Jump to content

jinksy9

Honorary Members
 View Profile  See their activity

  • Posts

    61

  • Joined

  • Last visited

 Content Type 

Everything posted by jinksy9

  1. jinksy9
    As other topic svchost.exe Malwarebytes is blocking outgoing on our other laptop. Always the same IP address, which seems may be in Luxemburg!? if my internet search found the correct info. The message is: "Successfully blocked access to a potentially malicious website: 212.117.175.185 Type: outgoing Port:*****, Process: svchost.exe" The ***** represents the fact that the port always changes. Gringo has helped me clear up my laptop but said to start a new topic for this on our other laptop. jinksy9
  2. jinksy9
    Hi Gringo. As the 2 files are also on our other laptop I checked them there. Interestingly, when I opened each of them the malwarebytes message appeared both times. I have used your instructions to delete those files on my laptop and we'll see what happens about the other laptop once I've started a new thread for it. As we have the same problem with the other laptop the new thread name will be "svchost.exe blocked outgoing" and I'll post the link here as you've requested. Do you know how we got the problem? The laptops aren't networked so I guess it's something we picked up online? Once again, many thanks for your help with this one.
  3. jinksy9
    Hi Gringo. A quick couple of questions before I follow these instructions. These 2 files "C:\Documents and Settings\Jinks\My Documents\laptop July11.pdf" and "C:\Documents and Settings\Jinks\My Documents\Spain Rent Exercise\SSmith Invoices\SSmith 050811.pdf" have important info in them and have been backed up to our backup drive. Will the back ups be infected too and what should I do about those? Also what can I do about losing the info in the files please? Also, how did they become infected do you think because we've had those files for some time but the problem has only just started up? Also, as I said in my first post, we have the same problem on our other laptop. Will you be able to help me with that too please? Many thanks, jinksy9
  4. jinksy9
    Good morning Gringo. Results of ESET scan are: C:\Documents and Settings\Jinks\My Documents\laptop July11.pdf JS/Trackware.ReadNotify.A application C:\Documents and Settings\Jinks\My Documents\Spain Rent Exercise\SSmith Invoices\SSmith 050811.pdf JS/Trackware.ReadNotify.A application C:\i386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application Everything seems to be ok with computer otherwise. I'll catch up with you later today. Thanks, jinksy9
  5. jinksy9
    Hi Gringo, ESET scan is running, only at 32% and has been going for quite while. I'll have to post the results tomorrow as have to get up for work in the morning and it's past bedtime for us now. Many thanks for all your help with this. Until tomorrow jinksy9
  6. jinksy9
    Hi Gringo, All seems ok still - no problems with your latest instructions and computer seems fine - no sign of the malwarebytes 'blocking 212.117.175.185 outgoing' message. Result of MBAM scan is: Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.10.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Jinks :: DELL [administrator] Protection: Disabled 10/06/2012 20:47:01 mbam-log-2012-06-10 (20-47-01).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 212983 Time elapsed: 4 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Result of Hijackthis scan is: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:24:47, on 10/06/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.53.2.50:8080 R3 - URLSearchHook: PC Tools Browser Defender - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll O3 - Toolbar: PC Tools Browser Defender - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OUktTkJMQlktQzNGNjItQzMzQkEtUU03RUwtR1dRWkM"&"inst=NzYtNzQ4MTQxODE2LUtWMys3LUJBKzEtWEwrMS1UNS1YTzM2KzEtVEI5KzItTjFEKzEtUEwrOS1BQisxMDMtU1AxKzEtVFVHKzMtU1AxUzIrMS1TVUQrMS1TVVArMy1TMUkrMS1TVTMrMS1TUDFTMysxLUREVCsw"&"prod=94"&"ver=10.0.1390 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.betfair.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1307904081109 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10399 bytes So what's next then
  7. jinksy9
    Hi Gringo, Earlier I was still getting the malwarebytes 'blocking 212.117.175.185 outgoing' message appearing frequently but since running the script I've not seen it. It took combofix nearly half an hour to run the scan and produce the report below - no problems so hope this has fixed things. What do you think? Thanks ComboFix 12-06-09.02 - Jinks 10/06/2012 17:31:50.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1303 [GMT 1:00] Running from: c:\documents and settings\Jinks\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Jinks\Desktop\Gringo\CFScript.txt AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP . . ((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 ))))))))))))))))))))))))))))))) . . 2012-06-07 22:08 . 2012-06-07 22:08 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-07 22:08 . 2012-06-07 22:08 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-05-20 11:01 . 2012-05-20 11:01 56248 ----a-w- c:\windows\system32\drivers\RapportKELL.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-31 13:22 . 2004-08-11 16:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-08 19:02 . 2012-03-29 18:42 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-08 19:02 . 2011-05-16 10:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-11 13:12 . 2004-08-11 16:00 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:10 . 2004-08-11 16:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 12:35 . 2004-08-03 21:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-04 14:56 . 2011-07-14 16:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-07 22:08 . 2011-05-02 07:51 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-06-09_22.38.00 ))))))))))))))))))))))))))))))))))))))))) . + 2012-06-10 08:35 . 2012-06-10 08:35 16384 c:\windows\Temp\Perflib_Perfdata_328.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-04-29 16:34 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-29 2067328] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-29 1116544] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OUktTkJMQlktQzNGNjItQzMzQkEtUU03RUwtR1dRWkM&inst=NzYtNzQ4MTQxODE2LUtWMys3LUJBKzEtWEwrMS1UNS1YTzM2KzEtVEI5KzItTjFEKzEtUEwrOS1BQisxMDMtU1AxKzEtVFVHKzMtU1AxUzIrMS1TVUQrMS1TVVArMy1TMUkrMS1TVTMrMS1TUDFTMysxLUREVCsw∏=94&ver=10.0.1390" [?] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" /startup "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Corel Photo Downloader"=c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe "CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" /r "Dell QuickSet"=c:\program files\Dell\QuickSet\quickset.exe "DMXLauncher"=c:\program files\Dell\Media Experience\DMXLauncher.exe "dla"=c:\windows\system32\dla\tfswctrl.exe "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start "igfxtray"=c:\windows\system32\igfxtray.exe "igfxhkcmd"=c:\windows\system32\hkcmd.exe "igfxpers"=c:\windows\system32\igfxpers.exe "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "MSKDetectorExe"=c:\program files\McAfee\SpamKiller\MSKDetct.exe /uninstall "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" "RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER "SigmatelSysTrayApp"=stsystra.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\gnucash\\bin\\gnucash.exe"= "c:\\Program Files\\gnucash\\bin\\gconfd-2.exe"= . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [14/07/2011 18:07 331880] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [14/07/2011 18:07 342168] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [14/07/2011 18:07 909728] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [20/05/2012 12:01 56248] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [14/07/2011 18:07 253352] R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [14/07/2011 18:07 185560] R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [25/02/2010 10:25 390528] R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 22:54 228208] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [20/05/2012 12:01 71480] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [20/05/2012 12:01 164152] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [03/04/2012 20:01 550864] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [14/07/2011 17:58 654408] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [20/05/2012 12:01 931672] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [08/12/2011 17:34 1527104] R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [29/04/2012 17:34 932736] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [14/07/2011 17:58 22344] R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [03/04/2012 20:01 56840] R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [28/05/2012 21:42 21520] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07/10/2010 13:34 10064] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/06/2010 22:31 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29/03/2012 19:42 257696] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/06/2010 22:31 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [28/04/2012 17:16 113120] S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [14/07/2011 18:07 70536] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [14/07/2011 18:07 402336] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 65525234 *NewlyCreated* - ASWMBR *NewlyCreated* - RAPPORTIASO *Deregistered* - 65525234 *Deregistered* - aswMBR . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder . 2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:02] . 2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 21:31] . 2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 21:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = 10.53.2.50:8080 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll Trusted Zone: betfair.com TCP: DhcpNameServer = 8.8.8.8 212.117.175.185 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll FF - ProfilePath - c:\documents and settings\Jinks\Application Data\Mozilla\Firefox\Profiles\addhz8as.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc99b86ca-a46d-463c-9269-c12bb58402ba%7D&mid=4e07cfa99153ad82b408cb00d9946d3b-723e59e997752d7593d1d6e72556ca3ab2da8b41&ds=tt014&v=10.2.0.3〈=en&pr=sa&d=2011-12-14%2019%3A17%3A29&sap=ku&q= FF - user.js: yahoo.ytff.general.dontshowhpoffer - true FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-10 17:51 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(1016) c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll . - - - - - - - > 'explorer.exe'(14652) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2012-06-10 17:58:37 ComboFix-quarantined-files.txt 2012-06-10 16:58 ComboFix2.txt 2012-06-09 22:44 . Pre-Run: 16,183,996,416 bytes free Post-Run: 16,283,607,040 bytes free . - - End Of File - - 5DE35C5649D23023C40907A9F6F6B321
  8. jinksy9
    Hi Gringo, here are the logs for TDSSkiller and aswMBR 10:44:04.0640 2316 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 10:44:05.0015 2316 ============================================================ 10:44:05.0015 2316 Current date / time: 2012/06/10 10:44:05.0015 10:44:05.0015 2316 SystemInfo: 10:44:05.0015 2316 10:44:05.0015 2316 OS Version: 5.1.2600 ServicePack: 3.0 10:44:05.0015 2316 Product type: Workstation 10:44:05.0015 2316 ComputerName: DELL 10:44:05.0015 2316 UserName: Jinks 10:44:05.0015 2316 Windows directory: C:\WINDOWS 10:44:05.0015 2316 System windows directory: C:\WINDOWS 10:44:05.0015 2316 Processor architecture: Intel x86 10:44:05.0015 2316 Number of processors: 1 10:44:05.0015 2316 Page size: 0x1000 10:44:05.0015 2316 Boot type: Normal boot 10:44:05.0015 2316 ============================================================ 10:44:07.0031 2316 Drive \Device\Harddisk0\DR0 - Size: 0xD9F411200 (54.49 Gb), SectorSize: 0x200, Cylinders: 0x1BC9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 10:44:07.0031 2316 ============================================================ 10:44:07.0031 2316 \Device\Harddisk0\DR0: 10:44:07.0031 2316 MBR partitions: 10:44:07.0031 2316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x4D668BC 10:44:07.0031 2316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4D91B07, BlocksNum 0x19186E6 10:44:07.0031 2316 ============================================================ 10:44:07.0265 2316 C: <-> \Device\Harddisk0\DR0\Partition0 10:44:07.0312 2316 D: <-> \Device\Harddisk0\DR0\Partition1 10:44:07.0312 2316 ============================================================ 10:44:07.0312 2316 Initialize success 10:44:07.0312 2316 ============================================================ 10:44:13.0343 2464 ============================================================ 10:44:13.0343 2464 Scan started 10:44:13.0343 2464 Mode: Manual; 10:44:13.0343 2464 ============================================================ 10:44:13.0656 2464 Abiosdsk - ok 10:44:13.0703 2464 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 10:44:13.0703 2464 abp480n5 - ok 10:44:13.0750 2464 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 10:44:13.0750 2464 ACPI - ok 10:44:13.0796 2464 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 10:44:13.0796 2464 ACPIEC - ok 10:44:13.0890 2464 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 10:44:13.0906 2464 AdobeFlashPlayerUpdateSvc - ok 10:44:13.0937 2464 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 10:44:13.0937 2464 adpu160m - ok 10:44:13.0968 2464 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 10:44:13.0984 2464 aec - ok 10:44:14.0031 2464 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys 10:44:14.0031 2464 AegisP - ok 10:44:14.0093 2464 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 10:44:14.0093 2464 AFD - ok 10:44:14.0140 2464 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 10:44:14.0140 2464 agp440 - ok 10:44:14.0156 2464 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 10:44:14.0156 2464 agpCPQ - ok 10:44:14.0187 2464 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 10:44:14.0187 2464 Aha154x - ok 10:44:14.0203 2464 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 10:44:14.0203 2464 aic78u2 - ok 10:44:14.0234 2464 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 10:44:14.0234 2464 aic78xx - ok 10:44:14.0281 2464 akshasp (64fc197d24a2b240598f29ce0a6660c0) C:\WINDOWS\system32\DRIVERS\akshasp.sys 10:44:14.0281 2464 akshasp - ok 10:44:14.0312 2464 aksusb (cce6c56f18d214de8d66f3f2a774cd5b) C:\WINDOWS\system32\DRIVERS\aksusb.sys 10:44:14.0312 2464 aksusb - ok 10:44:14.0343 2464 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 10:44:14.0343 2464 Alerter - ok 10:44:14.0375 2464 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 10:44:14.0375 2464 ALG - ok 10:44:14.0390 2464 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 10:44:14.0390 2464 AliIde - ok 10:44:14.0421 2464 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 10:44:14.0421 2464 alim1541 - ok 10:44:14.0437 2464 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 10:44:14.0437 2464 amdagp - ok 10:44:14.0484 2464 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 10:44:14.0484 2464 amsint - ok 10:44:14.0515 2464 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 10:44:14.0531 2464 APPDRV - ok 10:44:14.0578 2464 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 10:44:14.0578 2464 AppMgmt - ok 10:44:14.0625 2464 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 10:44:14.0625 2464 Arp1394 - ok 10:44:14.0656 2464 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 10:44:14.0656 2464 asc - ok 10:44:14.0703 2464 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 10:44:14.0703 2464 asc3350p - ok 10:44:14.0718 2464 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 10:44:14.0718 2464 asc3550 - ok 10:44:14.0765 2464 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 10:44:14.0765 2464 ASCTRM - ok 10:44:14.0906 2464 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 10:44:14.0921 2464 aspnet_state - ok 10:44:14.0953 2464 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 10:44:14.0953 2464 AsyncMac - ok 10:44:14.0984 2464 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 10:44:14.0984 2464 atapi - ok 10:44:14.0984 2464 Atdisk - ok 10:44:15.0015 2464 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 10:44:15.0015 2464 Atmarpc - ok 10:44:15.0062 2464 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 10:44:15.0062 2464 AudioSrv - ok 10:44:15.0093 2464 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 10:44:15.0109 2464 audstub - ok 10:44:15.0140 2464 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 10:44:15.0140 2464 bcm4sbxp - ok 10:44:15.0171 2464 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 10:44:15.0171 2464 Beep - ok 10:44:15.0250 2464 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 10:44:15.0250 2464 BITS - ok 10:44:15.0281 2464 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 10:44:15.0281 2464 Browser - ok 10:44:15.0453 2464 Browser Defender Update Service (335219836821cb675533ab4731779754) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe 10:44:15.0453 2464 Browser Defender Update Service - ok 10:44:15.0562 2464 catchme - ok 10:44:15.0593 2464 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 10:44:15.0593 2464 cbidf - ok 10:44:15.0593 2464 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 10:44:15.0593 2464 cbidf2k - ok 10:44:15.0609 2464 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 10:44:15.0609 2464 cd20xrnt - ok 10:44:15.0671 2464 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 10:44:15.0671 2464 Cdaudio - ok 10:44:15.0687 2464 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 10:44:15.0687 2464 Cdfs - ok 10:44:15.0703 2464 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 10:44:15.0703 2464 Cdrom - ok 10:44:15.0703 2464 Changer - ok 10:44:15.0750 2464 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 10:44:15.0750 2464 CiSvc - ok 10:44:15.0765 2464 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 10:44:15.0765 2464 ClipSrv - ok 10:44:15.0906 2464 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:44:15.0984 2464 clr_optimization_v2.0.50727_32 - ok 10:44:16.0015 2464 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 10:44:16.0015 2464 CmBatt - ok 10:44:16.0062 2464 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 10:44:16.0062 2464 CmdIde - ok 10:44:16.0093 2464 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 10:44:16.0093 2464 Compbatt - ok 10:44:16.0093 2464 COMSysApp - ok 10:44:16.0125 2464 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 10:44:16.0125 2464 Cpqarray - ok 10:44:16.0171 2464 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 10:44:16.0171 2464 CryptSvc - ok 10:44:16.0203 2464 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 10:44:16.0218 2464 dac2w2k - ok 10:44:16.0218 2464 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 10:44:16.0218 2464 dac960nt - ok 10:44:16.0296 2464 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 10:44:16.0296 2464 DcomLaunch - ok 10:44:16.0328 2464 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 10:44:16.0328 2464 Dhcp - ok 10:44:16.0343 2464 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 10:44:16.0343 2464 Disk - ok 10:44:16.0359 2464 dmadmin - ok 10:44:16.0437 2464 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 10:44:16.0453 2464 dmboot - ok 10:44:16.0484 2464 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 10:44:16.0484 2464 dmio - ok 10:44:16.0531 2464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 10:44:16.0531 2464 dmload - ok 10:44:16.0546 2464 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 10:44:16.0546 2464 dmserver - ok 10:44:16.0578 2464 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 10:44:16.0578 2464 DMusic - ok 10:44:16.0625 2464 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 10:44:16.0625 2464 Dnscache - ok 10:44:16.0703 2464 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 10:44:16.0703 2464 Dot3svc - ok 10:44:16.0734 2464 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 10:44:16.0734 2464 dpti2o - ok 10:44:16.0781 2464 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 10:44:16.0781 2464 drmkaud - ok 10:44:16.0812 2464 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys 10:44:16.0812 2464 drvmcdb - ok 10:44:16.0828 2464 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys 10:44:16.0828 2464 drvnddm - ok 10:44:16.0859 2464 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 10:44:16.0859 2464 E100B - ok 10:44:16.0890 2464 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 10:44:16.0890 2464 EapHost - ok 10:44:16.0937 2464 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 10:44:16.0937 2464 ERSvc - ok 10:44:16.0984 2464 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 10:44:17.0000 2464 Eventlog - ok 10:44:17.0062 2464 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 10:44:17.0062 2464 EventSystem - ok 10:44:17.0156 2464 EvtEng (ed9c755312f29d55b8c815eec7115635) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 10:44:17.0156 2464 EvtEng - ok 10:44:17.0187 2464 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 10:44:17.0187 2464 Fastfat - ok 10:44:17.0234 2464 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 10:44:17.0250 2464 FastUserSwitchingCompatibility - ok 10:44:17.0312 2464 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe 10:44:17.0312 2464 Fax - ok 10:44:17.0359 2464 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 10:44:17.0359 2464 Fdc - ok 10:44:17.0375 2464 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 10:44:17.0390 2464 Fips - ok 10:44:17.0406 2464 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 10:44:17.0406 2464 Flpydisk - ok 10:44:17.0437 2464 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 10:44:17.0453 2464 FltMgr - ok 10:44:17.0562 2464 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 10:44:17.0578 2464 FontCache3.0.0.0 - ok 10:44:17.0609 2464 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 10:44:17.0609 2464 Fs_Rec - ok 10:44:17.0671 2464 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 10:44:17.0671 2464 Ftdisk - ok 10:44:17.0734 2464 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 10:44:17.0734 2464 Gpc - ok 10:44:17.0843 2464 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 10:44:17.0843 2464 gupdate - ok 10:44:17.0859 2464 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 10:44:17.0859 2464 gupdatem - ok 10:44:17.0906 2464 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 10:44:17.0906 2464 gusvc - ok 10:44:17.0984 2464 hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\WINDOWS\system32\drivers\hardlock.sys 10:44:18.0000 2464 hardlock - ok 10:44:18.0046 2464 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 10:44:18.0046 2464 HDAudBus - ok 10:44:18.0109 2464 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 10:44:18.0109 2464 helpsvc - ok 10:44:18.0125 2464 HidServ - ok 10:44:18.0140 2464 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 10:44:18.0140 2464 HidUsb - ok 10:44:18.0187 2464 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 10:44:18.0187 2464 hkmsvc - ok 10:44:18.0234 2464 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 10:44:18.0234 2464 hpn - ok 10:44:18.0359 2464 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 10:44:18.0375 2464 hpqcxs08 - ok 10:44:18.0421 2464 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 10:44:18.0421 2464 hpqddsvc - ok 10:44:18.0468 2464 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 10:44:18.0468 2464 HPZid412 - ok 10:44:18.0484 2464 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 10:44:18.0484 2464 HPZipr12 - ok 10:44:18.0500 2464 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 10:44:18.0500 2464 HPZius12 - ok 10:44:18.0562 2464 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 10:44:18.0562 2464 HSFHWAZL - ok 10:44:18.0671 2464 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 10:44:18.0687 2464 HSF_DPV - ok 10:44:18.0781 2464 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 10:44:18.0781 2464 HTTP - ok 10:44:18.0812 2464 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 10:44:18.0828 2464 HTTPFilter - ok 10:44:18.0859 2464 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 10:44:18.0859 2464 i2omgmt - ok 10:44:18.0921 2464 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 10:44:18.0921 2464 i2omp - ok 10:44:18.0953 2464 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 10:44:18.0953 2464 i8042prt - ok 10:44:19.0093 2464 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 10:44:19.0125 2464 ialm - ok 10:44:19.0296 2464 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 10:44:19.0312 2464 idsvc - ok 10:44:19.0437 2464 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 10:44:19.0437 2464 Imapi - ok 10:44:19.0484 2464 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 10:44:19.0484 2464 ImapiService - ok 10:44:19.0531 2464 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 10:44:19.0531 2464 ini910u - ok 10:44:19.0546 2464 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 10:44:19.0546 2464 IntelIde - ok 10:44:19.0578 2464 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 10:44:19.0578 2464 intelppm - ok 10:44:19.0609 2464 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 10:44:19.0609 2464 Ip6Fw - ok 10:44:19.0656 2464 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 10:44:19.0656 2464 IpFilterDriver - ok 10:44:19.0687 2464 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 10:44:19.0687 2464 IpInIp - ok 10:44:19.0750 2464 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 10:44:19.0750 2464 IpNat - ok 10:44:19.0781 2464 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 10:44:19.0796 2464 IPSec - ok 10:44:19.0812 2464 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 10:44:19.0812 2464 IRENUM - ok 10:44:19.0875 2464 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 10:44:19.0875 2464 isapnp - ok 10:44:20.0015 2464 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe 10:44:20.0031 2464 JavaQuickStarterService - ok 10:44:20.0046 2464 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 10:44:20.0046 2464 Kbdclass - ok 10:44:20.0078 2464 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 10:44:20.0078 2464 kmixer - ok 10:44:20.0140 2464 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 10:44:20.0140 2464 KSecDD - ok 10:44:20.0203 2464 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 10:44:20.0203 2464 lanmanserver - ok 10:44:20.0250 2464 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 10:44:20.0265 2464 lanmanworkstation - ok 10:44:20.0265 2464 lbrtfdc - ok 10:44:20.0312 2464 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 10:44:20.0312 2464 LmHosts - ok 10:44:20.0359 2464 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 10:44:20.0359 2464 MBAMProtector - ok 10:44:20.0468 2464 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 10:44:20.0468 2464 MBAMService - ok 10:44:20.0578 2464 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 10:44:20.0593 2464 MDM - ok 10:44:20.0640 2464 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 10:44:20.0640 2464 mdmxsdk - ok 10:44:20.0671 2464 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 10:44:20.0671 2464 Messenger - ok 10:44:20.0750 2464 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 10:44:20.0750 2464 mnmdd - ok 10:44:20.0812 2464 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 10:44:20.0812 2464 mnmsrvc - ok 10:44:20.0859 2464 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 10:44:20.0859 2464 Modem - ok 10:44:20.0906 2464 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 10:44:20.0906 2464 Mouclass - ok 10:44:21.0000 2464 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 10:44:21.0000 2464 mouhid - ok 10:44:21.0015 2464 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 10:44:21.0015 2464 MountMgr - ok 10:44:21.0093 2464 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 10:44:21.0093 2464 MozillaMaintenance - ok 10:44:21.0125 2464 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 10:44:21.0140 2464 mraid35x - ok 10:44:21.0171 2464 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 10:44:21.0171 2464 MRxDAV - ok 10:44:21.0234 2464 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 10:44:21.0250 2464 MRxSmb - ok 10:44:21.0296 2464 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 10:44:21.0296 2464 MSDTC - ok 10:44:21.0296 2464 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 10:44:21.0312 2464 Msfs - ok 10:44:21.0312 2464 MSIServer - ok 10:44:21.0328 2464 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 10:44:21.0343 2464 MSKSSRV - ok 10:44:21.0359 2464 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 10:44:21.0359 2464 MSPCLOCK - ok 10:44:21.0375 2464 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 10:44:21.0375 2464 MSPQM - ok 10:44:21.0406 2464 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 10:44:21.0406 2464 mssmbios - ok 10:44:21.0468 2464 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 10:44:21.0468 2464 Mup - ok 10:44:21.0515 2464 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 10:44:21.0531 2464 napagent - ok 10:44:21.0546 2464 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 10:44:21.0562 2464 NDIS - ok 10:44:21.0609 2464 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 10:44:21.0609 2464 NdisTapi - ok 10:44:21.0656 2464 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 10:44:21.0656 2464 Ndisuio - ok 10:44:21.0734 2464 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 10:44:21.0734 2464 NdisWan - ok 10:44:21.0781 2464 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 10:44:21.0796 2464 NDProxy - ok 10:44:21.0843 2464 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll 10:44:21.0843 2464 Net Driver HPZ12 - ok 10:44:21.0859 2464 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 10:44:21.0859 2464 NetBIOS - ok 10:44:21.0890 2464 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 10:44:21.0890 2464 NetBT - ok 10:44:21.0937 2464 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 10:44:21.0953 2464 NetDDE - ok 10:44:21.0953 2464 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 10:44:21.0953 2464 NetDDEdsdm - ok 10:44:22.0000 2464 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:44:22.0000 2464 Netlogon - ok 10:44:22.0031 2464 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 10:44:22.0031 2464 Netman - ok 10:44:22.0156 2464 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 10:44:22.0156 2464 NetTcpPortSharing - ok 10:44:22.0187 2464 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 10:44:22.0187 2464 NIC1394 - ok 10:44:22.0328 2464 NICCONFIGSVC (11d8a00c7eff1aaec8e8464769c84a3d) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe 10:44:22.0328 2464 NICCONFIGSVC - ok 10:44:22.0390 2464 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 10:44:22.0390 2464 Nla - ok 10:44:22.0421 2464 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 10:44:22.0421 2464 Npfs - ok 10:44:22.0500 2464 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 10:44:22.0515 2464 Ntfs - ok 10:44:22.0515 2464 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:44:22.0515 2464 NtLmSsp - ok 10:44:22.0578 2464 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 10:44:22.0578 2464 NtmsSvc - ok 10:44:22.0625 2464 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 10:44:22.0625 2464 Null - ok 10:44:22.0843 2464 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10:44:22.0875 2464 nv - ok 10:44:22.0984 2464 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 10:44:22.0984 2464 NwlnkFlt - ok 10:44:23.0000 2464 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 10:44:23.0000 2464 NwlnkFwd - ok 10:44:23.0046 2464 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 10:44:23.0046 2464 ohci1394 - ok 10:44:23.0093 2464 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys 10:44:23.0093 2464 omci - ok 10:44:23.0187 2464 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 10:44:23.0187 2464 ose - ok 10:44:23.0234 2464 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 10:44:23.0234 2464 Parport - ok 10:44:23.0265 2464 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 10:44:23.0265 2464 PartMgr - ok 10:44:23.0312 2464 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 10:44:23.0312 2464 ParVdm - ok 10:44:23.0312 2464 PCAMPR5 - ok 10:44:23.0343 2464 PCANDIS5 (ceef86cb35abe95c40a88784f5b631ad) C:\WINDOWS\system32\PCANDIS5.SYS 10:44:23.0343 2464 PCANDIS5 - ok 10:44:23.0359 2464 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 10:44:23.0359 2464 PCI - ok 10:44:23.0375 2464 PCIDump - ok 10:44:23.0390 2464 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 10:44:23.0390 2464 PCIIde - ok 10:44:23.0421 2464 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 10:44:23.0437 2464 Pcmcia - ok 10:44:23.0484 2464 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys 10:44:23.0484 2464 PCTBD - ok 10:44:23.0515 2464 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys 10:44:23.0515 2464 PCTCore - ok 10:44:23.0562 2464 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\WINDOWS\system32\drivers\pctDS.sys 10:44:23.0562 2464 pctDS - ok 10:44:23.0640 2464 pctEFA (653d8079cc000ec454789740a07b84a8) C:\WINDOWS\system32\drivers\pctEFA.sys 10:44:23.0656 2464 pctEFA - ok 10:44:23.0703 2464 pctgntdi (cee55a1df92cb30f87280b6a04aadce8) C:\WINDOWS\system32\drivers\pctgntdi.sys 10:44:23.0718 2464 pctgntdi - ok 10:44:23.0765 2464 pctplsg (061b86fd64a61ad187efc788d6c408b0) C:\WINDOWS\system32\drivers\pctplsg.sys 10:44:23.0765 2464 pctplsg - ok 10:44:23.0812 2464 PCTSD (eb98f7514dcf1b922b318e6182d836b1) C:\WINDOWS\system32\Drivers\PCTSD.sys 10:44:23.0812 2464 PCTSD - ok 10:44:23.0828 2464 PDCOMP - ok 10:44:23.0828 2464 PDFRAME - ok 10:44:23.0843 2464 PDRELI - ok 10:44:23.0843 2464 PDRFRAME - ok 10:44:23.0890 2464 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 10:44:23.0890 2464 perc2 - ok 10:44:23.0906 2464 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 10:44:23.0906 2464 perc2hib - ok 10:44:23.0953 2464 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 10:44:23.0968 2464 PlugPlay - ok 10:44:24.0015 2464 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll 10:44:24.0015 2464 Pml Driver HPZ12 - ok 10:44:24.0015 2464 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:44:24.0031 2464 PolicyAgent - ok 10:44:24.0062 2464 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 10:44:24.0062 2464 PptpMiniport - ok 10:44:24.0078 2464 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:44:24.0078 2464 ProtectedStorage - ok 10:44:24.0093 2464 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 10:44:24.0109 2464 PSched - ok 10:44:24.0125 2464 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 10:44:24.0125 2464 Ptilink - ok 10:44:24.0171 2464 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 10:44:24.0171 2464 PxHelp20 - ok 10:44:24.0203 2464 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 10:44:24.0203 2464 ql1080 - ok 10:44:24.0218 2464 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 10:44:24.0218 2464 Ql10wnt - ok 10:44:24.0250 2464 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 10:44:24.0250 2464 ql12160 - ok 10:44:24.0265 2464 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 10:44:24.0265 2464 ql1240 - ok 10:44:24.0296 2464 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 10:44:24.0296 2464 ql1280 - ok 10:44:24.0359 2464 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\WINDOWS\system32\drivers\RapportBuka.sys 10:44:24.0375 2464 RapportBuka - ok 10:44:24.0625 2464 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys 10:44:24.0625 2464 RapportCerberus_34302 - ok 10:44:24.0812 2464 RapportEI (817ab6c6577d662cadbf25a1a6e7098a) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 10:44:24.0812 2464 RapportEI - ok 10:44:24.0906 2464 RapportIaso (35199ec35edc7dcba71fda711dfb05c0) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys 10:44:24.0906 2464 RapportIaso - ok 10:44:24.0921 2464 RapportKELL (ffa15116e0c8886d07876f58299a1c23) C:\WINDOWS\system32\Drivers\RapportKELL.sys 10:44:24.0921 2464 RapportKELL - ok 10:44:25.0000 2464 RapportMgmtService (9f1dde87a28ef6992d4a0d50a863e87c) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe 10:44:25.0015 2464 RapportMgmtService - ok 10:44:25.0046 2464 RapportPG (0b1a027833a920ce8eaf9ff2c4d074b5) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 10:44:25.0046 2464 RapportPG - ok 10:44:25.0093 2464 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 10:44:25.0093 2464 RasAcd - ok 10:44:25.0140 2464 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 10:44:25.0140 2464 RasAuto - ok 10:44:25.0187 2464 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 10:44:25.0187 2464 Rasl2tp - ok 10:44:25.0250 2464 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 10:44:25.0250 2464 RasMan - ok 10:44:25.0281 2464 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 10:44:25.0281 2464 RasPppoe - ok 10:44:25.0296 2464 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 10:44:25.0296 2464 Raspti - ok 10:44:25.0328 2464 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 10:44:25.0328 2464 Rdbss - ok 10:44:25.0343 2464 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 10:44:25.0343 2464 RDPCDD - ok 10:44:25.0375 2464 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 10:44:25.0375 2464 rdpdr - ok 10:44:25.0421 2464 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 10:44:25.0421 2464 RDPWD - ok 10:44:25.0453 2464 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 10:44:25.0468 2464 RDSessMgr - ok 10:44:25.0468 2464 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 10:44:25.0468 2464 redbook - ok 10:44:25.0562 2464 RegSrvc (6f81c8a63fb824eb8a2401ab45795553) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 10:44:25.0578 2464 RegSrvc - ok 10:44:25.0625 2464 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 10:44:25.0625 2464 RemoteAccess - ok 10:44:25.0656 2464 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 10:44:25.0671 2464 RemoteRegistry - ok 10:44:25.0734 2464 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 10:44:25.0734 2464 rimmptsk - ok 10:44:25.0812 2464 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 10:44:25.0812 2464 rimsptsk - ok 10:44:25.0859 2464 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 10:44:25.0906 2464 rismxdp - ok 10:44:25.0968 2464 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 10:44:25.0984 2464 RpcLocator - ok 10:44:26.0046 2464 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 10:44:26.0046 2464 RpcSs - ok 10:44:26.0093 2464 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 10:44:26.0109 2464 RSVP - ok 10:44:26.0171 2464 S24EventMonitor (b792f2c647b1fc3e4987de582ee00fe3) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 10:44:26.0187 2464 S24EventMonitor - ok 10:44:26.0250 2464 s24trans (2e4e912ce95f5ef4d4a5079f6ce367fc) C:\WINDOWS\system32\DRIVERS\s24trans.sys 10:44:26.0250 2464 s24trans - ok 10:44:26.0296 2464 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:44:26.0296 2464 SamSs - ok 10:44:26.0343 2464 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 10:44:26.0343 2464 SCardSvr - ok 10:44:26.0390 2464 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 10:44:26.0406 2464 Schedule - ok 10:44:26.0515 2464 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools Security\pctsAuxs.exe 10:44:26.0531 2464 sdAuxService - ok 10:44:26.0562 2464 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 10:44:26.0578 2464 sdbus - ok 10:44:26.0718 2464 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files\PC Tools Security\pctsSvc.exe 10:44:26.0734 2464 sdCoreService - ok 10:44:26.0781 2464 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 10:44:26.0781 2464 Secdrv - ok 10:44:26.0812 2464 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 10:44:26.0812 2464 seclogon - ok 10:44:26.0828 2464 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 10:44:26.0828 2464 SENS - ok 10:44:26.0875 2464 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 10:44:26.0875 2464 serenum - ok 10:44:26.0906 2464 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 10:44:26.0906 2464 Serial - ok 10:44:26.0937 2464 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 10:44:26.0937 2464 Sfloppy - ok 10:44:27.0000 2464 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 10:44:27.0000 2464 SharedAccess - ok 10:44:27.0062 2464 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 10:44:27.0062 2464 ShellHWDetection - ok 10:44:27.0078 2464 Simbad - ok 10:44:27.0109 2464 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 10:44:27.0109 2464 sisagp - ok 10:44:27.0140 2464 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 10:44:27.0140 2464 Sparrow - ok 10:44:27.0171 2464 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 10:44:27.0171 2464 splitter - ok 10:44:27.0234 2464 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 10:44:27.0234 2464 Spooler - ok 10:44:27.0250 2464 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 10:44:27.0250 2464 sr - ok 10:44:27.0296 2464 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 10:44:27.0312 2464 srservice - ok 10:44:27.0375 2464 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 10:44:27.0375 2464 Srv - ok 10:44:27.0421 2464 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys 10:44:27.0421 2464 sscdbhk5 - ok 10:44:27.0453 2464 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 10:44:27.0468 2464 SSDPSRV - ok 10:44:27.0500 2464 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys 10:44:27.0500 2464 ssrtln - ok 10:44:27.0625 2464 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys 10:44:27.0640 2464 STHDA - ok 10:44:27.0734 2464 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 10:44:27.0750 2464 stisvc - ok 10:44:27.0906 2464 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 10:44:27.0921 2464 swenum - ok 10:44:27.0937 2464 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 10:44:27.0937 2464 swmidi - ok 10:44:27.0953 2464 SwPrv - ok 10:44:28.0000 2464 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 10:44:28.0000 2464 symc810 - ok 10:44:28.0015 2464 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 10:44:28.0015 2464 symc8xx - ok 10:44:28.0031 2464 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 10:44:28.0031 2464 sym_hi - ok 10:44:28.0046 2464 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 10:44:28.0046 2464 sym_u3 - ok 10:44:28.0093 2464 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys 10:44:28.0093 2464 SynTP - ok 10:44:28.0109 2464 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 10:44:28.0109 2464 sysaudio - ok 10:44:28.0156 2464 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 10:44:28.0156 2464 SysmonLog - ok 10:44:28.0218 2464 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 10:44:28.0218 2464 TapiSrv - ok 10:44:28.0265 2464 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 10:44:28.0265 2464 Tcpip - ok 10:44:28.0296 2464 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 10:44:28.0296 2464 TDPIPE - ok 10:44:28.0312 2464 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 10:44:28.0328 2464 TDTCP - ok 10:44:28.0343 2464 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 10:44:28.0343 2464 TermDD - ok 10:44:28.0406 2464 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 10:44:28.0421 2464 TermService - ok 10:44:28.0468 2464 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys 10:44:28.0468 2464 tfsnboio - ok 10:44:28.0484 2464 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys 10:44:28.0484 2464 tfsncofs - ok 10:44:28.0500 2464 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys 10:44:28.0500 2464 tfsndrct - ok 10:44:28.0515 2464 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys 10:44:28.0515 2464 tfsndres - ok 10:44:28.0546 2464 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys 10:44:28.0546 2464 tfsnifs - ok 10:44:28.0562 2464 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys 10:44:28.0562 2464 tfsnopio - ok 10:44:28.0578 2464 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys 10:44:28.0578 2464 tfsnpool - ok 10:44:28.0609 2464 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys 10:44:28.0609 2464 tfsnudf - ok 10:44:28.0625 2464 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys 10:44:28.0640 2464 tfsnudfa - ok 10:44:28.0703 2464 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 10:44:28.0703 2464 Themes - ok 10:44:28.0781 2464 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 10:44:28.0781 2464 TlntSvr - ok 10:44:28.0828 2464 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 10:44:28.0828 2464 TosIde - ok 10:44:28.0890 2464 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 10:44:28.0906 2464 TrkWks - ok 10:44:29.0171 2464 TuneUp.UtilitiesSvc (118edc3e712ff83ce25612081a69075d) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe 10:44:29.0187 2464 TuneUp.UtilitiesSvc - ok 10:44:29.0234 2464 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys 10:44:29.0234 2464 TuneUpUtilitiesDrv - ok 10:44:29.0406 2464 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 10:44:29.0406 2464 Udfs - ok 10:44:29.0421 2464 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 10:44:29.0421 2464 ultra - ok 10:44:29.0468 2464 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe 10:44:29.0468 2464 UMWdf - ok 10:44:29.0531 2464 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 10:44:29.0546 2464 Update - ok 10:44:29.0593 2464 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 10:44:29.0593 2464 upnphost - ok 10:44:29.0625 2464 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 10:44:29.0640 2464 UPS - ok 10:44:29.0671 2464 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 10:44:29.0671 2464 usbccgp - ok 10:44:29.0718 2464 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 10:44:29.0718 2464 usbehci - ok 10:44:29.0765 2464 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 10:44:29.0765 2464 usbhub - ok 10:44:29.0781 2464 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 10:44:29.0781 2464 usbprint - ok 10:44:29.0812 2464 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 10:44:29.0812 2464 usbscan - ok 10:44:29.0843 2464 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 10:44:29.0843 2464 USBSTOR - ok 10:44:29.0843 2464 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 10:44:29.0859 2464 usbuhci - ok 10:44:29.0906 2464 UxTuneUp (24f51fba322f06a3e336c301025d6d12) C:\WINDOWS\System32\uxtuneup.dll 10:44:29.0906 2464 UxTuneUp - ok 10:44:29.0953 2464 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 10:44:29.0953 2464 VgaSave - ok 10:44:29.0984 2464 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 10:44:29.0984 2464 viaagp - ok 10:44:30.0062 2464 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 10:44:30.0062 2464 ViaIde - ok 10:44:30.0093 2464 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 10:44:30.0093 2464 VolSnap - ok 10:44:30.0156 2464 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 10:44:30.0171 2464 VSS - ok 10:44:30.0328 2464 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe 10:44:30.0328 2464 vToolbarUpdater11.0.2 - ok 10:44:30.0359 2464 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 10:44:30.0375 2464 w32time - ok 10:44:30.0531 2464 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys 10:44:30.0562 2464 w39n51 - ok 10:44:30.0765 2464 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 10:44:30.0765 2464 Wanarp - ok 10:44:30.0781 2464 wanatw - ok 10:44:30.0781 2464 WDICA - ok 10:44:30.0812 2464 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 10:44:30.0812 2464 wdmaud - ok 10:44:30.0859 2464 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 10:44:30.0859 2464 WebClient - ok 10:44:30.0953 2464 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 10:44:30.0968 2464 winachsf - ok 10:44:31.0031 2464 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 10:44:31.0031 2464 winmgmt - ok 10:44:31.0187 2464 WLANKEEPER (afb5a2a79bb01699a269c316d8b9bef1) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe 10:44:31.0187 2464 WLANKEEPER - ok 10:44:31.0218 2464 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\mspmsnsv.dll 10:44:31.0234 2464 WmdmPmSN - ok 10:44:31.0312 2464 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 10:44:31.0328 2464 Wmi - ok 10:44:31.0375 2464 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 10:44:31.0375 2464 WmiApSrv - ok 10:44:31.0437 2464 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 10:44:31.0437 2464 WS2IFSL - ok 10:44:31.0484 2464 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 10:44:31.0484 2464 wscsvc - ok 10:44:31.0531 2464 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 10:44:31.0531 2464 wuauserv - ok 10:44:31.0609 2464 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 10:44:31.0625 2464 WZCSVC - ok 10:44:31.0687 2464 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 10:44:31.0687 2464 xmlprov - ok 10:44:31.0718 2464 MBR (0x1B8) (dea9e81f0228b68c9adaf84c9b0cf931) \Device\Harddisk0\DR0 10:44:32.0171 2464 \Device\Harddisk0\DR0 - ok 10:44:32.0187 2464 Boot (0x1200) (424646a5056014def5a61376b476049c) \Device\Harddisk0\DR0\Partition0 10:44:32.0187 2464 \Device\Harddisk0\DR0\Partition0 - ok 10:44:32.0203 2464 Boot (0x1200) (fc91ac0a7b9e4cfba978764e8aba167c) \Device\Harddisk0\DR0\Partition1 10:44:32.0203 2464 \Device\Harddisk0\DR0\Partition1 - ok 10:44:32.0218 2464 ============================================================ 10:44:32.0218 2464 Scan finished 10:44:32.0218 2464 ============================================================ 10:44:32.0218 3784 Detected object count: 0 10:44:32.0218 3784 Actual detected object count: 0 aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-10 10:48:22 ----------------------------- 10:48:22.296 OS Version: Windows 5.1.2600 Service Pack 3 10:48:22.296 Number of processors: 1 586 0xE08 10:48:22.296 ComputerName: DELL UserName: 10:48:23.140 Initialize success 10:59:53.015 AVAST engine defs: 12061000 11:06:16.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 11:06:16.031 Disk 0 Vendor: Hitachi_HTS541060G9SA00 MB3OC60R Size: 55796MB BusType: 3 11:06:16.453 Disk 0 MBR read successfully 11:06:16.453 Disk 0 MBR scan 11:06:16.500 Disk 0 unknown MBR code 11:06:16.500 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63 11:06:16.515 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 39629 MB offset 160650 11:06:16.546 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12848 MB offset 81337095 11:06:16.578 Disk 0 Partition 4 00 DB CP/M / CTOS MSDOS5.0 3223 MB offset 107651565 11:06:16.578 Disk 0 scanning sectors +114254280 11:06:16.656 Disk 0 scanning C:\WINDOWS\system32\drivers 11:06:30.296 Service scanning 11:06:53.328 Modules scanning 11:07:00.515 Disk 0 trace - called modules: 11:07:00.531 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 11:07:00.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a86bab8] 11:07:00.531 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a8be920] 11:07:00.531 5 PCTCore.sys[b9e99407] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a872940] 11:07:01.062 AVAST engine scan C:\WINDOWS 11:07:08.953 AVAST engine scan C:\WINDOWS\system32 11:09:39.609 AVAST engine scan C:\WINDOWS\system32\drivers 11:09:58.296 AVAST engine scan C:\Documents and Settings\Jinks 11:16:16.609 AVAST engine scan C:\Documents and Settings\All Users 11:19:17.453 Scan finished successfully 11:20:02.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jinks\Desktop\MBR.dat" 11:20:02.625 The log file has been saved successfully to "C:\Documents and Settings\Jinks\Desktop\aswMBR.txt"
  9. jinksy9
    Hi Gringo, Slight hiccup when part way through combofix had blue screen but rebooted and all went ok afterwards. combofix log follows: ComboFix 12-06-09.02 - Jinks 09/06/2012 23:20:49.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1508 [GMT 1:00] Running from: c:\documents and settings\Jinks\Downloads\ComboFix.exe AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Jinks\WINDOWS c:\windows\system32\Cache c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\29e0002e9e42cd0e.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\32e3987da5e90be5.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\4489ed3ec0428810.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\a8351db58d6d16e1.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\c631b39a5e15287c.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\e0de16f883bea794.fb c:\windows\system32\Cache\f998975c9cc711ee.fb . . ((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 ))))))))))))))))))))))))))))))) . . 2012-06-07 22:08 . 2012-06-07 22:08 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-07 22:08 . 2012-06-07 22:08 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-05-20 11:01 . 2012-05-20 11:01 56248 ----a-w- c:\windows\system32\drivers\RapportKELL.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-31 13:22 . 2004-08-11 16:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-08 19:02 . 2012-03-29 18:42 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-08 19:02 . 2011-05-16 10:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-11 13:12 . 2004-08-11 16:00 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:10 . 2004-08-11 16:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 12:35 . 2004-08-03 21:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-04 14:56 . 2011-07-14 16:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-07 22:08 . 2011-05-02 07:51 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-04-29 16:34 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-29 2067328] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-29 1116544] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OUktTkJMQlktQzNGNjItQzMzQkEtUU03RUwtR1dRWkM&inst=NzYtNzQ4MTQxODE2LUtWMys3LUJBKzEtWEwrMS1UNS1YTzM2KzEtVEI5KzItTjFEKzEtUEwrOS1BQisxMDMtU1AxKzEtVFVHKzMtU1AxUzIrMS1TVUQrMS1TVVArMy1TMUkrMS1TVTMrMS1TUDFTMysxLUREVCsw∏=94&ver=10.0.1390" [?] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" /startup "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Corel Photo Downloader"=c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe "CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" /r "Dell QuickSet"=c:\program files\Dell\QuickSet\quickset.exe "DMXLauncher"=c:\program files\Dell\Media Experience\DMXLauncher.exe "dla"=c:\windows\system32\dla\tfswctrl.exe "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start "igfxtray"=c:\windows\system32\igfxtray.exe "igfxhkcmd"=c:\windows\system32\hkcmd.exe "igfxpers"=c:\windows\system32\igfxpers.exe "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "MSKDetectorExe"=c:\program files\McAfee\SpamKiller\MSKDetct.exe /uninstall "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" "RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER "SigmatelSysTrayApp"=stsystra.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\gnucash\\bin\\gnucash.exe"= "c:\\Program Files\\gnucash\\bin\\gconfd-2.exe"= . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [14/07/2011 18:07 331880] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [14/07/2011 18:07 342168] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [14/07/2011 18:07 909728] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [20/05/2012 12:01 56248] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [14/07/2011 18:07 253352] R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [14/07/2011 18:07 185560] R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [25/02/2010 10:25 390528] R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 22:54 228208] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [20/05/2012 12:01 71480] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [20/05/2012 12:01 164152] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [03/04/2012 20:01 550864] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [14/07/2011 17:58 654408] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [20/05/2012 12:01 931672] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [08/12/2011 17:34 1527104] R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [29/04/2012 17:34 932736] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [14/07/2011 17:58 22344] R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [03/04/2012 20:01 56840] R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [28/05/2012 21:42 21520] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07/10/2010 13:34 10064] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/06/2010 22:31 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29/03/2012 19:42 257696] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/06/2010 22:31 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [28/04/2012 17:16 113120] S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [14/07/2011 18:07 70536] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [14/07/2011 18:07 402336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder . 2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:02] . 2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 21:31] . 2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 21:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = 10.53.2.50:8080 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll Trusted Zone: betfair.com TCP: DhcpNameServer = 8.8.8.8 212.117.175.185 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll FF - ProfilePath - c:\documents and settings\Jinks\Application Data\Mozilla\Firefox\Profiles\addhz8as.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc99b86ca-a46d-463c-9269-c12bb58402ba%7D&mid=4e07cfa99153ad82b408cb00d9946d3b-723e59e997752d7593d1d6e72556ca3ab2da8b41&ds=tt014&v=10.2.0.3〈=en&pr=sa&d=2011-12-14%2019%3A17%3A29&sap=ku&q= FF - user.js: yahoo.ytff.general.dontshowhpoffer - true FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-09 23:37 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(1008) c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll . Completion time: 2012-06-09 23:43:58 ComboFix-quarantined-files.txt 2012-06-09 22:43 . Pre-Run: 15,842,844,672 bytes free Post-Run: 16,303,308,800 bytes free . - - End Of File - - C5CCD408B4E8B3557B6D9E8CD197CE91
  10. jinksy9
    Hi Gringo, Thanks for your swift reply. I have followed all the instructions that you gave to malwarejones. I've run defogger and security check as well as DDs and, as per your instructions to me, the following are the DDS results: the file dds.txt . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31 Run by Jinks at 15:28:29 on 2012-06-09 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1353 [GMT 1:00] . AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FW: AVG Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk uStart Page = hxxp://www.google.co.uk/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = 10.53.2.50:8080 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: H - No File uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [<NO NAME>] mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OUktTkJMQlktQzNGNjItQzMzQkEtUU03RUwtR1dRWkM"&"inst=NzYtNzQ4MTQxODE2LUtWMys3LUJBKzEtWEwrMS1UNS1YTzM2KzEtVEI5KzItTjFEKzEtUEwrOS1BQisxMDMtU1AxKzEtVFVHKzMtU1AxUzIrMS1TVUQrMS1TVVArMy1TMUkrMS1TVTMrMS1TUDFTMysxLUREVCsw"&"prod=94"&"ver=10.0.1390 dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll Trusted Zone: betfair.com DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1307904081109 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 8.8.8.8 212.117.175.185 TCP: Interfaces\{AE5411F5-AA94-4BAB-B35E-6700BCBF3966} : DhcpNameServer = 8.8.8.8 212.117.175.185 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\jinks\application data\mozilla\firefox\profiles\addhz8as.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc99b86ca-a46d-463c-9269-c12bb58402ba%7D&mid=4e07cfa99153ad82b408cb00d9946d3b-723e59e997752d7593d1d6e72556ca3ab2da8b41&ds=tt014&v=10.2.0.3〈=en&pr=sa&d=2011-12-14%2019%3A17%3A29&sap=ku&q= FF - component: c:\documents and settings\jinks\application data\mozilla\firefox\profiles\addhz8as.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.0.2\npsitesafety.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ============= SERVICES / DRIVERS =============== . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-7-14 331880] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-7-14 342168] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-7-14 909728] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-5-20 56248] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-7-14 253352] R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-7-14 185560] R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-25 390528] R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208] R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-5-20 71480] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-5-20 164152] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2012-4-3 550864] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-14 654408] R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-5-20 931672] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-12-8 1527104] R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-4-29 932736] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-14 22344] R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-4-3 56840] R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-28 21520] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-15 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 257696] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-15 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 113120] S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-7-14 70536] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-7-14 402336] S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-7-14 1117624] . =============== Created Last 30 ================ . 2012-06-07 22:08:27 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-06-07 22:08:27 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2012-05-20 11:01:38 56248 ----a-w- c:\windows\system32\drivers\RapportKELL.sys . ==================== Find3M ==================== . 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-08 19:02:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-08 19:02:05 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 15:30:15.84 =============== the file attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 19/07/2006 18:45:01 System Uptime: 09/06/2012 15:02:25 (0 hours ago) . Motherboard: Dell Inc. | | 0KD882 Processor: Genuine Intel® CPU T1350 @ 1.86GHz | Microprocessor | 1862/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 39 GiB total, 14.886 GiB free. D: is FIXED (NTFS) - 13 GiB total, 12.474 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Broadcom 440x 10/100 Integrated Controller Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0 Manufacturer: Broadcom Name: Broadcom 440x 10/100 Integrated Controller PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0 Service: bcm4sbxp . ==== System Restore Points =================== . RP1352: 18/04/2012 21:46:21 - System Checkpoint RP1353: 20/04/2012 19:37:59 - System Checkpoint RP1354: 21/04/2012 19:39:48 - System Checkpoint RP1355: 22/04/2012 20:01:55 - System Checkpoint RP1356: 23/04/2012 20:08:03 - Installed Rapport RP1357: 25/04/2012 20:03:41 - System Checkpoint RP1358: 26/04/2012 20:13:52 - System Checkpoint RP1359: 27/04/2012 20:51:32 - System Checkpoint RP1360: 29/04/2012 11:12:32 - System Checkpoint RP1361: 30/04/2012 20:30:32 - System Checkpoint RP1362: 01/05/2012 21:18:33 - System Checkpoint RP1363: 03/05/2012 19:18:15 - System Checkpoint RP1364: 04/05/2012 20:01:51 - System Checkpoint RP1365: 05/05/2012 20:37:25 - System Checkpoint RP1366: 06/05/2012 14:01:21 - Installed Compatibility Pack for the 2007 Office system RP1367: 07/05/2012 14:18:29 - System Checkpoint RP1368: 07/05/2012 19:00:21 - Software Distribution Service 3.0 RP1369: 07/05/2012 23:10:17 - Software Distribution Service 3.0 RP1370: 09/05/2012 19:55:19 - System Checkpoint RP1371: 09/05/2012 23:31:17 - Software Distribution Service 3.0 RP1372: 11/05/2012 20:42:48 - System Checkpoint RP1373: 13/05/2012 17:16:45 - System Checkpoint RP1374: 14/05/2012 19:20:49 - System Checkpoint RP1375: 15/05/2012 19:25:16 - System Checkpoint RP1376: 16/05/2012 19:40:12 - System Checkpoint RP1377: 17/05/2012 21:25:53 - System Checkpoint RP1378: 19/05/2012 18:59:07 - System Checkpoint RP1379: 20/05/2012 19:08:29 - System Checkpoint RP1380: 21/05/2012 21:23:31 - System Checkpoint RP1381: 22/05/2012 21:48:18 - System Checkpoint RP1382: 24/05/2012 20:20:06 - System Checkpoint RP1383: 26/05/2012 14:37:44 - System Checkpoint RP1384: 27/05/2012 18:27:32 - System Checkpoint RP1385: 28/05/2012 21:05:44 - System Checkpoint RP1386: 29/05/2012 21:40:42 - System Checkpoint RP1387: 31/05/2012 19:07:04 - Installed Rapport RP1388: 01/06/2012 19:17:13 - System Checkpoint RP1389: 02/06/2012 19:34:00 - System Checkpoint RP1390: 04/06/2012 16:03:17 - System Checkpoint RP1391: 04/06/2012 19:00:16 - Software Distribution Service 3.0 RP1392: 05/06/2012 19:12:56 - System Checkpoint RP1393: 06/06/2012 21:21:15 - System Checkpoint RP1394: 08/06/2012 19:29:04 - System Checkpoint . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) ARTEuro AVG Security Toolbar Broadcom Management Programs Browser Defender 4.0 BTOffer BufferChm Compatibility Pack for the 2007 Office system Conexant HDA D110 MDC V.92 Modem Copy Corel Paint Shop Pro X Corel Photo Album 6 CustomerResearchQFolder Dell Media Experience Dell Support 5.0.0 (630) Dell System Restore Destination Component DeviceDiscovery DeviceManagementQFolder Digital Line Detect DJ_AIO_03_F2200_ProductContext DJ_AIO_03_F2200_Software DJ_AIO_03_F2200_Software_Min eSupportQFolder F2200 F2200_Help GnuCash 2.4.9 Golden Goose Google Earth Plug-in Google Update Helper GPBaseService GPBaseService2 Hard Drive Powerwash (Remove only) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) HP Customer Participation Program 10.0 HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3 HP Imaging Device Functions 10.0 HP Photosmart Essential 2.5 HP Smart Web Printing 4.60 HP Solution Center 13.0 HP Update HPProductAssistant HPSSupply InfraRecorder Intel® Graphics Media Accelerator Driver Intel® PROSet/Wireless Software Java 2 Runtime Environment, SE v1.4.2_03 Java Auto Updater Java™ 6 Update 31 Learn2 Player (Uninstall Only) Malwarebytes Anti-Malware version 1.61.0.1400 MarketResearch mCore MCU mDrWiFi mHlpDell Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Basic Edition 2003 Microsoft Office File Validation Add-In Microsoft Sync Framework 2.0 Core Components (x86) ENU Microsoft Sync Framework 2.0 Provider Services (x86) ENU Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 mIWA Mixer mLogView mMHouse Modem Helper Mozilla Firefox 13.0 (x86 en-GB) Mozilla Maintenance Service mPfMgr mPfWiz mProSafe mSSO MSVCSetup MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) mWlsSafe mWMI mXML mZConfig NetWaiting OpenOffice.org 3.2 PC Tools Spyware Doctor with AntiVirus 9.0 Picasa 3 PowerDVD 5.7 PSSWCORE Punters Paymaster QuickSet QuickTime Rapport RealPlayer Basic Scan Search Assist Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2695962) Shop for HP Supplies SmartWebPrinting SolutionCenter Sonic DLA Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sound Blaster Audigy ADVANCED MB Demo Status Synaptics Pointing Device Driver SyncToy 2.1 (x86) Toolbox TrayApp TuneUp Utilities 2011 TuneUp Utilities Language Pack (en-US) UnloadSupport Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB971180) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) VideoToolkit01 Viewpoint Media Player WebFldrs XP WebReg Windows Imaging Component Windows Media Format Runtime Windows XP Service Pack 3 . ==== Event Viewer Messages From Past Week ======== . 05/06/2012 10:59:35, error: MRxSmb [8003] - The master browser has received a server announcement from the computer JINKS-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AE5411F5-AA94-4. The master browser is stopping or an election is being forced. 05/06/2012 09:54:12, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. 05/06/2012 09:54:12, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 04/06/2012 19:20:02, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting. 04/06/2012 18:25:00, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The system cannot find the file specified. 04/06/2012 16:49:43, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address 18:F4:6A:D5:4B:F2. Network operations on this system may be disrupted as a result. 02/06/2012 18:54:48, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0013028DEAB0 has been denied by the DHCP server 10.42.188.177 (The DHCP Server sent a DHCPNACK message). . ==== End Of File =========================== Thanks again for any help you can give me to find out what the problem is.
  11. jinksy9
    We've been getting the same message for the same IP address on both our laptops for some days now so I've been trying to find out what the problem is. I have done a full scan and nothings coming up to indicate a problem. Should I follow the instructions that you've given to malwarejones or what do you recommend please? Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.