:04.0120 2324  Dot3svc - ok
21:01:04.0120 2324  dpti2o - ok
21:01:04.0120 2324  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
21:01:04.0120 2324  drmkaud - ok
21:01:04.0135 2324  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
21:01:04.0135 2324  EapHost - ok
21:01:04.0260 2324  [ 1A8FECE5A7FA62602F3DB66DE07EFDF2 ] ENAgent         C:\WINDOWS\system32\ENAgent.exe
21:01:04.0385 2324  ENAgent - ok
21:01:04.0417 2324  [ E9EFCB47B90FD5498695BB7FEFD36CAE ] EpsonScanSvc    C:\WINDOWS\system32\EscSvc.exe
21:01:04.0417 2324  EpsonScanSvc - ok
21:01:04.0432 2324  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
21:01:04.0432 2324  ERSvc - ok
21:01:04.0463 2324  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
21:01:04.0463 2324  Eventlog - ok
21:01:04.0495 2324  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
21:01:04.0495 2324  EventSystem - ok
21:01:04.0526 2324  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
21:01:04.0542 2324  Fastfat - ok
21:01:04.0588 2324  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:01:04.0588 2324  FastUserSwitchingCompatibility - ok
21:01:04.0604 2324  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
21:01:04.0604 2324  Fdc - ok
21:01:04.0604 2324  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
21:01:04.0604 2324  Fips - ok
21:01:04.0620 2324  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:01:04.0620 2324  Flpydisk - ok
21:01:04.0651 2324  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
21:01:04.0651 2324  FltMgr - ok
21:01:04.0745 2324  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:01:04.0745 2324  FontCache3.0.0.0 - ok
21:01:04.0760 2324  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:01:04.0760 2324  Fs_Rec - ok
21:01:04.0776 2324  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:01:04.0776 2324  Ftdisk - ok
21:01:04.0776 2324  gdrv - ok
21:01:04.0792 2324  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:01:04.0792 2324  Gpc - ok
21:01:04.0932 2324  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:01:04.0932 2324  gupdate - ok
21:01:04.0932 2324  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:01:04.0932 2324  gupdatem - ok
21:01:04.0963 2324  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\WINDOWS\system32\DRIVERS\hamachi.sys
21:01:04.0963 2324  hamachi - ok
21:01:05.0073 2324  [ A7EBBF64C7610B7C67D46AE620AADBA3 ] Hamachi2Svc     C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
21:01:05.0104 2324  Hamachi2Svc - ok
21:01:05.0120 2324  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:01:05.0120 2324  HDAudBus - ok
21:01:05.0276 2324  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:01:05.0276 2324  helpsvc - ok
21:01:05.0292 2324  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
21:01:05.0370 2324  HidServ - ok
21:01:05.0385 2324  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:01:05.0385 2324  hidusb - ok
21:01:05.0432 2324  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
21:01:05.0432 2324  hkmsvc - ok
21:01:05.0432 2324  hpn - ok
21:01:05.0479 2324  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
21:01:05.0479 2324  HTTP - ok
21:01:05.0495 2324  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
21:01:05.0495 2324  HTTPFilter - ok
21:01:05.0495 2324  i2omgmt - ok
21:01:05.0495 2324  i2omp - ok
21:01:05.0542 2324  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:01:05.0542 2324  i8042prt - ok
21:01:05.0651 2324  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:01:05.0651 2324  IDriverT - ok
21:01:05.0713 2324  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:01:05.0745 2324  idsvc - ok
21:01:05.0760 2324  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
21:01:05.0760 2324  Imapi - ok
21:01:05.0823 2324  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
21:01:05.0823 2324  ImapiService - ok
21:01:05.0823 2324  ini910u - ok
21:01:05.0995 2324  [ 58DABDEF7A35F9E3AB1FABD2CBAF3D13 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:01:06.0026 2324  IntcAzAudAddService - ok
21:01:06.0042 2324  IntelIde - ok
21:01:06.0088 2324  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:01:06.0088 2324  intelppm - ok
21:01:06.0088 2324  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
21:01:06.0088 2324  Ip6Fw - ok
21:01:06.0135 2324  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:01:06.0135 2324  IpFilterDriver - ok
21:01:06.0167 2324  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:01:06.0167 2324  IpInIp - ok
21:01:06.0167 2324  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:01:06.0167 2324  IpNat - ok
21:01:06.0182 2324  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:01:06.0182 2324  IPSec - ok
21:01:06.0182 2324  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
21:01:06.0182 2324  IRENUM - ok
21:01:06.0213 2324  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:01:06.0213 2324  isapnp - ok
21:01:06.0229 2324  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:01:06.0229 2324  Kbdclass - ok
21:01:06.0276 2324  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:01:06.0276 2324  kbdhid - ok
21:01:06.0292 2324  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
21:01:06.0292 2324  kmixer - ok
21:01:06.0323 2324  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
21:01:06.0323 2324  KSecDD - ok
21:01:06.0354 2324  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
21:01:06.0354 2324  lanmanserver - ok
21:01:06.0417 2324  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:01:06.0417 2324  lanmanworkstation - ok
21:01:06.0417 2324  lbrtfdc - ok
21:01:06.0463 2324  [ 51674C5C2EEFF3D155EDAB0F5EF9A4D2 ] leafnets        C:\WINDOWS\system32\DRIVERS\leafnets.sys
21:01:06.0463 2324  leafnets - ok
21:01:06.0495 2324  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
21:01:06.0495 2324  LmHosts - ok
21:01:06.0510 2324  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
21:01:06.0510 2324  MBAMProtector - ok
21:01:06.0542 2324  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:01:06.0557 2324  MBAMScheduler - ok
21:01:06.0588 2324  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:01:06.0604 2324  MBAMService - ok
21:01:06.0635 2324  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
21:01:06.0635 2324  Messenger - ok
21:01:06.0667 2324  Microsoft SharePoint Workspace Audit Service - ok
21:01:06.0698 2324  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
21:01:06.0698 2324  mnmdd - ok
21:01:06.0745 2324  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
21:01:06.0745 2324  mnmsrvc - ok
21:01:06.0776 2324  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
21:01:06.0776 2324  Modem - ok
21:01:06.0823 2324  [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
21:01:06.0854 2324  Monfilt - ok
21:01:06.0870 2324  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:01:06.0870 2324  Mouclass - ok
21:01:06.0932 2324  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:01:06.0932 2324  mouhid - ok
21:01:06.0932 2324  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
21:01:06.0932 2324  MountMgr - ok
21:01:07.0026 2324  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:01:07.0026 2324  MozillaMaintenance - ok
21:01:07.0026 2324  mraid35x - ok
21:01:07.0026 2324  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:01:07.0042 2324  MRxDAV - ok
21:01:07.0073 2324  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:01:07.0088 2324  MRxSmb - ok
21:01:07.0151 2324  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
21:01:07.0151 2324  MSDTC - ok
21:01:07.0151 2324  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:01:07.0151 2324  Msfs - ok
21:01:07.0151 2324  MSIServer - ok
21:01:07.0198 2324  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:01:07.0198 2324  MSKSSRV - ok
21:01:07.0213 2324  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:01:07.0213 2324  MSPCLOCK - ok
21:01:07.0213 2324  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
21:01:07.0213 2324  MSPQM - ok
21:01:07.0260 2324  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:01:07.0260 2324  mssmbios - ok
21:01:07.0307 2324  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
21:01:07.0307 2324  Mup - ok
21:01:07.0354 2324  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
21:01:07.0370 2324  napagent - ok
21:01:07.0401 2324  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
21:01:07.0401 2324  NDIS - ok
21:01:07.0448 2324  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:01:07.0448 2324  NdisTapi - ok
21:01:07.0463 2324  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:01:07.0463 2324  Ndisuio - ok
21:01:07.0463 2324  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:01:07.0463 2324  NdisWan - ok
21:01:07.0526 2324  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
21:01:07.0526 2324  NDProxy - ok
21:01:07.0573 2324  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
21:01:07.0573 2324  NetBIOS - ok
21:01:07.0635 2324  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
21:01:07.0635 2324  NetBT - ok
21:01:07.0682 2324  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
21:01:07.0682 2324  NetDDE - ok
21:01:07.0682 2324  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
21:01:07.0682 2324  NetDDEdsdm - ok
21:01:07.0729 2324  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
21:01:07.0729 2324  Netlogon - ok
21:01:07.0745 2324  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
21:01:07.0745 2324  Netman - ok
21:01:07.0792 2324  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:01:07.0807 2324  NetTcpPortSharing - ok
21:01:07.0838 2324  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
21:01:07.0838 2324  Nla - ok
21:01:07.0870 2324  [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm              C:\WINDOWS\system32\DRIVERS\NMnt.sys
21:01:07.0870 2324  nm - ok
21:01:07.0901 2324  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:01:07.0901 2324  Npfs - ok
21:01:07.0917 2324  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:01:07.0932 2324  Ntfs - ok
21:01:07.0979 2324  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
21:01:07.0979 2324  NtLmSsp - ok
21:01:08.0026 2324  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
21:01:08.0026 2324  NtmsSvc - ok
21:01:08.0057 2324  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:01:08.0057 2324  Null - ok
21:01:08.0385 2324  [ 4B54DCD6ADEE535DF80F07C59DDD8F14 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:01:08.0667 2324  nv - ok
21:01:08.0713 2324  [ 0573C75A2895D973EA6EF2495620BA49 ] nvsvc           C:\WINDOWS\system32\nvsvc32.exe
21:01:08.0713 2324  nvsvc - ok
21:01:08.0760 2324  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:01:08.0760 2324  NwlnkFlt - ok
21:01:08.0760 2324  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:01:08.0760 2324  NwlnkFwd - ok
21:01:08.0792 2324  [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx        C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
21:01:08.0792 2324  NwlnkIpx - ok
21:01:08.0792 2324  [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb         C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
21:01:08.0792 2324  NwlnkNb - ok
21:01:08.0807 2324  [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx        C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
21:01:08.0807 2324  NwlnkSpx - ok
21:01:08.0854 2324  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:01:08.0854 2324  ose - ok
21:01:09.0026 2324  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:01:09.0167 2324  osppsvc - ok
21:01:09.0213 2324  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
21:01:09.0213 2324  Parport - ok
21:01:09.0229 2324  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
21:01:09.0229 2324  PartMgr - ok
21:01:09.0276 2324  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
21:01:09.0276 2324  ParVdm - ok
21:01:09.0307 2324  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
21:01:09.0307 2324  PCI - ok
21:01:09.0307 2324  PCIDump - ok
21:01:09.0307 2324  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
21:01:09.0307 2324  PCIIde - ok
21:01:09.0354 2324  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
21:01:09.0354 2324  Pcmcia - ok
21:01:09.0370 2324  PDCOMP - ok
21:01:09.0370 2324  PDFRAME - ok
21:01:09.0370 2324  PDRELI - ok
21:01:09.0385 2324  PDRFRAME - ok
21:01:09.0385 2324  perc2 - ok
21:01:09.0385 2324  perc2hib - ok
21:01:09.0401 2324  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
21:01:09.0401 2324  PlugPlay - ok
21:01:09.0401 2324  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
21:01:09.0401 2324  PolicyAgent - ok
21:01:09.0417 2324  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:01:09.0417 2324  PptpMiniport - ok
21:01:09.0417 2324  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:01:09.0417 2324  ProtectedStorage - ok
21:01:09.0417 2324  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
21:01:09.0417 2324  PSched - ok
21:01:09.0417 2324  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:01:09.0417 2324  Ptilink - ok
21:01:09.0432 2324  ql1080 - ok
21:01:09.0432 2324  Ql10wnt - ok
21:01:09.0432 2324  ql12160 - ok
21:01:09.0432 2324  ql1240 - ok
21:01:09.0432 2324  ql1280 - ok
21:01:09.0432 2324  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:01:09.0432 2324  RasAcd - ok
21:01:09.0479 2324  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
21:01:09.0479 2324  RasAuto - ok
21:01:09.0495 2324  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:01:09.0510 2324  Rasl2tp - ok
21:01:09.0557 2324  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:01:09.0557 2324  RasMan - ok
21:01:09.0557 2324  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:01:09.0557 2324  RasPppoe - ok
21:01:09.0557 2324  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
21:01:09.0573 2324  Raspti - ok
21:01:09.0573 2324  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:01:09.0588 2324  Rdbss - ok
21:01:09.0588 2324  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:01:09.0588 2324  RDPCDD - ok
21:01:09.0588 2324  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:01:09.0588 2324  rdpdr - ok
21:01:09.0635 2324  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
21:01:09.0635 2324  RDPWD - ok
21:01:09.0682 2324  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
21:01:09.0682 2324  RDSessMgr - ok
21:01:09.0698 2324  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
21:01:09.0698 2324  redbook - ok
21:01:09.0729 2324  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:01:09.0729 2324  RemoteAccess - ok
21:01:09.0776 2324  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
21:01:09.0776 2324  RemoteRegistry - ok
21:01:09.0776 2324  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
21:01:09.0792 2324  RpcLocator - ok
21:01:09.0807 2324  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
21:01:09.0807 2324  RpcSs - ok
21:01:09.0838 2324  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
21:01:09.0838 2324  RSVP - ok
21:01:09.0870 2324  [ D3578C3806ED545E5C36B2A20F5C0B5A ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:01:09.0870 2324  RTLE8023xp - ok
21:01:09.0885 2324  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
21:01:09.0885 2324  SamSs - ok
21:01:09.0885 2324  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
21:01:09.0885 2324  SCardSvr - ok
21:01:09.0901 2324  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:01:09.0917 2324  Schedule - ok
21:01:09.0963 2324  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:01:09.0963 2324  Secdrv - ok
21:01:09.0995 2324  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
21:01:09.0995 2324  seclogon - ok
21:01:09.0995 2324  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
21:01:09.0995 2324  SENS - ok
21:01:09.0995 2324  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
21:01:09.0995 2324  serenum - ok
21:01:09.0995 2324  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
21:01:09.0995 2324  Serial - ok
21:01:10.0073 2324  [ 9E7DEE11FD5A4355941A45F13C0ED59A ] sfdrv01         C:\WINDOWS\system32\drivers\sfdrv01.sys
21:01:10.0073 2324  sfdrv01 - ok
21:01:10.0088 2324  [ 4D0CE0FADCA29E7DA68CE597AC9010BD ] sfdrv01a        C:\WINDOWS\system32\drivers\sfdrv01a.sys
21:01:10.0088 2324  sfdrv01a - ok
21:01:10.0104 2324  [ DAAD4C099EBF5094D32C373AC1AC0F3C ] sfhlp02         C:\WINDOWS\system32\drivers\sfhlp02.sys
21:01:10.0104 2324  sfhlp02 - ok
21:01:10.0135 2324  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
21:01:10.0135 2324  Sfloppy - ok
21:01:10.0151 2324  [ C526AD307FF1900BC4C864F74553F762 ] sfsync04        C:\WINDOWS\system32\drivers\sfsync04.sys
21:01:10.0151 2324  sfsync04 - ok
21:01:10.0182 2324  [ 5DC0D3978B2C98F370BD8A5C9FD86092 ] sfvfs02         C:\WINDOWS\system32\drivers\sfvfs02.sys
21:01:10.0198 2324  sfvfs02 - ok
21:01:10.0245 2324  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
21:01:10.0245 2324  SharedAccess - ok
21:01:10.0260 2324  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:01:10.0260 2324  ShellHWDetection - ok
21:01:10.0260 2324  Simbad - ok
21:01:10.0323 2324  [ CA355B308AA537C6B9D67CD3A5485AF9 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
21:01:10.0323 2324  SkypeUpdate - ok
21:01:10.0338 2324  Sparrow - ok
21:01:10.0401 2324  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
21:01:10.0401 2324  splitter - ok
21:01:10.0448 2324  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
21:01:10.0448 2324  Spooler - ok
21:01:10.0526 2324  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\WINDOWS\system32\Drivers\sptd.sys
21:01:10.0526 2324  Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
21:01:10.0526 2324  sptd ( LockedFile.Multi.Generic ) - warning
21:01:10.0526 2324  sptd - detected LockedFile.Multi.Generic (1)
21:01:10.0526 2324  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
21:01:10.0526 2324  sr - ok
21:01:10.0588 2324  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
21:01:10.0588 2324  srservice - ok
21:01:10.0635 2324  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
21:01:10.0667 2324  Srv - ok
21:01:10.0682 2324  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
21:01:10.0682 2324  SSDPSRV - ok
21:01:10.0698 2324  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
21:01:10.0698 2324  stisvc - ok
21:01:10.0745 2324  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
21:01:10.0745 2324  swenum - ok
21:01:10.0760 2324  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
21:01:10.0760 2324  swmidi - ok
21:01:10.0760 2324  SwPrv - ok
21:01:10.0760 2324  symc810 - ok
21:01:10.0760 2324  symc8xx - ok
21:01:10.0760 2324  sym_hi - ok
21:01:10.0760 2324  sym_u3 - ok
21:01:10.0776 2324  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
21:01:10.0776 2324  sysaudio - ok
21:01:10.0792 2324  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
21:01:10.0792 2324  SysmonLog - ok
21:01:10.0823 2324  [ 5C7C939BBD03784FE58C80578D065CC9 ] tap0901         C:\WINDOWS\system32\DRIVERS\tap0901.sys
21:01:10.0838 2324  tap0901 - ok
21:01:10.0854 2324  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
21:01:10.0854 2324  TapiSrv - ok
21:01:10.0917 2324  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:01:10.0917 2324  Tcpip - ok
21:01:10.0917 2324  [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6          C:\WINDOWS\system32\DRIVERS\tcpip6.sys
21:01:10.0932 2324  Tcpip6 - ok
21:01:10.0948 2324  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
21:01:10.0948 2324  TDPIPE - ok
21:01:10.0948 2324  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
21:01:10.0948 2324  TDTCP - ok
21:01:10.0979 2324  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
21:01:10.0979 2324  TermDD - ok
21:01:10.0995 2324  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
21:01:10.0995 2324  TermService - ok
21:01:11.0026 2324  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
21:01:11.0026 2324  Themes - ok
21:01:11.0057 2324  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
21:01:11.0057 2324  TlntSvr - ok
21:01:11.0057 2324  TosIde - ok
21:01:11.0088 2324  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
21:01:11.0088 2324  TrkWks - ok
21:01:11.0104 2324  [ 8F861EDA21C05857EB8197300A92501C ] tunmp           C:\WINDOWS\system32\DRIVERS\tunmp.sys
21:01:11.0104 2324  tunmp - ok
21:01:11.0120 2324  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
21:01:11.0120 2324  Udfs - ok
21:01:11.0120 2324  ultra - ok
21:01:11.0167 2324  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
21:01:11.0182 2324  Update - ok
21:01:11.0198 2324  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:01:11.0213 2324  upnphost - ok
21:01:11.0245 2324  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
21:01:11.0245 2324  UPS - ok
21:01:11.0292 2324  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:01:11.0292 2324  usbccgp - ok
21:01:11.0354 2324  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:01:11.0354 2324  usbehci - ok
21:01:11.0401 2324  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:01:11.0401 2324  usbhub - ok
21:01:11.0401 2324  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:01:11.0401 2324  usbprint - ok
21:01:11.0417 2324  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:01:11.0417 2324  usbscan - ok
21:01:11.0432 2324  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:01:11.0432 2324  USBSTOR - ok
21:01:11.0432 2324  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:01:11.0432 2324  usbuhci - ok
21:01:11.0479 2324  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
21:01:11.0479 2324  VgaSave - ok
21:01:11.0479 2324  ViaIde - ok
21:01:11.0495 2324  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
21:01:11.0495 2324  VolSnap - ok
21:01:11.0542 2324  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
21:01:11.0542 2324  VSS - ok
21:01:11.0557 2324  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
21:01:11.0557 2324  W32Time - ok
21:01:11.0573 2324  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:01:11.0573 2324  Wanarp - ok
21:01:11.0573 2324  WDICA - ok
21:01:11.0588 2324  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
21:01:11.0588 2324  wdmaud - ok
21:01:11.0588 2324  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
21:01:11.0588 2324  WebClient - ok
21:01:11.0698 2324  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
21:01:11.0698 2324  winmgmt - ok
21:01:11.0745 2324  [ 36678803A8030EE9A771935CFC1848BD ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
21:01:11.0745 2324  WmdmPmSN - ok
21:01:11.0792 2324  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
21:01:11.0792 2324  Wmi - ok
21:01:11.0807 2324  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:01:11.0807 2324  WmiApSrv - ok
21:01:11.0854 2324  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
21:01:11.0854 2324  WpdUsb - ok
21:01:11.0917 2324  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:01:11.0932 2324  WPFFontCache_v0400 - ok
21:01:11.0932 2324  WPRO_40_1123 - ok
21:01:11.0995 2324  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
21:01:11.0995 2324  wscsvc - ok
21:01:11.0995 2324  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
21:01:11.0995 2324  wuauserv - ok
21:01:12.0073 2324  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:01:12.0073 2324  WudfPf - ok
21:01:12.0088 2324  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:01:12.0104 2324  WudfRd - ok
21:01:12.0120 2324  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
21:01:12.0120 2324  WudfSvc - ok
21:01:12.0198 2324  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
21:01:12.0213 2324  WZCSVC - ok
21:01:12.0260 2324  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
21:01:12.0260 2324  xmlprov - ok
21:01:12.0260 2324  ================ Scan global ===============================
21:01:12.0307 2324  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:01:12.0354 2324  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
21:01:12.0370 2324  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
21:01:12.0432 2324  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:01:12.0432 2324  [Global] - ok
21:01:12.0432 2324  ================ Scan MBR ==================================
21:01:12.0448 2324  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
21:01:12.0604 2324  \Device\Harddisk1\DR1 - ok
21:01:12.0604 2324  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:01:12.0620 2324  \Device\Harddisk0\DR0 - ok
21:01:12.0620 2324  ================ Scan VBR ==================================
21:01:12.0620 2324  [ 8DCE0A3D7C646852632507EC96DB8863 ] \Device\Harddisk1\DR1\Partition1
21:01:12.0620 2324  \Device\Harddisk1\DR1\Partition1 - ok
21:01:12.0620 2324  [ C17F049DCE9B41BE0B11D9A514E10BC9 ] \Device\Harddisk0\DR0\Partition1
21:01:12.0620 2324  \Device\Harddisk0\DR0\Partition1 - ok
21:01:12.0620 2324  [ F398C677C0CA9A8EBBD4C5A5B267A662 ] \Device\Harddisk0\DR0\Partition2
21:01:12.0620 2324  \Device\Harddisk0\DR0\Partition2 - ok
21:01:12.0620 2324  [ C05BE299972CB3314C8B7D45B26770D6 ] \Device\Harddisk0\DR0\Partition3
21:01:12.0620 2324  \Device\Harddisk0\DR0\Partition3 - ok
21:01:12.0620 2324  ============================================================
21:01:12.0620 2324  Scan finished
21:01:12.0620 2324  ============================================================
21:01:12.0620 2276  Detected object count: 1
21:01:12.0620 2276  Actual detected object count: 1
21:02:28.0932 2276  sptd ( LockedFile.Multi.Generic ) - skipped by user
21:02:28.0932 2276  sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:02:39.0807 4084  Deinitialize success
 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:20 AM

Posted 19 June 2013 - 02:48 PM

Greetings,

Thank you for the answers. Please do this for me.

===================================================

Launching Internet Explorer Without Add-ons from Run Box

--------------------
  • Click Start, then Run
  • Type in iexplore.exe -extoff and press Enter
  • Test Internet Explorer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Forzaholland

Forzaholland
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:02:20 PM

Posted 19 June 2013 - 02:52 PM

Results?

 

 

Still experiencing the problem. Three iexplore processes are active and after a while the history starts to fill itself again.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:20 AM

Posted 19 June 2013 - 03:13 PM

Greetings,

Now I would like you to run this please.

===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer

ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware
----------

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

----------

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Forzaholland

Forzaholland
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:02:20 PM

Posted 19 June 2013 - 04:38 PM

Hey Gary,

 

It seems like combofix did the trick. Internet explorer seems to work normally again. Thanks a lot. I'll check a bit more thoroughly tomorrow, first I need to get some sleep.

 

From the log I can't really see what the problem was. Do you know? I reckon it has something to do with the flash player installed at June 08.

 

Here's the log:

 

ComboFix 13-06-18.02 - Forza 19-06-2013  23:13:47.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1130 [GMT 2:00]
Running from: c:\documents and settings\Forza\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Forza\My Documents\Downloads\Adobe Photoshop 7\Desktop_.ini
c:\documents and settings\Forza\WINDOWS
c:\windows\system32\UNWISE.EXE
d:\windows\OPTIONS\CABS\_desktop.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-19 to 2013-06-19  )))))))))))))))))))))))))))))))
.
.
2013-06-09 18:55 . 2013-06-09 20:15    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-09 18:45 . 2013-06-09 18:45    --------    d-----w-    c:\documents and settings\Forza\Application Data\Malwarebytes
2013-06-09 18:45 . 2013-06-09 18:45    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-06-09 18:45 . 2013-06-09 18:45    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2013-06-09 18:45 . 2013-04-04 12:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-06-09 18:34 . 2013-06-09 18:34    --------    d-----w-    C:\FRST
2013-05-25 09:36 . 2013-05-25 09:36    --------    d-----w-    c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-08 15:12 . 2012-11-24 12:20    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-08 15:12 . 2012-11-24 12:20    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30 . 2004-08-04 12:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2004-08-04 12:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2004-08-04 12:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2004-08-04 12:00    385024    ----a-w-    c:\windows\system32\html.iec
2013-05-03 01:30 . 2004-08-04 12:00    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-03 22:59    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31 . 2004-08-04 12:00    1876352    ----a-w-    c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-10-14 20064872]
"TortoiseHgOverlayIconServer"="c:\program files\TortoiseHg\TortoiseHgOverlayServer.exe" [2013-01-02 47880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 18:43    926896    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget\P0000000000000000]
2012-02-29 05:03    249440    ----a-w-    c:\windows\system32\spool\drivers\w32x86\3\E_FATIILE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget\P0000000000000001]
2012-02-29 05:03    249440    ----a-w-    c:\windows\system32\spool\drivers\w32x86\3\E_FATIILE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22    3739648    ----a-w-    c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-11-19 20:48    2254768    ----a-w-    c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-10-08 04:50    16744256    ----a-w-    c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-10-08 04:50    203072    ----a-w-    c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-10-08 04:50    1632360    ----a-w-    c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-04-19 13:19    18678376    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Games\\DDO Unlimited\\dndclient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Games\\DDO Unlimited\\dndlauncher.exe"=
"c:\\Games\\DDO Unlimited\\TurbineLauncher.exe"=
"c:\\Games\\DDO Unlimited\\TurbineInvoker.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Games\\Dungeon Siege\\DSLOA.exe"=
"c:\\Games\\ZEQ2Lite\\Build\\ZEQ2.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Games\\SVN\\ZEQ2.exe"=
"e:\\Gamebackup\\Chess\\chess.exe"=
"c:\\Games\\ZEQ2-Lite\\ZEQ2.exe"=
"c:\\Games\\ZEQ2-Lite\\ZEQ2Dedicated.exe"=
"c:\\Games\\lanoire\\LANoire.exe"=
"c:\\Program Files\\Rockstar Games\\Social Club\\renderer.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Games\\The Witcher 2 Enhanced Edition\\bin\\witcher2.exe"=
"c:\\Games\\MW3mp\\Call of Duty Modern Warfare 3\\iw5mp.exe"=
"c:\\Games\\MW3mp\\Call of Duty Modern Warfare 3\\iw5sp.exe"=
"c:\\Games\\Borderlands 2\\Binaries\\Win32\\Borderlands2.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Games\\Hommv\\bin\\H5_Game.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Saison 2006\\PCM.exe"=
"c:\\Games\\Pro Cycling Manager - Season 2012\\PCM.exe"=
"c:\\Games\\Pro Cycling Manager - Season 2012\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Games\\Pro Cycling Manager - Saison 2006\\PCM.exe"=
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5-7-2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7-7-2010 12:29 691696]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [23-6-2010 17:09 20072]
R2 ENAgent;Epson Redirect Agent;c:\windows\system32\ENAgent.exe [2-5-2013 15:27 4209856]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [13-5-2013 18:03 122000]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9-6-2013 20:45 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9-6-2013 20:45 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9-6-2013 20:45 22856]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [19-4-2013 15:14 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28-5-2010 18:25 1691480]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [19-11-2012 22:48 1435568]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [3-5-2007 1:48 55296]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 23254994
*NewlyCreated* - 81610079
*Deregistered* - 23254994
*Deregistered* - 81610079
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-19 c:\windows\Tasks\User_Feed_Synchronization-{50B63CCD-BD4F-478C-B276-8965027908DA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.nl/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Forza\Application Data\Mozilla\Firefox\Profiles\60670lbd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-06-11 18:32; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Forza\Application Data\Mozilla\Firefox\Profiles\60670lbd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-Logic3 PC PowerPad (JP283) - c:\windows\system32\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-19 23:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-06-19  23:29:15
ComboFix-quarantined-files.txt  2013-06-19 21:29
.
Pre-Run: 75.463.180.288 bytes free
Post-Run: 75.998.973.952 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FB0E952E1D186045E2E2F31E6715677F
8F558EB6672622401DA993E1E865C861
 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:20 AM

Posted 19 June 2013 - 05:38 PM

Good Morning Gerlach,

It is hard to tell exactly what it was without actually examining the file fingerprint.

We still have just a bit of work to do but it is necessary to caution you about one program you have on your computer.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Update Adobe Reader

--------------------

Your Adobe Reader is out of date and a security concern. Here is some excellent information and a video which explains the importance of minimizing the risk of infection through compromised PDF files.

Adobe Reader Update
  • Please download Adobe Reader
  • After installing the latest Adobe Reader, uninstall all previous versions through Add/Remove Programs.
  • If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed Uncheck the box which says Also Download Adobe Photoshop® Album Starter Edition
===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to update Java and remove any existing older versions:
  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck Install the Ask Toolbar and make Ask my default search provider
  • Click Next
  • You should be notified You have successfully installed Java
Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.

To disable the JQS service if you don't want to use it:
  • Click Start, Control Panel, Java, then Advanced
  • Scroll down to Miscellaneous then uncheck the box for Java Quick Starter.
  • Click OK and reboot your computer.
===================================================

Rerun Malwarebytes (MBAM)

--------------------

Temporarily disable your antivirus program.
  • Please locate your Malwarebytes icon 1208__malwarebytes.png and launch the program
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Adobe and Java update properly?
  • Malwarebytes results
  • ESET results
  • How is your computer running. Any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Forzaholland

Forzaholland
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:02:20 PM

Posted 20 June 2013 - 12:06 PM

Good Morning Gerlach,

It is hard to tell exactly what it was without actually examining the file fingerprint.

We still have just a bit of work to do but it is necessary to caution you about one program you have on your computer.

===================================================

P2P Warning
 

 

I know the risks of p2p file sharing. I select only torrent files from "trusted users" with positive comments, which helps to weed out most of the bad stuff.

 

 

Update Adobe Reader

--------------------


Update Java

------------------

 

 

Done.

 

 

 


Rerun Malwarebytes (MBAM)

--------------------
 

 

Done. Here is the log:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.20.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Forza :: GERLACH [administrator]

Protection: Enabled

20-6-2013 18:41:40
mbam-log-2013-06-20 (18-41-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199595
Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 


ESET Online Scanner

--------------------

 

In progress.

 

 


  • Did Adobe and Java update properly?
  • Malwarebytes results
  • ESET results
  • How is your computer running. Any issues?

 

 

Adobe and java updated properly. I'm still scanning with ESET; will post that later; gonna watch a movie in the meanwhile :).

 

My computer seems to run fine, mostly. There are a couple of small issues. Since my hosts file was reset by combofix I had some problems with genuine "advantage", but that is fixed now. Furthermore, my internet explorer does not seem to display all images, which is probably related to forgetting to reboot after installing java. Once the ESET scan is completed I will reboot.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:20 AM

Posted 20 June 2013 - 12:13 PM

Excellent, keep me posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Forzaholland

Forzaholland
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:02:20 PM

Posted 20 June 2013 - 02:53 PM

Ah, I did have a couple of threats:

 

C:\Documents and Settings\Forza\My Documents\Downloads\Pro Cycling Manager 2006 [PCCD][www.newpct.com]\unl-pcm06pt.rar    probably a variant of Win32/Bifrose.NEYUXXV trojan    deleted - quarantined
E:\Muziek\Portishead - Third\07 Deep Water.mp3    a variant of WMA/TrojanDownloader.GetCodec.gen trojan    cleaned - quarantined
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users