Jump to content

Tran12

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Really good! Ad sounds are completely gone & everything is much faster now. Thank you very much!
  2. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=7e38ea3e1593e54c8d07c3262d385d61 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-30 05:07:03 # local_time=2012-07-30 10:07:03 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=2560 16777175 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=113918 # found=14 # cleaned=14 # scan_time=8377 C:\Qoobox\Quarantine\C\autorun.inf.vir VBS/AutoRun.AR worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0131A367-A42B-4386-8896-226A6F1A9C7D}\RP450\A0207547.inf VBS/AutoRun.AR worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\23.07.2012_15.41.22\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\23.07.2012_15.41.22\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\23.07.2012_15.41.22\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\23.07.2012_15.41.22\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\23.07.2012_15.41.22\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\23.07.2012_15.41.22\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\24.07.2012_14.53.41\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\24.07.2012_14.53.41\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\24.07.2012_14.53.41\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\24.07.2012_14.53.41\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\24.07.2012_14.53.41\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\24.07.2012_14.53.41\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  3. ComboFix 12-07-27.03 - Mk 07/28/2012 6:58.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.562 [GMT -7:00] Running from: c:\documents and settings\Mk\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Mk\Desktop\CFScript.txt AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FW: PC Tools Internet Security Firewall *Disabled* {2BF21FEC-A5BE-424D-BDD7-3229CC84ED22} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP . . ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 ))))))))))))))))))))))))))))))) . . 2012-07-24 21:59 . 2012-07-24 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-24 21:59 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-23 22:59 . 2012-07-24 21:56 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-21 22:26 . 2012-07-21 22:26 -------- d-----w- c:\documents and settings\Mk\Application Data\Spam Monitor 2012-07-21 22:07 . 2012-06-14 19:31 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys 2012-07-21 22:07 . 2012-06-14 19:31 149464 ----a-w- c:\windows\SGDetectionTool.dll 2012-07-21 22:07 . 2012-06-14 19:31 767960 ----a-w- c:\windows\BDTSupport.dll 2012-07-21 22:07 . 2012-06-14 19:31 2267096 ----a-w- c:\windows\PCTBDCore.dll 2012-07-21 22:07 . 2012-06-14 19:31 1681368 ----a-w- c:\windows\PCTBDRes.dll 2012-07-21 22:06 . 2012-05-11 18:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-07-21 22:06 . 2012-05-11 18:13 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys 2012-07-21 22:06 . 2012-05-11 17:07 574424 ----a-w- c:\windows\system32\drivers\TfSysMon.sys 2012-07-21 22:06 . 2012-05-11 17:07 54328 ----a-w- c:\windows\system32\drivers\TfFsMon.sys 2012-07-21 22:06 . 2012-05-11 17:07 35264 ----a-w- c:\windows\system32\drivers\TfNetMon.sys 2012-07-21 22:05 . 2012-04-19 16:56 91648 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys 2012-07-21 22:05 . 2011-07-08 16:55 32936 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys 2012-07-21 22:05 . 2012-05-11 18:14 125888 ----a-w- c:\windows\system32\drivers\pctplfw.sys 2012-07-21 22:05 . 2010-07-08 15:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys 2012-07-21 21:59 . 2012-07-21 21:59 -------- d-----w- c:\documents and settings\Mk\Application Data\TestApp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-27 21:58 . 2012-04-01 02:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-27 21:58 . 2011-05-15 20:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-14 18:03 . 2012-07-21 22:07 3488 ----a-w- c:\windows\UDB.zip 2012-06-14 18:03 . 2012-07-21 22:07 131 ----a-w- c:\windows\IDB.zip 2012-06-13 13:19 . 2004-08-10 11:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50 . 2009-08-20 00:07 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:50 . 2004-08-10 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2004-08-10 11:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 22:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 22:19 . 2010-10-01 23:02 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 22:19 . 2010-10-01 23:02 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 22:19 . 2010-10-01 23:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 22:19 . 2010-10-01 23:02 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2010-10-01 23:02 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2009-08-07 02:24 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 22:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 22:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 22:19 . 2010-10-01 23:02 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2010-10-01 23:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:18 . 2010-10-06 21:27 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 22:18 . 2010-10-06 21:27 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 22:18 . 2010-10-06 21:27 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-18 10:13 . 2010-10-20 07:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-05-18 10:13 . 2010-10-20 07:14 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 18:14 . 2011-03-03 08:48 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2012-05-11 18:08 . 2011-03-03 08:49 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2012-05-11 14:42 . 2004-08-10 11:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2004-08-10 11:00 385024 ------w- c:\windows\system32\html.iec 2012-05-04 13:16 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2010-10-01 22:56 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-19 14:43 . 2011-04-01 02:05 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-07-27_16.27.06 ))))))))))))))))))))))))))))))))))))))))) . + 2012-07-28 13:52 . 2012-07-28 13:52 16384 c:\windows\Temp\Perflib_Perfdata_468.dat + 2012-07-27 21:58 . 2012-07-27 21:58 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe + 2012-07-27 16:54 . 2012-07-27 16:54 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe + 2012-07-27 16:54 . 2012-07-27 16:54 466632 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.dll + 2012-04-01 02:49 . 2012-07-27 21:59 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe - 2012-04-01 02:49 . 2012-07-12 13:54 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe + 2012-07-27 21:58 . 2012-07-27 21:58 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-18 39408] "Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "Zip"="wscript.exe" [2008-05-08 155648] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-10 2183168] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624] "DLCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-21 73728] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-05-18 296056] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDTSysTrayApp] 2007-09-06 04:24 405504 ----a-w- c:\windows\sttray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/3/2011 1:48 AM 383368] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [3/3/2011 1:49 AM 342168] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [3/3/2011 1:49 AM 909728] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [7/21/2012 3:06 PM 54328] R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [7/21/2012 3:06 PM 574424] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/3/2011 1:49 AM 254912] R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [7/21/2012 3:06 PM 203088] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [7/21/2012 3:07 PM 575448] R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?] R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [3/3/2011 1:48 AM 162584] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [12/10/2009 3:39 AM 65536] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [7/21/2012 3:04 PM 402336] R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [7/21/2012 3:07 PM 70768] R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [7/21/2012 3:05 PM 57536] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2011 4:58 PM 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 7:49 PM 250056] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2011 4:58 PM 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/5/2012 3:51 PM 113120] S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [3/22/2012 11:28 AM 21744] S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [7/21/2012 3:05 PM 91648] S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [7/21/2012 3:05 PM 57536] S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [7/21/2012 3:05 PM 125888] S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [3/3/2011 1:48 AM 70536] S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [7/21/2012 3:06 PM 35264] S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:59] . 2012-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57] . 2012-07-27 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-10-18 09:21] . 2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 23:58] . 2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 23:58] . 2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-796845957-682003330-1003Core.job - c:\documents and settings\Mk\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-19 23:15] . 2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-796845957-682003330-1003UA.job - c:\documents and settings\Mk\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-19 23:15] . 2012-07-28 c:\windows\Tasks\Norton Security Scan for Mk.job - c:\progra~1\NORTON~2\Engine\360~1.31\Nss.exe [2011-10-29 09:45] . 2012-07-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-796845957-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21] . 2012-07-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-796845957-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21] . 2012-07-28 c:\windows\Tasks\User_Feed_Synchronization-{FB420701-81CA-4614-8B20-F86BC21E50DA}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 12:31] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://search.jzip.com/sidebar.html?src=ssb&sysid=102 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Mk\Application Data\Mozilla\Firefox\Profiles\jzj6y0gg.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1 FF - prefs.js: network.proxy.type - 0 FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-28 07:19 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(1396) c:\windows\System32\BCMLogon.dll c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll . - - - - - - - > 'explorer.exe'(172) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\webcheck.dll . Completion time: 2012-07-28 07:28:48 ComboFix-quarantined-files.txt 2012-07-28 14:28 ComboFix2.txt 2012-07-27 16:39 . Pre-Run: 19,770,753,024 bytes free Post-Run: 19,749,535,744 bytes free . - - End Of File - - 8589CCB6D6731F58D4E6EDCC320D3226
  4. ComboFix 12-07-27.03 - Mk 07/27/2012 9:00.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.389 [GMT -7:00] Running from: c:\documents and settings\Mk\Desktop\ComboFix.exe AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FW: PC Tools Internet Security Firewall *Disabled* {2BF21FEC-A5BE-424D-BDD7-3229CC84ED22} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\autorun.inf c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP c:\documents and settings\Mk\Application Data\PriceGong c:\documents and settings\Mk\Application Data\PriceGong\Data\1.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\4873.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\a.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\b.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\c.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\d.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\e.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\f.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\g.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\h.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\i.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\j.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\k.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\l.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\m.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Mk\Application Data\PriceGong\Data\n.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\o.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\p.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\q.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\r.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\s.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\t.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\u.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\v.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\w.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\wlu.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\x.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\y.txt c:\documents and settings\Mk\Application Data\PriceGong\Data\z.txt c:\documents and settings\Mk\My Documents\~WRD0004.tmp c:\windows\EventSystem.log . . ((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 ))))))))))))))))))))))))))))))) . . 2012-07-24 21:59 . 2012-07-24 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-24 21:59 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-23 22:59 . 2012-07-24 21:56 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-21 22:26 . 2012-07-21 22:26 -------- d-----w- c:\documents and settings\Mk\Application Data\Spam Monitor 2012-07-21 22:07 . 2012-06-14 19:31 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys 2012-07-21 22:07 . 2012-06-14 19:31 149464 ----a-w- c:\windows\SGDetectionTool.dll 2012-07-21 22:07 . 2012-06-14 19:31 767960 ----a-w- c:\windows\BDTSupport.dll 2012-07-21 22:07 . 2012-06-14 19:31 2267096 ----a-w- c:\windows\PCTBDCore.dll 2012-07-21 22:07 . 2012-06-14 19:31 1681368 ----a-w- c:\windows\PCTBDRes.dll 2012-07-21 22:06 . 2012-05-11 18:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-07-21 22:06 . 2012-05-11 18:13 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys 2012-07-21 22:06 . 2012-05-11 17:07 574424 ----a-w- c:\windows\system32\drivers\TfSysMon.sys 2012-07-21 22:06 . 2012-05-11 17:07 54328 ----a-w- c:\windows\system32\drivers\TfFsMon.sys 2012-07-21 22:06 . 2012-05-11 17:07 35264 ----a-w- c:\windows\system32\drivers\TfNetMon.sys 2012-07-21 22:05 . 2012-04-19 16:56 91648 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys 2012-07-21 22:05 . 2011-07-08 16:55 32936 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys 2012-07-21 22:05 . 2012-05-11 18:14 125888 ----a-w- c:\windows\system32\drivers\pctplfw.sys 2012-07-21 22:05 . 2010-07-08 15:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys 2012-07-21 21:59 . 2012-07-21 21:59 -------- d-----w- c:\documents and settings\Mk\Application Data\TestApp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 13:54 . 2012-04-01 02:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-12 13:54 . 2011-05-15 20:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-14 18:03 . 2012-07-21 22:07 3488 ----a-w- c:\windows\UDB.zip 2012-06-14 18:03 . 2012-07-21 22:07 131 ----a-w- c:\windows\IDB.zip 2012-06-13 13:19 . 2004-08-10 11:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50 . 2009-08-20 00:07 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:50 . 2004-08-10 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2004-08-10 11:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 22:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 22:19 . 2010-10-01 23:02 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 22:19 . 2010-10-01 23:02 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 22:19 . 2010-10-01 23:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 22:19 . 2010-10-01 23:02 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2010-10-01 23:02 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2009-08-07 02:24 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 22:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 22:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 22:19 . 2010-10-01 23:02 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2010-10-01 23:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:18 . 2010-10-06 21:27 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 22:18 . 2010-10-06 21:27 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 22:18 . 2010-10-06 21:27 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-18 10:13 . 2010-10-20 07:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-05-18 10:13 . 2010-10-20 07:14 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 18:14 . 2011-03-03 08:48 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2012-05-11 18:08 . 2011-03-03 08:49 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2012-05-11 14:42 . 2004-08-10 11:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2004-08-10 11:00 385024 ------w- c:\windows\system32\html.iec 2012-05-04 13:16 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2010-10-01 22:56 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-19 14:43 . 2011-04-01 02:05 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-18 39408] "Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "Zip"="wscript.exe" [2008-05-08 155648] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-10 2183168] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624] "DLCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-21 73728] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-05-18 296056] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDTSysTrayApp] 2007-09-06 04:24 405504 ----a-w- c:\windows\sttray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/3/2011 1:48 AM 383368] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [3/3/2011 1:49 AM 342168] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [3/3/2011 1:49 AM 909728] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [7/21/2012 3:06 PM 54328] R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [7/21/2012 3:06 PM 574424] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/3/2011 1:49 AM 254912] R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [7/21/2012 3:06 PM 203088] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [7/21/2012 3:07 PM 575448] R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?] R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [3/3/2011 1:48 AM 162584] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [12/10/2009 3:39 AM 65536] R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [7/21/2012 3:07 PM 70768] R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [7/21/2012 3:05 PM 91648] R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [7/21/2012 3:05 PM 57536] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [7/21/2012 3:06 PM 35264] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2011 4:58 PM 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 7:49 PM 250056] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2011 4:58 PM 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/5/2012 3:51 PM 113120] S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [3/22/2012 11:28 AM 21744] S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [7/21/2012 3:05 PM 57536] S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [7/21/2012 3:05 PM 125888] S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [3/3/2011 1:48 AM 70536] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [7/21/2012 3:04 PM 402336] S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 13:54] . 2012-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57] . 2012-07-23 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-10-18 09:21] . 2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 23:58] . 2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 23:58] . 2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-796845957-682003330-1003Core.job - c:\documents and settings\Mk\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-19 23:15] . 2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-796845957-682003330-1003UA.job - c:\documents and settings\Mk\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-19 23:15] . 2012-07-27 c:\windows\Tasks\Norton Security Scan for Mk.job - c:\progra~1\NORTON~2\Engine\360~1.31\Nss.exe [2011-10-29 09:45] . 2012-07-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-796845957-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21] . 2012-07-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-796845957-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21] . 2012-07-27 c:\windows\Tasks\User_Feed_Synchronization-{FB420701-81CA-4614-8B20-F86BC21E50DA}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 12:31] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://search.jzip.com/sidebar.html?src=ssb&sysid=102 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Mk\Application Data\Mozilla\Firefox\Profiles\jzj6y0gg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-27 09:26 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(1400) c:\windows\System32\BCMLogon.dll c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll . Completion time: 2012-07-27 09:39:27 ComboFix-quarantined-files.txt 2012-07-27 16:39 . Pre-Run: 16,338,759,680 bytes free Post-Run: 19,809,947,648 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - C935C8F4D5ADACF4C2966CA440708119
  5. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.24.12 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Mk :: HOME [administrator] 7/24/2012 3:02:09 PM mbam-log-2012-07-24 (15-02-09).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 243636 Time elapsed: 47 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully. Registry Values Detected: 3 HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Data: -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Data: 8197 -> Quarantined and deleted successfully. HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\Mk\Local Settings\Application Data\{63f958fe-75ea-a37e-d655-7f8503a795a8}\n. -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Documents and Settings\Mk\Local Settings\Temp\1158.tmp (Trojan.Agent.EXPD1) -> Quarantined and deleted successfully. (end) . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31 Run by Mk at 16:09:54 on 2012-07-24 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.143 [GMT -7:00] . AV: PC Tools Internet Security Anti-Virus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FW: PC Tools Internet Security Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\dlcicoms.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\PC Tools Security\pctsAuxs.exe C:\Program Files\PC Tools Security\pctsSvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Creative\Mixer\CTSVolFE.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\PC Tools Security\pctsGui.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\PC Tools Security\TFEngine\TFService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\PC Tools Security\TFEngine\TFUN.exe c:\program files\real\realplayer\RealPlay.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uWindow Title = Gdooey Mae uSearch Bar = hxxp://search.jzip.com/sidebar.html?src=ssb&sysid=102 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://search.jzip.com/sidebar.html?src=ssb&sysid=102 mSearchAssistant = hxxp://search.jzip.com/sidebar.html?src=ssb&sysid=102 uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: !{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {00000000-0000-0000-0000-000000000000} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US uRun: [Google Update] "c:\documents and settings\mk\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [Zip] wscript.exe /E:vbs C:\autoexec.bat mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [DLCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCItime.dll,_RunDLLEntry@16 mRun: [iSTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll LSP: mswsock.dll DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2449264F-C2CC-4357-91B0-0AC9A26F81C2} : DhcpNameServer = 192.168.1.254 Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\mk\application data\mozilla\firefox\profiles\jzj6y0gg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q= FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\mk\application data\mozilla\firefox\profiles\jzj6y0gg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\np-mswmp.dll FF - plugin: c:\documents and settings\mk\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false ============= SERVICES / DRIVERS =============== . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-3-3 383368] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-3-3 342168] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-3-3 909728] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-7-21 54328] R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-7-21 574424] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-3-3 254912] R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-7-21 203088] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2012-7-21 575448] R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-3-3 162584] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2009-12-10 65536] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2012-7-21 402336] R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-3-3 1118648] R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-7-21 70768] R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2012-7-21 91648] R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2012-7-21 57536] R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2012-7-21 125888] R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-3-3 70536] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-7-21 35264] R3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?] S?4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-28 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250056] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-28 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 113120] S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-3-22 21744] S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2012-7-21 57536] . =============== Created Last 30 ================ . 2012-07-24 21:59:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-24 21:59:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-23 22:59:48 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-21 22:26:18 -------- d-----w- c:\documents and settings\mk\application data\Spam Monitor 2012-07-21 22:07:56 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys 2012-07-21 22:07:55 767960 ----a-w- c:\windows\BDTSupport.dll 2012-07-21 22:07:55 149464 ----a-w- c:\windows\SGDetectionTool.dll 2012-07-21 22:07:54 2267096 ----a-w- c:\windows\PCTBDCore.dll 2012-07-21 22:07:54 1681368 ----a-w- c:\windows\PCTBDRes.dll 2012-07-21 22:06:11 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-07-21 22:06:11 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys 2012-07-21 22:06:00 574424 ----a-w- c:\windows\system32\drivers\TfSysMon.sys 2012-07-21 22:06:00 54328 ----a-w- c:\windows\system32\drivers\TfFsMon.sys 2012-07-21 22:06:00 35264 ----a-w- c:\windows\system32\drivers\TfNetMon.sys 2012-07-21 22:05:24 91648 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys 2012-07-21 22:05:24 32936 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys 2012-07-21 22:05:23 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys 2012-07-21 22:05:23 125888 ----a-w- c:\windows\system32\drivers\pctplfw.sys 2012-07-21 21:59:40 -------- d-----w- c:\documents and settings\mk\application data\TestApp . ==================== Find3M ==================== . 2012-07-18 08:06:24 952 --sha-w- c:\windows\system32\KGyGaAvL.sys 2012-07-12 13:54:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-12 13:54:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-18 10:13:08 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-05-18 10:13:08 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 18:14:44 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2012-05-11 18:08:46 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec 2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 16:14:55.00 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 10/1/2010 4:10:42 PM System Uptime: 7/24/2012 3:56:42 PM (1 hours ago) . Motherboard: Dell Inc. | | 0MG532 Processor: Genuine Intel® CPU T2050 @ 1.60GHz | Microprocessor | 798/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 68 GiB total, 15.966 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP410: 5/7/2012 4:31:54 AM - System Checkpoint RP411: 5/8/2012 9:18:34 PM - Software Distribution Service 3.0 RP412: 5/10/2012 4:01:59 AM - System Checkpoint RP413: 5/13/2012 9:56:46 PM - Software Distribution Service 3.0 RP414: 5/16/2012 12:35:42 AM - System Checkpoint RP415: 5/19/2012 12:09:54 AM - System Checkpoint RP416: 5/20/2012 1:21:02 AM - Installed HP Product Detection RP417: 5/20/2012 1:21:24 AM - Installed Hewlett-Packard ACLM.NET v1.1.0.0. RP418: 5/21/2012 6:09:55 PM - System Checkpoint RP419: 5/22/2012 3:01:12 AM - Software Distribution Service 3.0 RP420: 5/22/2012 3:22:41 AM - Software Distribution Service 3.0 RP421: 5/28/2012 9:09:39 PM - System Checkpoint RP422: 6/2/2012 2:58:31 PM - System Checkpoint RP423: 6/4/2012 9:27:23 PM - Software Distribution Service 3.0 RP424: 6/7/2012 9:35:07 AM - System Checkpoint RP425: 6/9/2012 10:59:27 PM - System Checkpoint RP426: 6/12/2012 2:42:14 PM - System Checkpoint RP427: 6/13/2012 8:40:01 AM - Software Distribution Service 3.0 RP428: 6/14/2012 3:35:48 PM - System Checkpoint RP429: 6/16/2012 8:30:46 AM - System Checkpoint RP430: 6/17/2012 7:37:32 PM - System Checkpoint RP431: 6/17/2012 8:20:21 PM - Installed QuickTime RP432: 6/19/2012 8:08:29 PM - System Checkpoint RP433: 6/20/2012 10:27:54 PM - System Checkpoint RP434: 6/25/2012 8:12:32 PM - System Checkpoint RP435: 6/27/2012 7:32:15 AM - System Checkpoint RP436: 6/29/2012 6:14:53 AM - System Checkpoint RP437: 7/1/2012 12:04:17 PM - System Checkpoint RP438: 7/3/2012 12:23:38 PM - System Checkpoint RP439: 7/4/2012 3:40:31 PM - System Checkpoint RP440: 7/7/2012 8:24:24 AM - System Checkpoint RP441: 7/8/2012 12:19:16 PM - System Checkpoint RP442: 7/9/2012 5:03:04 PM - System Checkpoint RP443: 7/11/2012 7:22:50 AM - Software Distribution Service 3.0 RP444: 7/12/2012 6:07:02 PM - System Checkpoint RP445: 7/13/2012 7:45:57 PM - System Checkpoint RP446: 7/16/2012 12:29:56 AM - System Checkpoint RP447: 7/17/2012 2:03:10 AM - System Checkpoint RP448: 7/18/2012 11:45:26 PM - System Checkpoint RP449: 7/20/2012 6:28:21 PM - System Checkpoint . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) AIM 7 Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour Browser Guard 4.0 BufferChm Compatibility Pack for the 2007 Office system Conexant HDA D110 MDC V.92 Modem Copy Corel Paint Shop Pro Photo XI Dell Driver Download Manager Dell ResourceCD Dell Support Center Dell Wireless WLAN Card Destinations DeviceDiscovery DivX Setup DJ_AIO_05_F4400_Software_Min Download Updater (AOL LLC) ESPNMotion F4400 GemMaster Mystic Google Chrome Google Earth Google Update Helper Google Updater GPBaseService2 Hewlett-Packard ACLM.NET v1.1.0.0 High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB981793) HP Customer Participation Program 13.0 HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 HP Imaging Device Functions 13.0 HP Print Projects 1.0 HP Product Detection HP Smart Web Printing 4.5 HP Solution Center 13.0 HP Update hpPrintProjects HPProductAssistant HPSSupply hpWLPGInstaller Intel® Graphics Media Accelerator Driver iTunes Java Auto Updater Java 6 Update 31 jZip Malwarebytes Anti-Malware version 1.62.0.1300 MarketResearch McAfee Security Scan Plus Microsoft .NET Framework 1.0 Hotfix (KB2572066) Microsoft .NET Framework 1.0 Hotfix (KB2604042) Microsoft .NET Framework 1.0 Hotfix (KB2656378) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Office File Validation Add-In Microsoft Office Small Business Edition 2003 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mixer MobileMe Control Panel Modem Helper Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) Norton Security Scan Otto PC Tools Internet Security 9.0 PokerStove version 1.23 PokerTracker 3 (remove only) PostgreSQL 8.3 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Safari Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2482017) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2497640) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2530548) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544521) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2559049) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2586448) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) Shop for HP Supplies SigmaTel Audio SmartWebPrinting SolutionCenter Sonic Encoders Status StreamTorrent 1.0 Synaptics Pointing Device Driver Toolbox TrayApp Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 VC80CRTRedist - 8.0.50727.4053 Veetle TV 0.9.18 VLC media player 1.1.11 WebFldrs XP WebReg WIDCOMM Bluetooth Software Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 8 Windows Media Format Runtime Windows Media Player Firefox Plugin Windows XP Media Center Edition 2005 KB2502898 Windows XP Media Center Edition 2005 KB2619340 Windows XP Media Center Edition 2005 KB2628259 Windows XP Media Center Edition 2005 KB908250 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 . ==== Event Viewer Messages From Past Week ======== . 7/23/2012 3:55:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect. 7/23/2012 3:55:19 PM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/23/2012 3:15:29 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 7/21/2012 4:34:13 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 7/21/2012 3:26:45 PM, error: PCTCore [280] - 7/21/2012 1:40:11 PM, error: Dhcp [1008] - Your computer was unable to initialize a Network Interface attached to the system. The error code is: Insufficient system resources exist to complete the requested service. . 7/18/2012 11:49:29 AM, error: NetBT [4321] - The name "HOME :0" could not be registered on the Interface with IP address 192.168.1.70. The machine with the IP address 192.168.1.73 did not allow the name to be claimed by this machine. . ==== End Of File ===========================
  6. 15:41:20.0250 5072 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30 15:41:22.0390 5072 ============================================================ 15:41:22.0390 5072 Current date / time: 2012/07/23 15:41:22.0390 15:41:22.0390 5072 SystemInfo: 15:41:22.0390 5072 15:41:22.0390 5072 OS Version: 5.1.2600 ServicePack: 3.0 15:41:22.0390 5072 Product type: Workstation 15:41:22.0390 5072 ComputerName: HOME 15:41:22.0500 5072 UserName: Mk 15:41:22.0500 5072 Windows directory: C:\WINDOWS 15:41:22.0500 5072 System windows directory: C:\WINDOWS 15:41:22.0500 5072 Processor architecture: Intel x86 15:41:22.0500 5072 Number of processors: 2 15:41:22.0500 5072 Page size: 0x1000 15:41:22.0500 5072 Boot type: Normal boot 15:41:22.0500 5072 ============================================================ 15:42:29.0828 5072 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 15:42:29.0875 5072 ============================================================ 15:42:29.0875 5072 \Device\Harddisk0\DR0: 15:42:29.0921 5072 MBR partitions: 15:42:29.0921 5072 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x877B4CB 15:42:29.0953 5072 ============================================================ 15:42:30.0187 5072 C: <-> \Device\Harddisk0\DR0\Partition0 15:42:30.0187 5072 ============================================================ 15:42:30.0187 5072 Initialize success 15:42:30.0187 5072 ============================================================ 15:43:39.0703 3812 ============================================================ 15:43:39.0703 3812 Scan started 15:43:39.0703 3812 Mode: Manual; SigCheck; TDLFS; 15:43:39.0703 3812 ============================================================ 15:44:53.0125 3812 Abiosdsk - ok 15:44:53.0140 3812 abp480n5 - ok 15:44:53.0250 3812 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:45:28.0140 3812 ACPI - ok 15:45:28.0468 3812 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 15:45:28.0750 3812 ACPIEC - ok 15:45:29.0953 3812 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:45:30.0406 3812 AdobeFlashPlayerUpdateSvc - ok 15:45:30.0421 3812 adpu160m - ok 15:45:32.0031 3812 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 15:45:32.0812 3812 aec - ok 15:45:33.0312 3812 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 15:45:33.0593 3812 AFD - ok 15:45:33.0593 3812 Aha154x - ok 15:45:33.0593 3812 aic78u2 - ok 15:45:33.0609 3812 aic78xx - ok 15:45:33.0812 3812 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 15:45:34.0187 3812 Alerter - ok 15:45:34.0453 3812 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 15:45:34.0953 3812 ALG - ok 15:45:34.0953 3812 AliIde - ok 15:45:34.0953 3812 amsint - ok 15:45:35.0171 3812 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 15:45:35.0375 3812 Apple Mobile Device - ok 15:45:35.0671 3812 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 15:45:36.0000 3812 AppMgmt - ok 15:45:36.0093 3812 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 15:45:36.0328 3812 Arp1394 - ok 15:45:36.0328 3812 asc - ok 15:45:36.0328 3812 asc3350p - ok 15:45:36.0343 3812 asc3550 - ok 15:45:36.0546 3812 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 15:45:36.0625 3812 aspnet_state - ok 15:45:36.0671 3812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:45:36.0875 3812 AsyncMac - ok 15:45:37.0171 3812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 15:45:37.0703 3812 atapi - ok 15:45:37.0703 3812 Atdisk - ok 15:45:37.0796 3812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:45:38.0328 3812 Atmarpc - ok 15:45:39.0078 3812 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 15:45:39.0328 3812 AudioSrv - ok 15:45:39.0406 3812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 15:45:39.0656 3812 audstub - ok 15:45:40.0828 3812 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 15:45:42.0234 3812 BCM43XX - ok 15:45:42.0312 3812 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 15:45:42.0500 3812 bcm4sbxp - ok 15:45:44.0515 3812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 15:45:44.0921 3812 Beep - ok 15:45:45.0625 3812 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 15:45:46.0156 3812 BITS - ok 15:45:46.0828 3812 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 15:45:46.0968 3812 Bonjour Service - ok 15:45:47.0718 3812 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 15:45:48.0078 3812 Browser - ok 15:45:49.0484 3812 Browser Defender Update Service (ce37210c345f6c8b019625a1fbc8a011) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe 15:45:50.0953 3812 Browser Defender Update Service - ok 15:45:53.0406 3812 BTKRNL (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 15:45:54.0703 3812 BTKRNL ( UnsignedFile.Multi.Generic ) - warning 15:45:54.0703 3812 BTKRNL - detected UnsignedFile.Multi.Generic (1) 15:45:56.0359 3812 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys 15:45:59.0234 3812 BTSERIAL ( UnsignedFile.Multi.Generic ) - warning 15:45:59.0234 3812 BTSERIAL - detected UnsignedFile.Multi.Generic (1) 15:46:20.0734 3812 btwdins (3a462eba453d84d036046772104cfbcb) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 15:46:21.0265 3812 btwdins ( UnsignedFile.Multi.Generic ) - warning 15:46:21.0265 3812 btwdins - detected UnsignedFile.Multi.Generic (1) 15:46:55.0781 3812 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys 15:47:04.0500 3812 BTWUSB ( UnsignedFile.Multi.Generic ) - warning 15:47:04.0500 3812 BTWUSB - detected UnsignedFile.Multi.Generic (1) 15:47:07.0234 3812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 15:47:17.0500 3812 cbidf2k - ok 15:47:17.0500 3812 cd20xrnt - ok 15:47:18.0687 3812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 15:47:19.0062 3812 Cdaudio - ok 15:47:20.0453 3812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 15:47:20.0921 3812 Cdfs - ok 15:47:21.0937 3812 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:47:23.0984 3812 Cdrom - ok 15:47:24.0734 3812 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys 15:47:25.0156 3812 cercsr6 ( UnsignedFile.Multi.Generic ) - warning 15:47:25.0156 3812 cercsr6 - detected UnsignedFile.Multi.Generic (1) 15:47:25.0156 3812 Changer - ok 15:47:26.0250 3812 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 15:47:26.0671 3812 CiSvc - ok 15:47:30.0765 3812 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 15:47:31.0265 3812 ClipSrv - ok 15:47:35.0265 3812 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:47:35.0703 3812 clr_optimization_v2.0.50727_32 - ok 15:47:37.0843 3812 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 15:47:38.0171 3812 CmBatt - ok 15:47:38.0187 3812 CmdIde - ok 15:47:39.0656 3812 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 15:47:39.0890 3812 Compbatt - ok 15:47:39.0890 3812 COMSysApp - ok 15:47:39.0906 3812 Cpqarray - ok 15:47:42.0171 3812 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 15:47:42.0546 3812 CryptSvc - ok 15:47:42.0546 3812 dac2w2k - ok 15:47:42.0562 3812 dac960nt - ok 15:48:07.0203 3812 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 15:48:08.0312 3812 DcomLaunch - ok 15:48:10.0031 3812 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 15:48:19.0843 3812 Dhcp - ok 15:48:26.0546 3812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 15:48:27.0062 3812 Disk - ok 15:48:27.0125 3812 dlci_device - ok 15:48:27.0125 3812 dmadmin - ok 15:49:03.0718 3812 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 15:49:06.0531 3812 dmboot - ok 15:49:06.0609 3812 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 15:49:08.0359 3812 dmio - ok 15:49:08.0453 3812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 15:49:08.0937 3812 dmload - ok 15:49:09.0062 3812 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 15:49:09.0328 3812 dmserver - ok 15:49:09.0390 3812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 15:49:09.0765 3812 DMusic - ok 15:49:10.0015 3812 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 15:49:10.0453 3812 Dnscache - ok 15:49:10.0640 3812 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 15:49:10.0953 3812 Dot3svc - ok 15:49:10.0953 3812 dpti2o - ok 15:49:11.0046 3812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 15:49:11.0281 3812 drmkaud - ok 15:49:11.0656 3812 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 15:49:11.0875 3812 EapHost - ok 15:49:13.0562 3812 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe 15:49:15.0015 3812 ehRecvr - ok 15:49:15.0843 3812 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe 15:49:15.0984 3812 ehSched - ok 15:49:16.0156 3812 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 15:49:16.0375 3812 ERSvc - ok 15:49:17.0812 3812 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 15:49:17.0937 3812 Eventlog - ok 15:49:22.0875 3812 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 15:49:37.0968 3812 EventSystem - ok 15:49:38.0578 3812 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 15:49:38.0859 3812 Fastfat - ok 15:49:40.0671 3812 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 15:49:40.0906 3812 FastUserSwitchingCompatibility - ok 15:49:41.0156 3812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 15:49:41.0375 3812 Fdc - ok 15:49:42.0328 3812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 15:49:42.0734 3812 Fips - ok 15:49:44.0953 3812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 15:49:45.0421 3812 Flpydisk - ok 15:49:49.0734 3812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 15:49:51.0609 3812 FltMgr - ok 15:49:53.0000 3812 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 15:49:53.0109 3812 FontCache3.0.0.0 - ok 15:49:53.0187 3812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:49:53.0421 3812 Fs_Rec - ok 15:49:53.0906 3812 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:49:54.0234 3812 Ftdisk - ok 15:49:54.0343 3812 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 15:49:54.0390 3812 GEARAspiWDM - ok 15:49:54.0671 3812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:49:56.0984 3812 Gpc - ok 15:50:04.0250 3812 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 15:50:06.0437 3812 gupdate - ok 15:50:06.0656 3812 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 15:50:08.0718 3812 gupdatem - ok 15:50:11.0562 3812 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 15:50:14.0218 3812 gusvc - ok 15:50:15.0000 3812 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 15:50:16.0015 3812 HDAudBus - ok 15:51:12.0156 3812 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 15:52:15.0593 3812 helpsvc - ok 15:52:54.0015 3812 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 15:52:54.0500 3812 HidServ - ok 15:53:06.0125 3812 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 15:53:06.0703 3812 hidusb - ok 15:53:17.0484 3812 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 15:53:17.0937 3812 hkmsvc - ok 15:53:17.0937 3812 hpn - ok 15:53:29.0796 3812 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 15:53:30.0046 3812 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 15:53:30.0125 3812 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 15:53:39.0078 3812 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 15:53:39.0296 3812 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 15:53:39.0296 3812 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 15:53:41.0656 3812 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 15:53:42.0453 3812 HPZid412 - ok 15:53:42.0515 3812 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 15:53:42.0953 3812 HPZipr12 - ok 15:53:43.0109 3812 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 15:53:43.0687 3812 HPZius12 - ok 15:53:44.0234 3812 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys 15:53:44.0890 3812 HSF_DPV - ok 15:53:45.0000 3812 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys 15:53:45.0578 3812 HSXHWAZL - ok 15:53:45.0765 3812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 15:53:46.0234 3812 HTTP - ok 15:53:46.0640 3812 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 15:53:47.0046 3812 HTTPFilter - ok 15:53:47.0046 3812 i2omgmt - ok 15:53:47.0046 3812 i2omp - ok 15:53:52.0859 3812 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:53:53.0203 3812 i8042prt - ok 15:54:15.0140 3812 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 15:54:20.0968 3812 ialm - ok 15:55:32.0906 3812 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:55:35.0203 3812 idsvc - ok 15:55:45.0703 3812 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 15:55:53.0125 3812 Imapi - ok 15:55:54.0703 3812 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 15:55:55.0390 3812 ImapiService - ok 15:55:55.0406 3812 ini910u - ok 15:55:55.0437 3812 IntelIde - ok 15:55:55.0531 3812 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 15:55:56.0562 3812 intelppm - ok 15:55:56.0593 3812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 15:55:57.0343 3812 Ip6Fw - ok 15:55:57.0390 3812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:55:57.0640 3812 IpFilterDriver - ok 15:55:57.0718 3812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:55:58.0109 3812 IpInIp - ok 15:55:58.0703 3812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:55:59.0125 3812 IpNat - ok 15:56:02.0421 3812 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe 15:56:03.0031 3812 iPod Service - ok 15:56:03.0187 3812 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:56:03.0453 3812 IPSec - ok 15:56:03.0484 3812 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 15:56:03.0796 3812 IRENUM - ok 15:56:04.0000 3812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:56:04.0375 3812 isapnp - ok 15:56:04.0921 3812 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe 15:56:05.0015 3812 JavaQuickStarterService - ok 15:56:05.0093 3812 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:56:05.0421 3812 Kbdclass - ok 15:56:05.0468 3812 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 15:56:05.0734 3812 kbdhid - ok 15:56:06.0093 3812 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 15:56:07.0281 3812 kmixer - ok 15:56:08.0093 3812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 15:56:08.0437 3812 KSecDD - ok 15:56:08.0593 3812 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 15:56:08.0781 3812 lanmanserver - ok 15:56:09.0000 3812 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 15:56:09.0187 3812 lanmanworkstation - ok 15:56:09.0203 3812 lbrtfdc - ok 15:56:09.0312 3812 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 15:56:09.0484 3812 LmHosts - ok 15:56:10.0343 3812 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe 15:56:23.0593 3812 McComponentHostService - ok 15:56:24.0171 3812 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe 15:56:24.0343 3812 McrdSvc - ok 15:56:24.0500 3812 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 15:56:24.0625 3812 mdmxsdk - ok 15:56:24.0765 3812 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 15:56:25.0812 3812 Messenger - ok 15:56:26.0000 3812 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll 15:56:26.0078 3812 MHN ( UnsignedFile.Multi.Generic ) - warning 15:56:26.0078 3812 MHN - detected UnsignedFile.Multi.Generic (1) 15:56:26.0109 3812 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 15:56:26.0156 3812 MHNDRV ( UnsignedFile.Multi.Generic ) - warning 15:56:26.0156 3812 MHNDRV - detected UnsignedFile.Multi.Generic (1) 15:56:26.0187 3812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 15:56:26.0390 3812 mnmdd - ok 15:56:26.0500 3812 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 15:56:26.0750 3812 mnmsrvc - ok 15:56:26.0953 3812 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 15:56:27.0187 3812 Modem - ok 15:56:27.0296 3812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:56:27.0515 3812 Mouclass - ok 15:56:27.0625 3812 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 15:56:27.0859 3812 mouhid - ok 15:56:28.0000 3812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 15:56:28.0234 3812 MountMgr - ok 15:56:28.0703 3812 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 15:56:28.0859 3812 MozillaMaintenance - ok 15:56:28.0859 3812 mraid35x - ok 15:56:29.0421 3812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:56:29.0812 3812 MRxDAV - ok 15:56:30.0531 3812 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:56:31.0406 3812 MRxSmb - ok 15:56:31.0484 3812 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 15:56:31.0812 3812 MSDTC - ok 15:56:31.0953 3812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 15:56:32.0156 3812 Msfs - ok 15:56:32.0156 3812 MSIServer - ok 15:56:32.0187 3812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:56:32.0390 3812 MSKSSRV - ok 15:56:32.0406 3812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:56:32.0578 3812 MSPCLOCK - ok 15:56:32.0718 3812 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 15:56:32.0968 3812 MSPQM - ok 15:56:33.0078 3812 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:56:33.0312 3812 mssmbios - ok 15:56:33.0578 3812 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 15:56:33.0750 3812 Mup - ok 15:56:34.0515 3812 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 15:56:34.0875 3812 napagent - ok 15:56:35.0078 3812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 15:56:35.0343 3812 NDIS - ok 15:56:35.0437 3812 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:56:35.0625 3812 NdisTapi - ok 15:56:35.0687 3812 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:56:35.0859 3812 Ndisuio - ok 15:56:36.0062 3812 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:56:36.0265 3812 NdisWan - ok 15:56:37.0203 3812 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 15:56:37.0359 3812 NDProxy - ok 15:56:37.0562 3812 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll 15:56:37.0656 3812 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 15:56:37.0656 3812 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 15:56:37.0765 3812 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 15:56:38.0171 3812 NetBIOS - ok 15:56:38.0515 3812 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 15:56:38.0765 3812 NetBT - ok 15:56:38.0906 3812 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 15:56:39.0187 3812 NetDDE - ok 15:56:39.0187 3812 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 15:56:39.0390 3812 NetDDEdsdm - ok 15:56:39.0515 3812 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:56:39.0687 3812 Netlogon - ok 15:56:40.0328 3812 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 15:56:40.0546 3812 Netman - ok 15:56:41.0125 3812 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:56:41.0265 3812 NetTcpPortSharing - ok 15:56:41.0437 3812 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 15:56:41.0671 3812 NIC1394 - ok 15:56:42.0000 3812 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 15:56:42.0140 3812 Nla - ok 15:56:42.0906 3812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 15:56:43.0109 3812 Npfs - ok 15:56:44.0453 3812 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 15:56:45.0156 3812 Ntfs - ok 15:56:45.0156 3812 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:56:45.0312 3812 NtLmSsp - ok 15:56:46.0187 3812 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 15:56:46.0625 3812 NtmsSvc - ok 15:56:46.0671 3812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 15:56:46.0953 3812 Null - ok 15:56:46.0984 3812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:56:47.0312 3812 NwlnkFlt - ok 15:56:47.0359 3812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:56:47.0656 3812 NwlnkFwd - ok 15:56:47.0750 3812 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 15:56:48.0812 3812 ohci1394 - ok 15:56:48.0968 3812 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 15:56:49.0031 3812 OMCI ( UnsignedFile.Multi.Generic ) - warning 15:56:49.0031 3812 OMCI - detected UnsignedFile.Multi.Generic (1) 15:56:49.0687 3812 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:56:49.0843 3812 ose - ok 15:56:50.0093 3812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 15:56:50.0437 3812 Parport - ok 15:56:50.0484 3812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 15:56:50.0750 3812 PartMgr - ok 15:56:50.0875 3812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 15:56:51.0156 3812 ParVdm - ok 15:56:51.0703 3812 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms 15:56:52.0281 3812 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok 15:56:52.0390 3812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 15:56:53.0015 3812 PCI - ok 15:56:53.0046 3812 PCIDump - ok 15:56:53.0078 3812 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 15:56:53.0781 3812 PCIIde - ok 15:56:54.0343 3812 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 15:56:55.0125 3812 Pcmcia - ok 15:56:55.0562 3812 PCTAppEvent (00caa3faad97916b9299c20e30b336f2) C:\WINDOWS\system32\drivers\PCTAppEvent.sys 15:56:55.0687 3812 PCTAppEvent - ok 15:56:55.0843 3812 PCTBD (c6f3106f935dc7a93d131dae8744f805) C:\WINDOWS\system32\Drivers\PCTBD.sys 15:56:56.0828 3812 PCTBD - ok 15:56:58.0531 3812 PCTCore (f7da28f2ab6cd32b2f76ee96edad8f20) C:\WINDOWS\system32\drivers\PCTCore.sys 15:56:58.0734 3812 PCTCore - ok 15:56:59.0328 3812 pctDS (3c9fd593e95b98c642b4486cd122c2fb) C:\WINDOWS\system32\drivers\pctDS.sys 15:56:59.0453 3812 pctDS - ok 15:57:01.0265 3812 pctEFA (db6b6e47165b9647b215ceeb4db33b87) C:\WINDOWS\system32\drivers\pctEFA.sys 15:57:01.0890 3812 pctEFA - ok 15:57:02.0140 3812 PCTFW-PacketFilter (054526743b36d659c3e3d20710b99361) C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys 15:57:02.0250 3812 PCTFW-PacketFilter - ok 15:57:05.0078 3812 pctgntdi (44f1a3783bfb232117210a1ca7458f29) C:\WINDOWS\system32\drivers\pctgntdi.sys 15:57:05.0359 3812 pctgntdi - ok 15:57:05.0656 3812 pctNdis (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys 15:57:05.0750 3812 pctNdis - ok 15:57:05.0750 3812 pctNdisMP (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys 15:57:06.0000 3812 pctNdisMP - ok 15:57:06.0500 3812 pctplfw (d4d98ad14e2cf1103151f5b2fff9878d) C:\WINDOWS\system32\drivers\pctplfw.sys 15:57:06.0656 3812 pctplfw - ok 15:57:06.0906 3812 pctplsg (e0ad22bc7e8147e669d5cb894fc02df1) C:\WINDOWS\system32\drivers\pctplsg.sys 15:57:06.0953 3812 pctplsg - ok 15:57:07.0343 3812 PCTSD (4ef1f03db9064459b9019a19a860db89) C:\WINDOWS\system32\Drivers\PCTSD.sys 15:57:07.0500 3812 PCTSD - ok 15:57:07.0515 3812 PDCOMP - ok 15:57:07.0515 3812 PDFRAME - ok 15:57:07.0515 3812 PDRELI - ok 15:57:07.0531 3812 PDRFRAME - ok 15:57:07.0562 3812 perc2 - ok 15:57:07.0578 3812 perc2hib - ok 15:57:08.0046 3812 pgsql-8.3 (acc93675d78d1c07dad09d7837f2397a) C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe 15:57:08.0171 3812 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - warning 15:57:08.0171 3812 pgsql-8.3 - detected UnsignedFile.Multi.Generic (1) 15:57:09.0015 3812 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 15:57:09.0187 3812 PlugPlay - ok 15:57:09.0406 3812 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll 15:57:09.0453 3812 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 15:57:09.0468 3812 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 15:57:09.0578 3812 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:57:09.0796 3812 PolicyAgent - ok 15:57:10.0031 3812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:57:10.0250 3812 PptpMiniport - ok 15:57:10.0265 3812 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:57:11.0296 3812 ProtectedStorage - ok 15:57:12.0781 3812 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 15:57:12.0984 3812 PSched - ok 15:57:13.0125 3812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:57:13.0328 3812 Ptilink - ok 15:57:13.0500 3812 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 15:57:13.0625 3812 PxHelp20 - ok 15:57:13.0625 3812 ql1080 - ok 15:57:13.0640 3812 Ql10wnt - ok 15:57:13.0640 3812 ql12160 - ok 15:57:13.0640 3812 ql1240 - ok 15:57:13.0656 3812 ql1280 - ok 15:57:13.0765 3812 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:57:13.0953 3812 RasAcd - ok 15:57:14.0234 3812 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 15:57:14.0453 3812 RasAuto - ok 15:57:14.0531 3812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:57:14.0875 3812 Rasl2tp - ok 15:57:15.0265 3812 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 15:57:15.0531 3812 RasMan - ok 15:57:15.0718 3812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:57:15.0937 3812 RasPppoe - ok 15:57:16.0062 3812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 15:57:17.0296 3812 Raspti - ok 15:57:17.0906 3812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:57:18.0203 3812 Rdbss - ok 15:57:18.0281 3812 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:57:18.0468 3812 RDPCDD - ok 15:57:18.0890 3812 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 15:57:19.0093 3812 rdpdr - ok 15:57:19.0343 3812 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys 15:57:19.0546 3812 RDPWD - ok 15:57:19.0828 3812 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 15:57:20.0171 3812 RDSessMgr - ok 15:57:20.0484 3812 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 15:57:20.0671 3812 redbook - ok 15:57:20.0937 3812 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 15:57:21.0140 3812 RemoteAccess - ok 15:57:21.0546 3812 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 15:57:21.0812 3812 RemoteRegistry - ok 15:57:21.0953 3812 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 15:57:22.0218 3812 rimmptsk - ok 15:57:23.0156 3812 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 15:57:23.0343 3812 rimsptsk - ok 15:57:23.0531 3812 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 15:57:23.0703 3812 rismxdp - ok 15:57:23.0937 3812 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 15:57:24.0156 3812 RpcLocator - ok 15:57:24.0765 3812 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 15:57:24.0984 3812 RpcSs - ok 15:57:25.0609 3812 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 15:57:26.0015 3812 RSVP - ok 15:57:26.0125 3812 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:57:26.0328 3812 SamSs - ok 15:57:26.0687 3812 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 15:57:26.0921 3812 SCardSvr - ok 15:57:27.0531 3812 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 15:57:27.0859 3812 Schedule - ok 15:57:29.0187 3812 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools Security\pctsAuxs.exe 15:57:29.0312 3812 sdAuxService - ok 15:57:29.0781 3812 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 15:57:29.0968 3812 sdbus - ok 15:57:32.0171 3812 sdCoreService (44323c0bcbffa66a7a90e93f5d027999) C:\Program Files\PC Tools Security\pctsSvc.exe 15:57:32.0781 3812 sdCoreService - ok 15:57:32.0859 3812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:57:33.0046 3812 Secdrv - ok 15:57:33.0187 3812 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 15:57:33.0343 3812 seclogon - ok 15:57:33.0390 3812 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 15:57:33.0578 3812 SENS - ok 15:57:33.0859 3812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 15:57:34.0359 3812 Serial - ok 15:57:34.0468 3812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 15:57:34.0734 3812 Sfloppy - ok 15:57:35.0093 3812 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 15:57:35.0281 3812 ShellHWDetection - ok 15:57:35.0281 3812 Simbad - ok 15:57:35.0296 3812 Sparrow - ok 15:57:35.0359 3812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 15:57:35.0562 3812 splitter - ok 15:57:35.0812 3812 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 15:57:36.0000 3812 Spooler - ok 15:57:36.0187 3812 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 15:57:36.0515 3812 sr - ok 15:57:37.0062 3812 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 15:57:37.0296 3812 srservice - ok 15:57:37.0859 3812 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 15:57:38.0515 3812 Srv - ok 15:57:38.0734 3812 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 15:57:39.0265 3812 SSDPSRV - ok 15:57:41.0984 3812 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys 15:57:42.0656 3812 STHDA - ok 15:57:43.0109 3812 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 15:57:43.0765 3812 stisvc - ok 15:57:43.0906 3812 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 15:57:44.0125 3812 swenum - ok 15:57:44.0218 3812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 15:57:44.0484 3812 swmidi - ok 15:57:44.0546 3812 SwPrv - ok 15:57:44.0546 3812 symc810 - ok 15:57:44.0562 3812 symc8xx - ok 15:57:44.0562 3812 sym_hi - ok 15:57:44.0578 3812 sym_u3 - ok 15:57:45.0968 3812 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys 15:57:46.0281 3812 SynTP - ok 15:57:46.0406 3812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 15:57:46.0750 3812 sysaudio - ok 15:57:47.0250 3812 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 15:57:47.0500 3812 SysmonLog - ok 15:57:47.0625 3812 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 15:57:47.0937 3812 TapiSrv - ok 15:57:50.0109 3812 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:57:50.0484 3812 Tcpip - ok 15:57:50.0593 3812 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 15:57:51.0640 3812 TDPIPE - ok 15:57:51.0812 3812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 15:57:52.0125 3812 TDTCP - ok 15:57:52.0250 3812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 15:57:52.0500 3812 TermDD - ok 15:57:54.0500 3812 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 15:57:54.0859 3812 TermService - ok 15:57:55.0125 3812 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\WINDOWS\system32\drivers\TfFsMon.sys 15:57:55.0500 3812 TfFsMon - ok 15:57:55.0593 3812 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\WINDOWS\system32\drivers\TfNetMon.sys 15:57:55.0671 3812 TfNetMon - ok 15:57:56.0203 3812 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\WINDOWS\system32\drivers\TfSysMon.sys 15:57:58.0218 3812 TFSysMon - ok 15:57:58.0515 3812 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 15:57:58.0671 3812 Themes - ok 15:57:58.0906 3812 ThreatFire - ok 15:57:59.0218 3812 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 15:57:59.0437 3812 TlntSvr - ok 15:57:59.0453 3812 TosIde - ok 15:57:59.0656 3812 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 15:57:59.0875 3812 TrkWks - ok 15:58:00.0031 3812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 15:58:00.0234 3812 Udfs - ok 15:58:00.0250 3812 UIUSys - ok 15:58:00.0281 3812 ultra - ok 15:58:00.0453 3812 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe 15:58:00.0609 3812 UMWdf - ok 15:58:00.0875 3812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 15:58:01.0328 3812 Update - ok 15:58:01.0875 3812 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 15:58:02.0093 3812 upnphost - ok 15:58:02.0187 3812 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 15:58:02.0921 3812 UPS - ok 15:58:03.0046 3812 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 15:58:03.0343 3812 USBAAPL - ok 15:58:03.0515 3812 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:58:03.0765 3812 usbccgp - ok 15:58:03.0937 3812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 15:58:04.0156 3812 usbehci - ok 15:58:04.0312 3812 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:58:04.0515 3812 usbhub - ok 15:58:04.0718 3812 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 15:58:04.0921 3812 usbprint - ok 15:58:04.0984 3812 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 15:58:05.0250 3812 usbscan - ok 15:58:05.0593 3812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:58:05.0937 3812 USBSTOR - ok 15:58:05.0968 3812 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 15:58:06.0140 3812 usbuhci - ok 15:58:06.0218 3812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 15:58:06.0421 3812 VgaSave - ok 15:58:06.0421 3812 ViaIde - ok 15:58:07.0484 3812 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 15:58:07.0843 3812 VolSnap - ok 15:58:08.0562 3812 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 15:58:09.0015 3812 VSS - ok 15:58:09.0203 3812 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 15:58:09.0546 3812 W32Time - ok 15:58:09.0734 3812 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:58:09.0953 3812 Wanarp - ok 15:58:09.0968 3812 WDICA - ok 15:58:10.0562 3812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 15:58:10.0765 3812 wdmaud - ok 15:58:10.0890 3812 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 15:58:11.0093 3812 WebClient - ok 15:58:12.0281 3812 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 15:58:14.0515 3812 winachsf - ok 15:58:15.0265 3812 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 15:58:15.0468 3812 winmgmt - ok 15:58:15.0531 3812 wltrysvc - ok 15:58:15.0687 3812 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll 15:58:15.0781 3812 WmdmPmSN - ok 15:58:16.0468 3812 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 15:58:16.0953 3812 Wmi - ok 15:58:17.0421 3812 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 15:58:17.0703 3812 WmiAcpi - ok 15:58:18.0500 3812 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 15:58:18.0718 3812 WmiApSrv - ok 15:58:18.0812 3812 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 15:58:19.0062 3812 WS2IFSL - ok 15:58:19.0171 3812 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 15:58:19.0468 3812 wuauserv - ok 15:58:20.0843 3812 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 15:58:21.0187 3812 WZCSVC - ok 15:58:21.0281 3812 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 15:58:21.0515 3812 xmlprov - ok 15:58:21.0593 3812 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 15:58:21.0796 3812 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 15:58:21.0828 3812 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 15:58:22.0218 3812 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 15:58:22.0218 3812 \Device\Harddisk0\DR0 - detected TDSS File System (1) 15:58:22.0250 3812 Boot (0x1200) (233eaa7b0831b0bb12f233e2d94bfac4) \Device\Harddisk0\DR0\Partition0 15:58:22.0281 3812 \Device\Harddisk0\DR0\Partition0 - ok 15:58:22.0281 3812 ============================================================ 15:58:22.0281 3812 Scan finished 15:58:22.0281 3812 ============================================================ 15:58:23.0125 5748 Detected object count: 15 15:58:23.0140 5748 Actual detected object count: 15 15:59:48.0859 5748 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:48.0859 5748 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:48.0859 5748 BTSERIAL ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:48.0859 5748 BTSERIAL ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:48.0859 5748 btwdins ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:48.0859 5748 btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:48.0859 5748 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:48.0859 5748 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:48.0859 5748 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:48.0859 5748 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:48.0859 5748 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:48.0859 5748 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:48.0875 5748 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:48.0875 5748 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:48.0875 5748 MHN ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:48.0875 5748 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:48.0875 5748 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:48.0875 5748 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:48.0875 5748 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:48.0875 5748 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:48.0875 5748 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:48.0875 5748 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:48.0875 5748 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:48.0875 5748 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:48.0875 5748 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:48.0875 5748 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:51.0000 5748 \Device\Harddisk0\DR0\# - copied to quarantine 15:59:51.0046 5748 \Device\Harddisk0\DR0 - copied to quarantine 15:59:51.0140 5748 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 15:59:51.0156 5748 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 15:59:51.0171 5748 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 15:59:51.0234 5748 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 15:59:51.0234 5748 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 15:59:51.0265 5748 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 15:59:51.0359 5748 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 15:59:51.0375 5748 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 15:59:51.0375 5748 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 15:59:51.0375 5748 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 15:59:51.0390 5748 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 15:59:51.0390 5748 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 15:59:51.0406 5748 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 15:59:51.0406 5748 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 15:59:51.0437 5748 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 15:59:51.0468 5748 \Device\Harddisk0\DR0 - ok 15:59:51.0562 5748 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 15:59:51.0562 5748 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 15:59:51.0562 5748 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 16:00:15.0765 4556 Deinitialize success Should I download Malwarebytes Anti-Malware or just run a scan with Spyware Doctor?
  7. Hello, Recently I've been hearing random ad sounds in the background. They seem to come up randomly. I've scanned using latest Spyware Doctor but the sounds are still there. Any help would be greatly appreciated. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31 Run by Mk at 0:13:29 on 2012-07-23 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.160 [GMT -7:00] . AV: PC Tools Internet Security Anti-Virus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FW: PC Tools Internet Security Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\dlcicoms.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\PC Tools Security\pctsAuxs.exe C:\Program Files\PC Tools Security\pctsSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Creative\Mixer\CTSVolFE.exe svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\stsystra.exe C:\Program Files\PC Tools Security\pctsGui.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PC Tools Security\TFEngine\TFService.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\taskmgr.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uWindow Title = Gdooey Mae uSearch Bar = hxxp://search.jzip.com/sidebar.html?src=ssb&sysid=102 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://search.jzip.com/sidebar.html?src=ssb&sysid=102 mSearchAssistant = hxxp://search.jzip.com/sidebar.html?src=ssb&sysid=102 uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: !{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {00000000-0000-0000-0000-000000000000} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US uRun: [Google Update] "c:\documents and settings\mk\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [Zip] wscript.exe /E:vbs C:\autoexec.bat mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [DLCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCItime.dll,_RunDLLEntry@16 mRun: [iSTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll LSP: mswsock.dll DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2449264F-C2CC-4357-91B0-0AC9A26F81C2} : DhcpNameServer = 192.168.1.254 Notify: igfxcui - igfxdev.dll AppInit_DLLs: . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\mk\application data\mozilla\firefox\profiles\jzj6y0gg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q= FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\mk\application data\mozilla\firefox\profiles\jzj6y0gg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\np-mswmp.dll FF - plugin: c:\documents and settings\mk\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false ============= SERVICES / DRIVERS =============== . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-3-3 383368] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-3-3 342168] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-3-3 909728] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-7-21 54328] R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-7-21 574424] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-3-3 254912] R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-7-21 203088] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2012-7-21 575448] R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?] R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-3-3 162584] R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-7-21 70768] R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2012-7-21 91648] R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2012-7-21 57536] R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2012-7-21 125888] R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-3-3 70536] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-7-21 35264] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-28 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250056] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-28 136176] S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-3-22 21744] S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2012-7-21 57536] . =============== Created Last 30 ================ . 2012-07-21 22:26:18 -------- d-----w- c:\documents and settings\mk\application data\Spam Monitor 2012-07-21 22:07:56 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys 2012-07-21 22:07:55 767960 ----a-w- c:\windows\BDTSupport.dll 2012-07-21 22:07:55 149464 ----a-w- c:\windows\SGDetectionTool.dll 2012-07-21 22:07:54 2267096 ----a-w- c:\windows\PCTBDCore.dll 2012-07-21 22:07:54 1681368 ----a-w- c:\windows\PCTBDRes.dll 2012-07-21 22:06:11 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-07-21 22:06:11 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys 2012-07-21 22:06:00 574424 ----a-w- c:\windows\system32\drivers\TfSysMon.sys 2012-07-21 22:06:00 54328 ----a-w- c:\windows\system32\drivers\TfFsMon.sys 2012-07-21 22:06:00 35264 ----a-w- c:\windows\system32\drivers\TfNetMon.sys 2012-07-21 22:05:24 91648 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys 2012-07-21 22:05:24 32936 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys 2012-07-21 22:05:23 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys 2012-07-21 22:05:23 125888 ----a-w- c:\windows\system32\drivers\pctplfw.sys 2012-07-21 21:59:40 -------- d-----w- c:\documents and settings\mk\application data\TestApp . ==================== Find3M ==================== . 2012-07-18 08:06:24 952 --sha-w- c:\windows\system32\KGyGaAvL.sys 2012-07-12 13:54:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-12 13:54:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-18 10:13:08 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-05-18 10:13:08 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 18:14:44 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2012-05-11 18:08:46 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec 2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: TOSHIBA_MK8034GSX rev.AH301D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x864CA4B1]<< c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x864d193c]; MOV EAX, [0x864d1ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x86D58AB8] 3 CLASSPNP[0xF769DFD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x86D6C9F0] 5 PCTCore[0xF740D82D] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\00000077[0x86D5E9E8] 7 ACPI[0xF74F4620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x86D5ED98] \Driver\atapi[0x86683120] -> IRP_MJ_CREATE -> 0x864CA4B1 error: Read A device attached to the system is not functioning. kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x864CA2E2 user & kernel MBR OK copy of MBR has been found in sector 146352150 Warning: possible TDL3 rootkit infection ! . ============= FINISH: 0:28:05.33 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 10/1/2010 4:10:42 PM System Uptime: 7/22/2012 5:42:48 PM (7 hours ago) . Motherboard: Dell Inc. | | 0MG532 Processor: Genuine Intel® CPU T2050 @ 1.60GHz | Microprocessor | 798/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 68 GiB total, 7.806 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP410: 5/7/2012 4:31:54 AM - System Checkpoint RP411: 5/8/2012 9:18:34 PM - Software Distribution Service 3.0 RP412: 5/10/2012 4:01:59 AM - System Checkpoint RP413: 5/13/2012 9:56:46 PM - Software Distribution Service 3.0 RP414: 5/16/2012 12:35:42 AM - System Checkpoint RP415: 5/19/2012 12:09:54 AM - System Checkpoint RP416: 5/20/2012 1:21:02 AM - Installed HP Product Detection RP417: 5/20/2012 1:21:24 AM - Installed Hewlett-Packard ACLM.NET v1.1.0.0. RP418: 5/21/2012 6:09:55 PM - System Checkpoint RP419: 5/22/2012 3:01:12 AM - Software Distribution Service 3.0 RP420: 5/22/2012 3:22:41 AM - Software Distribution Service 3.0 RP421: 5/28/2012 9:09:39 PM - System Checkpoint RP422: 6/2/2012 2:58:31 PM - System Checkpoint RP423: 6/4/2012 9:27:23 PM - Software Distribution Service 3.0 RP424: 6/7/2012 9:35:07 AM - System Checkpoint RP425: 6/9/2012 10:59:27 PM - System Checkpoint RP426: 6/12/2012 2:42:14 PM - System Checkpoint RP427: 6/13/2012 8:40:01 AM - Software Distribution Service 3.0 RP428: 6/14/2012 3:35:48 PM - System Checkpoint RP429: 6/16/2012 8:30:46 AM - System Checkpoint RP430: 6/17/2012 7:37:32 PM - System Checkpoint RP431: 6/17/2012 8:20:21 PM - Installed QuickTime RP432: 6/19/2012 8:08:29 PM - System Checkpoint RP433: 6/20/2012 10:27:54 PM - System Checkpoint RP434: 6/25/2012 8:12:32 PM - System Checkpoint RP435: 6/27/2012 7:32:15 AM - System Checkpoint RP436: 6/29/2012 6:14:53 AM - System Checkpoint RP437: 7/1/2012 12:04:17 PM - System Checkpoint RP438: 7/3/2012 12:23:38 PM - System Checkpoint RP439: 7/4/2012 3:40:31 PM - System Checkpoint RP440: 7/7/2012 8:24:24 AM - System Checkpoint RP441: 7/8/2012 12:19:16 PM - System Checkpoint RP442: 7/9/2012 5:03:04 PM - System Checkpoint RP443: 7/11/2012 7:22:50 AM - Software Distribution Service 3.0 RP444: 7/12/2012 6:07:02 PM - System Checkpoint RP445: 7/13/2012 7:45:57 PM - System Checkpoint RP446: 7/16/2012 12:29:56 AM - System Checkpoint RP447: 7/17/2012 2:03:10 AM - System Checkpoint RP448: 7/18/2012 11:45:26 PM - System Checkpoint RP449: 7/20/2012 6:28:21 PM - System Checkpoint . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) AIM 7 Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour Browser Guard 4.0 BufferChm Compatibility Pack for the 2007 Office system Conexant HDA D110 MDC V.92 Modem Copy Corel Paint Shop Pro Photo XI Dell Driver Download Manager Dell ResourceCD Dell Support Center Dell Wireless WLAN Card Destinations DeviceDiscovery DivX Setup DJ_AIO_05_F4400_Software_Min Download Updater (AOL LLC) ESPNMotion F4400 GemMaster Mystic Google Chrome Google Earth Google Update Helper Google Updater GPBaseService2 Hewlett-Packard ACLM.NET v1.1.0.0 High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB981793) HP Customer Participation Program 13.0 HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 HP Imaging Device Functions 13.0 HP Print Projects 1.0 HP Product Detection HP Smart Web Printing 4.5 HP Solution Center 13.0 HP Update hpPrintProjects HPProductAssistant HPSSupply hpWLPGInstaller Intel® Graphics Media Accelerator Driver iTunes Java Auto Updater Java 6 Update 31 jZip MarketResearch McAfee Security Scan Plus Microsoft .NET Framework 1.0 Hotfix (KB2572066) Microsoft .NET Framework 1.0 Hotfix (KB2604042) Microsoft .NET Framework 1.0 Hotfix (KB2656378) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Office File Validation Add-In Microsoft Office Small Business Edition 2003 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mixer MobileMe Control Panel Modem Helper Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) Norton Security Scan Otto PC Tools Internet Security 9.0 PokerStove version 1.23 PokerTracker 3 (remove only) PostgreSQL 8.3 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Safari Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2482017) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2497640) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2530548) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544521) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2559049) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2586448) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) Shop for HP Supplies SigmaTel Audio SmartWebPrinting SolutionCenter Sonic Encoders Status StreamTorrent 1.0 Synaptics Pointing Device Driver Toolbox TrayApp Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 VC80CRTRedist - 8.0.50727.4053 Veetle TV 0.9.18 VLC media player 1.1.11 vShare.tv plugin 1.3 WebFldrs XP WebReg WIDCOMM Bluetooth Software Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 8 Windows Media Format Runtime Windows Media Player Firefox Plugin Windows XP Media Center Edition 2005 KB2502898 Windows XP Media Center Edition 2005 KB2619340 Windows XP Media Center Edition 2005 KB2628259 Windows XP Media Center Edition 2005 KB908250 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 . ==== Event Viewer Messages From Past Week ======== . 7/21/2012 4:34:13 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 7/21/2012 3:26:45 PM, error: PCTCore [280] - 7/21/2012 1:40:11 PM, error: Dhcp [1008] - Your computer was unable to initialize a Network Interface attached to the system. The error code is: Insufficient system resources exist to complete the requested service. . 7/17/2012 6:16:40 PM, error: NetBT [4321] - The name "HOME :0" could not be registered on the Interface with IP address 192.168.1.70. The machine with the IP address 192.168.1.73 did not allow the name to be claimed by this machine. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.