malfy

Let me just reiterate, I have replaced the CMOS battery with a brand new one. I ran FRST and let it reboot. The problem still persists. After I sync the clock with internet time, after about 40-60 mins of accurate timekeeping the clock suddenly jumps backward by about an hour. The longer the compute runs, the farther back in time the clock will eventually get, even reversing to the previous calendar day. Fixlog.txt

I've been having a problem with my desktop clock slowly moving backward in time. At first I thought it was some quirk having to do with my CPU overclock, but the guys on the OC forums assured me it did not. After restoring my chip clock to normal defaults and replacing my CMOS battery, I now suspect there must be some sort of malware, corrupt software, or even corrupt BIOS, but I have no idea how to trouble shoot beyond what I've already done. Attached are my mbam and farbar logs. Any help is greatly appreciated. Addition.txt FRST.txt mbam_log.txt

You didn't ask me to report anything for Task 3, but anyway MBAR had 0 results and did not ask for a reboot. Dr.Web CureIt had 0 threats found, and no option to save a report. The system still has the small skips or lags when playing a game or watching a video. I'm thinking it may be related to my video hardware or something like that. It's an older computer and I might just need to open it up and clean it out.

Task 1 RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : malfy [Admin rights] Mode : Remove -- Date : 05/29/2013 20:02:21 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST316081 1AS SCSI Disk Device +++++ --- User --- [MBR] 9b97dee5089473b6dfccd57853c6450f [bSP] c57ff3fb1414cef235532b8a2ebb7d6f : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_D_05292013_02d2002.txt >> RKreport[1]_S_05292013_02d2001.txt ; RKreport[2]_D_05292013_02d2002.txt Task 2 Rkill 2.5.0 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingc...opic308364.html Program started at: 05/29/2013 08:09:44 PM in x86 mode. Windows Version: Microsoft Windows XP Service Pack 3 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 05/29/2013 08:10:38 PM Execution time: 0 hours(s), 0 minute(s), and 53 seconds(s) Task 4 aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-05-29 20:32:51 ----------------------------- 20:32:51.640 OS Version: Windows 5.1.2600 Service Pack 3 20:32:51.640 Number of processors: 2 586 0xF02 20:32:51.640 ComputerName: DANNY UserName: malfy 20:32:53.015 Initialize success 20:33:05.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0 20:33:05.203 Disk 0 Vendor: ST316081 3.AA Size: 152627MB BusType: 3 20:33:05.328 Disk 0 MBR read successfully 20:33:05.328 Disk 0 MBR scan 20:33:05.343 Disk 0 Windows XP default MBR code 20:33:05.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63 20:33:05.343 Disk 0 scanning sectors +312560640 20:33:05.406 Disk 0 scanning C:\WINDOWS\system32\drivers 20:33:15.125 Service scanning 20:33:18.203 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21 20:33:24.234 Modules scanning 20:33:30.171 Scan finished successfully 20:33:41.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\malfy\Desktop\MBR.dat" 20:33:41.984 The log file has been saved successfully to "C:\Documents and Settings\malfy\Desktop\aswMBR.txt" Task 5 20:35:09.0875 2332 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 20:35:11.0875 2332 ============================================================ 20:35:11.0875 2332 Current date / time: 2013/05/29 20:35:11.0875 20:35:11.0875 2332 SystemInfo: 20:35:11.0875 2332 20:35:11.0875 2332 OS Version: 5.1.2600 ServicePack: 3.0 20:35:11.0875 2332 Product type: Workstation 20:35:11.0875 2332 ComputerName: DANNY 20:35:11.0875 2332 UserName: malfy 20:35:11.0875 2332 Windows directory: C:\WINDOWS 20:35:11.0875 2332 System windows directory: C:\WINDOWS 20:35:11.0875 2332 Processor architecture: Intel x86 20:35:11.0875 2332 Number of processors: 2 20:35:11.0875 2332 Page size: 0x1000 20:35:11.0875 2332 Boot type: Normal boot 20:35:11.0875 2332 ============================================================ 20:35:12.0515 2332 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058 20:35:12.0515 2332 ============================================================ 20:35:12.0515 2332 \Device\Harddisk0\DR0: 20:35:12.0515 2332 MBR partitions: 20:35:12.0515 2332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1 20:35:12.0515 2332 ============================================================ 20:35:12.0546 2332 C: <-> \Device\Harddisk0\DR0\Partition1 20:35:12.0546 2332 ============================================================ 20:35:12.0546 2332 Initialize success 20:35:12.0546 2332 ============================================================ 20:35:21.0812 1396 ============================================================ 20:35:21.0812 1396 Scan started 20:35:21.0812 1396 Mode: Manual; 20:35:21.0812 1396 ============================================================ 20:35:21.0937 1396 ================ Scan system memory ======================== 20:35:21.0937 1396 System memory - ok 20:35:21.0937 1396 ================ Scan services ============================= 20:35:22.0031 1396 6to4 - ok 20:35:22.0046 1396 Abiosdsk - ok 20:35:22.0046 1396 abp480n5 - ok 20:35:22.0093 1396 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:35:22.0093 1396 ACPI - ok 20:35:22.0125 1396 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 20:35:22.0125 1396 ACPIEC - ok 20:35:22.0125 1396 adpu160m - ok 20:35:22.0140 1396 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 20:35:22.0156 1396 aec - ok 20:35:22.0187 1396 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 20:35:22.0187 1396 AFD - ok 20:35:22.0203 1396 Aha154x - ok 20:35:22.0203 1396 aic78u2 - ok 20:35:22.0203 1396 aic78xx - ok 20:35:22.0234 1396 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll 20:35:22.0234 1396 Alerter - ok 20:35:22.0250 1396 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe 20:35:22.0250 1396 ALG - ok 20:35:22.0265 1396 AliIde - ok 20:35:22.0328 1396 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys 20:35:22.0375 1396 Ambfilt - ok 20:35:22.0375 1396 amsint - ok 20:35:22.0406 1396 [ 116BFF96077A4A724E0AAB800525CEB5 ] AN983 C:\WINDOWS\system32\DRIVERS\AN983.sys 20:35:22.0406 1396 AN983 - ok 20:35:22.0421 1396 AppMgmt - ok 20:35:22.0437 1396 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys 20:35:22.0437 1396 Arp1394 - ok 20:35:22.0437 1396 asc - ok 20:35:22.0453 1396 asc3350p - ok 20:35:22.0453 1396 asc3550 - ok 20:35:22.0546 1396 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 20:35:22.0562 1396 aspnet_state - ok 20:35:22.0562 1396 aspnet_stateEventSystem - ok 20:35:22.0593 1396 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:35:22.0593 1396 AsyncMac - ok 20:35:22.0625 1396 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 20:35:22.0625 1396 atapi - ok 20:35:22.0625 1396 Atdisk - ok 20:35:22.0656 1396 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:35:22.0656 1396 Atmarpc - ok 20:35:22.0687 1396 [ 3C391503E59C88DA73B8C74097147BC9 ] audiobridge C:\WINDOWS\system32\DRIVERS\aubridge.sys 20:35:22.0687 1396 audiobridge - ok 20:35:22.0718 1396 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 20:35:22.0718 1396 AudioSrv - ok 20:35:22.0734 1396 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 20:35:22.0734 1396 audstub - ok 20:35:23.0078 1396 [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe 20:35:23.0328 1396 AVGIDSAgent - ok 20:35:23.0375 1396 [ 4750A2A188D39034F5DDDDAE1BF38BF8 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys 20:35:23.0375 1396 AVGIDSDriver - ok 20:35:23.0421 1396 [ B0DEF92F4E1E6B9242E6C8FAB82703F7 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys 20:35:23.0421 1396 AVGIDSHX - ok 20:35:23.0437 1396 [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys 20:35:23.0437 1396 AVGIDSShim - ok 20:35:23.0484 1396 [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 20:35:23.0484 1396 Avgldx86 - ok 20:35:23.0500 1396 [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys 20:35:23.0515 1396 Avglogx - ok 20:35:23.0515 1396 [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 20:35:23.0515 1396 Avgmfx86 - ok 20:35:23.0546 1396 [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 20:35:23.0546 1396 Avgrkx86 - ok 20:35:23.0593 1396 [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe 20:35:23.0609 1396 avgwd - ok 20:35:23.0640 1396 [ 438179ABE9B7A922A21B8D6369FF52FF ] BCM42RLY C:\WINDOWS\System32\BCM42RLY.SYS 20:35:23.0640 1396 BCM42RLY - ok 20:35:23.0656 1396 BCM43XX - ok 20:35:23.0671 1396 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 20:35:23.0687 1396 Beep - ok 20:35:23.0703 1396 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll 20:35:23.0718 1396 BITS - ok 20:35:23.0734 1396 [ F934D1B230F84E1D19DD00AC5A7A83ED ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys 20:35:23.0734 1396 Bridge - ok 20:35:23.0734 1396 [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys 20:35:23.0734 1396 BridgeMP - ok 20:35:23.0765 1396 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll 20:35:23.0765 1396 Browser - ok 20:35:23.0765 1396 btaudio - ok 20:35:23.0781 1396 BTDriver - ok 20:35:23.0781 1396 BTWDNDIS - ok 20:35:23.0781 1396 btwhid - ok 20:35:23.0796 1396 BTWUSB - ok 20:35:23.0875 1396 catchme - ok 20:35:23.0906 1396 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 20:35:23.0906 1396 cbidf2k - ok 20:35:23.0906 1396 cd20xrnt - ok 20:35:23.0921 1396 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 20:35:23.0921 1396 Cdaudio - ok 20:35:23.0937 1396 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 20:35:23.0953 1396 Cdfs - ok 20:35:23.0968 1396 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:35:23.0968 1396 Cdrom - ok 20:35:23.0984 1396 Changer - ok 20:35:24.0000 1396 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe 20:35:24.0015 1396 CiSvc - ok 20:35:24.0031 1396 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 20:35:24.0046 1396 ClipSrv - ok 20:35:24.0062 1396 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:35:24.0062 1396 clr_optimization_v2.0.50727_32 - ok 20:35:24.0062 1396 CmdIde - ok 20:35:24.0078 1396 COMSysApp - ok 20:35:24.0093 1396 Cpqarray - ok 20:35:24.0109 1396 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 20:35:24.0109 1396 CryptSvc - ok 20:35:24.0109 1396 dac2w2k - ok 20:35:24.0109 1396 dac960nt - ok 20:35:24.0140 1396 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 20:35:24.0156 1396 DcomLaunch - ok 20:35:24.0171 1396 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 20:35:24.0187 1396 Dhcp - ok 20:35:24.0218 1396 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 20:35:24.0218 1396 Disk - ok 20:35:24.0218 1396 dmadmin - ok 20:35:24.0265 1396 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 20:35:24.0265 1396 dmboot - ok 20:35:24.0296 1396 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys 20:35:24.0296 1396 dmio - ok 20:35:24.0328 1396 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 20:35:24.0328 1396 dmload - ok 20:35:24.0359 1396 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll 20:35:24.0359 1396 dmserver - ok 20:35:24.0375 1396 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 20:35:24.0375 1396 DMusic - ok 20:35:24.0406 1396 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 20:35:24.0406 1396 Dnscache - ok 20:35:24.0437 1396 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 20:35:24.0453 1396 Dot3svc - ok 20:35:24.0453 1396 dpti2o - ok 20:35:24.0468 1396 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 20:35:24.0468 1396 drmkaud - ok 20:35:24.0500 1396 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll 20:35:24.0500 1396 EapHost - ok 20:35:24.0531 1396 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll 20:35:24.0531 1396 ERSvc - ok 20:35:24.0562 1396 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe 20:35:24.0562 1396 Eventlog - ok 20:35:24.0593 1396 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll 20:35:24.0593 1396 EventSystem - ok 20:35:24.0625 1396 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 20:35:24.0625 1396 Fastfat - ok 20:35:24.0656 1396 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 20:35:24.0656 1396 FastUserSwitchingCompatibility - ok 20:35:24.0671 1396 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys 20:35:24.0671 1396 Fdc - ok 20:35:24.0687 1396 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 20:35:24.0687 1396 Fips - ok 20:35:24.0765 1396 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 20:35:24.0781 1396 FLEXnet Licensing Service - ok 20:35:24.0796 1396 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20:35:24.0796 1396 Flpydisk - ok 20:35:24.0828 1396 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 20:35:24.0828 1396 FltMgr - ok 20:35:24.0890 1396 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 20:35:24.0890 1396 FontCache3.0.0.0 - ok 20:35:24.0890 1396 ForceWare Intelligent Application Manager (IAM) - ok 20:35:24.0906 1396 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:35:24.0906 1396 Fs_Rec - ok 20:35:24.0906 1396 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:35:24.0906 1396 Ftdisk - ok 20:35:24.0953 1396 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 20:35:24.0953 1396 GEARAspiWDM - ok 20:35:24.0968 1396 GMSIPCI - ok 20:35:25.0000 1396 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:35:25.0000 1396 Gpc - ok 20:35:25.0015 1396 [ FC80052194D5708254A346568F0E77C0 ] GTNDIS5 C:\WINDOWS\system32\GTNDIS5.SYS 20:35:25.0015 1396 GTNDIS5 - ok 20:35:25.0046 1396 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 20:35:25.0046 1396 HDAudBus - ok 20:35:25.0093 1396 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 20:35:25.0093 1396 helpsvc - ok 20:35:25.0109 1396 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll 20:35:25.0109 1396 HidServ - ok 20:35:25.0125 1396 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys 20:35:25.0125 1396 hidusb - ok 20:35:25.0156 1396 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 20:35:25.0171 1396 hkmsvc - ok 20:35:25.0171 1396 hpn - ok 20:35:25.0265 1396 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 20:35:25.0281 1396 HTTP - ok 20:35:25.0312 1396 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 20:35:25.0328 1396 HTTPFilter - ok 20:35:25.0328 1396 i2omgmt - ok 20:35:25.0328 1396 i2omp - ok 20:35:25.0359 1396 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 20:35:25.0359 1396 i8042prt - ok 20:35:25.0687 1396 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:35:25.0968 1396 idsvc - ok 20:35:25.0984 1396 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 20:35:25.0984 1396 Imapi - ok 20:35:26.0078 1396 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe 20:35:26.0109 1396 ImapiService - ok 20:35:26.0109 1396 ini910u - ok 20:35:27.0531 1396 [ 07CFD02E9BEDCF2D2CCF9F55B4E46616 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys 20:35:30.0453 1396 IntcAzAudAddService - ok 20:35:30.0453 1396 IntelIde - ok 20:35:30.0484 1396 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 20:35:30.0484 1396 intelppm - ok 20:35:30.0500 1396 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys 20:35:30.0515 1396 ip6fw - ok 20:35:30.0531 1396 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:35:30.0531 1396 IpFilterDriver - ok 20:35:30.0546 1396 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:35:30.0546 1396 IpInIp - ok 20:35:30.0578 1396 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:35:30.0578 1396 IpNat - ok 20:35:30.0593 1396 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:35:30.0593 1396 IPSec - ok 20:35:30.0609 1396 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 20:35:30.0609 1396 IRENUM - ok 20:35:30.0640 1396 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:35:30.0640 1396 isapnp - ok 20:35:30.0765 1396 [ 5739F2821D49975CEDE6BF0153D0CF01 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe 20:35:30.0765 1396 JavaQuickStarterService - ok 20:35:30.0796 1396 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:35:30.0796 1396 Kbdclass - ok 20:35:30.0812 1396 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 20:35:30.0812 1396 kbdhid - ok 20:35:30.0828 1396 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 20:35:30.0828 1396 kmixer - ok 20:35:30.0859 1396 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 20:35:30.0859 1396 KSecDD - ok 20:35:30.0906 1396 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 20:35:30.0906 1396 lanmanserver - ok 20:35:30.0921 1396 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 20:35:30.0937 1396 lanmanworkstation - ok 20:35:30.0968 1396 [ C99BA72106A858CB8B521BB4C02C93ED ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys 20:35:30.0968 1396 LBeepKE - ok 20:35:30.0968 1396 lbrtfdc - ok 20:35:31.0000 1396 [ EEE5A87EC378C9AD7CE91073FBD63465 ] LEqdUsb C:\WINDOWS\system32\Drivers\LEqdUsb.Sys 20:35:31.0000 1396 LEqdUsb - ok 20:35:31.0031 1396 [ 62663B385087F5977D8EBD1FDC67B639 ] LHidEqd C:\WINDOWS\system32\Drivers\LHidEqd.Sys 20:35:31.0031 1396 LHidEqd - ok 20:35:31.0062 1396 [ 318B3D608FBEC44B7E0C23BF759DCED5 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 20:35:31.0062 1396 LHidFilt - ok 20:35:31.0093 1396 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 20:35:31.0093 1396 LmHosts - ok 20:35:31.0109 1396 [ 84AF069D219DF3C43DC6792B2BBD7BED ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 20:35:31.0109 1396 LMouFilt - ok 20:35:31.0109 1396 maxidemo - ok 20:35:31.0156 1396 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys 20:35:31.0156 1396 mbamchameleon - ok 20:35:31.0187 1396 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys 20:35:31.0187 1396 MBAMProtector - ok 20:35:31.0265 1396 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 20:35:31.0265 1396 MBAMScheduler - ok 20:35:31.0296 1396 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 20:35:31.0312 1396 MBAMService - ok 20:35:31.0312 1396 mcdbus - ok 20:35:31.0343 1396 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll 20:35:31.0343 1396 Messenger - ok 20:35:31.0375 1396 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 20:35:31.0375 1396 mnmdd - ok 20:35:31.0406 1396 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe 20:35:31.0406 1396 mnmsrvc - ok 20:35:31.0437 1396 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 20:35:31.0437 1396 Modem - ok 20:35:31.0515 1396 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys 20:35:31.0546 1396 Monfilt - ok 20:35:31.0562 1396 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:35:31.0562 1396 Mouclass - ok 20:35:31.0578 1396 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 20:35:31.0578 1396 mouhid - ok 20:35:31.0609 1396 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 20:35:31.0609 1396 MountMgr - ok 20:35:31.0609 1396 mraid35x - ok 20:35:31.0625 1396 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:35:31.0625 1396 MRxDAV - ok 20:35:31.0640 1396 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:35:31.0656 1396 MRxSmb - ok 20:35:31.0687 1396 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe 20:35:31.0687 1396 MSDTC - ok 20:35:31.0703 1396 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 20:35:31.0703 1396 Msfs - ok 20:35:31.0703 1396 MSIServer - ok 20:35:31.0734 1396 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:35:31.0734 1396 MSKSSRV - ok 20:35:31.0750 1396 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:35:31.0750 1396 MSPCLOCK - ok 20:35:31.0750 1396 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 20:35:31.0750 1396 MSPQM - ok 20:35:31.0765 1396 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:35:31.0765 1396 mssmbios - ok 20:35:31.0781 1396 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 20:35:31.0796 1396 Mup - ok 20:35:31.0828 1396 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll 20:35:31.0843 1396 napagent - ok 20:35:31.0875 1396 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 20:35:31.0875 1396 NDIS - ok 20:35:31.0921 1396 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:35:31.0921 1396 NdisTapi - ok 20:35:31.0937 1396 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:35:31.0937 1396 Ndisuio - ok 20:35:31.0953 1396 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:35:31.0953 1396 NdisWan - ok 20:35:32.0000 1396 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 20:35:32.0000 1396 NDProxy - ok 20:35:32.0031 1396 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 20:35:32.0031 1396 NetBIOS - ok 20:35:32.0046 1396 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 20:35:32.0046 1396 NetBT - ok 20:35:32.0078 1396 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe 20:35:32.0078 1396 NetDDE - ok 20:35:32.0093 1396 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 20:35:32.0093 1396 NetDDEdsdm - ok 20:35:32.0125 1396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe 20:35:32.0125 1396 Netlogon - ok 20:35:32.0156 1396 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll 20:35:32.0156 1396 Netman - ok 20:35:32.0203 1396 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:35:32.0203 1396 NetTcpPortSharing - ok 20:35:32.0218 1396 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys 20:35:32.0218 1396 NIC1394 - ok 20:35:32.0234 1396 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll 20:35:32.0234 1396 Nla - ok 20:35:32.0281 1396 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 20:35:32.0281 1396 Npfs - ok 20:35:32.0281 1396 npggsvc - ok 20:35:32.0281 1396 npkcrypt - ok 20:35:32.0281 1396 nSvcIp - ok 20:35:32.0296 1396 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 20:35:32.0312 1396 Ntfs - ok 20:35:32.0328 1396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe 20:35:32.0343 1396 NtLmSsp - ok 20:35:32.0375 1396 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 20:35:32.0406 1396 NtmsSvc - ok 20:35:32.0421 1396 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 20:35:32.0421 1396 Null - ok 20:35:32.0578 1396 [ 597A5167C509547FC691416887171079 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 20:35:32.0718 1396 nv - ok 20:35:32.0765 1396 [ DC1F9954B5EDDD147AF7E5C420BE7B93 ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys 20:35:32.0765 1396 nvata - ok 20:35:32.0796 1396 [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 20:35:32.0796 1396 NVENETFD - ok 20:35:32.0812 1396 [ EA98BFE4931BD13D747D647C1859796E ] nvgts C:\WINDOWS\system32\DRIVERS\nvgts.sys 20:35:32.0812 1396 nvgts - ok 20:35:32.0859 1396 [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 20:35:32.0859 1396 nvnetbus - ok 20:35:32.0875 1396 [ 4A290F88C42DD1037A46CD1867308D82 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe 20:35:32.0875 1396 NVSvc - ok 20:35:32.0921 1396 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:35:32.0921 1396 NwlnkFlt - ok 20:35:32.0937 1396 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:35:32.0937 1396 NwlnkFwd - ok 20:35:32.0953 1396 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys 20:35:32.0953 1396 ohci1394 - ok 20:35:33.0000 1396 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys 20:35:33.0000 1396 Parport - ok 20:35:33.0015 1396 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 20:35:33.0015 1396 PartMgr - ok 20:35:33.0031 1396 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 20:35:33.0031 1396 ParVdm - ok 20:35:33.0062 1396 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 20:35:33.0062 1396 PCI - ok 20:35:33.0062 1396 PCIDump - ok 20:35:33.0093 1396 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 20:35:33.0093 1396 PCIIde - ok 20:35:33.0109 1396 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 20:35:33.0109 1396 Pcmcia - ok 20:35:33.0109 1396 PDCOMP - ok 20:35:33.0109 1396 PDFRAME - ok 20:35:33.0125 1396 PDRELI - ok 20:35:33.0125 1396 PDRFRAME - ok 20:35:33.0125 1396 perc2 - ok 20:35:33.0140 1396 perc2hib - ok 20:35:33.0156 1396 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe 20:35:33.0156 1396 PlugPlay - ok 20:35:33.0171 1396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 20:35:33.0171 1396 PolicyAgent - ok 20:35:33.0203 1396 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:35:33.0203 1396 PptpMiniport - ok 20:35:33.0218 1396 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys 20:35:33.0218 1396 Processor - ok 20:35:33.0218 1396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 20:35:33.0218 1396 ProtectedStorage - ok 20:35:33.0234 1396 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 20:35:33.0234 1396 PSched - ok 20:35:33.0265 1396 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:35:33.0265 1396 Ptilink - ok 20:35:33.0296 1396 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 20:35:33.0312 1396 PxHelp20 - ok 20:35:33.0312 1396 ql1080 - ok 20:35:33.0312 1396 Ql10wnt - ok 20:35:33.0312 1396 ql12160 - ok 20:35:33.0328 1396 ql1240 - ok 20:35:33.0328 1396 ql1280 - ok 20:35:33.0359 1396 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:35:33.0359 1396 RasAcd - ok 20:35:33.0390 1396 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll 20:35:33.0406 1396 RasAuto - ok 20:35:33.0421 1396 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:35:33.0421 1396 Rasl2tp - ok 20:35:33.0453 1396 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll 20:35:33.0453 1396 RasMan - ok 20:35:33.0468 1396 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:35:33.0468 1396 RasPppoe - ok 20:35:33.0468 1396 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 20:35:33.0468 1396 Raspti - ok 20:35:33.0500 1396 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:35:33.0515 1396 Rdbss - ok 20:35:33.0531 1396 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:35:33.0531 1396 RDPCDD - ok 20:35:33.0562 1396 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 20:35:33.0562 1396 RDPWD - ok 20:35:33.0593 1396 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 20:35:33.0609 1396 RDSessMgr - ok 20:35:33.0640 1396 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 20:35:33.0640 1396 redbook - ok 20:35:33.0671 1396 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 20:35:33.0671 1396 RemoteAccess - ok 20:35:33.0703 1396 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys 20:35:33.0703 1396 RimUsb - ok 20:35:33.0703 1396 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe 20:35:33.0718 1396 RpcLocator - ok 20:35:33.0750 1396 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll 20:35:33.0750 1396 RpcSs - ok 20:35:33.0765 1396 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe 20:35:33.0781 1396 RSVP - ok 20:35:33.0828 1396 [ 7436BFD3A542CF6FF55097200031B293 ] RT73 C:\WINDOWS\system32\DRIVERS\rt73.sys 20:35:33.0828 1396 RT73 - ok 20:35:33.0859 1396 [ BA11D5F61A74E156BF6F33DDDD1AD1CE ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys 20:35:33.0875 1396 RTL8192su - ok 20:35:33.0890 1396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe 20:35:33.0890 1396 SamSs - ok 20:35:33.0921 1396 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 20:35:33.0937 1396 SCardSvr - ok 20:35:33.0968 1396 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll 20:35:33.0968 1396 Schedule - ok 20:35:34.0000 1396 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:35:34.0000 1396 Secdrv - ok 20:35:34.0015 1396 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll 20:35:34.0031 1396 seclogon - ok 20:35:34.0031 1396 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll 20:35:34.0031 1396 SENS - ok 20:35:34.0062 1396 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 20:35:34.0062 1396 serenum - ok 20:35:34.0078 1396 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 20:35:34.0078 1396 Serial - ok 20:35:34.0093 1396 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 20:35:34.0093 1396 Sfloppy - ok 20:35:34.0125 1396 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 20:35:34.0125 1396 SharedAccess - ok 20:35:34.0156 1396 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 20:35:34.0156 1396 ShellHWDetection - ok 20:35:34.0156 1396 Simbad - ok 20:35:34.0156 1396 Sparrow - ok 20:35:34.0187 1396 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 20:35:34.0187 1396 splitter - ok 20:35:34.0203 1396 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 20:35:34.0218 1396 Spooler - ok 20:35:34.0234 1396 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 20:35:34.0234 1396 sr - ok 20:35:34.0265 1396 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll 20:35:34.0265 1396 srservice - ok 20:35:34.0281 1396 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 20:35:34.0296 1396 Srv - ok 20:35:34.0328 1396 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 20:35:34.0328 1396 SSDPSRV - ok 20:35:34.0343 1396 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll 20:35:34.0359 1396 stisvc - ok 20:35:34.0390 1396 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 20:35:34.0390 1396 swenum - ok 20:35:34.0406 1396 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 20:35:34.0406 1396 swmidi - ok 20:35:34.0406 1396 SwPrv - ok 20:35:34.0421 1396 symc810 - ok 20:35:34.0421 1396 symc8xx - ok 20:35:34.0421 1396 sym_hi - ok 20:35:34.0437 1396 sym_u3 - ok 20:35:34.0453 1396 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 20:35:34.0453 1396 sysaudio - ok 20:35:34.0484 1396 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 20:35:34.0500 1396 SysmonLog - ok 20:35:34.0515 1396 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 20:35:34.0515 1396 TapiSrv - ok 20:35:34.0562 1396 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:35:34.0562 1396 Tcpip - ok 20:35:34.0578 1396 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 20:35:34.0578 1396 TDPIPE - ok 20:35:34.0593 1396 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 20:35:34.0593 1396 TDTCP - ok 20:35:34.0625 1396 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 20:35:34.0625 1396 TermDD - ok 20:35:34.0640 1396 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll 20:35:34.0656 1396 TermService - ok 20:35:34.0671 1396 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll 20:35:34.0671 1396 Themes - ok 20:35:34.0687 1396 [ DF8444A8FA8FD38D8848BDD40A8403B3 ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys 20:35:34.0703 1396 tmcomm - ok 20:35:34.0703 1396 TosIde - ok 20:35:34.0703 1396 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll 20:35:34.0718 1396 TrkWks - ok 20:35:34.0734 1396 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 20:35:34.0734 1396 Udfs - ok 20:35:34.0734 1396 ultra - ok 20:35:34.0750 1396 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 20:35:34.0750 1396 Update - ok 20:35:34.0781 1396 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll 20:35:34.0781 1396 upnphost - ok 20:35:34.0796 1396 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe 20:35:34.0812 1396 UPS - ok 20:35:34.0812 1396 USBAAPL - ok 20:35:34.0843 1396 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 20:35:34.0843 1396 usbaudio - ok 20:35:34.0859 1396 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:35:34.0859 1396 usbccgp - ok 20:35:34.0875 1396 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:35:34.0875 1396 usbehci - ok 20:35:34.0906 1396 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:35:34.0906 1396 usbhub - ok 20:35:34.0921 1396 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys 20:35:34.0921 1396 usbohci - ok 20:35:34.0953 1396 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 20:35:34.0953 1396 usbprint - ok 20:35:34.0984 1396 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 20:35:34.0984 1396 usbscan - ok 20:35:35.0015 1396 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:35:35.0015 1396 USBSTOR - ok 20:35:35.0031 1396 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 20:35:35.0031 1396 VgaSave - ok 20:35:35.0046 1396 ViaIde - ok 20:35:35.0078 1396 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 20:35:35.0078 1396 VolSnap - ok 20:35:35.0109 1396 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe 20:35:35.0125 1396 VSS - ok 20:35:35.0140 1396 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll 20:35:35.0156 1396 W32Time - ok 20:35:35.0156 1396 W8335XP - ok 20:35:35.0171 1396 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:35:35.0171 1396 Wanarp - ok 20:35:35.0203 1396 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys 20:35:35.0218 1396 Wdf01000 - ok 20:35:35.0218 1396 WDICA - ok 20:35:35.0234 1396 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 20:35:35.0234 1396 wdmaud - ok 20:35:35.0250 1396 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll 20:35:35.0250 1396 WebClient - ok 20:35:35.0312 1396 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 20:35:35.0312 1396 winmgmt - ok 20:35:35.0343 1396 [ 5D410936831F7FB58EFF941EAC3F6D3D ] WmBEnum C:\WINDOWS\system32\drivers\WmBEnum.sys 20:35:35.0343 1396 WmBEnum - ok 20:35:35.0375 1396 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 20:35:35.0375 1396 WmdmPmSN - ok 20:35:35.0406 1396 [ 7A13CFDE92956CA61A0927D766C5AD4F ] WmFilter C:\WINDOWS\system32\drivers\WmFilter.sys 20:35:35.0406 1396 WmFilter - ok 20:35:35.0421 1396 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe 20:35:35.0453 1396 WmiApSrv - ok 20:35:35.0500 1396 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe 20:35:35.0515 1396 WMPNetworkSvc - ok 20:35:35.0546 1396 [ 6F04646BC690F8BBFC344BE32A60796D ] WmVirHid C:\WINDOWS\system32\drivers\WmVirHid.sys 20:35:35.0546 1396 WmVirHid - ok 20:35:35.0562 1396 [ 1D6CA43D562333F4DFB40BCEF2453F3A ] WmXlCore C:\WINDOWS\system32\drivers\WmXlCore.sys 20:35:35.0562 1396 WmXlCore - ok 20:35:35.0593 1396 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys 20:35:35.0593 1396 WpdUsb - ok 20:35:35.0609 1396 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 20:35:35.0625 1396 WS2IFSL - ok 20:35:35.0640 1396 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys 20:35:35.0640 1396 WsAudio_DeviceS(1) - ok 20:35:35.0640 1396 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys 20:35:35.0640 1396 WsAudio_DeviceS(2) - ok 20:35:35.0656 1396 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys 20:35:35.0656 1396 WsAudio_DeviceS(3) - ok 20:35:35.0687 1396 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys 20:35:35.0687 1396 WsAudio_DeviceS(4) - ok 20:35:35.0703 1396 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys 20:35:35.0703 1396 WsAudio_DeviceS(5) - ok 20:35:35.0718 1396 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll 20:35:35.0734 1396 wscsvc - ok 20:35:35.0734 1396 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll 20:35:35.0750 1396 wuauserv - ok 20:35:35.0796 1396 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 20:35:35.0796 1396 WudfPf - ok 20:35:35.0812 1396 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 20:35:35.0828 1396 WudfRd - ok 20:35:35.0843 1396 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 20:35:35.0843 1396 WudfSvc - ok 20:35:35.0875 1396 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 20:35:35.0875 1396 WZCSVC - ok 20:35:35.0890 1396 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 20:35:35.0906 1396 xmlprov - ok 20:35:35.0937 1396 [ F5E5F944E63A9B5F6E76C2EBB2AC462F ] xusb21 C:\WINDOWS\system32\DRIVERS\xusb21.sys 20:35:35.0937 1396 xusb21 - ok 20:35:35.0953 1396 ================ Scan global =============================== 20:35:35.0968 1396 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll 20:35:36.0015 1396 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll 20:35:36.0015 1396 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll 20:35:36.0062 1396 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe 20:35:36.0062 1396 [Global] - ok 20:35:36.0062 1396 ================ Scan MBR ================================== 20:35:36.0078 1396 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 20:35:36.0265 1396 \Device\Harddisk0\DR0 - ok 20:35:36.0265 1396 ================ Scan VBR ================================== 20:35:36.0281 1396 [ 7A0CF8B9ED8AA6B71592AD247912FEEC ] \Device\Harddisk0\DR0\Partition1 20:35:36.0281 1396 \Device\Harddisk0\DR0\Partition1 - ok 20:35:36.0281 1396 ============================================================ 20:35:36.0281 1396 Scan finished 20:35:36.0281 1396 ============================================================ 20:35:36.0281 1668 Detected object count: 0 20:35:36.0281 1668 Actual detected object count: 0

I disabled antivirus to see if it was a cause for the "skips." They happen about every 10-15 seconds and seem to be a .5 sec lag, when playing games or watching/streaming video, but not when just browsing on the desktop or on the web. I had played games on this computer for years, and it never used to have this problem before, I thought it used to be a much faster computer than its running right now. Also i noticed that when I boot the machine the very first screen reports the ram speed at 800mhz but when i run an application called cpu-z it says its only at 400mhz... dunno if its accurate or means anything.... RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : malfy [Admin rights] Mode : Scan -- Date : 05/26/2013 20:36:53 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST316081 1AS SCSI Disk Device +++++ --- User --- [MBR] 9b97dee5089473b6dfccd57853c6450f [bSP] c57ff3fb1414cef235532b8a2ebb7d6f : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_05262013_02d2036.txt >> RKreport[1]_S_05262013_02d2036.txt Results of screen317's Security Check version 0.99.64 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG 2013 `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 6 Update 26 Java 6 Update 2 Java 6 Update 3 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 10.1.52.14 Flash Player out of Date! Adobe Reader 8 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgrsx.exe AVG avgemc.exe malfy My Documents Downloads SecurityCheck.exe malfy LOCALS~1 temp RarSFX1\SecurityCheck\Objlist.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 4% ````````````````````End of Log``````````````````````

My computer seems to be experiencing little hiccups, or skips every so often, and i haven't been able to figure out whats happening. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03 Run by malfy at 1:46:42 on 2013-05-26 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1306 [GMT -5:00] . . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Documents and Settings\malfy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\malfy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\malfy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\malfy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\System32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uProxyOverride = <local>;*.local BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [Driver Detective] c:\program files\pc drivers headquarters\driver detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [RTHDCPL] RTHDCPL.EXE mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 LSP: %SYSTEMROOT%\system32\nvLsp.dll DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218583869453 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295404046625 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab TCP: Interfaces\{0C6684EB-61AA-4B82-B667-7F52489E65F2} : DHCPNameServer = 192.168.1.1 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = scecli nesibeba.dll . ============= SERVICES / DRIVERS =============== . R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-4-28 10448] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2011-1-18 606056] S2 aspnet_stateEventSystem;ASP.NET State Service aspnet_stateEventSystem; srv --> srv [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-4-9 1691480] S3 audiobridge;Virtual Audio Bridge;c:\windows\system32\drivers\aubridge.sys [2007-7-23 22528] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-8-24 40912] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 10448] S3 maxidemo;Maxi_Vista_Demo_Driver;c:\windows\system32\drivers\maxidemo.sys --> c:\windows\system32\drivers\maxidemo.sys [?] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-8 22856] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-11-27 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2009-11-27 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2009-11-27 25704] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2009-11-27 25704] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2009-11-27 25704] S4 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-16 418376] S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-8 701512] S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] . =============== File Associations =============== . FileExt: .js: JSFile=c:\windows\system32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist] . =============== Created Last 30 ================ . 2013-05-26 02:17:59 -------- d-----w- c:\program files\CCleaner 2013-05-12 23:38:46 -------- d-----w- c:\documents and settings\malfy\local settings\application data\CPN 2013-05-12 23:38:24 -------- d-----w- c:\program files\Juicy Stakes 2.0 . ==================== Find3M ==================== . 2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll 2013-04-16 22:17:14 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-04-16 22:17:14 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-04-12 23:28:55 385024 ----a-w- c:\windows\system32\html.iec 2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys 2013-04-04 19:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll . ============= FINISH: 1:47:21.20 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 4/30/2007 9:47:09 AM System Uptime: 5/25/2013 11:12:20 PM (2 hours ago) . Motherboard: EVGA | | NFORCE 680i LT SLI Processor: Intel® Core™2 CPU 6400 @ 2.13GHz | Socket 775 | 2133/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 122.45 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: NVIDIA nForce Networking Controller Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&19933FE2&2&00 Manufacturer: NVIDIA Name: NVIDIA nForce 10/100/1000 Mbps Ethernet #2 PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&19933FE2&2&00 Service: NVENETFD . ==== System Restore Points =================== . RP251: 4/16/2013 9:11:12 PM - Removed Project64 1.6 RP252: 4/16/2013 9:12:19 PM - Removed Splashtop Streamer RP253: 4/16/2013 9:13:46 PM - Removed Transparent Windows RP254: 4/16/2013 9:14:05 PM - Removed Ventrilo Server RP255: 4/16/2013 9:14:25 PM - Removed Ventrilo Client RP256: 4/16/2013 9:35:01 PM - Removed Jitbit Macro Recorder. RP257: 4/16/2013 9:36:52 PM - Configured NETGEAR WG311v3 PCI Adapter RP258: 4/16/2013 9:39:34 PM - Removed WIDCOMM Bluetooth Software RP259: 4/16/2013 9:41:13 PM - Configured NETGEAR WG311v3 PCI Adapter RP260: 4/17/2013 3:00:22 AM - Software Distribution Service 3.0 RP261: 4/21/2013 4:15:23 AM - System Checkpoint RP262: 4/22/2013 5:24:40 PM - System Checkpoint RP263: 4/27/2013 7:36:33 PM - System Checkpoint RP264: 5/8/2013 2:02:12 AM - System Checkpoint RP265: 5/12/2013 4:31:09 AM - System Checkpoint RP266: 5/15/2013 11:55:41 PM - Software Distribution Service 3.0 RP267: 5/18/2013 11:10:44 PM - System Checkpoint . ==== Installed Programs ====================== . Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.0 Adobe Shockwave Player 11.5 Apple Application Support Apple Mobile Device Support Apple Software Update Azureus Bonjour CCleaner Critical Update for Windows Media Player 11 (KB959772) Direct Show Ogg Vorbis Filter (remove only) Driver Detective eReg ffdshow [rev 3096] [2009-10-06] Google Chrome Haali Media Splitter Heroes of Newerth Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) J2SE Runtime Environment 5.0 Update 3 Java Auto Updater Java™ 6 Update 2 Java™ 6 Update 26 Java™ 6 Update 3 Juicy Stakes 2.0 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft National Language Support Downlevel APIs Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML4 Parser NETGEAR WG311v3 PCI Adapter NVIDIA Drivers NVIDIA ForceWare Network Access Manager QuickTime Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB2829530) Security Update for Windows Internet Explorer 8 (KB2847204) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 8 (KB917734) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820197) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB2829361) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VC80CRTRedist - 8.0.50727.6195 Vuze WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver XML Paper Specification Shared Components Pack 1.0 . ==== Event Viewer Messages From Past Week ======== . 5/25/2013 8:09:40 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf86601e, parameter3 ac6a7ae4, parameter4 00000000. 5/22/2013 8:20:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BCM43XX 5/22/2013 8:20:26 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found. 5/22/2013 8:20:26 PM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified. . ==== End Of File ===========================

Awesome, things seem to be working properly now; thank you very much for your help, you guys are lifesavers. mmm one last thing, I'm curious, what does "je m'en fous" mean?

ComboFix 09-07-03.03 - malfy 07/04/2009 3:14.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1709 [GMT -5:00] Running from: c:\documents and settings\malfy\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\malfy\Local Settings\Application Data\{0FE51EEA-1E6F-4F0F-8305-8E012627B986} c:\documents and settings\malfy\Local Settings\Application Data\{0FE51EEA-1E6F-4F0F-8305-8E012627B986}\chrome.manifest c:\documents and settings\malfy\Local Settings\Application Data\{0FE51EEA-1E6F-4F0F-8305-8E012627B986}\chrome\content\_cfg.js c:\documents and settings\malfy\Local Settings\Application Data\{0FE51EEA-1E6F-4F0F-8305-8E012627B986}\chrome\content\overlay.xul c:\documents and settings\malfy\Local Settings\Application Data\{0FE51EEA-1E6F-4F0F-8305-8E012627B986}\install.rdf c:\windows\system32\drivers\hjgruilnsrqxti.sys c:\windows\system32\hjgruigwkdphoo.dat c:\windows\system32\hjgruikpmpiqjo.dll c:\windows\system32\hjgruiltnyycrw.dat c:\windows\system32\hjgruitliqouem.dll c:\windows\system32\mlfcache.dat c:\windows\system32\proquota.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_hjgruidipbfpcb ((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 ))))))))))))))))))))))))))))))) . 2009-07-04 02:45 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-07-04 02:45 . 2009-03-24 21:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-07-04 02:45 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-07-04 02:45 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-07-04 02:45 . 2009-07-04 02:45 -------- d-----w- c:\program files\Avira 2009-07-04 02:45 . 2009-07-04 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-06-28 20:30 . 2009-06-28 20:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-06-24 03:25 . 2009-07-04 04:42 -------- d-----w- c:\program files\Steam 2009-06-19 07:24 . 2009-06-19 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2009-06-10 08:01 . 2009-06-10 08:01 -------- d-----w- c:\windows\ie8updates 2009-06-10 05:59 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-10 05:59 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-04 07:32 . 2007-05-19 19:52 -------- d-----w- c:\program files\PokerStars 2009-07-03 07:52 . 2007-06-01 06:20 -------- d-----w- c:\program files\QuickTime 2009-07-01 06:16 . 2003-03-31 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-06-24 09:48 . 2008-03-12 22:25 -------- d-----w- c:\program files\Warcraft III 2009-06-21 06:23 . 2009-02-19 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-21 06:23 . 2009-04-09 23:26 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-20 21:56 . 2009-04-10 08:11 80 ----a-w- c:\windows\system32\HWTablet.bin 2009-06-17 16:27 . 2009-02-19 19:42 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 16:27 . 2009-02-19 19:42 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-15 05:10 . 2009-02-09 23:04 -------- d-----w- c:\program files\Full Tilt Poker 2009-05-29 05:32 . 2007-05-08 21:32 -------- d-----w- c:\program files\mIRC 2009-05-14 00:15 . 2007-05-13 00:40 -------- d-----w- c:\program files\Common Files\Adobe 2009-05-14 00:06 . 2009-05-14 00:06 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-05-13 05:15 . 2006-06-23 17:33 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:32 . 2003-03-31 12:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-17 12:26 . 2003-03-31 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-03-06 02:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-15 02:53 . 2009-04-15 02:53 1078 ----a-r- c:\documents and settings\malfy\Application Data\Microsoft\Installer\{26E30F32-01C0-47EF-930B-D36B676B86A9}\_294823.exe 2009-04-15 02:53 . 2009-04-15 02:53 1078 ----a-r- c:\documents and settings\malfy\Application Data\Microsoft\Installer\{26E30F32-01C0-47EF-930B-D36B676B86A9}\_18be6784.exe 2009-04-14 23:31 . 2008-03-12 22:29 78175 ----a-w- c:\windows\War3Unin.dat 2009-04-10 00:52 . 2009-01-02 21:04 383645136 ----a-w- c:\documents and settings\malfy\Application Data\ijjigame\U_GBOUND_setup.exe 2007-07-26 19:32 . 2007-05-14 03:47 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-07-26 19:32 . 2007-05-14 03:47 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-07-26 19:32 . 2007-05-14 03:47 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2007-07-26 19:32 . 2007-05-14 03:47 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2007-07-26 19:32 . 2007-05-14 03:47 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-13 8429568] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-10 16126464] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-13 1626112] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bcmwl5.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk] backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311v3 Smart Wizard.lnk] backup=c:\windows\pss\NETGEAR WG311v3 Smart Wizard.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^malfy^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) "aawservice"=2 (0x2) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "MySQL"=2 (0x2) "Apache2.2"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5999:UDP"= 5999:UDP:*:Disabled:MaxiVista Server "5353:TCP"= 5353:TCP:Adobe CSI CS4 R0 hypen;Hy Pen;c:\windows\system32\drivers\HYPEN.sys [4/10/2009 3:11 AM 10548] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/3/2009 9:45 PM 108289] R2 HWSuperPowerTablet;HWSuperPowerTablet;c:\windows\system32\jwpen.exe [4/10/2009 3:11 AM 221184] S2 aspnet_stateEventSystem;ASP.NET State Service aspnet_stateEventSystem; srv --> srv [?] S3 maxidemo;Maxi_Vista_Demo_Driver;c:\windows\system32\DRIVERS\maxidemo.sys --> c:\windows\system32\DRIVERS\maxidemo.sys [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S4 Apache2.2;Apache2.2;c:\apache2.2\bin\httpd.exe [6/13/2008 4:05 AM 24635] --- Other Services/Drivers In Memory --- *Deregistered* - HYCtl [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-05-24 c:\windows\Tasks\shutdown.job - c:\windows\system32\shutdown.exe [2003-03-31 00:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\malfy\Application Data\Mozilla\Firefox\Profiles\mkp52r85.default\ FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-04 03:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aspnet_stateEventSystem] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL] "ImagePath"="c:\mysql\bin\mysqld-nt MySQL" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-329068152-1563985344-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C11AF94B-CD15-D6B5-087F-DECB344D0DD3}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "nanhmlnghhidgnkgcjaegkpjbelm"=hex:69,61,67,6d,65,63,68,67,63,6e,69,66,67,68, 66,62,6c,65,00,00 "mahhddllgmncbgnkckpciinekj"=hex:6a,61,6f,6d,63,67,6c,64,6d,66,6a,68,63,6a,66, 70,61,6c,68,6e,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1004) c:\windows\system32\MrvGINA.dll . Completion time: 2009-07-04 3:19 ComboFix-quarantined-files.txt 2009-07-04 08:19 ComboFix2.txt 2009-02-27 21:35 Pre-Run: 40,518,942,720 bytes free Post-Run: 40,560,955,392 bytes free 182 --- E O F --- 2009-06-10 08:01

I scan my system routinely with Dr.Web CureIt and mbam; I'm trying to run things as lite as possible, and I'm fairly good at avoiding malicious software/web domains. My problem with most antivirus software is that the active protection consumes resources all the time when its protection is needed very rarely. While it may be very effective against KNOWN infections it provides little help against NEW infections. That being said, I'm not trying to be difficult or defiant for any reason and I proceeded as directed. Avira AntiVir Personal Report file date: Friday, July 03, 2009 22:20 Scanning for 1446709 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : malfy Computer name : DANNY Version information: BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00 AVSCAN.EXE : 9.0.3.6 466689 Bytes 5/11/2009 15:14:47 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 18:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 02:46:53 ANTIVIR2.VDF : 7.1.4.173 306688 Bytes 7/2/2009 02:46:54 ANTIVIR3.VDF : 7.1.4.180 29696 Bytes 7/3/2009 02:46:55 Engineversion : 8.2.0.204 AEVDF.DLL : 8.1.1.1 106868 Bytes 4/30/2009 17:52:04 AESCRIPT.DLL : 8.1.2.13 426362 Bytes 7/4/2009 02:46:59 AESCN.DLL : 8.1.2.3 127347 Bytes 5/14/2009 17:02:01 AERDL.DLL : 8.1.2.2 438642 Bytes 7/4/2009 02:46:59 AEPACK.DLL : 8.1.3.18 401783 Bytes 5/27/2009 22:07:20 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/4/2009 02:46:58 AEHEUR.DLL : 8.1.0.137 1823095 Bytes 7/4/2009 02:46:58 AEHELP.DLL : 8.1.3.6 205174 Bytes 7/4/2009 02:46:55 AEGEN.DLL : 8.1.1.48 348532 Bytes 7/4/2009 02:46:55 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 20:32:40 AECORE.DLL : 8.1.6.12 180599 Bytes 5/27/2009 22:07:20 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 20:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 16:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 21:39:58 RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 16:19:48 Configuration settings for the scan: Jobname.............................: Local Drives Configuration file..................: c:\program files\avira\antivir desktop\alldrives.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, E:, F:, G:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: Intelligent file selection Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Friday, July 03, 2009 22:20 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'jwpen.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 25 processes with 25 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '42' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. Begin scan in 'D:\' Search path D:\ could not be opened! System error [21]: The device is not ready. Begin scan in 'E:\' Search path E:\ could not be opened! System error [21]: The device is not ready. Begin scan in 'F:\' Search path F:\ could not be opened! System error [21]: The device is not ready. Begin scan in 'G:\' Search path G:\ could not be opened! System error [21]: The device is not ready. End of the scan: Friday, July 03, 2009 22:41 Used time: 21:05 Minute(s) The scan has been done completely. 8549 Scanned directories 264423 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 1 Files cannot be scanned 264422 Files not concerned 3217 Archives were scanned 1 Warnings 1 Notes Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:17:04 PM, on 7/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\JWPEN.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1218583869453 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218330580531 O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASP.NET State Service aspnet_stateEventSystem (aspnet_stateEventSystem) - Unknown owner - .exe (file missing) O23 - Service: HWSuperPowerTablet - HanWang - C:\WINDOWS\system32\JWPEN.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 3579 bytes

Curiously if anyone responding is affiliated with mbam, I know that this malware has been around for quite some time and whatever version is on my machine is not detected by mbam; do you know if they're trying to incorperate removal for this? I have seen recently a huge influx of new infections reported by many people, but I've known this to be around for quite some time. Just wondering... anyway I'll post my logs though I dont think they'll be much help, I somewhat know what I am looking at. Additonally I was wondering if this 'browser redirect/ overclick.cn' malware whatever it is, has a name? And lastly gmer picked up quite a bit of malicious looking files/keys/etc which I am assuming is the problem, but as far as I know it could be a completely different problem. Anyway if you'd like my gmer log I can post it, but obviously your instructions are ultimately what will help clean my pc up! Malwarebytes' Anti-Malware 1.38 Database version: 2366 Windows 5.1.2600 Service Pack 3 7/3/2009 2:35:21 AM mbam-log-2009-07-03 (02-35-21).txt Scan type: Quick Scan Objects scanned: 85514 Time elapsed: 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:42:24 AM, on 7/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\JWPEN.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1218583869453 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218330580531 O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab O23 - Service: ASP.NET State Service aspnet_stateEventSystem (aspnet_stateEventSystem) - Unknown owner - .exe (file missing) O23 - Service: HWSuperPowerTablet - HanWang - C:\WINDOWS\system32\JWPEN.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 3367 bytes

haha well you never asked me to run mbam again so I didn't do it until just now. The problem files appear to have been removed! If you see any other problems of mention in those updated logs let me know. Otherwise thank you very much for helping me so quickly and effectively. Malwarebytes' Anti-Malware 1.34 Database version: 1810 Windows 5.1.2600 Service Pack 3 2/27/2009 4:08:39 PM mbam-log-2009-02-27 (16-08-39).txt Scan type: Quick Scan Objects scanned: 57442 Time elapsed: 1 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Ok ran the script for ComboFix, also when ComboFix loaded this time it ran a self-update, which didn't appear to interfere with the script running. So here are my new logs: ComboFix 09-02-27.01 - 2009-02-27 15:30:47.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1616 [GMT -6:00] Running from: c:\documents and settings\malfy\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\malfy\Desktop\CFScript.txt * Created a new restore point FILE :: c:\program files\bpxmss.txt c:\windows\system32\582960402.dat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\bpxmss.txt c:\windows\system32\582960402.dat c:\windows\system32\drivers\bcmwl5.sys c:\windows\system32\drivers\gdhw.sys c:\windows\system32\drivers\llqp.sys c:\windows\system32\drivers\mrxdavv.sys c:\windows\system32\ikhcore.cfg c:\windows\system32\kwave.sys c:\windows\system32\nar.bin c:\windows\system32\wdh.bin . ((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 ))))))))))))))))))))))))))))))) . 2009-02-27 05:29 . 2009-02-27 05:29 <DIR> d-------- c:\program files\Trend Micro 2009-02-27 04:47 . 2009-02-27 04:47 <DIR> d-------- c:\documents and settings\malfy\DoctorWeb 2009-02-26 02:04 . 2009-02-17 10:59 2,794,234 --a------ c:\windows\system32\GameMon.des 2009-02-19 13:42 . 2009-02-19 13:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-19 13:42 . 2009-02-19 13:42 <DIR> d-------- c:\documents and settings\malfy\Application Data\Malwarebytes 2009-02-19 13:42 . 2009-02-19 13:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-19 13:42 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-19 13:42 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-19 00:16 . 2009-02-19 00:16 <DIR> d-------- c:\program files\Common Files\Download Manager 2009-02-09 17:04 . 2009-02-26 23:46 <DIR> d-------- c:\program files\Full Tilt Poker 2009-02-06 11:21 . 2009-02-06 11:21 <DIR> d-------- c:\program files\Common 2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\program files\Sony . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-27 10:02 --------- d-----w c:\program files\PokerStars 2009-02-27 04:23 --------- d-----w c:\program files\Steam 2009-02-27 01:12 --------- d-----w c:\program files\Warcraft III 2009-02-19 19:51 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-19 19:49 --------- d-----w c:\program files\Common Files\Blizzard Entertainment 2009-02-17 00:56 --------- d-----w c:\program files\World of Warcraft 2009-02-17 00:55 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-17 00:54 --------- d-----w c:\documents and settings\malfy\Application Data\Orbit 2009-02-17 00:53 --------- d-----w c:\program files\AddOn Studio for World of Warcraft 2009-01-19 05:09 --------- d-----w c:\program files\mIRC 2009-01-02 21:04 --------- d--h--w c:\documents and settings\malfy\Application Data\ijjigame 2008-12-29 13:13 --------- d-----w c:\documents and settings\malfy\Application Data\Apple Computer 2007-07-26 19:32 66,408 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2007-07-26 19:32 54,112 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2007-07-26 19:32 34,688 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2007-07-26 19:32 46,456 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2007-07-26 19:32 171,880 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-08-12 23:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081220080813\index.dat . ------- Sigcheck ------- 2006-04-20 05:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys 2006-04-20 06:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 10:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 05:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2008-08-10 07:26 360064 482ab7f9cd41702e8f856c11cfefb02d c:\windows\$NtServicePackUninstall$\tcpip.sys 2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys 2003-03-31 06:00 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtUninstallKB917953_0$\tcpip.sys 2006-04-20 05:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys 2008-04-13 13:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys 2008-04-13 13:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\ServicePackFiles\i386\tcpip.sys 2008-06-20 05:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\dllcache\tcpip.sys 2008-06-20 05:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\drivers\tcpip.sys 2006-07-05 04:55 984064 d8db5397de07577c1cb50ba6d23b3ad4 c:\windows\$hf_mig$\KB917422\SP2GDR\kernel32.dll 2006-07-05 04:57 985088 0fdd84928a5dde2510761b7ec76ccec9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll 2007-04-16 10:07 986112 09f7cb3687f86edaa4ca081f7ab66c03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll 2007-04-16 09:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\$NtServicePackUninstall$\kernel32.dll 2004-08-04 01:56 983552 888190e31455fad793312f8d087146eb c:\windows\$NtUninstallKB917422$\kernel32.dll 2003-03-31 06:00 930304 8f162dc91d67d87c1a481bf602a9dac8 c:\windows\$NtUninstallKB917422_0$\kernel32.dll 2006-07-05 04:55 984064 d8db5397de07577c1cb50ba6d23b3ad4 c:\windows\$NtUninstallKB935839$\kernel32.dll 2008-04-13 18:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\ServicePackFiles\i386\kernel32.dll 2008-04-13 18:11 989696 55447cd2f56d44426f9c88afe188bccc c:\windows\system32\kernel32.dll 2008-04-13 18:11 989696 55447cd2f56d44426f9c88afe188bccc c:\windows\system32\dllcache\kernel32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-01-26 1486848] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll "vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll "VIDC.RUD0"= rududu.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bcmwl5.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^malfy^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 03:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2008-11-11 11:55 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] --a------ 2007-04-27 15:17 50736 c:\program files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-04-12 23:44 8429568 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-04-12 23:44 81920 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-11-02 02:38 167936 c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-10-10 18:20 1410296 c:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20] -ra------ 2006-12-14 20:58 208896 c:\windows\system32\sw20.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24] -ra------ 2006-12-14 20:58 69632 c:\windows\system32\sw24.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2] -ra------ 2006-12-14 20:59 217088 c:\windows\system32\WinSys2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 18:43 69632 c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-04-12 23:44 1626112 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) "aawservice"=2 (0x2) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "MySQL"=2 (0x2) "Apache2.2"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Steam\\steamapps\\malfunktion@prodigy.net\\counter-strike\\hl.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5999:UDP"= 5999:UDP:*:Disabled:MaxiVista Server S2 aspnet_stateEventSystem;ASP.NET State Service aspnet_stateEventSystem; srv --> srv [?] S3 maxidemo;Maxi_Vista_Demo_Driver;c:\windows\system32\DRIVERS\maxidemo.sys --> c:\windows\system32\DRIVERS\maxidemo.sys [?] S4 Apache2.2;Apache2.2;c:\apache2.2\bin\httpd.exe [2008-06-13 24635] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6e1ece4-cce7-11dd-85f3-00044b032701}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s . Contents of the 'Scheduled Tasks' folder 2009-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local FF - ProfilePath - . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-27 15:32:42 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aspnet_stateEventSystem] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL] "ImagePath"="c:\mysql\bin\mysqld-nt MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-329068152-1563985344-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C11AF94B-CD15-D6B5-087F-DECB344D0DD3}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "nanhmlnghhidgnkgcjaegkpjbelm"=hex:69,61,67,6d,65,63,68,67,63,6e,69,66,67,68, 66,62,6c,65,00,00 "mahhddllgmncbgnkckpciinekj"=hex:6a,61,6a,6d,6e,66,61,66,61,64,6d,65,62,63,6c, 6c,68,6e,69,70,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1000) c:\windows\system32\MrvGINA.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe . ************************************************************************** . Completion time: 2009-02-27 15:35:31 - machine was rebooted [malfy] ComboFix-quarantined-files.txt 2009-02-27 21:35:28 ComboFix2.txt 2009-02-27 19:33:26 Pre-Run: 52,420,685,824 bytes free Post-Run: 52,405,874,688 bytes free 225 --- E O F --- 2009-02-25 09:00:23 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:40:38 PM, on 2/27/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\Explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1218583869453 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218330580531 O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab O23 - Service: ASP.NET State Service aspnet_stateEventSystem (aspnet_stateEventSystem) - Unknown owner - .exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 2697 bytes

OK ummm, my computer isn't running as an online server, that was just a local setup I have to test web content before I put it online. However I went ahead and disabled my apache/mysql services to avoid any confusion. After that I followed your posts instructions to the letter and here are the logs: ComboFix 09-02-26.02 - malfy 2009-02-27 13:28:46.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1682 [GMT -6:00] Running from: c:\documents and settings\malfy\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\Application Data\twain_32 c:\documents and settings\LocalService\Application Data\twain_32\user.ds C:\install.exe c:\windows\system32\drivers\mrxdavv.sys c:\windows\system32\drivers\npf.sys c:\windows\system32\KSAIOqss.ini c:\windows\system32\KSAIOqss.ini2 c:\windows\system32\kwave.sys c:\windows\system32\kyscfmxr.ini c:\windows\system32\omnrswok.ini c:\windows\system32\packet.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 ))))))))))))))))))))))))))))))) . 2009-02-27 05:29 . 2009-02-27 05:29 <DIR> d-------- c:\program files\Trend Micro 2009-02-27 04:47 . 2009-02-27 04:47 <DIR> d-------- c:\documents and settings\malfy\DoctorWeb 2009-02-27 04:15 . 2009-02-27 04:15 61,440 --a------ c:\windows\system32\drivers\llqp.sys 2009-02-27 04:11 . 2009-02-27 04:11 61,440 --a------ c:\windows\system32\drivers\gdhw.sys 2009-02-26 02:04 . 2009-02-17 10:59 2,794,234 --a------ c:\windows\system32\GameMon.des 2009-02-19 13:42 . 2009-02-19 13:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-19 13:42 . 2009-02-19 13:42 <DIR> d-------- c:\documents and settings\malfy\Application Data\Malwarebytes 2009-02-19 13:42 . 2009-02-19 13:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-19 13:42 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-19 13:42 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-19 01:29 . 2009-02-19 01:29 336 --a------ c:\windows\system32\ikhcore.cfg 2009-02-19 00:16 . 2009-02-19 00:16 <DIR> d-------- c:\program files\Common Files\Download Manager 2009-02-17 14:54 . 2009-02-17 16:58 145 --a-s---- c:\windows\system32\582960402.dat 2009-02-16 18:49 . 2009-02-26 22:23 7 --a------ c:\windows\system32\nar.bin 2009-02-16 10:21 . 2009-02-16 10:21 8,768 --a------ c:\windows\system32\drivers\bcmwl5.sys 2009-02-16 10:21 . 2009-02-16 10:21 50 --a------ c:\windows\system32\wdh.bin 2009-02-09 17:04 . 2009-02-26 23:46 <DIR> d-------- c:\program files\Full Tilt Poker 2009-02-06 11:21 . 2009-02-06 11:21 <DIR> d-------- c:\program files\Common 2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\program files\Sony . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-27 10:15 324 ----a-w c:\program files\bpxmss.txt 2009-02-27 10:02 --------- d-----w c:\program files\PokerStars 2009-02-27 04:23 --------- d-----w c:\program files\Steam 2009-02-27 01:12 --------- d-----w c:\program files\Warcraft III 2009-02-19 19:51 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-19 19:49 --------- d-----w c:\program files\Common Files\Blizzard Entertainment 2009-02-17 00:56 --------- d-----w c:\program files\World of Warcraft 2009-02-17 00:55 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-19 05:09 --------- d-----w c:\program files\mIRC 2009-01-02 21:04 --------- d--h--w c:\documents and settings\malfy\Application Data\ijjigame 2008-12-29 13:13 --------- d-----w c:\documents and settings\malfy\Application Data\Apple Computer 2007-07-26 19:32 66,408 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2007-07-26 19:32 54,112 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2007-07-26 19:32 34,688 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2007-07-26 19:32 46,456 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2007-07-26 19:32 171,880 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-08-12 23:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081220080813\index.dat . ------- Sigcheck ------- 2006-04-20 05:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys 2006-04-20 06:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 10:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 05:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2008-08-10 07:26 360064 482ab7f9cd41702e8f856c11cfefb02d c:\windows\$NtServicePackUninstall$\tcpip.sys 2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys 2003-03-31 06:00 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtUninstallKB917953_0$\tcpip.sys 2006-04-20 05:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys 2008-04-13 13:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys 2008-04-13 13:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\ServicePackFiles\i386\tcpip.sys 2008-06-20 05:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\dllcache\tcpip.sys 2008-06-20 05:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\drivers\tcpip.sys 2006-07-05 04:55 984064 d8db5397de07577c1cb50ba6d23b3ad4 c:\windows\$hf_mig$\KB917422\SP2GDR\kernel32.dll 2006-07-05 04:57 985088 0fdd84928a5dde2510761b7ec76ccec9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll 2007-04-16 10:07 986112 09f7cb3687f86edaa4ca081f7ab66c03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll 2007-04-16 09:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\$NtServicePackUninstall$\kernel32.dll 2004-08-04 01:56 983552 888190e31455fad793312f8d087146eb c:\windows\$NtUninstallKB917422$\kernel32.dll 2003-03-31 06:00 930304 8f162dc91d67d87c1a481bf602a9dac8 c:\windows\$NtUninstallKB917422_0$\kernel32.dll 2006-07-05 04:55 984064 d8db5397de07577c1cb50ba6d23b3ad4 c:\windows\$NtUninstallKB935839$\kernel32.dll 2008-04-13 18:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\ServicePackFiles\i386\kernel32.dll 2008-04-13 18:11 989696 55447cd2f56d44426f9c88afe188bccc c:\windows\system32\kernel32.dll 2008-04-13 18:11 989696 55447cd2f56d44426f9c88afe188bccc c:\windows\system32\dllcache\kernel32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-01-26 1486848] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll "vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll "VIDC.RUD0"= rududu.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bcmwl5.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^malfy^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 03:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2008-11-11 11:55 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] --a------ 2007-04-27 15:17 50736 c:\program files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-04-12 23:44 8429568 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-04-12 23:44 81920 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-11-02 02:38 167936 c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-10-10 18:20 1410296 c:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20] -ra------ 2006-12-14 20:58 208896 c:\windows\system32\sw20.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24] -ra------ 2006-12-14 20:58 69632 c:\windows\system32\sw24.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2] -ra------ 2006-12-14 20:59 217088 c:\windows\system32\WinSys2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 18:43 69632 c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-04-12 23:44 1626112 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) "aawservice"=2 (0x2) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "MySQL"=2 (0x2) "Apache2.2"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Steam\\steamapps\\malfunktion@prodigy.net\\counter-strike\\hl.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5999:UDP"= 5999:UDP:*:Disabled:MaxiVista Server S2 aspnet_stateEventSystem;ASP.NET State Service aspnet_stateEventSystem; srv --> srv [?] S3 maxidemo;Maxi_Vista_Demo_Driver;c:\windows\system32\DRIVERS\maxidemo.sys --> c:\windows\system32\DRIVERS\maxidemo.sys [?] S4 Apache2.2;Apache2.2;c:\apache2.2\bin\httpd.exe [2008-06-13 24635] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6e1ece4-cce7-11dd-85f3-00044b032701}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s . Contents of the 'Scheduled Tasks' folder 2009-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Microsoft Windows Sound - svuhost.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local FF - ProfilePath - . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-27 13:30:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aspnet_stateEventSystem] "ImagePath"=" srv" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL] "ImagePath"="c:\mysql\bin\mysqld-nt MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-329068152-1563985344-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C11AF94B-CD15-D6B5-087F-DECB344D0DD3}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "nanhmlnghhidgnkgcjaegkpjbelm"=hex:69,61,67,6d,65,63,68,67,63,6e,69,66,67,68, 66,62,6c,65,00,00 "mahhddllgmncbgnkckpciinekj"=hex:6a,61,6a,6d,6e,66,61,66,61,64,6d,65,62,63,6c, 6c,68,6e,69,70,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1000) c:\windows\system32\MrvGINA.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe . ************************************************************************** . Completion time: 2009-02-27 13:33:25 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-27 19:33:23 Pre-Run: 51,932,557,312 bytes free Post-Run: 52,429,914,112 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 242 --- E O F --- 2009-02-25 09:00:23 /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:40:27 PM, on 2/27/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1218583869453 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218330580531 O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab O23 - Service: ASP.NET State Service aspnet_stateEventSystem (aspnet_stateEventSystem) - Unknown owner - .exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 2664 bytes **note: I am going to be moving from one apartment to another shortly so I may be on and offline irregularly, please do not think I have abandonded this problem and lock the thread. I will be here!

mrxdavv.sys kwave.sys Common problem that seems to be surfacing everywhere lately. I have searched for many hours for a solution and it seems as if it isn't going to be easy. I love malwarebytes and hope that they're close to a solution, I have seen more than 1 moderator on these forums hint toward false positives, and made assurances that in the next version of mbam, it wont be an issue. Well I hope they weren't seriously suggesting something as absurd as them being false positives because those two 'files' are definately related to some issue. I am of course unable to rid myslef of these phantom files and I am hoping someone out there knows what to do. Not sure if it helps but, the reason I ran mbam in the first place was when I noticed (today) all of the sudden I could no longer use the 'task manager.' I remeber this being the case with a virus or malware I had once in the distant past so I assumed it was related, and that is when I discovered these files. As of right now, if I run mbam those 2 files will remain persistantly, I dont really have/use other malware cleaning software on my computer as this is rarely ever a problem for me. Here are my log files: Malwarebytes' Anti-Malware 1.34 Database version: 1809 Windows 5.1.2600 Service Pack 3 2/27/2009 6:36:23 AM mbam-log-2009-02-27 (06-36-23).txt Scan type: Quick Scan Objects scanned: 58667 Time elapsed: 2 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot. C:\WINDOWS\system32\kwave.sys (Trojan.Agent) -> Delete on reboot. ////////////////////////////////////////////////////////////////////////////////////////////////// Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:48:55 AM, on 2/27/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe C:\Apache2.2\bin\httpd.exe C:\mysql\bin\mysqld-nt.exe C:\WINDOWS\system32\nvsvc32.exe C:\Apache2.2\bin\httpd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1218583869453 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218330580531 O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab O18 - Filter hijack: text/html - {7d9a5b50-346d-420b-a94f-82c94e931453} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\Apache2.2\bin\httpd.exe O23 - Service: ASP.NET State Service aspnet_stateEventSystem (aspnet_stateEventSystem) - Unknown owner - .exe (file missing) O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 3783 bytes **note: just a list of other files which were removed that could be related. ...system32\a9k.bin ...system32\proto.dll ...Application Data\Microsoft\Windows\mas32.dll