malfy
-
Posts
14 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by malfy
-
-
I've been having a problem with my desktop clock slowly moving backward in time. At first I thought it was some quirk having to do with my CPU overclock, but the guys on the OC forums assured me it did not. After restoring my chip clock to normal defaults and replacing my CMOS battery, I now suspect there must be some sort of malware, corrupt software, or even corrupt BIOS, but I have no idea how to trouble shoot beyond what I've already done. Attached are my mbam and farbar logs. Any help is greatly appreciated.
-
You didn't ask me to report anything for Task 3, but anyway MBAR had 0 results and did not ask for a reboot.
Dr.Web CureIt had 0 threats found, and no option to save a report.
The system still has the small skips or lags when playing a game or watching a video. I'm thinking it may be related to my video hardware or something like that. It's an older computer and I might just need to open it up and clean it out.
-
Task 1
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : malfy [Admin rights]
Mode : Remove -- Date : 05/29/2013 20:02:21
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST316081 1AS SCSI Disk Device +++++
--- User ---
[MBR] 9b97dee5089473b6dfccd57853c6450f
[bSP] c57ff3fb1414cef235532b8a2ebb7d6f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2]_D_05292013_02d2002.txt >>
RKreport[1]_S_05292013_02d2001.txt ; RKreport[2]_D_05292013_02d2002.txt
Task 2
Rkill 2.5.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html
Program started at: 05/29/2013 08:09:44 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 05/29/2013 08:10:38 PM
Execution time: 0 hours(s), 0 minute(s), and 53 seconds(s)
Task 4
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-29 20:32:51
-----------------------------
20:32:51.640 OS Version: Windows 5.1.2600 Service Pack 3
20:32:51.640 Number of processors: 2 586 0xF02
20:32:51.640 ComputerName: DANNY UserName: malfy
20:32:53.015 Initialize success
20:33:05.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0
20:33:05.203 Disk 0 Vendor: ST316081 3.AA Size: 152627MB BusType: 3
20:33:05.328 Disk 0 MBR read successfully
20:33:05.328 Disk 0 MBR scan
20:33:05.343 Disk 0 Windows XP default MBR code
20:33:05.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
20:33:05.343 Disk 0 scanning sectors +312560640
20:33:05.406 Disk 0 scanning C:\WINDOWS\system32\drivers
20:33:15.125 Service scanning
20:33:18.203 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
20:33:24.234 Modules scanning
20:33:30.171 Scan finished successfully
20:33:41.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\malfy\Desktop\MBR.dat"
20:33:41.984 The log file has been saved successfully to "C:\Documents and Settings\malfy\Desktop\aswMBR.txt"
Task 5
20:35:09.0875 2332 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:35:11.0875 2332 ============================================================
20:35:11.0875 2332 Current date / time: 2013/05/29 20:35:11.0875
20:35:11.0875 2332 SystemInfo:
20:35:11.0875 2332
20:35:11.0875 2332 OS Version: 5.1.2600 ServicePack: 3.0
20:35:11.0875 2332 Product type: Workstation
20:35:11.0875 2332 ComputerName: DANNY
20:35:11.0875 2332 UserName: malfy
20:35:11.0875 2332 Windows directory: C:\WINDOWS
20:35:11.0875 2332 System windows directory: C:\WINDOWS
20:35:11.0875 2332 Processor architecture: Intel x86
20:35:11.0875 2332 Number of processors: 2
20:35:11.0875 2332 Page size: 0x1000
20:35:11.0875 2332 Boot type: Normal boot
20:35:11.0875 2332 ============================================================
20:35:12.0515 2332 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
20:35:12.0515 2332 ============================================================
20:35:12.0515 2332 \Device\Harddisk0\DR0:
20:35:12.0515 2332 MBR partitions:
20:35:12.0515 2332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
20:35:12.0515 2332 ============================================================
20:35:12.0546 2332 C: <-> \Device\Harddisk0\DR0\Partition1
20:35:12.0546 2332 ============================================================
20:35:12.0546 2332 Initialize success
20:35:12.0546 2332 ============================================================
20:35:21.0812 1396 ============================================================
20:35:21.0812 1396 Scan started
20:35:21.0812 1396 Mode: Manual;
20:35:21.0812 1396 ============================================================
20:35:21.0937 1396 ================ Scan system memory ========================
20:35:21.0937 1396 System memory - ok
20:35:21.0937 1396 ================ Scan services =============================
20:35:22.0031 1396 6to4 - ok
20:35:22.0046 1396 Abiosdsk - ok
20:35:22.0046 1396 abp480n5 - ok
20:35:22.0093 1396 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:35:22.0093 1396 ACPI - ok
20:35:22.0125 1396 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:35:22.0125 1396 ACPIEC - ok
20:35:22.0125 1396 adpu160m - ok
20:35:22.0140 1396 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:35:22.0156 1396 aec - ok
20:35:22.0187 1396 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:35:22.0187 1396 AFD - ok
20:35:22.0203 1396 Aha154x - ok
20:35:22.0203 1396 aic78u2 - ok
20:35:22.0203 1396 aic78xx - ok
20:35:22.0234 1396 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:35:22.0234 1396 Alerter - ok
20:35:22.0250 1396 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:35:22.0250 1396 ALG - ok
20:35:22.0265 1396 AliIde - ok
20:35:22.0328 1396 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
20:35:22.0375 1396 Ambfilt - ok
20:35:22.0375 1396 amsint - ok
20:35:22.0406 1396 [ 116BFF96077A4A724E0AAB800525CEB5 ] AN983 C:\WINDOWS\system32\DRIVERS\AN983.sys
20:35:22.0406 1396 AN983 - ok
20:35:22.0421 1396 AppMgmt - ok
20:35:22.0437 1396 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:35:22.0437 1396 Arp1394 - ok
20:35:22.0437 1396 asc - ok
20:35:22.0453 1396 asc3350p - ok
20:35:22.0453 1396 asc3550 - ok
20:35:22.0546 1396 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:35:22.0562 1396 aspnet_state - ok
20:35:22.0562 1396 aspnet_stateEventSystem - ok
20:35:22.0593 1396 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:35:22.0593 1396 AsyncMac - ok
20:35:22.0625 1396 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:35:22.0625 1396 atapi - ok
20:35:22.0625 1396 Atdisk - ok
20:35:22.0656 1396 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:35:22.0656 1396 Atmarpc - ok
20:35:22.0687 1396 [ 3C391503E59C88DA73B8C74097147BC9 ] audiobridge C:\WINDOWS\system32\DRIVERS\aubridge.sys
20:35:22.0687 1396 audiobridge - ok
20:35:22.0718 1396 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:35:22.0718 1396 AudioSrv - ok
20:35:22.0734 1396 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:35:22.0734 1396 audstub - ok
20:35:23.0078 1396 [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
20:35:23.0328 1396 AVGIDSAgent - ok
20:35:23.0375 1396 [ 4750A2A188D39034F5DDDDAE1BF38BF8 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
20:35:23.0375 1396 AVGIDSDriver - ok
20:35:23.0421 1396 [ B0DEF92F4E1E6B9242E6C8FAB82703F7 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
20:35:23.0421 1396 AVGIDSHX - ok
20:35:23.0437 1396 [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
20:35:23.0437 1396 AVGIDSShim - ok
20:35:23.0484 1396 [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:35:23.0484 1396 Avgldx86 - ok
20:35:23.0500 1396 [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
20:35:23.0515 1396 Avglogx - ok
20:35:23.0515 1396 [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:35:23.0515 1396 Avgmfx86 - ok
20:35:23.0546 1396 [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:35:23.0546 1396 Avgrkx86 - ok
20:35:23.0593 1396 [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
20:35:23.0609 1396 avgwd - ok
20:35:23.0640 1396 [ 438179ABE9B7A922A21B8D6369FF52FF ] BCM42RLY C:\WINDOWS\System32\BCM42RLY.SYS
20:35:23.0640 1396 BCM42RLY - ok
20:35:23.0656 1396 BCM43XX - ok
20:35:23.0671 1396 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:35:23.0687 1396 Beep - ok
20:35:23.0703 1396 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:35:23.0718 1396 BITS - ok
20:35:23.0734 1396 [ F934D1B230F84E1D19DD00AC5A7A83ED ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
20:35:23.0734 1396 Bridge - ok
20:35:23.0734 1396 [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
20:35:23.0734 1396 BridgeMP - ok
20:35:23.0765 1396 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:35:23.0765 1396 Browser - ok
20:35:23.0765 1396 btaudio - ok
20:35:23.0781 1396 BTDriver - ok
20:35:23.0781 1396 BTWDNDIS - ok
20:35:23.0781 1396 btwhid - ok
20:35:23.0796 1396 BTWUSB - ok
20:35:23.0875 1396 catchme - ok
20:35:23.0906 1396 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:35:23.0906 1396 cbidf2k - ok
20:35:23.0906 1396 cd20xrnt - ok
20:35:23.0921 1396 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:35:23.0921 1396 Cdaudio - ok
20:35:23.0937 1396 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:35:23.0953 1396 Cdfs - ok
20:35:23.0968 1396 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:35:23.0968 1396 Cdrom - ok
20:35:23.0984 1396 Changer - ok
20:35:24.0000 1396 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:35:24.0015 1396 CiSvc - ok
20:35:24.0031 1396 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:35:24.0046 1396 ClipSrv - ok
20:35:24.0062 1396 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:35:24.0062 1396 clr_optimization_v2.0.50727_32 - ok
20:35:24.0062 1396 CmdIde - ok
20:35:24.0078 1396 COMSysApp - ok
20:35:24.0093 1396 Cpqarray - ok
20:35:24.0109 1396 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:35:24.0109 1396 CryptSvc - ok
20:35:24.0109 1396 dac2w2k - ok
20:35:24.0109 1396 dac960nt - ok
20:35:24.0140 1396 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:35:24.0156 1396 DcomLaunch - ok
20:35:24.0171 1396 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:35:24.0187 1396 Dhcp - ok
20:35:24.0218 1396 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:35:24.0218 1396 Disk - ok
20:35:24.0218 1396 dmadmin - ok
20:35:24.0265 1396 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:35:24.0265 1396 dmboot - ok
20:35:24.0296 1396 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:35:24.0296 1396 dmio - ok
20:35:24.0328 1396 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:35:24.0328 1396 dmload - ok
20:35:24.0359 1396 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:35:24.0359 1396 dmserver - ok
20:35:24.0375 1396 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:35:24.0375 1396 DMusic - ok
20:35:24.0406 1396 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:35:24.0406 1396 Dnscache - ok
20:35:24.0437 1396 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:35:24.0453 1396 Dot3svc - ok
20:35:24.0453 1396 dpti2o - ok
20:35:24.0468 1396 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:35:24.0468 1396 drmkaud - ok
20:35:24.0500 1396 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:35:24.0500 1396 EapHost - ok
20:35:24.0531 1396 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:35:24.0531 1396 ERSvc - ok
20:35:24.0562 1396 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:35:24.0562 1396 Eventlog - ok
20:35:24.0593 1396 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
20:35:24.0593 1396 EventSystem - ok
20:35:24.0625 1396 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:35:24.0625 1396 Fastfat - ok
20:35:24.0656 1396 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:35:24.0656 1396 FastUserSwitchingCompatibility - ok
20:35:24.0671 1396 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:35:24.0671 1396 Fdc - ok
20:35:24.0687 1396 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:35:24.0687 1396 Fips - ok
20:35:24.0765 1396 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:35:24.0781 1396 FLEXnet Licensing Service - ok
20:35:24.0796 1396 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:35:24.0796 1396 Flpydisk - ok
20:35:24.0828 1396 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:35:24.0828 1396 FltMgr - ok
20:35:24.0890 1396 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:35:24.0890 1396 FontCache3.0.0.0 - ok
20:35:24.0890 1396 ForceWare Intelligent Application Manager (IAM) - ok
20:35:24.0906 1396 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:35:24.0906 1396 Fs_Rec - ok
20:35:24.0906 1396 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:35:24.0906 1396 Ftdisk - ok
20:35:24.0953 1396 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:35:24.0953 1396 GEARAspiWDM - ok
20:35:24.0968 1396 GMSIPCI - ok
20:35:25.0000 1396 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:35:25.0000 1396 Gpc - ok
20:35:25.0015 1396 [ FC80052194D5708254A346568F0E77C0 ] GTNDIS5 C:\WINDOWS\system32\GTNDIS5.SYS
20:35:25.0015 1396 GTNDIS5 - ok
20:35:25.0046 1396 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:35:25.0046 1396 HDAudBus - ok
20:35:25.0093 1396 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:35:25.0093 1396 helpsvc - ok
20:35:25.0109 1396 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:35:25.0109 1396 HidServ - ok
20:35:25.0125 1396 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:35:25.0125 1396 hidusb - ok
20:35:25.0156 1396 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:35:25.0171 1396 hkmsvc - ok
20:35:25.0171 1396 hpn - ok
20:35:25.0265 1396 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:35:25.0281 1396 HTTP - ok
20:35:25.0312 1396 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:35:25.0328 1396 HTTPFilter - ok
20:35:25.0328 1396 i2omgmt - ok
20:35:25.0328 1396 i2omp - ok
20:35:25.0359 1396 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:35:25.0359 1396 i8042prt - ok
20:35:25.0687 1396 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:35:25.0968 1396 idsvc - ok
20:35:25.0984 1396 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:35:25.0984 1396 Imapi - ok
20:35:26.0078 1396 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:35:26.0109 1396 ImapiService - ok
20:35:26.0109 1396 ini910u - ok
20:35:27.0531 1396 [ 07CFD02E9BEDCF2D2CCF9F55B4E46616 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:35:30.0453 1396 IntcAzAudAddService - ok
20:35:30.0453 1396 IntelIde - ok
20:35:30.0484 1396 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:35:30.0484 1396 intelppm - ok
20:35:30.0500 1396 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:35:30.0515 1396 ip6fw - ok
20:35:30.0531 1396 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:35:30.0531 1396 IpFilterDriver - ok
20:35:30.0546 1396 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:35:30.0546 1396 IpInIp - ok
20:35:30.0578 1396 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:35:30.0578 1396 IpNat - ok
20:35:30.0593 1396 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:35:30.0593 1396 IPSec - ok
20:35:30.0609 1396 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:35:30.0609 1396 IRENUM - ok
20:35:30.0640 1396 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:35:30.0640 1396 isapnp - ok
20:35:30.0765 1396 [ 5739F2821D49975CEDE6BF0153D0CF01 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
20:35:30.0765 1396 JavaQuickStarterService - ok
20:35:30.0796 1396 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:35:30.0796 1396 Kbdclass - ok
20:35:30.0812 1396 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:35:30.0812 1396 kbdhid - ok
20:35:30.0828 1396 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:35:30.0828 1396 kmixer - ok
20:35:30.0859 1396 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:35:30.0859 1396 KSecDD - ok
20:35:30.0906 1396 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:35:30.0906 1396 lanmanserver - ok
20:35:30.0921 1396 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:35:30.0937 1396 lanmanworkstation - ok
20:35:30.0968 1396 [ C99BA72106A858CB8B521BB4C02C93ED ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
20:35:30.0968 1396 LBeepKE - ok
20:35:30.0968 1396 lbrtfdc - ok
20:35:31.0000 1396 [ EEE5A87EC378C9AD7CE91073FBD63465 ] LEqdUsb C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
20:35:31.0000 1396 LEqdUsb - ok
20:35:31.0031 1396 [ 62663B385087F5977D8EBD1FDC67B639 ] LHidEqd C:\WINDOWS\system32\Drivers\LHidEqd.Sys
20:35:31.0031 1396 LHidEqd - ok
20:35:31.0062 1396 [ 318B3D608FBEC44B7E0C23BF759DCED5 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
20:35:31.0062 1396 LHidFilt - ok
20:35:31.0093 1396 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:35:31.0093 1396 LmHosts - ok
20:35:31.0109 1396 [ 84AF069D219DF3C43DC6792B2BBD7BED ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
20:35:31.0109 1396 LMouFilt - ok
20:35:31.0109 1396 maxidemo - ok
20:35:31.0156 1396 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
20:35:31.0156 1396 mbamchameleon - ok
20:35:31.0187 1396 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
20:35:31.0187 1396 MBAMProtector - ok
20:35:31.0265 1396 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:35:31.0265 1396 MBAMScheduler - ok
20:35:31.0296 1396 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:35:31.0312 1396 MBAMService - ok
20:35:31.0312 1396 mcdbus - ok
20:35:31.0343 1396 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:35:31.0343 1396 Messenger - ok
20:35:31.0375 1396 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:35:31.0375 1396 mnmdd - ok
20:35:31.0406 1396 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
20:35:31.0406 1396 mnmsrvc - ok
20:35:31.0437 1396 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:35:31.0437 1396 Modem - ok
20:35:31.0515 1396 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
20:35:31.0546 1396 Monfilt - ok
20:35:31.0562 1396 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:35:31.0562 1396 Mouclass - ok
20:35:31.0578 1396 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:35:31.0578 1396 mouhid - ok
20:35:31.0609 1396 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:35:31.0609 1396 MountMgr - ok
20:35:31.0609 1396 mraid35x - ok
20:35:31.0625 1396 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:35:31.0625 1396 MRxDAV - ok
20:35:31.0640 1396 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:35:31.0656 1396 MRxSmb - ok
20:35:31.0687 1396 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:35:31.0687 1396 MSDTC - ok
20:35:31.0703 1396 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:35:31.0703 1396 Msfs - ok
20:35:31.0703 1396 MSIServer - ok
20:35:31.0734 1396 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:35:31.0734 1396 MSKSSRV - ok
20:35:31.0750 1396 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:35:31.0750 1396 MSPCLOCK - ok
20:35:31.0750 1396 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:35:31.0750 1396 MSPQM - ok
20:35:31.0765 1396 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:35:31.0765 1396 mssmbios - ok
20:35:31.0781 1396 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:35:31.0796 1396 Mup - ok
20:35:31.0828 1396 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:35:31.0843 1396 napagent - ok
20:35:31.0875 1396 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:35:31.0875 1396 NDIS - ok
20:35:31.0921 1396 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:35:31.0921 1396 NdisTapi - ok
20:35:31.0937 1396 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:35:31.0937 1396 Ndisuio - ok
20:35:31.0953 1396 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:35:31.0953 1396 NdisWan - ok
20:35:32.0000 1396 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:35:32.0000 1396 NDProxy - ok
20:35:32.0031 1396 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:35:32.0031 1396 NetBIOS - ok
20:35:32.0046 1396 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:35:32.0046 1396 NetBT - ok
20:35:32.0078 1396 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:35:32.0078 1396 NetDDE - ok
20:35:32.0093 1396 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:35:32.0093 1396 NetDDEdsdm - ok
20:35:32.0125 1396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:35:32.0125 1396 Netlogon - ok
20:35:32.0156 1396 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:35:32.0156 1396 Netman - ok
20:35:32.0203 1396 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:35:32.0203 1396 NetTcpPortSharing - ok
20:35:32.0218 1396 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:35:32.0218 1396 NIC1394 - ok
20:35:32.0234 1396 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:35:32.0234 1396 Nla - ok
20:35:32.0281 1396 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:35:32.0281 1396 Npfs - ok
20:35:32.0281 1396 npggsvc - ok
20:35:32.0281 1396 npkcrypt - ok
20:35:32.0281 1396 nSvcIp - ok
20:35:32.0296 1396 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:35:32.0312 1396 Ntfs - ok
20:35:32.0328 1396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
20:35:32.0343 1396 NtLmSsp - ok
20:35:32.0375 1396 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:35:32.0406 1396 NtmsSvc - ok
20:35:32.0421 1396 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:35:32.0421 1396 Null - ok
20:35:32.0578 1396 [ 597A5167C509547FC691416887171079 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:35:32.0718 1396 nv - ok
20:35:32.0765 1396 [ DC1F9954B5EDDD147AF7E5C420BE7B93 ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
20:35:32.0765 1396 nvata - ok
20:35:32.0796 1396 [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
20:35:32.0796 1396 NVENETFD - ok
20:35:32.0812 1396 [ EA98BFE4931BD13D747D647C1859796E ] nvgts C:\WINDOWS\system32\DRIVERS\nvgts.sys
20:35:32.0812 1396 nvgts - ok
20:35:32.0859 1396 [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
20:35:32.0859 1396 nvnetbus - ok
20:35:32.0875 1396 [ 4A290F88C42DD1037A46CD1867308D82 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
20:35:32.0875 1396 NVSvc - ok
20:35:32.0921 1396 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:35:32.0921 1396 NwlnkFlt - ok
20:35:32.0937 1396 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:35:32.0937 1396 NwlnkFwd - ok
20:35:32.0953 1396 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:35:32.0953 1396 ohci1394 - ok
20:35:33.0000 1396 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
20:35:33.0000 1396 Parport - ok
20:35:33.0015 1396 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:35:33.0015 1396 PartMgr - ok
20:35:33.0031 1396 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:35:33.0031 1396 ParVdm - ok
20:35:33.0062 1396 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:35:33.0062 1396 PCI - ok
20:35:33.0062 1396 PCIDump - ok
20:35:33.0093 1396 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:35:33.0093 1396 PCIIde - ok
20:35:33.0109 1396 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:35:33.0109 1396 Pcmcia - ok
20:35:33.0109 1396 PDCOMP - ok
20:35:33.0109 1396 PDFRAME - ok
20:35:33.0125 1396 PDRELI - ok
20:35:33.0125 1396 PDRFRAME - ok
20:35:33.0125 1396 perc2 - ok
20:35:33.0140 1396 perc2hib - ok
20:35:33.0156 1396 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:35:33.0156 1396 PlugPlay - ok
20:35:33.0171 1396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:35:33.0171 1396 PolicyAgent - ok
20:35:33.0203 1396 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:35:33.0203 1396 PptpMiniport - ok
20:35:33.0218 1396 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
20:35:33.0218 1396 Processor - ok
20:35:33.0218 1396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:35:33.0218 1396 ProtectedStorage - ok
20:35:33.0234 1396 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:35:33.0234 1396 PSched - ok
20:35:33.0265 1396 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:35:33.0265 1396 Ptilink - ok
20:35:33.0296 1396 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:35:33.0312 1396 PxHelp20 - ok
20:35:33.0312 1396 ql1080 - ok
20:35:33.0312 1396 Ql10wnt - ok
20:35:33.0312 1396 ql12160 - ok
20:35:33.0328 1396 ql1240 - ok
20:35:33.0328 1396 ql1280 - ok
20:35:33.0359 1396 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:35:33.0359 1396 RasAcd - ok
20:35:33.0390 1396 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:35:33.0406 1396 RasAuto - ok
20:35:33.0421 1396 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:35:33.0421 1396 Rasl2tp - ok
20:35:33.0453 1396 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:35:33.0453 1396 RasMan - ok
20:35:33.0468 1396 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:35:33.0468 1396 RasPppoe - ok
20:35:33.0468 1396 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:35:33.0468 1396 Raspti - ok
20:35:33.0500 1396 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:35:33.0515 1396 Rdbss - ok
20:35:33.0531 1396 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:35:33.0531 1396 RDPCDD - ok
20:35:33.0562 1396 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:35:33.0562 1396 RDPWD - ok
20:35:33.0593 1396 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:35:33.0609 1396 RDSessMgr - ok
20:35:33.0640 1396 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:35:33.0640 1396 redbook - ok
20:35:33.0671 1396 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:35:33.0671 1396 RemoteAccess - ok
20:35:33.0703 1396 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
20:35:33.0703 1396 RimUsb - ok
20:35:33.0703 1396 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
20:35:33.0718 1396 RpcLocator - ok
20:35:33.0750 1396 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:35:33.0750 1396 RpcSs - ok
20:35:33.0765 1396 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
20:35:33.0781 1396 RSVP - ok
20:35:33.0828 1396 [ 7436BFD3A542CF6FF55097200031B293 ] RT73 C:\WINDOWS\system32\DRIVERS\rt73.sys
20:35:33.0828 1396 RT73 - ok
20:35:33.0859 1396 [ BA11D5F61A74E156BF6F33DDDD1AD1CE ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
20:35:33.0875 1396 RTL8192su - ok
20:35:33.0890 1396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:35:33.0890 1396 SamSs - ok
20:35:33.0921 1396 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:35:33.0937 1396 SCardSvr - ok
20:35:33.0968 1396 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:35:33.0968 1396 Schedule - ok
20:35:34.0000 1396 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:35:34.0000 1396 Secdrv - ok
20:35:34.0015 1396 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:35:34.0031 1396 seclogon - ok
20:35:34.0031 1396 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:35:34.0031 1396 SENS - ok
20:35:34.0062 1396 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:35:34.0062 1396 serenum - ok
20:35:34.0078 1396 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:35:34.0078 1396 Serial - ok
20:35:34.0093 1396 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:35:34.0093 1396 Sfloppy - ok
20:35:34.0125 1396 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:35:34.0125 1396 SharedAccess - ok
20:35:34.0156 1396 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:35:34.0156 1396 ShellHWDetection - ok
20:35:34.0156 1396 Simbad - ok
20:35:34.0156 1396 Sparrow - ok
20:35:34.0187 1396 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:35:34.0187 1396 splitter - ok
20:35:34.0203 1396 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:35:34.0218 1396 Spooler - ok
20:35:34.0234 1396 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:35:34.0234 1396 sr - ok
20:35:34.0265 1396 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
20:35:34.0265 1396 srservice - ok
20:35:34.0281 1396 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:35:34.0296 1396 Srv - ok
20:35:34.0328 1396 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:35:34.0328 1396 SSDPSRV - ok
20:35:34.0343 1396 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:35:34.0359 1396 stisvc - ok
20:35:34.0390 1396 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:35:34.0390 1396 swenum - ok
20:35:34.0406 1396 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:35:34.0406 1396 swmidi - ok
20:35:34.0406 1396 SwPrv - ok
20:35:34.0421 1396 symc810 - ok
20:35:34.0421 1396 symc8xx - ok
20:35:34.0421 1396 sym_hi - ok
20:35:34.0437 1396 sym_u3 - ok
20:35:34.0453 1396 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:35:34.0453 1396 sysaudio - ok
20:35:34.0484 1396 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:35:34.0500 1396 SysmonLog - ok
20:35:34.0515 1396 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:35:34.0515 1396 TapiSrv - ok
20:35:34.0562 1396 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:35:34.0562 1396 Tcpip - ok
20:35:34.0578 1396 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:35:34.0578 1396 TDPIPE - ok
20:35:34.0593 1396 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:35:34.0593 1396 TDTCP - ok
20:35:34.0625 1396 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:35:34.0625 1396 TermDD - ok
20:35:34.0640 1396 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:35:34.0656 1396 TermService - ok
20:35:34.0671 1396 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:35:34.0671 1396 Themes - ok
20:35:34.0687 1396 [ DF8444A8FA8FD38D8848BDD40A8403B3 ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys
20:35:34.0703 1396 tmcomm - ok
20:35:34.0703 1396 TosIde - ok
20:35:34.0703 1396 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:35:34.0718 1396 TrkWks - ok
20:35:34.0734 1396 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:35:34.0734 1396 Udfs - ok
20:35:34.0734 1396 ultra - ok
20:35:34.0750 1396 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:35:34.0750 1396 Update - ok
20:35:34.0781 1396 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:35:34.0781 1396 upnphost - ok
20:35:34.0796 1396 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:35:34.0812 1396 UPS - ok
20:35:34.0812 1396 USBAAPL - ok
20:35:34.0843 1396 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:35:34.0843 1396 usbaudio - ok
20:35:34.0859 1396 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:35:34.0859 1396 usbccgp - ok
20:35:34.0875 1396 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:35:34.0875 1396 usbehci - ok
20:35:34.0906 1396 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:35:34.0906 1396 usbhub - ok
20:35:34.0921 1396 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:35:34.0921 1396 usbohci - ok
20:35:34.0953 1396 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:35:34.0953 1396 usbprint - ok
20:35:34.0984 1396 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:35:34.0984 1396 usbscan - ok
20:35:35.0015 1396 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:35:35.0015 1396 USBSTOR - ok
20:35:35.0031 1396 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:35:35.0031 1396 VgaSave - ok
20:35:35.0046 1396 ViaIde - ok
20:35:35.0078 1396 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:35:35.0078 1396 VolSnap - ok
20:35:35.0109 1396 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:35:35.0125 1396 VSS - ok
20:35:35.0140 1396 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:35:35.0156 1396 W32Time - ok
20:35:35.0156 1396 W8335XP - ok
20:35:35.0171 1396 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:35:35.0171 1396 Wanarp - ok
20:35:35.0203 1396 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
20:35:35.0218 1396 Wdf01000 - ok
20:35:35.0218 1396 WDICA - ok
20:35:35.0234 1396 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:35:35.0234 1396 wdmaud - ok
20:35:35.0250 1396 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:35:35.0250 1396 WebClient - ok
20:35:35.0312 1396 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:35:35.0312 1396 winmgmt - ok
20:35:35.0343 1396 [ 5D410936831F7FB58EFF941EAC3F6D3D ] WmBEnum C:\WINDOWS\system32\drivers\WmBEnum.sys
20:35:35.0343 1396 WmBEnum - ok
20:35:35.0375 1396 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:35:35.0375 1396 WmdmPmSN - ok
20:35:35.0406 1396 [ 7A13CFDE92956CA61A0927D766C5AD4F ] WmFilter C:\WINDOWS\system32\drivers\WmFilter.sys
20:35:35.0406 1396 WmFilter - ok
20:35:35.0421 1396 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:35:35.0453 1396 WmiApSrv - ok
20:35:35.0500 1396 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:35:35.0515 1396 WMPNetworkSvc - ok
20:35:35.0546 1396 [ 6F04646BC690F8BBFC344BE32A60796D ] WmVirHid C:\WINDOWS\system32\drivers\WmVirHid.sys
20:35:35.0546 1396 WmVirHid - ok
20:35:35.0562 1396 [ 1D6CA43D562333F4DFB40BCEF2453F3A ] WmXlCore C:\WINDOWS\system32\drivers\WmXlCore.sys
20:35:35.0562 1396 WmXlCore - ok
20:35:35.0593 1396 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:35:35.0593 1396 WpdUsb - ok
20:35:35.0609 1396 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:35:35.0625 1396 WS2IFSL - ok
20:35:35.0640 1396 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
20:35:35.0640 1396 WsAudio_DeviceS(1) - ok
20:35:35.0640 1396 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
20:35:35.0640 1396 WsAudio_DeviceS(2) - ok
20:35:35.0656 1396 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
20:35:35.0656 1396 WsAudio_DeviceS(3) - ok
20:35:35.0687 1396 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
20:35:35.0687 1396 WsAudio_DeviceS(4) - ok
20:35:35.0703 1396 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
20:35:35.0703 1396 WsAudio_DeviceS(5) - ok
20:35:35.0718 1396 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:35:35.0734 1396 wscsvc - ok
20:35:35.0734 1396 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:35:35.0750 1396 wuauserv - ok
20:35:35.0796 1396 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:35:35.0796 1396 WudfPf - ok
20:35:35.0812 1396 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:35:35.0828 1396 WudfRd - ok
20:35:35.0843 1396 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:35:35.0843 1396 WudfSvc - ok
20:35:35.0875 1396 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:35:35.0875 1396 WZCSVC - ok
20:35:35.0890 1396 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:35:35.0906 1396 xmlprov - ok
20:35:35.0937 1396 [ F5E5F944E63A9B5F6E76C2EBB2AC462F ] xusb21 C:\WINDOWS\system32\DRIVERS\xusb21.sys
20:35:35.0937 1396 xusb21 - ok
20:35:35.0953 1396 ================ Scan global ===============================
20:35:35.0968 1396 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:35:36.0015 1396 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:35:36.0015 1396 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:35:36.0062 1396 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:35:36.0062 1396 [Global] - ok
20:35:36.0062 1396 ================ Scan MBR ==================================
20:35:36.0078 1396 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:35:36.0265 1396 \Device\Harddisk0\DR0 - ok
20:35:36.0265 1396 ================ Scan VBR ==================================
20:35:36.0281 1396 [ 7A0CF8B9ED8AA6B71592AD247912FEEC ] \Device\Harddisk0\DR0\Partition1
20:35:36.0281 1396 \Device\Harddisk0\DR0\Partition1 - ok
20:35:36.0281 1396 ============================================================
20:35:36.0281 1396 Scan finished
20:35:36.0281 1396 ============================================================
20:35:36.0281 1668 Detected object count: 0
20:35:36.0281 1668 Actual detected object count: 0
-
I disabled antivirus to see if it was a cause for the "skips." They happen about every 10-15 seconds and seem to be a .5 sec lag, when playing games or watching/streaming video, but not when just browsing on the desktop or on the web. I had played games on this computer for years, and it never used to have this problem before, I thought it used to be a much faster computer than its running right now. Also i noticed that when I boot the machine the very first screen reports the ram speed at 800mhz but when i run an application called cpu-z it says its only at 400mhz... dunno if its accurate or means anything....
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : malfy [Admin rights]
Mode : Scan -- Date : 05/26/2013 20:36:53
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST316081 1AS SCSI Disk Device +++++
--- User ---
[MBR] 9b97dee5089473b6dfccd57853c6450f
[bSP] c57ff3fb1414cef235532b8a2ebb7d6f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_05262013_02d2036.txt >>
RKreport[1]_S_05262013_02d2036.txt
Results of screen317's Security Check version 0.99.64
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG 2013
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 6 Update 26
Java 6 Update 2
Java 6 Update 3
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.1.52.14 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgemc.exe
malfy My Documents Downloads SecurityCheck.exe
malfy LOCALS~1 temp RarSFX1\SecurityCheck\Objlist.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````
-
My computer seems to be experiencing little hiccups, or skips every so often, and i haven't been able to figure out whats happening.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Run by malfy at 1:46:42 on 2013-05-26
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1306 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\malfy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\malfy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\malfy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\malfy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = <local>;*.local
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Driver Detective] c:\program files\pc drivers headquarters\driver detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218583869453
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295404046625
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
TCP: Interfaces\{0C6684EB-61AA-4B82-B667-7F52489E65F2} : DHCPNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli nesibeba.dll
.
============= SERVICES / DRIVERS ===============
.
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-4-28 10448]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2011-1-18 606056]
S2 aspnet_stateEventSystem;ASP.NET State Service aspnet_stateEventSystem; srv --> srv [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-4-9 1691480]
S3 audiobridge;Virtual Audio Bridge;c:\windows\system32\drivers\aubridge.sys [2007-7-23 22528]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-8-24 40912]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 10448]
S3 maxidemo;Maxi_Vista_Demo_Driver;c:\windows\system32\drivers\maxidemo.sys --> c:\windows\system32\drivers\maxidemo.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-8 22856]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-11-27 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2009-11-27 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2009-11-27 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2009-11-27 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2009-11-27 25704]
S4 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-16 418376]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-8 701512]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=c:\windows\system32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2013-05-26 02:17:59 -------- d-----w- c:\program files\CCleaner
2013-05-12 23:38:46 -------- d-----w- c:\documents and settings\malfy\local settings\application data\CPN
2013-05-12 23:38:24 -------- d-----w- c:\program files\Juicy Stakes 2.0
.
==================== Find3M ====================
.
2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 19:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 1:47:21.20 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/30/2007 9:47:09 AM
System Uptime: 5/25/2013 11:12:20 PM (2 hours ago)
.
Motherboard: EVGA | | NFORCE 680i LT SLI
Processor: Intel® Core™2 CPU 6400 @ 2.13GHz | Socket 775 | 2133/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 122.45 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&19933FE2&2&00
Manufacturer: NVIDIA
Name: NVIDIA nForce 10/100/1000 Mbps Ethernet #2
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&19933FE2&2&00
Service: NVENETFD
.
==== System Restore Points ===================
.
RP251: 4/16/2013 9:11:12 PM - Removed Project64 1.6
RP252: 4/16/2013 9:12:19 PM - Removed Splashtop Streamer
RP253: 4/16/2013 9:13:46 PM - Removed Transparent Windows
RP254: 4/16/2013 9:14:05 PM - Removed Ventrilo Server
RP255: 4/16/2013 9:14:25 PM - Removed Ventrilo Client
RP256: 4/16/2013 9:35:01 PM - Removed Jitbit Macro Recorder.
RP257: 4/16/2013 9:36:52 PM - Configured NETGEAR WG311v3 PCI Adapter
RP258: 4/16/2013 9:39:34 PM - Removed WIDCOMM Bluetooth Software
RP259: 4/16/2013 9:41:13 PM - Configured NETGEAR WG311v3 PCI Adapter
RP260: 4/17/2013 3:00:22 AM - Software Distribution Service 3.0
RP261: 4/21/2013 4:15:23 AM - System Checkpoint
RP262: 4/22/2013 5:24:40 PM - System Checkpoint
RP263: 4/27/2013 7:36:33 PM - System Checkpoint
RP264: 5/8/2013 2:02:12 AM - System Checkpoint
RP265: 5/12/2013 4:31:09 AM - System Checkpoint
RP266: 5/15/2013 11:55:41 PM - Software Distribution Service 3.0
RP267: 5/18/2013 11:10:44 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Azureus
Bonjour
CCleaner
Critical Update for Windows Media Player 11 (KB959772)
Direct Show Ogg Vorbis Filter (remove only)
Driver Detective
eReg
ffdshow [rev 3096] [2009-10-06]
Google Chrome
Haali Media Splitter
Heroes of Newerth
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
J2SE Runtime Environment 5.0 Update 3
Java Auto Updater
Java™ 6 Update 2
Java™ 6 Update 26
Java™ 6 Update 3
Juicy Stakes 2.0
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
NETGEAR WG311v3 PCI Adapter
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
Vuze
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
5/25/2013 8:09:40 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf86601e, parameter3 ac6a7ae4, parameter4 00000000.
5/22/2013 8:20:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BCM43XX
5/22/2013 8:20:26 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
5/22/2013 8:20:26 PM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================
-
Awesome, things seem to be working properly now; thank you very much for your help, you guys are lifesavers.
mmm one last thing, I'm curious, what does "je m'en fous" mean?
-
ComboFix 09-07-03.03 - malfy 07/04/2009 3:14.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1709 [GMT -5:00]
Running from: c:\documents and settings\malfy\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\malfy\Local Settings\Application Data\{0FE51EEA-1E6F-4F0F-8305-8E012627B986}
c:\documents and settings\malfy\Local Settings\Application Data\{0FE51EEA-1E6F-4F0F-8305-8E012627B986}\chrome.manifest
c:\documents and settings\malfy\Local Settings\Application Data\{0FE51EEA-1E6F-4F0F-8305-8E012627B986}\chrome\content\_cfg.js
c:\documents and settings\malfy\Local Settings\Application Data\{0FE51EEA-1E6F-4F0F-8305-8E012627B986}\chrome\content\overlay.xul
c:\documents and settings\malfy\Local Settings\Application Data\{0FE51EEA-1E6F-4F0F-8305-8E012627B986}\install.rdf
c:\windows\system32\drivers\hjgruilnsrqxti.sys
c:\windows\system32\hjgruigwkdphoo.dat
c:\windows\system32\hjgruikpmpiqjo.dll
c:\windows\system32\hjgruiltnyycrw.dat
c:\windows\system32\hjgruitliqouem.dll
c:\windows\system32\mlfcache.dat
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_hjgruidipbfpcb
((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.
2009-07-04 02:45 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-04 02:45 . 2009-03-24 21:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-04 02:45 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-04 02:45 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-04 02:45 . 2009-07-04 02:45 -------- d-----w- c:\program files\Avira
2009-07-04 02:45 . 2009-07-04 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-28 20:30 . 2009-06-28 20:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-24 03:25 . 2009-07-04 04:42 -------- d-----w- c:\program files\Steam
2009-06-19 07:24 . 2009-06-19 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-06-10 08:01 . 2009-06-10 08:01 -------- d-----w- c:\windows\ie8updates
2009-06-10 05:59 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 05:59 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 07:32 . 2007-05-19 19:52 -------- d-----w- c:\program files\PokerStars
2009-07-03 07:52 . 2007-06-01 06:20 -------- d-----w- c:\program files\QuickTime
2009-07-01 06:16 . 2003-03-31 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-06-24 09:48 . 2008-03-12 22:25 -------- d-----w- c:\program files\Warcraft III
2009-06-21 06:23 . 2009-02-19 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-21 06:23 . 2009-04-09 23:26 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-20 21:56 . 2009-04-10 08:11 80 ----a-w- c:\windows\system32\HWTablet.bin
2009-06-17 16:27 . 2009-02-19 19:42 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 16:27 . 2009-02-19 19:42 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 05:10 . 2009-02-09 23:04 -------- d-----w- c:\program files\Full Tilt Poker
2009-05-29 05:32 . 2007-05-08 21:32 -------- d-----w- c:\program files\mIRC
2009-05-14 00:15 . 2007-05-13 00:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-14 00:06 . 2009-05-14 00:06 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-13 05:15 . 2006-06-23 17:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2003-03-31 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2003-03-31 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-03-06 02:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 02:53 . 2009-04-15 02:53 1078 ----a-r- c:\documents and settings\malfy\Application Data\Microsoft\Installer\{26E30F32-01C0-47EF-930B-D36B676B86A9}\_294823.exe
2009-04-15 02:53 . 2009-04-15 02:53 1078 ----a-r- c:\documents and settings\malfy\Application Data\Microsoft\Installer\{26E30F32-01C0-47EF-930B-D36B676B86A9}\_18be6784.exe
2009-04-14 23:31 . 2008-03-12 22:29 78175 ----a-w- c:\windows\War3Unin.dat
2009-04-10 00:52 . 2009-01-02 21:04 383645136 ----a-w- c:\documents and settings\malfy\Application Data\ijjigame\U_GBOUND_setup.exe
2007-07-26 19:32 . 2007-05-14 03:47 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-07-26 19:32 . 2007-05-14 03:47 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-07-26 19:32 . 2007-05-14 03:47 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-07-26 19:32 . 2007-05-14 03:47 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-07-26 19:32 . 2007-05-14 03:47 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-13 8429568]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-10 16126464]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-13 1626112]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bcmwl5.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311v3 Smart Wizard.lnk]
backup=c:\windows\pss\NETGEAR WG311v3 Smart Wizard.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^malfy^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"aawservice"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"MySQL"=2 (0x2)
"Apache2.2"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5999:UDP"= 5999:UDP:*:Disabled:MaxiVista Server
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 hypen;Hy Pen;c:\windows\system32\drivers\HYPEN.sys [4/10/2009 3:11 AM 10548]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/3/2009 9:45 PM 108289]
R2 HWSuperPowerTablet;HWSuperPowerTablet;c:\windows\system32\jwpen.exe [4/10/2009 3:11 AM 221184]
S2 aspnet_stateEventSystem;ASP.NET State Service aspnet_stateEventSystem; srv --> srv [?]
S3 maxidemo;Maxi_Vista_Demo_Driver;c:\windows\system32\DRIVERS\maxidemo.sys --> c:\windows\system32\DRIVERS\maxidemo.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 Apache2.2;Apache2.2;c:\apache2.2\bin\httpd.exe [6/13/2008 4:05 AM 24635]
--- Other Services/Drivers In Memory ---
*Deregistered* - HYCtl
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-24 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2003-03-31 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\malfy\Application Data\Mozilla\Firefox\Profiles\mkp52r85.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 03:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aspnet_stateEventSystem]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="c:\mysql\bin\mysqld-nt MySQL"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-329068152-1563985344-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C11AF94B-CD15-D6B5-087F-DECB344D0DD3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nanhmlnghhidgnkgcjaegkpjbelm"=hex:69,61,67,6d,65,63,68,67,63,6e,69,66,67,68,
66,62,6c,65,00,00
"mahhddllgmncbgnkckpciinekj"=hex:6a,61,6f,6d,63,67,6c,64,6d,66,6a,68,63,6a,66,
70,61,6c,68,6e,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\MrvGINA.dll
.
Completion time: 2009-07-04 3:19
ComboFix-quarantined-files.txt 2009-07-04 08:19
ComboFix2.txt 2009-02-27 21:35
Pre-Run: 40,518,942,720 bytes free
Post-Run: 40,560,955,392 bytes free
182 --- E O F --- 2009-06-10 08:01
-
I scan my system routinely with Dr.Web CureIt and mbam; I'm trying to run things as lite as possible, and I'm fairly good at avoiding malicious software/web domains. My problem with most antivirus software is that the active protection consumes resources all the time when its protection is needed very rarely. While it may be very effective against KNOWN infections it provides little help against NEW infections. That being said, I'm not trying to be difficult or defiant for any reason and I proceeded as directed.
Avira AntiVir Personal
Report file date: Friday, July 03, 2009 22:20
Scanning for 1446709 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : malfy
Computer name : DANNY
Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 5/11/2009 15:14:47
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 18:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 02:46:53
ANTIVIR2.VDF : 7.1.4.173 306688 Bytes 7/2/2009 02:46:54
ANTIVIR3.VDF : 7.1.4.180 29696 Bytes 7/3/2009 02:46:55
Engineversion : 8.2.0.204
AEVDF.DLL : 8.1.1.1 106868 Bytes 4/30/2009 17:52:04
AESCRIPT.DLL : 8.1.2.13 426362 Bytes 7/4/2009 02:46:59
AESCN.DLL : 8.1.2.3 127347 Bytes 5/14/2009 17:02:01
AERDL.DLL : 8.1.2.2 438642 Bytes 7/4/2009 02:46:59
AEPACK.DLL : 8.1.3.18 401783 Bytes 5/27/2009 22:07:20
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/4/2009 02:46:58
AEHEUR.DLL : 8.1.0.137 1823095 Bytes 7/4/2009 02:46:58
AEHELP.DLL : 8.1.3.6 205174 Bytes 7/4/2009 02:46:55
AEGEN.DLL : 8.1.1.48 348532 Bytes 7/4/2009 02:46:55
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 20:32:40
AECORE.DLL : 8.1.6.12 180599 Bytes 5/27/2009 22:07:20
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 20:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 16:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 21:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 16:19:48
Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: c:\program files\avira\antivir desktop\alldrives.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, F:, G:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: Friday, July 03, 2009 22:20
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'jwpen.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
25 processes with 25 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[iNFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[iNFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '42' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
Begin scan in 'D:\'
Search path D:\ could not be opened!
System error [21]: The device is not ready.
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: The device is not ready.
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: The device is not ready.
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [21]: The device is not ready.
End of the scan: Friday, July 03, 2009 22:41
Used time: 21:05 Minute(s)
The scan has been done completely.
8549 Scanned directories
264423 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
264422 Files not concerned
3217 Archives were scanned
1 Warnings
1 Notes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:04 PM, on 7/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\JWPEN.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1218583869453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218330580531
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASP.NET State Service aspnet_stateEventSystem (aspnet_stateEventSystem) - Unknown owner - .exe (file missing)
O23 - Service: HWSuperPowerTablet - HanWang - C:\WINDOWS\system32\JWPEN.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3579 bytes
-
Curiously if anyone responding is affiliated with mbam, I know that this malware has been around for quite some time and whatever version is on my machine is not detected by mbam; do you know if they're trying to incorperate removal for this? I have seen recently a huge influx of new infections reported by many people, but I've known this to be around for quite some time. Just wondering... anyway I'll post my logs though I dont think they'll be much help, I somewhat know what I am looking at. Additonally I was wondering if this 'browser redirect/ overclick.cn' malware whatever it is, has a name? And lastly gmer picked up quite a bit of malicious looking files/keys/etc which I am assuming is the problem, but as far as I know it could be a completely different problem. Anyway if you'd like my gmer log I can post it, but obviously your instructions are ultimately what will help clean my pc up!
Malwarebytes' Anti-Malware 1.38
Database version: 2366
Windows 5.1.2600 Service Pack 3
7/3/2009 2:35:21 AM
mbam-log-2009-07-03 (02-35-21).txt
Scan type: Quick Scan
Objects scanned: 85514
Time elapsed: 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:42:24 AM, on 7/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\JWPEN.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1218583869453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218330580531
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab
O23 - Service: ASP.NET State Service aspnet_stateEventSystem (aspnet_stateEventSystem) - Unknown owner - .exe (file missing)
O23 - Service: HWSuperPowerTablet - HanWang - C:\WINDOWS\system32\JWPEN.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3367 bytes
-
haha well you never asked me to run mbam again so I didn't do it until just now. The problem files appear to have been removed! If you see any other problems of mention in those updated logs let me know. Otherwise thank you very much for helping me so quickly and effectively.
Malwarebytes' Anti-Malware 1.34
Database version: 1810
Windows 5.1.2600 Service Pack 3
2/27/2009 4:08:39 PM
mbam-log-2009-02-27 (16-08-39).txt
Scan type: Quick Scan
Objects scanned: 57442
Time elapsed: 1 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Ok ran the script for ComboFix, also when ComboFix loaded this time it ran a self-update, which didn't appear to interfere with the script running. So here are my new logs:
ComboFix 09-02-27.01 - 2009-02-27 15:30:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1616 [GMT -6:00]
Running from: c:\documents and settings\malfy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\malfy\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\program files\bpxmss.txt
c:\windows\system32\582960402.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\bpxmss.txt
c:\windows\system32\582960402.dat
c:\windows\system32\drivers\bcmwl5.sys
c:\windows\system32\drivers\gdhw.sys
c:\windows\system32\drivers\llqp.sys
c:\windows\system32\drivers\mrxdavv.sys
c:\windows\system32\ikhcore.cfg
c:\windows\system32\kwave.sys
c:\windows\system32\nar.bin
c:\windows\system32\wdh.bin
.
((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 )))))))))))))))))))))))))))))))
.
2009-02-27 05:29 . 2009-02-27 05:29 <DIR> d-------- c:\program files\Trend Micro
2009-02-27 04:47 . 2009-02-27 04:47 <DIR> d-------- c:\documents and settings\malfy\DoctorWeb
2009-02-26 02:04 . 2009-02-17 10:59 2,794,234 --a------ c:\windows\system32\GameMon.des
2009-02-19 13:42 . 2009-02-19 13:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-19 13:42 . 2009-02-19 13:42 <DIR> d-------- c:\documents and settings\malfy\Application Data\Malwarebytes
2009-02-19 13:42 . 2009-02-19 13:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-19 13:42 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-19 13:42 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-19 00:16 . 2009-02-19 00:16 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-02-09 17:04 . 2009-02-26 23:46 <DIR> d-------- c:\program files\Full Tilt Poker
2009-02-06 11:21 . 2009-02-06 11:21 <DIR> d-------- c:\program files\Common
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\program files\Sony
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 10:02 --------- d-----w c:\program files\PokerStars
2009-02-27 04:23 --------- d-----w c:\program files\Steam
2009-02-27 01:12 --------- d-----w c:\program files\Warcraft III
2009-02-19 19:51 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-19 19:49 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-02-17 00:56 --------- d-----w c:\program files\World of Warcraft
2009-02-17 00:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-17 00:54 --------- d-----w c:\documents and settings\malfy\Application Data\Orbit
2009-02-17 00:53 --------- d-----w c:\program files\AddOn Studio for World of Warcraft
2009-01-19 05:09 --------- d-----w c:\program files\mIRC
2009-01-02 21:04 --------- d--h--w c:\documents and settings\malfy\Application Data\ijjigame
2008-12-29 13:13 --------- d-----w c:\documents and settings\malfy\Application Data\Apple Computer
2007-07-26 19:32 66,408 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-07-26 19:32 54,112 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-07-26 19:32 34,688 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2007-07-26 19:32 46,456 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-07-26 19:32 171,880 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-12 23:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081220080813\index.dat
.
------- Sigcheck -------
2006-04-20 05:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 06:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 10:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 05:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-08-10 07:26 360064 482ab7f9cd41702e8f856c11cfefb02d c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2003-03-31 06:00 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtUninstallKB917953_0$\tcpip.sys
2006-04-20 05:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-04-13 13:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-04-13 13:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 05:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\dllcache\tcpip.sys
2008-06-20 05:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\drivers\tcpip.sys
2006-07-05 04:55 984064 d8db5397de07577c1cb50ba6d23b3ad4 c:\windows\$hf_mig$\KB917422\SP2GDR\kernel32.dll
2006-07-05 04:57 985088 0fdd84928a5dde2510761b7ec76ccec9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
2007-04-16 10:07 986112 09f7cb3687f86edaa4ca081f7ab66c03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
2007-04-16 09:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\$NtServicePackUninstall$\kernel32.dll
2004-08-04 01:56 983552 888190e31455fad793312f8d087146eb c:\windows\$NtUninstallKB917422$\kernel32.dll
2003-03-31 06:00 930304 8f162dc91d67d87c1a481bf602a9dac8 c:\windows\$NtUninstallKB917422_0$\kernel32.dll
2006-07-05 04:55 984064 d8db5397de07577c1cb50ba6d23b3ad4 c:\windows\$NtUninstallKB935839$\kernel32.dll
2008-04-13 18:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\ServicePackFiles\i386\kernel32.dll
2008-04-13 18:11 989696 55447cd2f56d44426f9c88afe188bccc c:\windows\system32\kernel32.dll
2008-04-13 18:11 989696 55447cd2f56d44426f9c88afe188bccc c:\windows\system32\dllcache\kernel32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-01-26 1486848]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"VIDC.RUD0"= rududu.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bcmwl5.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^malfy^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-11-11 11:55 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-04-27 15:17 50736 c:\program files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-04-12 23:44 8429568 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-04-12 23:44 81920 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-11-02 02:38 167936 c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-10 18:20 1410296 c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20]
-ra------ 2006-12-14 20:58 208896 c:\windows\system32\sw20.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24]
-ra------ 2006-12-14 20:58 69632 c:\windows\system32\sw24.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
-ra------ 2006-12-14 20:59 217088 c:\windows\system32\WinSys2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-04-12 23:44 1626112 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"aawservice"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"MySQL"=2 (0x2)
"Apache2.2"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\malfunktion@prodigy.net\\counter-strike\\hl.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5999:UDP"= 5999:UDP:*:Disabled:MaxiVista Server
S2 aspnet_stateEventSystem;ASP.NET State Service aspnet_stateEventSystem; srv --> srv [?]
S3 maxidemo;Maxi_Vista_Demo_Driver;c:\windows\system32\DRIVERS\maxidemo.sys --> c:\windows\system32\DRIVERS\maxidemo.sys [?]
S4 Apache2.2;Apache2.2;c:\apache2.2\bin\httpd.exe [2008-06-13 24635]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6e1ece4-cce7-11dd-85f3-00044b032701}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s
.
Contents of the 'Scheduled Tasks' folder
2009-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 15:32:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aspnet_stateEventSystem]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="c:\mysql\bin\mysqld-nt MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-329068152-1563985344-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C11AF94B-CD15-D6B5-087F-DECB344D0DD3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nanhmlnghhidgnkgcjaegkpjbelm"=hex:69,61,67,6d,65,63,68,67,63,6e,69,66,67,68,
66,62,6c,65,00,00
"mahhddllgmncbgnkckpciinekj"=hex:6a,61,6a,6d,6e,66,61,66,61,64,6d,65,62,63,6c,
6c,68,6e,69,70,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\MrvGINA.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2009-02-27 15:35:31 - machine was rebooted [malfy]
ComboFix-quarantined-files.txt 2009-02-27 21:35:28
ComboFix2.txt 2009-02-27 19:33:26
Pre-Run: 52,420,685,824 bytes free
Post-Run: 52,405,874,688 bytes free
225 --- E O F --- 2009-02-25 09:00:23
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:38 PM, on 2/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1218583869453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218330580531
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab
O23 - Service: ASP.NET State Service aspnet_stateEventSystem (aspnet_stateEventSystem) - Unknown owner - .exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 2697 bytes
-
OK ummm, my computer isn't running as an online server, that was just a local setup I have to test web content before I put it online. However I went ahead and disabled my apache/mysql services to avoid any confusion. After that I followed your posts instructions to the letter and here are the logs:
ComboFix 09-02-26.02 - malfy 2009-02-27 13:28:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1682 [GMT -6:00]
Running from: c:\documents and settings\malfy\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
C:\install.exe
c:\windows\system32\drivers\mrxdavv.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\KSAIOqss.ini
c:\windows\system32\KSAIOqss.ini2
c:\windows\system32\kwave.sys
c:\windows\system32\kyscfmxr.ini
c:\windows\system32\omnrswok.ini
c:\windows\system32\packet.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 )))))))))))))))))))))))))))))))
.
2009-02-27 05:29 . 2009-02-27 05:29 <DIR> d-------- c:\program files\Trend Micro
2009-02-27 04:47 . 2009-02-27 04:47 <DIR> d-------- c:\documents and settings\malfy\DoctorWeb
2009-02-27 04:15 . 2009-02-27 04:15 61,440 --a------ c:\windows\system32\drivers\llqp.sys
2009-02-27 04:11 . 2009-02-27 04:11 61,440 --a------ c:\windows\system32\drivers\gdhw.sys
2009-02-26 02:04 . 2009-02-17 10:59 2,794,234 --a------ c:\windows\system32\GameMon.des
2009-02-19 13:42 . 2009-02-19 13:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-19 13:42 . 2009-02-19 13:42 <DIR> d-------- c:\documents and settings\malfy\Application Data\Malwarebytes
2009-02-19 13:42 . 2009-02-19 13:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-19 13:42 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-19 13:42 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-19 01:29 . 2009-02-19 01:29 336 --a------ c:\windows\system32\ikhcore.cfg
2009-02-19 00:16 . 2009-02-19 00:16 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-02-17 14:54 . 2009-02-17 16:58 145 --a-s---- c:\windows\system32\582960402.dat
2009-02-16 18:49 . 2009-02-26 22:23 7 --a------ c:\windows\system32\nar.bin
2009-02-16 10:21 . 2009-02-16 10:21 8,768 --a------ c:\windows\system32\drivers\bcmwl5.sys
2009-02-16 10:21 . 2009-02-16 10:21 50 --a------ c:\windows\system32\wdh.bin
2009-02-09 17:04 . 2009-02-26 23:46 <DIR> d-------- c:\program files\Full Tilt Poker
2009-02-06 11:21 . 2009-02-06 11:21 <DIR> d-------- c:\program files\Common
2009-02-02 21:40 . 2009-02-02 21:40 <DIR> d-------- c:\program files\Sony
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 10:15 324 ----a-w c:\program files\bpxmss.txt
2009-02-27 10:02 --------- d-----w c:\program files\PokerStars
2009-02-27 04:23 --------- d-----w c:\program files\Steam
2009-02-27 01:12 --------- d-----w c:\program files\Warcraft III
2009-02-19 19:51 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-19 19:49 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-02-17 00:56 --------- d-----w c:\program files\World of Warcraft
2009-02-17 00:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-19 05:09 --------- d-----w c:\program files\mIRC
2009-01-02 21:04 --------- d--h--w c:\documents and settings\malfy\Application Data\ijjigame
2008-12-29 13:13 --------- d-----w c:\documents and settings\malfy\Application Data\Apple Computer
2007-07-26 19:32 66,408 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-07-26 19:32 54,112 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-07-26 19:32 34,688 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2007-07-26 19:32 46,456 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-07-26 19:32 171,880 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-12 23:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081220080813\index.dat
.
------- Sigcheck -------
2006-04-20 05:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 06:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 10:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 05:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-08-10 07:26 360064 482ab7f9cd41702e8f856c11cfefb02d c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2003-03-31 06:00 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtUninstallKB917953_0$\tcpip.sys
2006-04-20 05:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-04-13 13:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-04-13 13:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 05:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\dllcache\tcpip.sys
2008-06-20 05:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\drivers\tcpip.sys
2006-07-05 04:55 984064 d8db5397de07577c1cb50ba6d23b3ad4 c:\windows\$hf_mig$\KB917422\SP2GDR\kernel32.dll
2006-07-05 04:57 985088 0fdd84928a5dde2510761b7ec76ccec9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
2007-04-16 10:07 986112 09f7cb3687f86edaa4ca081f7ab66c03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
2007-04-16 09:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\$NtServicePackUninstall$\kernel32.dll
2004-08-04 01:56 983552 888190e31455fad793312f8d087146eb c:\windows\$NtUninstallKB917422$\kernel32.dll
2003-03-31 06:00 930304 8f162dc91d67d87c1a481bf602a9dac8 c:\windows\$NtUninstallKB917422_0$\kernel32.dll
2006-07-05 04:55 984064 d8db5397de07577c1cb50ba6d23b3ad4 c:\windows\$NtUninstallKB935839$\kernel32.dll
2008-04-13 18:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\ServicePackFiles\i386\kernel32.dll
2008-04-13 18:11 989696 55447cd2f56d44426f9c88afe188bccc c:\windows\system32\kernel32.dll
2008-04-13 18:11 989696 55447cd2f56d44426f9c88afe188bccc c:\windows\system32\dllcache\kernel32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-01-26 1486848]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"VIDC.RUD0"= rududu.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bcmwl5.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^malfy^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-11-11 11:55 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-04-27 15:17 50736 c:\program files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-04-12 23:44 8429568 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-04-12 23:44 81920 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-11-02 02:38 167936 c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-10 18:20 1410296 c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20]
-ra------ 2006-12-14 20:58 208896 c:\windows\system32\sw20.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24]
-ra------ 2006-12-14 20:58 69632 c:\windows\system32\sw24.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
-ra------ 2006-12-14 20:59 217088 c:\windows\system32\WinSys2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-04-12 23:44 1626112 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"aawservice"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"MySQL"=2 (0x2)
"Apache2.2"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\malfunktion@prodigy.net\\counter-strike\\hl.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5999:UDP"= 5999:UDP:*:Disabled:MaxiVista Server
S2 aspnet_stateEventSystem;ASP.NET State Service aspnet_stateEventSystem; srv --> srv [?]
S3 maxidemo;Maxi_Vista_Demo_Driver;c:\windows\system32\DRIVERS\maxidemo.sys --> c:\windows\system32\DRIVERS\maxidemo.sys [?]
S4 Apache2.2;Apache2.2;c:\apache2.2\bin\httpd.exe [2008-06-13 24635]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6e1ece4-cce7-11dd-85f3-00044b032701}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s
.
Contents of the 'Scheduled Tasks' folder
2009-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Microsoft Windows Sound - svuhost.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 13:30:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aspnet_stateEventSystem]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="c:\mysql\bin\mysqld-nt MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-329068152-1563985344-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C11AF94B-CD15-D6B5-087F-DECB344D0DD3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nanhmlnghhidgnkgcjaegkpjbelm"=hex:69,61,67,6d,65,63,68,67,63,6e,69,66,67,68,
66,62,6c,65,00,00
"mahhddllgmncbgnkckpciinekj"=hex:6a,61,6a,6d,6e,66,61,66,61,64,6d,65,62,63,6c,
6c,68,6e,69,70,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\MrvGINA.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2009-02-27 13:33:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-27 19:33:23
Pre-Run: 51,932,557,312 bytes free
Post-Run: 52,429,914,112 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
242 --- E O F --- 2009-02-25 09:00:23
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:27 PM, on 2/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1218583869453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218330580531
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab
O23 - Service: ASP.NET State Service aspnet_stateEventSystem (aspnet_stateEventSystem) - Unknown owner - .exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 2664 bytes
**note: I am going to be moving from one apartment to another shortly so I may be on and offline irregularly, please do not think I have abandonded this problem and lock the thread. I will be here!
-
mrxdavv.sys
kwave.sys
Common problem that seems to be surfacing everywhere lately. I have searched for many hours for a solution and it seems as if it isn't going to be easy. I love malwarebytes and hope that they're close to a solution, I have seen more than 1 moderator on these forums hint toward false positives, and made assurances that in the next version of mbam, it wont be an issue. Well I hope they weren't seriously suggesting something as absurd as them being false positives because those two 'files' are definately related to some issue. I am of course unable to rid myslef of these phantom files and I am hoping someone out there knows what to do.
Not sure if it helps but, the reason I ran mbam in the first place was when I noticed (today) all of the sudden I could no longer use the 'task manager.' I remeber this being the case with a virus or malware I had once in the distant past so I assumed it was related, and that is when I discovered these files.
As of right now, if I run mbam those 2 files will remain persistantly, I dont really have/use other malware cleaning software on my computer as this is rarely ever a problem for me. Here are my log files:
Malwarebytes' Anti-Malware 1.34
Database version: 1809
Windows 5.1.2600 Service Pack 3
2/27/2009 6:36:23 AM
mbam-log-2009-02-27 (06-36-23).txt
Scan type: Quick Scan
Objects scanned: 58667
Time elapsed: 2 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\kwave.sys (Trojan.Agent) -> Delete on reboot.
//////////////////////////////////////////////////////////////////////////////////////////////////
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:55 AM, on 2/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Apache2.2\bin\httpd.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apache2.2\bin\httpd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1218583869453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218330580531
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab
O18 - Filter hijack: text/html - {7d9a5b50-346d-420b-a94f-82c94e931453} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Apache2.2\bin\httpd.exe
O23 - Service: ASP.NET State Service aspnet_stateEventSystem (aspnet_stateEventSystem) - Unknown owner - .exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3783 bytes
**note: just a list of other files which were removed that could be related.
...system32\a9k.bin
...system32\proto.dll
...Application Data\Microsoft\Windows\mas32.dll
Malware suspected
in Resolved Malware Removal Logs
Posted
Let me just reiterate, I have replaced the CMOS battery with a brand new one.
I ran FRST and let it reboot. The problem still persists. After I sync the clock with internet time, after about 40-60 mins of accurate timekeeping the clock suddenly jumps backward by about an hour. The longer the compute runs, the farther back in time the clock will eventually get, even reversing to the previous calendar day.
Fixlog.txt