Jump to content

Unable to download MBAM, probably infected


Recommended Posts

I am using an ASUS netbook running XP SP3, 1GB RAM. There was no working antivirus on the machine when I bought it used. I downloaded Malwarebytes Free and, although it seemed to install properly and the update confirmation window said it successfully updated from version 000.000.00.0 to today's version (I'm making up the number of digits, but it was all zeroes) after I clicked OK, I got the "database missing or corrupt" message and the invitation to download again, which I did. This resulted in the same scenario. I searched for others with this problem in the General forum and followed the instructions I found - downloaded and ran mbam-clean, rebooted, re-downloaded mbam from Major Geeks (which, incidentally, is where I downloaded it from the first time) and nothing changed. I was then advised that the likely reason was infection and to come to this forum for help with the attached files in hand, so to speak.

FYI, Minute Timer is a tiny program I've used for years, and the registry entry is probably unrelated. Sincere thanks to @AdvancedSetup for his advice thus far.

attach.txtdds.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24

Run by User at 13:21:54 on 2012-05-31

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.219 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Asus\EeePC ACPI\AsTray.exe

C:\Program Files\Asus\EeePC ACPI\AsAcpiSvr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Atheros\ACU.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\EeeRotate\EeeRotate.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.somerset.lib.nj.us/

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [AsusTray] c:\program files\asus\eeepc acpi\AsTray.exe

mRun: [AsusACPIServer] c:\program files\asus\eeepc acpi\AsAcpiSvr.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\user\startm~1\programs\startup\eeerot~1.lnk - c:\program files\eeerotate\EeeRotate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1.lnk - c:\program files\asus\asus os cleaner\AsOSCleaner.exe

uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

uPolicies-explorer: NoResolveTrack = 1 (0x1)

mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

dPolicies-explorer: NoResolveTrack = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214610329727

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{D1D29ADB-B327-4C73-A359-11EC0C17DAF3} : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{DC5F7EC1-19A5-4159-AF97-EF30910D744A} : DhcpNameServer = 10.0.0.1

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\8ocbmjjx.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://delicious.com/zigweegwee?settagview=cloud|http://www.spurgeon.org/morn_eve/this_morning.cgi|http://www.biblegateway.com/quicksearch/?quicksearch=absent+from+the+body&qs_version=50|http://mail.google.com/mail/?shva=1#inbox|http://webmail.verizon.net/signin/|https://twitter.com/|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1221003168&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fmail%2FTodayLight.aspx%3Fn%3D521720840&id=64855&lc=1033|http://www.lulu.com/browse/preview.php?fCID=2762666|http://www.last.fm/listen/user/zigweegwee/personal#pane=simpleStarter

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=

FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\8ocbmjjx.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\np-mswmp.dll

FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\8ocbmjjx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

FF - plugin: d:\program files\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: d:\program files\java\jre6\bin\new_plugin\npjp2.dll

.

============= SERVICES / DRIVERS ===============

.

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-31 40776]

S2 znxrpr;Time Shell;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-22 257696]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 129976]

.

=============== Created Last 30 ================

.

2012-05-31 15:51:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-05-31 15:51:54 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes

2012-05-31 15:51:29 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-05-31 15:51:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-31 15:51:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2012-05-04 22:46:48 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-04 22:46:48 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2003-04-24 19:49:00 1119232 ----a-w- c:\program files\gpmonitor.exe

2003-04-24 19:48:56 304128 ----a-w- c:\program files\tsscalling.exe

2003-04-24 19:48:54 204288 ----a-w- c:\program files\fcsetup.exe

2003-04-18 22:08:58 113664 ----a-w- c:\program files\lsview.exe

2003-04-18 22:08:24 23552 ----a-w- c:\program files\tsctst.exe

2003-04-18 22:08:24 12800 ----a-w- c:\program files\lsreport.exe

2003-04-18 22:08:20 107008 ----a-w- c:\program files\mstlsapi.dll

2003-04-18 22:06:46 38912 ----a-w- c:\program files\list.exe

2003-04-18 22:05:56 9728 ----a-w- c:\program files\mcast.exe

2003-04-18 22:03:12 76288 ----a-w- c:\program files\rcontrolad.exe

2003-04-18 21:57:18 180736 ----a-w- c:\program files\gpotool.exe

2003-04-18 21:55:54 2560 ----a-w- c:\program files\servmess.dll

2003-04-18 21:55:10 30152 ----a-w- c:\program files\wins.dll

2003-04-18 21:55:08 82 ----a-w- c:\program files\tcmon.bat

2003-04-18 21:55:08 1409024 ----a-w- c:\program files\msvbvm60.dll

2003-04-18 21:55:04 32768 ----a-w- c:\program files\showpriv.exe

2003-04-18 21:55:04 2104 ----a-w- c:\program files\rqs_setup.bat

2003-04-18 21:55:02 40448 ----a-w- c:\program files\rpingc.exe

2003-04-18 21:55:02 348160 ----a-w- c:\program files\remapkey.exe

2003-04-18 21:55:02 29696 ----a-w- c:\program files\rpings.exe

2003-04-18 21:55:00 6856 ----a-w- c:\program files\queryad.vbs

2003-04-18 21:53:42 174080 ----a-w- c:\program files\mibcc.exe

2003-04-18 21:52:30 40960 ----a-w- c:\program files\qtcp.exe

2003-04-18 21:52:28 16384 ----a-w- c:\program files\atmarp.exe

2003-04-18 21:52:28 13312 ----a-w- c:\program files\atmlane.exe

2003-04-18 21:52:24 356352 ----a-w- c:\program files\uddicatschemeeditor.exe

2003-04-18 21:52:18 573440 ----a-w- c:\program files\uddidataexport.exe

2003-04-18 21:52:08 98304 ----a-w- c:\program files\uddiconfig.exe

2003-04-18 21:51:40 44544 ----a-w- c:\program files\dnsdiag.exe

2003-04-18 21:51:08 52736 ----a-w- c:\program files\ifilttst.exe

2003-04-18 21:51:00 25088 ----a-w- c:\program files\winhttptracecfg.exe

2003-04-18 21:50:58 14848 ----a-w- c:\program files\winhttpcertcfg.exe

2003-04-18 21:50:56 39936 ----a-w- c:\program files\kerbtray.exe

2003-04-18 21:50:56 31744 ----a-w- c:\program files\regview.exe

2003-04-18 21:50:54 8192 ----a-w- c:\program files\moveuser.exe

2003-04-18 21:50:46 54784 ----a-w- c:\program files\delprof.exe

2003-04-18 21:50:46 124416 ----a-w- c:\program files\adlb.exe

2003-04-18 21:48:02 200192 ----a-w- c:\program files\diskraid.exe

2003-04-18 21:47:38 46592 ----a-w- c:\program files\rpccfg.exe

2003-04-18 21:47:34 64000 ----a-w- c:\program files\dh.exe

2003-04-18 21:47:34 25088 ----a-w- c:\program files\oh.exe

2003-04-18 21:47:06 18944 ----a-w- c:\program files\vrfydsk.exe

2003-04-18 21:47:02 104960 ----a-w- c:\program files\kernrate.exe

2003-04-18 21:46:58 23040 ----a-w- c:\program files\vadump.exe

2003-04-18 21:46:56 20480 ----a-w- c:\program files\showperf.exe

2003-04-18 21:46:54 5632 ----a-w- c:\program files\intfiltr.sys

2003-04-18 21:46:54 35328 ----a-w- c:\program files\intfiltr.exe

2003-04-18 21:46:52 330 ----a-w- c:\program files\intfiltr.reg

2003-04-18 21:46:50 40448 ----a-w- c:\program files\confdisk.exe

2003-04-18 21:46:48 45568 ----a-w- c:\program files\csccmd.exe

2003-04-18 21:46:26 39936 ----a-w- c:\program files\compress.exe

.

============= FINISH: 13:22:52.59 ===============

Link to post
Share on other sites

Hello and welcome to the forums

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Make sure that the option "Remove found threats" is Unchecked

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Thank you. I followed your instructions and here is the log. The only question I have is, should I have let the program uninstall itself?

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=d4ac3450ed91704183f652d17731c3e3

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-06-04 12:18:42

# local_time=2012-06-03 08:18:42 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=30900

# found=1

# cleaned=0

# scan_time=2856

D:\Documents and Settings\User\My Documents\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

D:\Documents and Settings\User\My Documents\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application (unable to clean)

Pretty sure that's a False Positive that belongs to Advanced SystemCare.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Here is the log. Except for being unable to properly download mbam, the machine works fine. I just wanted to be properly protected.

ComboFix 12-06-04.02 - User 06/04/2012 20:52:04.1.1 - x86

Running from: d:\documents and settings\User\My Documents\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\User\Application Data\C6A46E

D:\Setup.exe

.

c:\windows\system32\drivers\usbehci.sys . . . is missing!!

.

.

((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))

.

.

2012-06-03 23:18 . 2012-06-03 23:18 -------- d-----w- c:\program files\ESET

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-04 22:46 . 2012-04-22 19:14 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-04 22:46 . 2011-05-16 18:15 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2003-04-24 19:49 . 2003-04-24 19:49 1119232 ----a-w- c:\program files\gpmonitor.exe

2003-04-24 19:48 . 2003-04-24 19:48 304128 ----a-w- c:\program files\tsscalling.exe

2003-04-24 19:48 . 2003-04-24 19:48 204288 ----a-w- c:\program files\fcsetup.exe

2003-04-18 22:08 . 2003-04-18 22:08 113664 ----a-w- c:\program files\lsview.exe

2003-04-18 22:08 . 2003-04-18 22:08 23552 ----a-w- c:\program files\tsctst.exe

2003-04-18 22:08 . 2003-04-18 22:08 12800 ----a-w- c:\program files\lsreport.exe

2003-04-18 22:08 . 2003-04-18 22:08 107008 ----a-w- c:\program files\mstlsapi.dll

2003-04-18 22:07 . 2003-04-18 22:07 29184 ----a-w- c:\program files\custreasonedit.exe

2003-04-18 22:07 . 2003-04-18 22:07 275436 ----a-w- c:\program files\samplereasons.reg

2003-04-18 22:07 . 2003-04-18 22:07 14336 ----a-w- c:\program files\pfmon.exe

2003-04-18 22:07 . 2003-04-18 22:07 68608 ----a-w- c:\program files\memtriage.exe

2003-04-18 22:07 . 2003-04-18 22:07 10752 ----a-w- c:\program files\pmon.exe

2003-04-18 22:07 . 2003-04-18 22:07 290816 ----a-w- c:\program files\msdis130.dll

2003-04-18 22:07 . 2003-04-18 22:07 487424 ----a-w- c:\program files\msvcp70.dll

2003-04-18 22:07 . 2003-04-18 22:07 344064 ----a-w- c:\program files\msvcr70.dll

2003-04-18 22:07 . 2003-04-18 22:07 9728 ----a-w- c:\program files\empty.exe

2003-04-18 22:07 . 2003-04-18 22:07 6656 ----a-w- c:\program files\tail.exe

2003-04-18 22:07 . 2003-04-18 22:07 15360 ----a-w- c:\program files\dvdburn.exe

2003-04-18 22:07 . 2003-04-18 22:07 13824 ----a-w- c:\program files\cdburn.exe

2003-04-18 22:07 . 2003-04-18 22:07 36864 ----a-w- c:\program files\regini.exe

2003-04-18 22:07 . 2003-04-18 22:07 13312 ----a-w- c:\program files\timeit.exe

2003-04-18 22:07 . 2003-04-18 22:07 33792 ----a-w- c:\program files\ntimer.exe

2003-04-18 22:07 . 2003-04-18 22:07 146432 ----a-w- c:\program files\oleview.exe

2003-04-18 22:07 . 2003-04-18 22:07 135680 ----a-w- c:\program files\iviewers.dll

2003-04-18 22:06 . 2003-04-18 22:06 38912 ----a-w- c:\program files\list.exe

2003-04-18 22:06 . 2003-04-18 22:06 9728 ----a-w- c:\program files\consume.exe

2003-04-18 22:06 . 2003-04-18 22:06 9728 ----a-w- c:\program files\clearmem.exe

2003-04-18 22:06 . 2003-04-18 22:06 102912 ----a-w- c:\program files\winpolicies.exe

2003-04-18 22:06 . 2003-04-18 22:06 58368 ----a-w- c:\program files\volrest.exe

2003-04-18 22:06 . 2003-04-18 22:06 37376 ----a-w- c:\program files\volperf.exe

2003-04-18 22:06 . 2003-04-18 22:06 12800 ----a-w- c:\program files\winexit.scr

2003-04-18 22:06 . 2003-04-18 22:06 9216 ----a-w- c:\program files\timezone.exe

2003-04-18 22:06 . 2003-04-18 22:06 83968 ----a-w- c:\program files\tccom.exe

2003-04-18 22:06 . 2003-04-18 22:06 7680 ----a-w- c:\program files\volperf.dll

2003-04-18 22:06 . 2003-04-18 22:06 89088 ----a-w- c:\program files\ssdformat.exe

2003-04-18 22:06 . 2003-04-18 22:06 248320 ----a-w- c:\program files\subinacl.exe

2003-04-18 22:06 . 2003-04-18 22:06 8192 ----a-w- c:\program files\srvany.exe

2003-04-18 22:06 . 2003-04-18 22:06 5120 ----a-w- c:\program files\srvcheck.exe

2003-04-18 22:06 . 2003-04-18 22:06 39936 ----a-w- c:\program files\srvinfo.exe

2003-04-18 22:06 . 2003-04-18 22:06 147456 ----a-w- c:\program files\sonar.exe

2003-04-18 22:06 . 2003-04-18 22:06 5120 ----a-w- c:\program files\sleep.exe

2003-04-18 22:06 . 2003-04-18 22:06 8192 ----a-w- c:\program files\rqc.exe

2003-04-18 22:06 . 2003-04-18 22:06 6144 ----a-w- c:\program files\rqsmsg.dll

2003-04-18 22:06 . 2003-04-18 22:06 33280 ----a-w- c:\program files\rpcping.exe

2003-04-18 22:06 . 2003-04-18 22:06 20992 ----a-w- c:\program files\rqs.exe

2003-04-18 22:06 . 2003-04-18 22:06 15872 ----a-w- c:\program files\showacls.exe

2003-04-18 22:06 . 2003-04-18 22:06 79872 ----a-w- c:\program files\robocopy.exe

2003-04-18 22:06 . 2003-04-18 22:06 44544 ----a-w- c:\program files\reportgen.exe

2003-04-18 22:06 . 2003-04-18 22:06 14336 ----a-w- c:\program files\rpcdump.exe

2003-04-18 22:06 . 2003-04-18 22:06 97280 ----a-w- c:\program files\prnadmin.dll

2003-04-18 22:06 . 2003-04-18 22:06 81408 ----a-w- c:\program files\rassrvmon.exe

2003-04-18 22:06 . 2003-04-18 22:06 19456 ----a-w- c:\program files\clusfileport.dll

2003-04-18 22:06 . 2003-04-18 22:06 16896 ----a-w- c:\program files\qgrep.exe

2003-04-18 22:06 . 2003-04-18 22:06 89088 ----a-w- c:\program files\printdriverinfo.exe

2003-04-18 22:06 . 2003-04-18 22:06 40960 ----a-w- c:\program files\setprinter.exe

2003-04-18 22:06 . 2003-04-18 22:06 16896 ----a-w- c:\program files\splinfo.exe

2003-04-18 22:06 . 2003-04-18 22:06 93696 ----a-w- c:\program files\cleanspl.exe

2003-04-18 22:06 . 2003-04-18 22:06 6656 ----a-w- c:\program files\pathman.exe

2003-04-18 22:06 . 2003-04-18 22:06 4608 ----a-w- c:\program files\permcopy.exe

2003-04-18 22:06 . 2003-04-18 22:06 32256 ----a-w- c:\program files\ntrights.exe

2003-04-18 22:06 . 2003-04-18 22:06 15360 ----a-w- c:\program files\perms.exe

2003-04-18 22:06 . 2003-04-18 22:06 32256 ----a-w- c:\program files\now.exe

2003-04-18 22:06 . 2003-04-18 22:06 304128 ----a-w- c:\program files\usrmgr.exe

2003-04-18 22:06 . 2003-04-18 22:06 20992 ----a-w- c:\program files\nlsinfo.exe

2003-04-18 22:06 . 2003-04-18 22:06 179200 ----a-w- c:\program files\srvmgr.exe

2003-04-18 22:05 . 2003-04-18 22:05 9728 ----a-w- c:\program files\mcast.exe

2003-04-18 22:05 . 2003-04-18 22:05 14336 ----a-w- c:\program files\memmonitor.exe

2003-04-18 22:05 . 2003-04-18 22:05 84992 ----a-w- c:\program files\krt.exe

2003-04-18 22:05 . 2003-04-18 22:05 52224 ----a-w- c:\program files\lockoutstatus.exe

2003-04-18 22:05 . 2003-04-18 22:05 4608 ----a-w- c:\program files\logtime.exe

2003-04-18 22:05 . 2003-04-18 22:05 35840 ----a-w- c:\program files\linkspeed.exe

2003-04-18 22:05 . 2003-04-18 22:05 11264 ----a-w- c:\program files\linkd.exe

2003-04-18 22:05 . 2003-04-18 22:05 7168 ----a-w- c:\program files\crutredir.dll

2003-04-18 22:05 . 2003-04-18 22:05 32256 ----a-w- c:\program files\instsrv.exe

2003-04-18 22:05 . 2003-04-18 22:05 29184 ----a-w- c:\program files\klist.exe

2003-04-18 22:05 . 2003-04-18 22:05 16384 ----a-w- c:\program files\iniman.exe

2003-04-18 22:05 . 2003-04-18 22:05 5632 ----a-w- c:\program files\ifmember.exe

2003-04-18 22:05 . 2003-04-18 22:05 22528 ----a-w- c:\program files\hlscan.exe

2003-04-18 22:05 . 2003-04-18 22:05 8704 ----a-w- c:\program files\instcm.exe

2003-04-18 22:05 . 2003-04-18 22:05 14336 ----a-w- c:\program files\getcm.exe

2003-04-18 22:05 . 2003-04-18 22:05 115712 ----a-w- c:\program files\eventcombmt.exe

2003-04-18 22:05 . 2003-04-18 22:05 16896 ----a-w- c:\program files\diskuse.exe

2003-04-18 22:05 . 2003-04-18 22:05 5632 ----a-w- c:\program files\creatfil.exe

2003-04-18 22:05 . 2003-04-18 22:05 34816 ----a-w- c:\program files\mqcatch.exe

2003-04-18 22:05 . 2003-04-18 22:05 31232 ----a-w- c:\program files\mqcast.exe

2003-04-18 22:05 . 2003-04-18 22:05 28672 ----a-w- c:\program files\chknic.exe

2003-04-18 22:05 . 2003-04-18 22:05 28160 ----a-w- c:\program files\cmgetcer.dll

2003-04-18 22:05 . 2003-04-18 22:05 364032 ----a-w- c:\program files\chklnks.exe

2003-04-18 22:05 . 2003-04-18 22:05 27648 ----a-w- c:\program files\instexnt.exe

2003-04-18 22:05 . 2003-04-18 22:05 7168 ----a-w- c:\program files\autoexnt.exe

2003-04-18 22:05 . 2003-04-18 22:05 39424 ----a-w- c:\program files\acctinfo.dll

2003-04-18 22:05 . 2003-04-18 22:05 28087 ----a-w- c:\program files\wlbs_rc.dll

2003-04-18 22:05 . 2003-04-18 22:05 27699 ----a-w- c:\program files\wlbs_hb.dll

2003-04-18 22:05 . 2003-04-18 22:05 528440 ----a-w- c:\program files\vfi.exe

2003-04-18 22:05 . 2003-04-18 22:05 168016 ----a-w- c:\program files\tcmon.exe

2003-04-18 22:03 . 2003-04-18 22:03 76288 ----a-w- c:\program files\rcontrolad.exe

2003-04-18 21:57 . 2003-04-18 21:57 180736 ----a-w- c:\program files\gpotool.exe

2003-04-18 21:55 . 2003-04-18 21:55 2560 ----a-w- c:\program files\servmess.dll

2012-04-26 04:04 . 2012-03-16 01:51 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-06-27 . 38D90B434AB4633500F11CD9B16D7D70 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-08 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-08 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-08 94208]

"AsusTray"="c:\program files\Asus\EeePC ACPI\AsTray.exe" [2008-03-21 102400]

"AsusACPIServer"="c:\program files\Asus\EeePC ACPI\AsAcpiSvr.exe" [2008-03-20 544768]

"RTHDCPL"="RTHDCPL.EXE" [2008-03-06 16858112]

"ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 376921]

.

c:\documents and settings\User\Start Menu\Programs\Startup\

EeeRotate.lnk - c:\program files\EeeRotate\EeeRotate.exe [2012-4-18 416223]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

AutoRun OSCleaner.lnk - c:\program files\ASUS\Asus OS Cleaner\AsOSCleaner.exe [2011-1-6 118784]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"d:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"6296:TCP"= 6296:TCP:jpskhk

.

S2 znxrpr;Time Shell;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 5:42 AM 14336]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/22/2012 3:14 PM 257696]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 12:04 AM 129976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

znxrpr

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 22:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.somerset.lib.nj.us/

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8ocbmjjx.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://delicious.com/zigweegwee?settagview=cloud|http://www.spurgeon.org/morn_eve/this_morning.cgi|http://www.biblegateway.com/quicksearch/?quicksearch=absent+from+the+body&qs_version=50|http://mail.google.com/mail/?shva=1#inbox|http://webmail.verizon.net/signin/|https://twitter.com/|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1221003168&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fmail%2FTodayLight.aspx%3Fn%3D521720840&id=64855&lc=1033|http://www.lulu.com/browse/preview.php?fCID=2762666|http://www.last.fm/listen/user/zigweegwee/personal#pane=simpleStarter

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-04 20:58

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\znxrpr]

"ServiceDll"="c:\windows\system32\nqslzw.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1454471165-448539723-515967899-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{88271927-DFFA-6D60-28F8-D6FED12746D3}*]

"malkcccdfgnflfibleafeaoehk"=hex:6b,61,67,66,62,6e,6c,61,61,65,6a,62,69,66,66,

64,63,6a,62,70,68,6d,00,00

"najmmbndpnbgecmapogohiidbgil"=hex:69,61,6a,66,6d,61,62,6c,6d,65,6b,6a,66,61,

64,6e,68,66,00,00

.

Completion time: 2012-06-04 21:01:16

ComboFix-quarantined-files.txt 2012-06-05 01:01

.

Pre-Run: 1,144,958,976 bytes free

Post-Run: 1,105,793,024 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 197893F1513B921B66BC3CF002149128

Link to post
Share on other sites

Do you know what this is? "6296:TCP"= 6296:TCP:jpskhk

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\windows\system32\nqslzw.dll

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky.com/scanforvirus.html

Link to post
Share on other sites

We need to get a copy of that file if we can

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

http://forums.malwarebytes.org/index.php?showtopic=110609&hl=&fromsearch=1

Collect::
c:\windows\system32\nqslzw.dll

Driver::
znxrpr

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6296:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\znxrpr]

Reglock::
[HKEY_USERS\S-1-5-21-1454471165-448539723-515967899-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{88271927-DFFA-6D60-28F8-D6FED12746D3}*]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Thank you for coming to my rescue. Although I already knew how to do everything you explained how to do, I appreciate how good a teacher you are and how helpful that is when someone really has no idea at all what they are doing. I was very impressed.

ComboFix 12-06-05.03 - User 06/05/2012 14:05:31.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.622 [GMT -4:00]

Running from: d:\documents and settings\User\My Documents\Downloads\ComboFix.exe

Command switches used :: d:\documents and settings\User\My Documents\Downloads\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\usbehci.sys . . . is missing!!

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_ZNXRPR

-------\Service_znxrpr

.

.

((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))

.

.

2012-06-03 23:18 . 2012-06-03 23:18 -------- d-----w- c:\program files\ESET

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-04 22:46 . 2012-04-22 19:14 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-04 22:46 . 2011-05-16 18:15 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2003-04-24 19:49 . 2003-04-24 19:49 1119232 ----a-w- c:\program files\gpmonitor.exe

2003-04-24 19:48 . 2003-04-24 19:48 304128 ----a-w- c:\program files\tsscalling.exe

2003-04-24 19:48 . 2003-04-24 19:48 204288 ----a-w- c:\program files\fcsetup.exe

2003-04-18 22:08 . 2003-04-18 22:08 113664 ----a-w- c:\program files\lsview.exe

2003-04-18 22:08 . 2003-04-18 22:08 23552 ----a-w- c:\program files\tsctst.exe

2003-04-18 22:08 . 2003-04-18 22:08 12800 ----a-w- c:\program files\lsreport.exe

2003-04-18 22:08 . 2003-04-18 22:08 107008 ----a-w- c:\program files\mstlsapi.dll

2003-04-18 22:07 . 2003-04-18 22:07 29184 ----a-w- c:\program files\custreasonedit.exe

2003-04-18 22:07 . 2003-04-18 22:07 275436 ----a-w- c:\program files\samplereasons.reg

2003-04-18 22:07 . 2003-04-18 22:07 14336 ----a-w- c:\program files\pfmon.exe

2003-04-18 22:07 . 2003-04-18 22:07 68608 ----a-w- c:\program files\memtriage.exe

2003-04-18 22:07 . 2003-04-18 22:07 10752 ----a-w- c:\program files\pmon.exe

2003-04-18 22:07 . 2003-04-18 22:07 290816 ----a-w- c:\program files\msdis130.dll

2003-04-18 22:07 . 2003-04-18 22:07 487424 ----a-w- c:\program files\msvcp70.dll

2003-04-18 22:07 . 2003-04-18 22:07 344064 ----a-w- c:\program files\msvcr70.dll

2003-04-18 22:07 . 2003-04-18 22:07 9728 ----a-w- c:\program files\empty.exe

2003-04-18 22:07 . 2003-04-18 22:07 6656 ----a-w- c:\program files\tail.exe

2003-04-18 22:07 . 2003-04-18 22:07 15360 ----a-w- c:\program files\dvdburn.exe

2003-04-18 22:07 . 2003-04-18 22:07 13824 ----a-w- c:\program files\cdburn.exe

2003-04-18 22:07 . 2003-04-18 22:07 36864 ----a-w- c:\program files\regini.exe

2003-04-18 22:07 . 2003-04-18 22:07 13312 ----a-w- c:\program files\timeit.exe

2003-04-18 22:07 . 2003-04-18 22:07 33792 ----a-w- c:\program files\ntimer.exe

2003-04-18 22:07 . 2003-04-18 22:07 146432 ----a-w- c:\program files\oleview.exe

2003-04-18 22:07 . 2003-04-18 22:07 135680 ----a-w- c:\program files\iviewers.dll

2003-04-18 22:06 . 2003-04-18 22:06 38912 ----a-w- c:\program files\list.exe

2003-04-18 22:06 . 2003-04-18 22:06 9728 ----a-w- c:\program files\consume.exe

2003-04-18 22:06 . 2003-04-18 22:06 9728 ----a-w- c:\program files\clearmem.exe

2003-04-18 22:06 . 2003-04-18 22:06 102912 ----a-w- c:\program files\winpolicies.exe

2003-04-18 22:06 . 2003-04-18 22:06 58368 ----a-w- c:\program files\volrest.exe

2003-04-18 22:06 . 2003-04-18 22:06 37376 ----a-w- c:\program files\volperf.exe

2003-04-18 22:06 . 2003-04-18 22:06 12800 ----a-w- c:\program files\winexit.scr

2003-04-18 22:06 . 2003-04-18 22:06 9216 ----a-w- c:\program files\timezone.exe

2003-04-18 22:06 . 2003-04-18 22:06 83968 ----a-w- c:\program files\tccom.exe

2003-04-18 22:06 . 2003-04-18 22:06 7680 ----a-w- c:\program files\volperf.dll

2003-04-18 22:06 . 2003-04-18 22:06 89088 ----a-w- c:\program files\ssdformat.exe

2003-04-18 22:06 . 2003-04-18 22:06 248320 ----a-w- c:\program files\subinacl.exe

2003-04-18 22:06 . 2003-04-18 22:06 8192 ----a-w- c:\program files\srvany.exe

2003-04-18 22:06 . 2003-04-18 22:06 5120 ----a-w- c:\program files\srvcheck.exe

2003-04-18 22:06 . 2003-04-18 22:06 39936 ----a-w- c:\program files\srvinfo.exe

2003-04-18 22:06 . 2003-04-18 22:06 147456 ----a-w- c:\program files\sonar.exe

2003-04-18 22:06 . 2003-04-18 22:06 5120 ----a-w- c:\program files\sleep.exe

2003-04-18 22:06 . 2003-04-18 22:06 8192 ----a-w- c:\program files\rqc.exe

2003-04-18 22:06 . 2003-04-18 22:06 6144 ----a-w- c:\program files\rqsmsg.dll

2003-04-18 22:06 . 2003-04-18 22:06 33280 ----a-w- c:\program files\rpcping.exe

2003-04-18 22:06 . 2003-04-18 22:06 20992 ----a-w- c:\program files\rqs.exe

2003-04-18 22:06 . 2003-04-18 22:06 15872 ----a-w- c:\program files\showacls.exe

2003-04-18 22:06 . 2003-04-18 22:06 79872 ----a-w- c:\program files\robocopy.exe

2003-04-18 22:06 . 2003-04-18 22:06 44544 ----a-w- c:\program files\reportgen.exe

2003-04-18 22:06 . 2003-04-18 22:06 14336 ----a-w- c:\program files\rpcdump.exe

2003-04-18 22:06 . 2003-04-18 22:06 97280 ----a-w- c:\program files\prnadmin.dll

2003-04-18 22:06 . 2003-04-18 22:06 81408 ----a-w- c:\program files\rassrvmon.exe

2003-04-18 22:06 . 2003-04-18 22:06 19456 ----a-w- c:\program files\clusfileport.dll

2003-04-18 22:06 . 2003-04-18 22:06 16896 ----a-w- c:\program files\qgrep.exe

2003-04-18 22:06 . 2003-04-18 22:06 89088 ----a-w- c:\program files\printdriverinfo.exe

2003-04-18 22:06 . 2003-04-18 22:06 40960 ----a-w- c:\program files\setprinter.exe

2003-04-18 22:06 . 2003-04-18 22:06 16896 ----a-w- c:\program files\splinfo.exe

2003-04-18 22:06 . 2003-04-18 22:06 93696 ----a-w- c:\program files\cleanspl.exe

2003-04-18 22:06 . 2003-04-18 22:06 6656 ----a-w- c:\program files\pathman.exe

2003-04-18 22:06 . 2003-04-18 22:06 4608 ----a-w- c:\program files\permcopy.exe

2003-04-18 22:06 . 2003-04-18 22:06 32256 ----a-w- c:\program files\ntrights.exe

2003-04-18 22:06 . 2003-04-18 22:06 15360 ----a-w- c:\program files\perms.exe

2003-04-18 22:06 . 2003-04-18 22:06 32256 ----a-w- c:\program files\now.exe

2003-04-18 22:06 . 2003-04-18 22:06 304128 ----a-w- c:\program files\usrmgr.exe

2003-04-18 22:06 . 2003-04-18 22:06 20992 ----a-w- c:\program files\nlsinfo.exe

2003-04-18 22:06 . 2003-04-18 22:06 179200 ----a-w- c:\program files\srvmgr.exe

2003-04-18 22:05 . 2003-04-18 22:05 9728 ----a-w- c:\program files\mcast.exe

2003-04-18 22:05 . 2003-04-18 22:05 14336 ----a-w- c:\program files\memmonitor.exe

2003-04-18 22:05 . 2003-04-18 22:05 84992 ----a-w- c:\program files\krt.exe

2003-04-18 22:05 . 2003-04-18 22:05 52224 ----a-w- c:\program files\lockoutstatus.exe

2003-04-18 22:05 . 2003-04-18 22:05 4608 ----a-w- c:\program files\logtime.exe

2003-04-18 22:05 . 2003-04-18 22:05 35840 ----a-w- c:\program files\linkspeed.exe

2003-04-18 22:05 . 2003-04-18 22:05 11264 ----a-w- c:\program files\linkd.exe

2003-04-18 22:05 . 2003-04-18 22:05 7168 ----a-w- c:\program files\crutredir.dll

2003-04-18 22:05 . 2003-04-18 22:05 32256 ----a-w- c:\program files\instsrv.exe

2003-04-18 22:05 . 2003-04-18 22:05 29184 ----a-w- c:\program files\klist.exe

2003-04-18 22:05 . 2003-04-18 22:05 16384 ----a-w- c:\program files\iniman.exe

2003-04-18 22:05 . 2003-04-18 22:05 5632 ----a-w- c:\program files\ifmember.exe

2003-04-18 22:05 . 2003-04-18 22:05 22528 ----a-w- c:\program files\hlscan.exe

2003-04-18 22:05 . 2003-04-18 22:05 8704 ----a-w- c:\program files\instcm.exe

2003-04-18 22:05 . 2003-04-18 22:05 14336 ----a-w- c:\program files\getcm.exe

2003-04-18 22:05 . 2003-04-18 22:05 115712 ----a-w- c:\program files\eventcombmt.exe

2003-04-18 22:05 . 2003-04-18 22:05 16896 ----a-w- c:\program files\diskuse.exe

2003-04-18 22:05 . 2003-04-18 22:05 5632 ----a-w- c:\program files\creatfil.exe

2003-04-18 22:05 . 2003-04-18 22:05 34816 ----a-w- c:\program files\mqcatch.exe

2003-04-18 22:05 . 2003-04-18 22:05 31232 ----a-w- c:\program files\mqcast.exe

2003-04-18 22:05 . 2003-04-18 22:05 28672 ----a-w- c:\program files\chknic.exe

2003-04-18 22:05 . 2003-04-18 22:05 28160 ----a-w- c:\program files\cmgetcer.dll

2003-04-18 22:05 . 2003-04-18 22:05 364032 ----a-w- c:\program files\chklnks.exe

2003-04-18 22:05 . 2003-04-18 22:05 27648 ----a-w- c:\program files\instexnt.exe

2003-04-18 22:05 . 2003-04-18 22:05 7168 ----a-w- c:\program files\autoexnt.exe

2003-04-18 22:05 . 2003-04-18 22:05 39424 ----a-w- c:\program files\acctinfo.dll

2003-04-18 22:05 . 2003-04-18 22:05 28087 ----a-w- c:\program files\wlbs_rc.dll

2003-04-18 22:05 . 2003-04-18 22:05 27699 ----a-w- c:\program files\wlbs_hb.dll

2003-04-18 22:05 . 2003-04-18 22:05 528440 ----a-w- c:\program files\vfi.exe

2003-04-18 22:05 . 2003-04-18 22:05 168016 ----a-w- c:\program files\tcmon.exe

2003-04-18 22:03 . 2003-04-18 22:03 76288 ----a-w- c:\program files\rcontrolad.exe

2003-04-18 21:57 . 2003-04-18 21:57 180736 ----a-w- c:\program files\gpotool.exe

2003-04-18 21:55 . 2003-04-18 21:55 2560 ----a-w- c:\program files\servmess.dll

2012-04-26 04:04 . 2012-03-16 01:51 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-06-27 . 38D90B434AB4633500F11CD9B16D7D70 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2012-06-05_00.58.10 )))))))))))))))))))))))))))))))))))))))))

.

- 2001-08-23 12:00 . 2012-06-01 03:11 59056 c:\windows\system32\perfc009.dat

+ 2001-08-23 12:00 . 2012-06-05 01:26 59056 c:\windows\system32\perfc009.dat

+ 2001-08-23 12:00 . 2012-06-05 01:26 393304 c:\windows\system32\perfh009.dat

- 2001-08-23 12:00 . 2012-06-01 03:11 393304 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-08 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-08 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-08 94208]

"AsusTray"="c:\program files\Asus\EeePC ACPI\AsTray.exe" [2008-03-21 102400]

"AsusACPIServer"="c:\program files\Asus\EeePC ACPI\AsAcpiSvr.exe" [2008-03-20 544768]

"RTHDCPL"="RTHDCPL.EXE" [2008-03-06 16858112]

"ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 376921]

.

c:\documents and settings\User\Start Menu\Programs\Startup\

EeeRotate.lnk - c:\program files\EeeRotate\EeeRotate.exe [2012-4-18 416223]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

AutoRun OSCleaner.lnk - c:\program files\ASUS\Asus OS Cleaner\AsOSCleaner.exe [2011-1-6 118784]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"d:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/22/2012 3:14 PM 257696]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 12:04 AM 129976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 22:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.somerset.lib.nj.us/

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8ocbmjjx.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://delicious.com/zigweegwee?settagview=cloud|http://www.spurgeon.org/morn_eve/this_morning.cgi|http://www.biblegateway.com/quicksearch/?quicksearch=absent+from+the+body&qs_version=50|http://mail.google.com/mail/?shva=1#inbox|http://webmail.verizon.net/signin/|https://twitter.com/|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1221003168&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fmail%2FTodayLight.aspx%3Fn%3D521720840&id=64855&lc=1033|http://www.lulu.com/browse/preview.php?fCID=2762666|http://www.last.fm/listen/user/zigweegwee/personal#pane=simpleStarter

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-05 14:13

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1454471165-448539723-515967899-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{88271927-DFFA-6D60-28F8-D6FED12746D3}*]

"malkcccdfgnflfibleafeaoehk"=hex:6b,61,67,66,62,6e,6c,61,61,65,6a,62,69,66,66,

64,63,6a,62,70,68,6d,00,00

"najmmbndpnbgecmapogohiidbgil"=hex:69,61,6a,66,6d,61,62,6c,6d,65,6b,6a,66,61,

64,6e,68,66,00,00

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3876)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\acs.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxext.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-06-05 14:16:02 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-05 18:15

ComboFix2.txt 2012-06-05 01:01

.

Pre-Run: 1,100,996,608 bytes free

Post-Run: 1,019,731,968 bytes free

.

- - End Of File - - C3B661C792F5FB2D4F35E85EE5E8D9B4

Link to post
Share on other sites

Are you're USB devices working?

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    usbehci.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

I have nothing plugged into my usb ports at the moment but my flash drive worked just fine yesterday.

SystemLook 30.07.11 by jpshortstuff

Log created at 14:44 on 05/06/2012 by User

Administrator - Elevation successful

========== filefind ==========

Searching for "usbehci.sys"

No files found.

-= EOF =-

Link to post
Share on other sites

Please do the following to see if it resolves the issue: Post back and let us know please

Go to C:\Program Files\Malwarebytes' Anti-Malware\Chameleon

Double Click Chameleon to open the file.

Try clicking Test until one of them works.

MBAM will open and run a quick scan.

Link to post
Share on other sites

Since we removed some infections try this again.


  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Link to post
Share on other sites

Sorry - I did that right before I followed your prior instruction :( It installed and I got that same update messages: that it successfully updated from version 00.00.00.0 to today's version, and then that the database was corrupt and did I want to download a new copy. Download a new copy, same message. Then I followed your Chameleon suggestions and had the same update messages each and every time, plus a message that mbam had successfully run the scan and found no infection. Mbam immediately opened behind the message and showed that it had scanned 0 files.

Link to post
Share on other sites

I have no idea why the database would be corrupt

Lets keep looking.

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If Malicious objects are found then ensure Cure is selected
  6. If TDLFS File System is found then ensure Delete is selected
  7. Then click Continue Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

I didn't see the Cure option and I wasn't sure if I was supposed to delete these three files, so I skipped the step. I figured I could always run it again and delete them if you think they should go.

21:36:29.0406 2008 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31

21:36:30.0078 2008 ============================================================

21:36:30.0078 2008 Current date / time: 2012/06/05 21:36:30.0078

21:36:30.0078 2008 SystemInfo:

21:36:30.0078 2008

21:36:30.0078 2008 OS Version: 5.1.2600 ServicePack: 3.0

21:36:30.0078 2008 Product type: Workstation

21:36:30.0093 2008 ComputerName: RKMEEE

21:36:30.0093 2008 UserName: User

21:36:30.0093 2008 Windows directory: C:\WINDOWS

21:36:30.0093 2008 System windows directory: C:\WINDOWS

21:36:30.0093 2008 Processor architecture: Intel x86

21:36:30.0093 2008 Number of processors: 1

21:36:30.0093 2008 Page size: 0x1000

21:36:30.0093 2008 Boot type: Normal boot

21:36:30.0093 2008 ============================================================

21:36:36.0062 2008 Drive \Device\Harddisk0\DR0 - Size: 0xF07EC000 (3.76 Gb), SectorSize: 0x200, Cylinders: 0x1EA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

21:36:36.0078 2008 Drive \Device\Harddisk1\DR1 - Size: 0x3C1FB0000 (15.03 Gb), SectorSize: 0x200, Cylinders: 0x7AA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

21:36:36.0109 2008 ============================================================

21:36:36.0109 2008 \Device\Harddisk0\DR0:

21:36:36.0109 2008 MBR partitions:

21:36:36.0109 2008 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x77DE6A

21:36:36.0109 2008 \Device\Harddisk1\DR1:

21:36:36.0109 2008 MBR partitions:

21:36:36.0109 2008 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1E0F2EB

21:36:36.0109 2008 ============================================================

21:36:36.0109 2008 C: <-> \Device\Harddisk0\DR0\Partition0

21:36:36.0125 2008 D: <-> \Device\Harddisk1\DR1\Partition0

21:36:36.0125 2008 ============================================================

21:36:36.0125 2008 Initialize success

21:36:36.0125 2008 ============================================================

21:37:10.0593 3316 ============================================================

21:37:10.0593 3316 Scan started

21:37:10.0609 3316 Mode: Manual; SigCheck; TDLFS;

21:37:10.0609 3316 ============================================================

21:37:10.0937 3316 Abiosdsk - ok

21:37:10.0953 3316 abp480n5 - ok

21:37:11.0031 3316 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

21:37:14.0062 3316 ACPI - ok

21:37:14.0078 3316 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

21:37:14.0718 3316 ACPIEC - ok

21:37:14.0812 3316 ACS (34f47d90cba04fe11c9848c8c54274c1) C:\WINDOWS\system32\acs.exe

21:37:14.0953 3316 ACS ( UnsignedFile.Multi.Generic ) - warning

21:37:14.0953 3316 ACS - detected UnsignedFile.Multi.Generic (1)

21:37:15.0046 3316 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

21:37:15.0125 3316 AdobeFlashPlayerUpdateSvc - ok

21:37:15.0125 3316 adpu160m - ok

21:37:15.0187 3316 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

21:37:15.0890 3316 aec - ok

21:37:15.0953 3316 AFD (e3049b90fe06f3f740b7cfda44995e2c) C:\WINDOWS\System32\drivers\afd.sys

21:37:16.0453 3316 AFD - ok

21:37:16.0453 3316 Aha154x - ok

21:37:16.0484 3316 aic78u2 - ok

21:37:16.0515 3316 aic78xx - ok

21:37:16.0546 3316 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

21:37:17.0187 3316 Alerter - ok

21:37:17.0218 3316 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

21:37:17.0625 3316 ALG - ok

21:37:17.0640 3316 AliIde - ok

21:37:17.0671 3316 amsint - ok

21:37:17.0734 3316 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

21:37:18.0156 3316 AppMgmt - ok

21:37:18.0281 3316 AR5211 (6d5f95602b8d0d994d31a864872b38ef) C:\WINDOWS\system32\DRIVERS\ar5211.sys

21:37:18.0437 3316 AR5211 ( UnsignedFile.Multi.Generic ) - warning

21:37:18.0437 3316 AR5211 - detected UnsignedFile.Multi.Generic (1)

21:37:18.0718 3316 AR5416 (6c21f270afec1e423c00e96d3bd234dc) C:\WINDOWS\system32\DRIVERS\athw.sys

21:37:19.0093 3316 AR5416 - ok

21:37:19.0109 3316 asc - ok

21:37:19.0140 3316 asc3350p - ok

21:37:19.0171 3316 asc3550 - ok

21:37:19.0234 3316 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

21:37:19.0281 3316 aspnet_state - ok

21:37:19.0296 3316 AsusACPI (784fcb197f9a50a419d8ce4980655ae4) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys

21:37:19.0359 3316 AsusACPI - ok

21:37:19.0390 3316 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

21:37:20.0062 3316 AsyncMac - ok

21:37:20.0109 3316 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

21:37:20.0781 3316 atapi - ok

21:37:20.0828 3316 AtcL002 (83ef26c44c53581bdb67866b922aed93) C:\WINDOWS\system32\DRIVERS\l251x86.sys

21:37:20.0875 3316 AtcL002 - ok

21:37:20.0890 3316 Atdisk - ok

21:37:20.0937 3316 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

21:37:21.0640 3316 Atmarpc - ok

21:37:21.0671 3316 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

21:37:22.0375 3316 AudioSrv - ok

21:37:22.0406 3316 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

21:37:23.0062 3316 audstub - ok

21:37:23.0093 3316 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

21:37:23.0781 3316 Beep - ok

21:37:23.0906 3316 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

21:37:24.0781 3316 BITS - ok

21:37:24.0843 3316 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

21:37:25.0515 3316 Browser - ok

21:37:25.0531 3316 catchme - ok

21:37:25.0562 3316 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

21:37:26.0265 3316 cbidf2k - ok

21:37:26.0281 3316 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

21:37:26.0968 3316 CCDECODE - ok

21:37:26.0984 3316 cd20xrnt - ok

21:37:27.0031 3316 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

21:37:27.0734 3316 Cdaudio - ok

21:37:27.0765 3316 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

21:37:28.0468 3316 Cdfs - ok

21:37:28.0500 3316 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

21:37:29.0250 3316 Cdrom - ok

21:37:29.0281 3316 Changer - ok

21:37:29.0296 3316 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

21:37:29.0984 3316 CiSvc - ok

21:37:30.0015 3316 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

21:37:30.0671 3316 ClipSrv - ok

21:37:30.0718 3316 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:37:30.0781 3316 clr_optimization_v2.0.50727_32 - ok

21:37:30.0812 3316 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

21:37:31.0500 3316 CmBatt - ok

21:37:31.0515 3316 CmdIde - ok

21:37:31.0531 3316 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

21:37:32.0250 3316 Compbatt - ok

21:37:32.0281 3316 COMSysApp - ok

21:37:32.0328 3316 Cpqarray - ok

21:37:32.0359 3316 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

21:37:33.0031 3316 CryptSvc - ok

21:37:33.0062 3316 dac2w2k - ok

21:37:33.0093 3316 dac960nt - ok

21:37:33.0234 3316 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll

21:37:34.0031 3316 DcomLaunch - ok

21:37:34.0171 3316 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

21:37:34.0984 3316 Dhcp - ok

21:37:35.0015 3316 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

21:37:35.0828 3316 Disk - ok

21:37:35.0843 3316 dmadmin - ok

21:37:36.0046 3316 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

21:37:36.0859 3316 dmboot - ok

21:37:36.0921 3316 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

21:37:37.0578 3316 dmio - ok

21:37:37.0609 3316 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

21:37:38.0281 3316 dmload - ok

21:37:38.0328 3316 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

21:37:38.0984 3316 dmserver - ok

21:37:39.0015 3316 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

21:37:39.0671 3316 DMusic - ok

21:37:39.0718 3316 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll

21:37:40.0421 3316 Dnscache - ok

21:37:40.0500 3316 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

21:37:41.0218 3316 Dot3svc - ok

21:37:41.0250 3316 dpti2o - ok

21:37:41.0265 3316 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

21:37:41.0984 3316 drmkaud - ok

21:37:42.0015 3316 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

21:37:42.0890 3316 EapHost - ok

21:37:42.0906 3316 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

21:37:43.0578 3316 ERSvc - ok

21:37:43.0640 3316 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe

21:37:44.0312 3316 Eventlog - ok

21:37:44.0406 3316 EventSystem (19a799805b24990867b00c120d300c3a) C:\WINDOWS\system32\es.dll

21:37:45.0062 3316 EventSystem - ok

21:37:45.0125 3316 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

21:37:45.0796 3316 Fastfat - ok

21:37:45.0843 3316 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll

21:37:46.0515 3316 FastUserSwitchingCompatibility - ok

21:37:46.0546 3316 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

21:37:47.0203 3316 Fdc - ok

21:37:47.0234 3316 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

21:37:47.0968 3316 Fips - ok

21:37:48.0000 3316 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

21:37:48.0796 3316 Flpydisk - ok

21:37:48.0859 3316 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

21:37:50.0000 3316 FltMgr - ok

21:37:50.0046 3316 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

21:37:50.0890 3316 Fs_Rec - ok

21:37:50.0968 3316 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

21:37:51.0671 3316 Ftdisk - ok

21:37:51.0687 3316 getPlusHelper - ok

21:37:51.0718 3316 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

21:37:52.0500 3316 Gpc - ok

21:37:52.0562 3316 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

21:37:53.0343 3316 HDAudBus - ok

21:37:53.0375 3316 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

21:37:54.0140 3316 helpsvc - ok

21:37:54.0187 3316 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

21:37:54.0859 3316 HidServ - ok

21:37:54.0890 3316 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

21:37:55.0593 3316 hidusb - ok

21:37:55.0625 3316 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

21:37:56.0343 3316 hkmsvc - ok

21:37:56.0343 3316 hpn - ok

21:37:56.0453 3316 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

21:37:58.0187 3316 HTTP - ok

21:37:58.0203 3316 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

21:37:59.0187 3316 HTTPFilter - ok

21:37:59.0203 3316 i2omgmt - ok

21:37:59.0218 3316 i2omp - ok

21:38:00.0218 3316 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

21:38:01.0140 3316 i8042prt - ok

21:38:01.0734 3316 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

21:38:03.0359 3316 ialm - ok

21:38:03.0468 3316 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

21:38:04.0562 3316 Imapi - ok

21:38:04.0656 3316 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

21:38:05.0296 3316 ImapiService - ok

21:38:05.0312 3316 ini910u - ok

21:38:07.0265 3316 IntcAzAudAddService (cc8e47e97e4cb382c842a3066b1dfa7d) C:\WINDOWS\system32\drivers\RtkHDAud.sys

21:38:08.0515 3316 IntcAzAudAddService - ok

21:38:08.0625 3316 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

21:38:09.0578 3316 IntelIde - ok

21:38:09.0656 3316 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

21:38:10.0453 3316 intelppm - ok

21:38:10.0500 3316 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

21:38:11.0750 3316 Ip6Fw - ok

21:38:11.0781 3316 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

21:38:12.0984 3316 IpFilterDriver - ok

21:38:13.0031 3316 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

21:38:14.0046 3316 IpInIp - ok

21:38:14.0093 3316 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

21:38:14.0765 3316 IpNat - ok

21:38:14.0796 3316 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

21:38:15.0453 3316 IPSec - ok

21:38:15.0484 3316 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

21:38:15.0843 3316 IRENUM - ok

21:38:15.0890 3316 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

21:38:16.0562 3316 isapnp - ok

21:38:16.0593 3316 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

21:38:17.0312 3316 Kbdclass - ok

21:38:17.0343 3316 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

21:38:18.0578 3316 kbdhid - ok

21:38:18.0656 3316 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

21:38:19.0312 3316 kmixer - ok

21:38:19.0343 3316 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

21:38:20.0015 3316 KSecDD - ok

21:38:20.0046 3316 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll

21:38:21.0375 3316 LanmanServer - ok

21:38:21.0437 3316 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll

21:38:22.0187 3316 lanmanworkstation - ok

21:38:22.0203 3316 lbrtfdc - ok

21:38:22.0250 3316 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

21:38:23.0734 3316 LmHosts - ok

21:38:23.0765 3316 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys

21:38:25.0812 3316 mbamchameleon - ok

21:38:25.0859 3316 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

21:38:25.0937 3316 MBAMSwissArmy - ok

21:38:25.0953 3316 MCSTRM - ok

21:38:26.0000 3316 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

21:38:26.0906 3316 Messenger - ok

21:38:26.0937 3316 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

21:38:27.0640 3316 Modem - ok

21:38:27.0656 3316 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

21:38:28.0296 3316 Mouclass - ok

21:38:28.0328 3316 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

21:38:28.0984 3316 mouhid - ok

21:38:29.0015 3316 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

21:38:29.0687 3316 MountMgr - ok

21:38:29.0703 3316 MozillaMaintenance - ok

21:38:29.0718 3316 mraid35x - ok

21:38:29.0812 3316 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

21:38:31.0218 3316 MRxDAV - ok

21:38:31.0703 3316 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

21:38:32.0890 3316 MRxSmb - ok

21:38:32.0921 3316 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

21:38:33.0968 3316 MSDTC - ok

21:38:34.0000 3316 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

21:38:34.0968 3316 Msfs - ok

21:38:34.0984 3316 MSIServer - ok

21:38:35.0015 3316 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

21:38:35.0656 3316 MSKSSRV - ok

21:38:35.0671 3316 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

21:38:36.0437 3316 MSPCLOCK - ok

21:38:36.0484 3316 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

21:38:37.0296 3316 MSPQM - ok

21:38:37.0328 3316 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

21:38:38.0968 3316 mssmbios - ok

21:38:38.0984 3316 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

21:38:39.0875 3316 MSTEE - ok

21:38:39.0921 3316 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

21:38:40.0765 3316 Mup - ok

21:38:40.0796 3316 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

21:38:41.0531 3316 NABTSFEC - ok

21:38:41.0609 3316 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

21:38:42.0312 3316 napagent - ok

21:38:42.0390 3316 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

21:38:43.0156 3316 NDIS - ok

21:38:43.0171 3316 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

21:38:44.0000 3316 NdisIP - ok

21:38:44.0015 3316 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

21:38:44.0906 3316 NdisTapi - ok

21:38:44.0937 3316 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

21:38:45.0578 3316 Ndisuio - ok

21:38:45.0625 3316 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

21:38:46.0234 3316 NdisWan - ok

21:38:46.0265 3316 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

21:38:46.0890 3316 NDProxy - ok

21:38:46.0921 3316 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

21:38:47.0531 3316 NetBIOS - ok

21:38:47.0593 3316 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

21:38:48.0218 3316 NetBT - ok

21:38:48.0265 3316 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

21:38:49.0046 3316 NetDDE - ok

21:38:49.0062 3316 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

21:38:49.0796 3316 NetDDEdsdm - ok

21:38:49.0828 3316 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:38:50.0609 3316 Netlogon - ok

21:38:50.0687 3316 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

21:38:51.0968 3316 Netman - ok

21:38:52.0093 3316 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll

21:38:52.0890 3316 Nla - ok

21:38:52.0906 3316 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

21:38:54.0187 3316 Npfs - ok

21:38:54.0359 3316 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

21:38:55.0093 3316 Ntfs - ok

21:38:55.0109 3316 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:38:55.0718 3316 NtLmSsp - ok

21:38:55.0828 3316 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

21:38:56.0687 3316 NtmsSvc - ok

21:38:56.0718 3316 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

21:38:57.0437 3316 Null - ok

21:38:57.0484 3316 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

21:38:58.0156 3316 NwlnkFlt - ok

21:38:58.0187 3316 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

21:38:59.0031 3316 NwlnkFwd - ok

21:38:59.0093 3316 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

21:38:59.0781 3316 Parport - ok

21:38:59.0812 3316 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

21:39:00.0593 3316 PartMgr - ok

21:39:00.0625 3316 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

21:39:01.0312 3316 ParVdm - ok

21:39:01.0343 3316 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

21:39:02.0656 3316 PCI - ok

21:39:02.0671 3316 PCIDump - ok

21:39:02.0687 3316 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

21:39:03.0265 3316 PCIIde - ok

21:39:03.0312 3316 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

21:39:03.0921 3316 Pcmcia - ok

21:39:03.0968 3316 PDCOMP - ok

21:39:04.0046 3316 PDFRAME - ok

21:39:04.0093 3316 PDRELI - ok

21:39:04.0125 3316 PDRFRAME - ok

21:39:04.0156 3316 perc2 - ok

21:39:04.0187 3316 perc2hib - ok

21:39:04.0515 3316 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe

21:39:05.0281 3316 PlugPlay - ok

21:39:05.0296 3316 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:39:06.0000 3316 PolicyAgent - ok

21:39:06.0046 3316 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

21:39:06.0984 3316 PptpMiniport - ok

21:39:07.0000 3316 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys

21:39:07.0031 3316 PQNTDrv ( UnsignedFile.Multi.Generic ) - warning

21:39:07.0046 3316 PQNTDrv - detected UnsignedFile.Multi.Generic (1)

21:39:07.0046 3316 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:39:07.0734 3316 ProtectedStorage - ok

21:39:07.0765 3316 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

21:39:08.0546 3316 PSched - ok

21:39:08.0578 3316 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

21:39:09.0406 3316 Ptilink - ok

21:39:09.0453 3316 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

21:39:09.0500 3316 PxHelp20 - ok

21:39:09.0515 3316 ql1080 - ok

21:39:09.0546 3316 Ql10wnt - ok

21:39:09.0562 3316 ql12160 - ok

21:39:09.0593 3316 ql1240 - ok

21:39:09.0609 3316 ql1280 - ok

21:39:09.0640 3316 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

21:39:10.0250 3316 RasAcd - ok

21:39:10.0421 3316 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

21:39:11.0734 3316 RasAuto - ok

21:39:11.0765 3316 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

21:39:12.0421 3316 Rasl2tp - ok

21:39:12.0500 3316 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

21:39:13.0171 3316 RasMan - ok

21:39:13.0203 3316 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

21:39:13.0796 3316 RasPppoe - ok

21:39:13.0828 3316 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

21:39:14.0390 3316 Raspti - ok

21:39:14.0453 3316 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

21:39:15.0046 3316 Rdbss - ok

21:39:15.0062 3316 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

21:39:15.0640 3316 RDPCDD - ok

21:39:15.0703 3316 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

21:39:16.0296 3316 rdpdr - ok

21:39:16.0421 3316 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

21:39:17.0171 3316 RDPWD - ok

21:39:17.0218 3316 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

21:39:17.0843 3316 RDSessMgr - ok

21:39:18.0031 3316 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

21:39:18.0906 3316 redbook - ok

21:39:18.0937 3316 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

21:39:19.0718 3316 RemoteAccess - ok

21:39:19.0750 3316 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

21:39:20.0515 3316 RemoteRegistry - ok

21:39:20.0562 3316 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

21:39:21.0156 3316 RpcLocator - ok

21:39:22.0156 3316 RpcSs (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\System32\rpcss.dll

21:39:22.0859 3316 RpcSs - ok

21:39:22.0906 3316 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

21:39:23.0500 3316 RSVP - ok

21:39:23.0531 3316 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

21:39:24.0140 3316 SamSs - ok

21:39:24.0187 3316 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

21:39:24.0828 3316 SCardSvr - ok

21:39:24.0890 3316 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

21:39:25.0484 3316 Schedule - ok

21:39:25.0515 3316 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

21:39:25.0875 3316 Secdrv - ok

21:39:25.0906 3316 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

21:39:26.0812 3316 seclogon - ok

21:39:26.0843 3316 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

21:39:27.0453 3316 SENS - ok

21:39:27.0500 3316 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

21:39:28.0203 3316 Serial - ok

21:39:28.0218 3316 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

21:39:28.0828 3316 Sfloppy - ok

21:39:28.0906 3316 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

21:39:29.0671 3316 SharedAccess - ok

21:39:29.0734 3316 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll

21:39:30.0390 3316 ShellHWDetection - ok

21:39:30.0390 3316 Simbad - ok

21:39:30.0421 3316 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

21:39:31.0281 3316 SLIP - ok

21:39:31.0296 3316 Sparrow - ok

21:39:31.0343 3316 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

21:39:32.0140 3316 splitter - ok

21:39:32.0187 3316 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe

21:39:32.0968 3316 Spooler - ok

21:39:33.0062 3316 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

21:39:33.0421 3316 Sr - ok

21:39:33.0484 3316 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

21:39:33.0875 3316 srservice - ok

21:39:33.0968 3316 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys

21:39:35.0875 3316 Srv - ok

21:39:35.0921 3316 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

21:39:36.0328 3316 SSDPSRV - ok

21:39:36.0421 3316 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

21:39:37.0109 3316 stisvc - ok

21:39:37.0140 3316 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

21:39:37.0781 3316 streamip - ok

21:39:37.0828 3316 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

21:39:38.0375 3316 swenum - ok

21:39:38.0421 3316 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

21:39:39.0000 3316 swmidi - ok

21:39:39.0031 3316 SwPrv - ok

21:39:39.0062 3316 symc810 - ok

21:39:39.0093 3316 symc8xx - ok

21:39:39.0109 3316 sym_hi - ok

21:39:39.0156 3316 sym_u3 - ok

21:39:39.0187 3316 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

21:39:39.0781 3316 sysaudio - ok

21:39:39.0828 3316 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

21:39:40.0390 3316 SysmonLog - ok

21:39:40.0531 3316 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

21:39:41.0140 3316 TapiSrv - ok

21:39:41.0234 3316 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

21:39:41.0812 3316 Tcpip - ok

21:39:41.0843 3316 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

21:39:42.0390 3316 TDPIPE - ok

21:39:42.0421 3316 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

21:39:42.0984 3316 TDTCP - ok

21:39:43.0046 3316 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

21:39:43.0593 3316 TermDD - ok

21:39:43.0687 3316 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

21:39:44.0281 3316 TermService - ok

21:39:44.0343 3316 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll

21:39:44.0921 3316 Themes - ok

21:39:44.0953 3316 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

21:39:45.0343 3316 TlntSvr - ok

21:39:45.0359 3316 TosIde - ok

21:39:45.0406 3316 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

21:39:46.0000 3316 TrkWks - ok

21:39:46.0062 3316 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

21:39:46.0625 3316 Udfs - ok

21:39:46.0656 3316 ultra - ok

21:39:46.0765 3316 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

21:39:47.0453 3316 Update - ok

21:39:47.0531 3316 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

21:39:47.0921 3316 upnphost - ok

21:39:47.0953 3316 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

21:39:48.0562 3316 UPS - ok

21:39:48.0609 3316 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

21:39:49.0171 3316 usbccgp - ok

21:39:49.0218 3316 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

21:39:49.0781 3316 usbhub - ok

21:39:49.0812 3316 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:39:50.0390 3316 usbstor - ok

21:39:50.0421 3316 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

21:39:51.0000 3316 usbuhci - ok

21:39:51.0046 3316 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

21:39:51.0625 3316 usbvideo - ok

21:39:51.0656 3316 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

21:39:52.0250 3316 usb_rndisx - ok

21:39:52.0281 3316 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

21:39:52.0843 3316 VgaSave - ok

21:39:52.0875 3316 ViaIde - ok

21:39:52.0906 3316 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

21:39:53.0453 3316 VolSnap - ok

21:39:53.0546 3316 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

21:39:53.0937 3316 VSS - ok

21:39:54.0000 3316 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

21:39:54.0593 3316 W32Time - ok

21:39:54.0640 3316 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

21:39:55.0218 3316 Wanarp - ok

21:39:55.0250 3316 WDICA - ok

21:39:55.0296 3316 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

21:39:55.0875 3316 wdmaud - ok

21:39:55.0906 3316 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

21:39:56.0468 3316 WebClient - ok

21:39:56.0546 3316 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

21:39:57.0156 3316 winmgmt - ok

21:39:57.0218 3316 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

21:39:57.0281 3316 WmdmPmSN - ok

21:39:57.0437 3316 Wmi (bab489a5fe26f2d0c910cf7af7e4cf92) C:\WINDOWS\System32\advapi32.dll

21:39:58.0203 3316 Wmi - ok

21:39:58.0265 3316 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

21:39:58.0859 3316 WmiApSrv - ok

21:39:58.0875 3316 WMPNetworkSvc - ok

21:39:58.0921 3316 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

21:39:58.0984 3316 WpdUsb - ok

21:39:59.0015 3316 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

21:39:59.0578 3316 WS2IFSL - ok

21:39:59.0640 3316 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

21:40:00.0187 3316 wscsvc - ok

21:40:00.0234 3316 WSIMD (8fede6cf2eb103ef1274ce2c9d8ee0e7) C:\WINDOWS\system32\DRIVERS\wsimd.sys

21:40:00.0281 3316 WSIMD - ok

21:40:00.0312 3316 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

21:40:00.0906 3316 wuauserv - ok

21:40:00.0953 3316 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

21:40:01.0031 3316 WudfPf - ok

21:40:01.0062 3316 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

21:40:01.0125 3316 WudfRd - ok

21:40:01.0156 3316 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

21:40:01.0234 3316 WudfSvc - ok

21:40:01.0359 3316 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

21:40:02.0046 3316 WZCSVC - ok

21:40:02.0109 3316 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

21:40:02.0703 3316 xmlprov - ok

21:40:02.0765 3316 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

21:40:04.0093 3316 \Device\Harddisk0\DR0 - ok

21:40:04.0093 3316 MBR (0x1B8) (f24b3ae7198b90414576e70e4c3af238) \Device\Harddisk1\DR1

21:40:04.0203 3316 \Device\Harddisk1\DR1 - ok

21:40:04.0218 3316 Boot (0x1200) (d7ea64ac27df0b7994fbbdd3ae4e6b2d) \Device\Harddisk0\DR0\Partition0

21:40:04.0234 3316 \Device\Harddisk0\DR0\Partition0 - ok

21:40:04.0250 3316 Boot (0x1200) (56ebb5112dded8224c2e104315e190e8) \Device\Harddisk1\DR1\Partition0

21:40:04.0265 3316 \Device\Harddisk1\DR1\Partition0 - ok

21:40:04.0265 3316 ============================================================

21:40:04.0281 3316 Scan finished

21:40:04.0281 3316 ============================================================

21:40:04.0421 3704 Detected object count: 3

21:40:04.0421 3704 Actual detected object count: 3

21:41:31.0765 3704 ACS ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:31.0765 3704 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:41:31.0765 3704 AR5211 ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:31.0765 3704 AR5211 ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:41:31.0765 3704 PQNTDrv ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:31.0765 3704 PQNTDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

I really thought it was going to work this time, but after the upteenth fresh install but the first without updating, I opened the program and got that same error about the corrupt database. When I said no to the second download, I got an error box saying, "Product files are missing or corrupt. Please reinstall the product. PROGRAM_ERROR_LOAD_DATABASE (0, 2, SDKCreate)". I downloaded it on my other machine and it worked fine. I even copied the download from that box onto a flash drive and loaded it from there before joining the forum.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.