Jump to content

Spartan_fan98

Honorary Members
 View Profile  See their activity

  • Posts

    21

  • Joined

  • Last visited

 Content Type 

Everything posted by Spartan_fan98

  1. Spartan_fan98
    When I run Microsoft Update, it comes back with 0 High Priority, 11 Software - Optional and 2 Hardware, Optional.
  2. Spartan_fan98
    When I run that program I get: No entries found in Update History
  3. Spartan_fan98
    Okay ran Fix-it with default and aggressive settings. Rebooted then did windows update on custom scan, all the updates were optional.
  4. Spartan_fan98
    Okay, I have Flash Player, Adobe Reader and Java all sorted out and updated per your instructions.
  5. Spartan_fan98
    MBAM log: Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.24.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Ray :: SCOTT1 [administrator] Protection: Disabled 8/24/2012 9:22:26 AM mbam-log-2012-08-24 (09-22-26).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 216866 Time elapsed: 5 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) I can also get to Google search now. Before it would just time out.
  6. Spartan_fan98
    FSS results: Farbar Service Scanner Version: 06-08-2012 Ran by Ray (administrator) on 24-08-2012 at 09:18:19 Running from "C:\Documents and Settings\Ray\desktop" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\windows\system32\dhcpcsvc.dll => MD5 is legit C:\windows\system32\Drivers\afd.sys => MD5 is legit C:\windows\system32\Drivers\netbt.sys => MD5 is legit C:\windows\system32\Drivers\tcpip.sys => MD5 is legit C:\windows\system32\Drivers\ipsec.sys => MD5 is legit C:\windows\system32\dnsrslvr.dll => MD5 is legit C:\windows\system32\ipnathlp.dll => MD5 is legit C:\windows\system32\netman.dll => MD5 is legit C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\windows\system32\srsvc.dll => MD5 is legit C:\windows\system32\Drivers\sr.sys => MD5 is legit C:\windows\system32\wscsvc.dll => MD5 is legit C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\windows\system32\wuauserv.dll => MD5 is legit C:\windows\system32\qmgr.dll => MD5 is legit C:\windows\system32\es.dll => MD5 is legit C:\windows\system32\cryptsvc.dll => MD5 is legit C:\windows\system32\svchost.exe => MD5 is legit C:\windows\system32\rpcss.dll => MD5 is legit C:\windows\system32\services.exe => MD5 is legit Extra List: ======= aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 0x080000000500000001000000020000000300000004000000080000000600000007000000 IpSec Tag value is correct. **** End of log **** Will run MBAM next.
  7. Spartan_fan98
    Avast found the following: C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0001.dta High Threat: MBR: Alureon-B [Rtk] C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0003.dta High Threat: Win32:Alureon-MJ@mbr [Rtk] C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0004.dta High Threat: Win32:Malware-gen C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0005.dta High Threat: Win32:Rootkit-gen [Rtk] C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0006.dta High Threat: Win32:Rootkit-gen [Rtk] C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0009.dta High Threat: MBR: Alureon-B [Rtk] C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk00001.dta High Threat: Win32: Rootkit-gen [Rtk] C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0001.dta High Threat: Win64: Alureon-B@mbr [Rtk] I have left Avast on the Scan Results screen because you did not say to let Avast clean those out. I did not want to do anything else before I let you know those results. Let me know if I should let Avast delete those files.
  8. Spartan_fan98
    I also restarted and turned Avast back on and I'm no longer getting messages in Avast regarding malicious URL's being repelled.
  9. Spartan_fan98
    Okay, installed combo-fix.exe and ran it. Here is the report: ComboFix 12-08-22.03 - Ray 08/23/2012 13:26:39.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.572 [GMT -4:00] Running from: c:\documents and settings\Ray\Desktop\Combo-Fix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Ray\System c:\documents and settings\Ray\System\win_qs8.jqx c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 ))))))))))))))))))))))))))))))) . . 2012-08-23 16:27 . 2012-08-23 16:27 -------- d-----w- c:\program files\ERUNT 2012-08-23 15:11 . 2012-08-23 15:11 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-23 15:06 . 2012-08-23 15:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer 2012-08-15 13:56 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-10 16:47 . 2012-08-10 16:47 -------- d-----w- c:\program files\iPod 2012-08-10 16:47 . 2012-08-10 16:48 -------- d-----w- c:\program files\iTunes 2012-08-10 16:47 . 2012-08-10 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2012-08-10 16:44 . 2012-08-10 16:44 -------- d-----w- c:\program files\Apple Software Update 2012-08-10 16:37 . 2012-08-10 16:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2012-08-10 16:36 . 2012-08-10 16:36 -------- d-----w- c:\program files\Bonjour . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-21 09:13 . 2011-04-12 16:43 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-08-21 09:13 . 2009-05-10 04:37 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-08-21 09:13 . 2009-05-10 04:37 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-08-21 09:13 . 2009-05-10 04:37 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-08-21 09:13 . 2009-05-10 04:37 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-08-21 09:13 . 2009-05-10 04:37 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-08-21 09:13 . 2009-05-10 04:37 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-08-21 09:13 . 2009-05-10 04:37 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-08-21 09:12 . 2010-07-06 04:24 41224 ----a-w- c:\windows\avastSS.scr 2012-08-21 09:12 . 2009-05-10 04:37 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-08-15 05:14 . 2012-07-06 14:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-15 05:14 . 2012-07-06 14:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-11 16:31 . 2009-05-16 06:23 81920 -c--a-w- c:\windows\ALCFDRTM.VER 2012-07-06 13:58 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05 . 2009-05-10 03:26 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-02 17:49 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 21:35 . 2008-10-16 21:07 222448 ----a-w- c:\windows\system32\muweb.dll 2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 19:19 . 2008-10-16 21:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 19:19 . 2009-05-10 03:27 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 19:19 . 2009-05-10 03:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 19:19 . 2009-05-10 03:27 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 19:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 19:19 . 2009-05-10 03:27 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 19:19 . 2009-05-10 03:27 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 19:19 . 2008-10-16 21:09 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 19:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 19:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 19:19 . 2008-10-16 21:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 19:19 . 2009-05-10 03:27 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 19:19 . 2009-05-10 03:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 19:18 . 2009-05-16 04:40 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 19:18 . 2009-05-16 04:40 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2010-12-13 19:53 . 2010-12-13 19:53 9163464 ----a-w- c:\program files\Common Files\lpuninstall.exe 2010-12-07 18:48 . 2010-12-07 18:48 288568 -c--a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2012-07-26 18:39 . 2011-05-04 13:25 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:12 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016] "AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intel AppUp(SM) center] 2011-03-07 15:50 933 -c--a-w- c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor] 2011-11-12 16:04 268640 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 21:18 413696 -c--a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "InstallVCOM"=c:\windows\system32\InstallVCOM.exe "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "HotKeysCmds"=c:\windows\system32\hkcmd.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/18/2010 3:46 PM 691696] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/12/2011 12:43 PM 729752] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/10/2009 12:37 AM 355632] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/10/2009 12:37 AM 21256] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/15/2012 9:56 AM 655944] R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [1/14/2011 1:35 PM 196912] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/15/2012 9:56 AM 22344] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/14/2010 10:54 AM 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/6/2012 10:21 AM 250056] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [7/2/2009 8:53 PM 18560] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4/14/2010 10:36 AM 36608] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/14/2010 10:54 AM 135664] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/21/2012 1:53 PM 113120] S3 XE102Mp5;XE102Mp5 NDIS Protocol Driver;c:\windows\system32\drivers\XE102Mp5.sys [12/20/2009 1:04 PM 21120] S3 XE102Sp5;XE102Sp5 NDIS Protocol Driver;c:\windows\system32\drivers\XE102Sp5.sys [12/20/2009 1:04 PM 18176] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - DMADMIN *Deregistered* - TrueSight . Contents of the 'Scheduled Tasks' folder . 2012-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 05:14] . 2012-08-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2012-08-23 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-02 09:12] . 2012-08-23 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2011-05-24 13:43] . 2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 14:54] . 2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 14:54] . 2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1202660629-725345543-1004Core.job - c:\documents and settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 03:24] . 2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1202660629-725345543-1004UA.job - c:\documents and settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 03:24] . 2012-08-23 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2012-07-06 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://isearch.glarysoft.com/?src=iehome mStart Page = hxxp://isearch.glarysoft.com/?src=iehome uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms TCP: DhcpNameServer = 64.233.217.5 64.233.217.2 DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - ProfilePath - c:\documents and settings\Ray\Application Data\Mozilla\Firefox\Profiles\mg3y7ybz.default\ FF - prefs.js: browser.startup.homepage - about:home . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) SafeBoot-58483566.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-23 13:38 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2012-08-23 13:41:56 ComboFix-quarantined-files.txt 2012-08-23 17:41 . Pre-Run: 218,301,607,936 bytes free Post-Run: 220,416,376,832 bytes free . - - End Of File - - 68140897E9D793214FBB3B2A137B0DC5
  10. Spartan_fan98
    Okay, installed and ran Listparts. Here is the report: ListParts by Farbar Version: 10-08-2012 Ran by Ray (administrator) on 23-08-2012 at 12:51:47 Windows XP (X86) Running From: C:\Documents and Settings\Ray\desktop Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 55% Total physical RAM: 1015.29 MB Available physical RAM: 454.21 MB Total Pagefile: 2442 MB Available Pagefile: 2006.02 MB Total Virtual: 2047.88 MB Available Virtual: 2003.38 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:244.14 GB) (Free:203.4 GB) NTFS 2 Drive d: (Storage) (Fixed) (Total:221.61 GB) (Free:155.83 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 466 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 244 GB 32 KB Partition 2 Extended 222 GB 244 GB Partition 3 Logical 222 GB 244 GB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 244 GB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No
  11. Spartan_fan98
    Installed ERUNT and made the back-up folder for the registry files and backed everything up. Ran Rogue Killer again. Here is the report: RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Ray [Admin rights] Mode: Scan -- Date: 08/23/2012 12:33:47 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 1 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ IRP[iRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E9B40) IRP[iRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E9B40) IRP[iRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E9B40) IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E9B40) IRP[iRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E9B40) IRP[iRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E9B40) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com [...] ¤¤¤ MBR Check: ¤¤¤
  12. Spartan_fan98
    Ran RKill, here is the report: Rkill 2.3.1 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 08/23/2012 12:23:41 PM in x86 mode. Windows Version: Windows XP Service Pack 3 Checking for Windows services to stop. * No malware services found to stop. Checking for processes to terminate. * No malware processes found to kill. Checking Registry for malware related settings. * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks. * No issues found. Checking Windows Service Integrity: * Background Intelligent Transfer Service (BITS) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Program finished at: 08/23/2012 12:24:23 PM Execution time: 0 hours(s), 0 minute(s), and 41 seconds(s) I will now download ERUNT.
  13. Spartan_fan98
    Yes, let's keep going with cleaning the system.
  14. Spartan_fan98
    So at this point it's clean, but I should probably reformat my harddrive? I'm guessing I'll need to take it somewhere to do that.
  15. Spartan_fan98
    Okay, ran TDSSKILLER. Here is the report file: 11:10:25.0218 2632 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03 11:10:26.0109 2632 ============================================================ 11:10:26.0109 2632 Current date / time: 2012/08/23 11:10:26.0109 11:10:26.0109 2632 SystemInfo: 11:10:26.0109 2632 11:10:26.0109 2632 OS Version: 5.1.2600 ServicePack: 3.0 11:10:26.0109 2632 Product type: Workstation 11:10:26.0109 2632 ComputerName: SCOTT1 11:10:26.0109 2632 UserName: Ray 11:10:26.0109 2632 Windows directory: C:\windows 11:10:26.0109 2632 System windows directory: C:\windows 11:10:26.0109 2632 Processor architecture: Intel x86 11:10:26.0109 2632 Number of processors: 2 11:10:26.0109 2632 Page size: 0x1000 11:10:26.0109 2632 Boot type: Normal boot 11:10:26.0109 2632 ============================================================ 11:10:30.0468 2632 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054 11:10:30.0906 2632 ============================================================ 11:10:30.0906 2632 \Device\Harddisk0\DR0: 11:10:30.0921 2632 MBR partitions: 11:10:30.0921 2632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1E846621 11:10:30.0953 2632 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E84669F, BlocksNum 0x1BB3A6E1 11:10:30.0953 2632 ============================================================ 11:10:31.0015 2632 C: <-> \Device\Harddisk0\DR0\Partition1 11:10:31.0078 2632 D: <-> \Device\Harddisk0\DR0\Partition2 11:10:31.0281 2632 ============================================================ 11:10:31.0281 2632 Initialize success 11:10:31.0281 2632 ============================================================ 11:10:50.0750 3704 ============================================================ 11:10:50.0750 3704 Scan started 11:10:50.0750 3704 Mode: Manual; 11:10:50.0750 3704 ============================================================ 11:10:54.0625 3704 ================ Scan system memory ======================== 11:10:54.0625 3704 System memory - ok 11:10:54.0625 3704 ================ Scan services ============================= 11:10:54.0812 3704 [ 0B27AE82C113D3687024D18459440426 ] Aavmker4 C:\windows\system32\drivers\Aavmker4.sys 11:10:54.0828 3704 Aavmker4 - ok 11:10:54.0828 3704 Abiosdsk - ok 11:10:54.0843 3704 abp480n5 - ok 11:10:54.0875 3704 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys 11:10:54.0875 3704 ACPI - ok 11:10:54.0921 3704 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\windows\system32\drivers\ACPIEC.sys 11:10:54.0921 3704 ACPIEC - ok 11:10:55.0031 3704 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 11:10:55.0031 3704 AdobeFlashPlayerUpdateSvc - ok 11:10:55.0031 3704 adpu160m - ok 11:10:55.0078 3704 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\windows\system32\drivers\aec.sys 11:10:55.0078 3704 aec - ok 11:10:55.0109 3704 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\windows\System32\drivers\afd.sys 11:10:55.0125 3704 AFD - ok 11:10:55.0125 3704 Aha154x - ok 11:10:55.0140 3704 aic78u2 - ok 11:10:55.0140 3704 aic78xx - ok 11:10:55.0171 3704 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\windows\system32\alrsvc.dll 11:10:55.0171 3704 Alerter - ok 11:10:55.0187 3704 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\windows\System32\alg.exe 11:10:55.0203 3704 ALG - ok 11:10:55.0203 3704 AliIde - ok 11:10:55.0203 3704 amsint - ok 11:10:55.0296 3704 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 11:10:55.0296 3704 Apple Mobile Device - ok 11:10:55.0328 3704 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\windows\System32\appmgmts.dll 11:10:55.0343 3704 AppMgmt - ok 11:10:55.0343 3704 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\windows\system32\DRIVERS\arp1394.sys 11:10:55.0343 3704 Arp1394 - ok 11:10:55.0359 3704 asc - ok 11:10:55.0359 3704 asc3350p - ok 11:10:55.0375 3704 asc3550 - ok 11:10:55.0453 3704 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 11:10:55.0453 3704 aspnet_state - ok 11:10:55.0484 3704 [ 1C1F3D6DDDC046C920C493A779649F66 ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys 11:10:55.0484 3704 aswFsBlk - ok 11:10:55.0500 3704 [ 9E912FE7B41650701EF2B227ACA440F3 ] aswMon2 C:\windows\system32\drivers\aswMon2.sys 11:10:55.0500 3704 aswMon2 - ok 11:10:55.0515 3704 [ 982E275D1C5801042FE94209FB0160FB ] aswRdr C:\windows\system32\drivers\aswRdr.sys 11:10:55.0531 3704 aswRdr - ok 11:10:55.0578 3704 [ 73DBCF808E00580F2A47F93DD9B03876 ] aswSnx C:\windows\system32\drivers\aswSnx.sys 11:10:55.0593 3704 aswSnx - ok 11:10:55.0609 3704 [ 6CBD7D3A33F498D09C831CDD732DA2E0 ] aswSP C:\windows\system32\drivers\aswSP.sys 11:10:55.0625 3704 aswSP - ok 11:10:55.0640 3704 [ 7109A9AA551F37CD168C02368465957E ] aswTdi C:\windows\system32\drivers\aswTdi.sys 11:10:55.0640 3704 aswTdi - ok 11:10:55.0656 3704 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 11:10:55.0656 3704 AsyncMac - ok 11:10:55.0671 3704 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\windows\system32\DRIVERS\atapi.sys 11:10:55.0671 3704 atapi - ok 11:10:55.0671 3704 Atdisk - ok 11:10:55.0687 3704 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\windows\system32\DRIVERS\atmarpc.sys 11:10:55.0703 3704 Atmarpc - ok 11:10:55.0734 3704 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\windows\System32\audiosrv.dll 11:10:55.0734 3704 AudioSrv - ok 11:10:55.0765 3704 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\windows\system32\DRIVERS\audstub.sys 11:10:55.0765 3704 audstub - ok 11:10:55.0812 3704 [ 2F7C0F3E39C45E0127FB78B2F18A41F3 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 11:10:55.0828 3704 avast! Antivirus - ok 11:10:55.0859 3704 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\windows\system32\drivers\Beep.sys 11:10:55.0859 3704 Beep - ok 11:10:55.0875 3704 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll 11:10:55.0968 3704 BITS - ok 11:10:56.0046 3704 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 11:10:56.0062 3704 Bonjour Service - ok 11:10:56.0093 3704 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\windows\System32\browser.dll 11:10:56.0093 3704 Browser - ok 11:10:56.0140 3704 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\windows\system32\drivers\cbidf2k.sys 11:10:56.0156 3704 cbidf2k - ok 11:10:56.0171 3704 cd20xrnt - ok 11:10:56.0187 3704 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\windows\system32\drivers\Cdaudio.sys 11:10:56.0203 3704 Cdaudio - ok 11:10:56.0218 3704 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\windows\system32\drivers\Cdfs.sys 11:10:56.0218 3704 Cdfs - ok 11:10:56.0265 3704 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\windows\system32\DRIVERS\cdrom.sys 11:10:56.0265 3704 Cdrom - ok 11:10:56.0281 3704 Changer - ok 11:10:56.0312 3704 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\windows\system32\cisvc.exe 11:10:56.0312 3704 CiSvc - ok 11:10:56.0328 3704 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\windows\system32\clipsrv.exe 11:10:56.0328 3704 ClipSrv - ok 11:10:56.0359 3704 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:10:56.0390 3704 clr_optimization_v2.0.50727_32 - ok 11:10:56.0390 3704 CmdIde - ok 11:10:56.0406 3704 COMSysApp - ok 11:10:56.0406 3704 Cpqarray - ok 11:10:56.0437 3704 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\windows\System32\cryptsvc.dll 11:10:56.0437 3704 CryptSvc - ok 11:10:56.0437 3704 dac2w2k - ok 11:10:56.0453 3704 dac960nt - ok 11:10:56.0484 3704 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\windows\system32\rpcss.dll 11:10:56.0515 3704 DcomLaunch - ok 11:10:56.0546 3704 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\windows\System32\dhcpcsvc.dll 11:10:56.0546 3704 Dhcp - ok 11:10:56.0546 3704 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\windows\system32\DRIVERS\disk.sys 11:10:56.0546 3704 Disk - ok 11:10:56.0562 3704 dmadmin - ok 11:10:56.0593 3704 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\windows\system32\drivers\dmboot.sys 11:10:56.0609 3704 dmboot - ok 11:10:56.0609 3704 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\windows\system32\drivers\dmio.sys 11:10:56.0625 3704 dmio - ok 11:10:56.0640 3704 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\windows\system32\drivers\dmload.sys 11:10:56.0640 3704 dmload - ok 11:10:56.0656 3704 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\windows\System32\dmserver.dll 11:10:56.0671 3704 dmserver - ok 11:10:56.0703 3704 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\windows\system32\drivers\DMusic.sys 11:10:56.0703 3704 DMusic - ok 11:10:56.0734 3704 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\windows\System32\dnsrslvr.dll 11:10:56.0734 3704 Dnscache - ok 11:10:56.0859 3704 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\windows\System32\dot3svc.dll 11:10:56.0859 3704 Dot3svc - ok 11:10:56.0875 3704 dpti2o - ok 11:10:56.0890 3704 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 11:10:56.0890 3704 drmkaud - ok 11:10:56.0937 3704 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\windows\System32\eapsvc.dll 11:10:56.0937 3704 EapHost - ok 11:10:56.0953 3704 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\windows\System32\ersvc.dll 11:10:56.0953 3704 ERSvc - ok 11:10:57.0000 3704 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\windows\system32\services.exe 11:10:57.0015 3704 Eventlog - ok 11:10:57.0046 3704 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll 11:10:57.0062 3704 EventSystem - ok 11:10:57.0093 3704 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\windows\system32\drivers\Fastfat.sys 11:10:57.0093 3704 Fastfat - ok 11:10:57.0125 3704 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll 11:10:57.0156 3704 FastUserSwitchingCompatibility - ok 11:10:57.0171 3704 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\windows\system32\drivers\Fdc.sys 11:10:57.0171 3704 Fdc - ok 11:10:57.0187 3704 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\windows\system32\drivers\Fips.sys 11:10:57.0187 3704 Fips - ok 11:10:57.0187 3704 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\windows\system32\drivers\Flpydisk.sys 11:10:57.0187 3704 Flpydisk - ok 11:10:57.0218 3704 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 11:10:57.0218 3704 FltMgr - ok 11:10:57.0265 3704 [ 8EFA9BFC940D9EB9348D9DAFB839FE25 ] FlyUsb C:\windows\system32\DRIVERS\FlyUsb.sys 11:10:57.0265 3704 FlyUsb - ok 11:10:57.0343 3704 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 11:10:57.0343 3704 FontCache3.0.0.0 - ok 11:10:57.0390 3704 [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS 11:10:57.0390 3704 FsUsbExDisk - ok 11:10:57.0406 3704 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 11:10:57.0406 3704 Fs_Rec - ok 11:10:57.0421 3704 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\windows\system32\DRIVERS\ftdisk.sys 11:10:57.0437 3704 Ftdisk - ok 11:10:57.0468 3704 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys 11:10:57.0484 3704 GEARAspiWDM - ok 11:10:57.0500 3704 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\windows\system32\DRIVERS\msgpc.sys 11:10:57.0500 3704 Gpc - ok 11:10:57.0531 3704 [ D956358054E99E6FFAC69CD87E893A89 ] grmnusb C:\windows\system32\drivers\grmnusb.sys 11:10:57.0546 3704 grmnusb - ok 11:10:57.0656 3704 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 11:10:57.0671 3704 gupdate - ok 11:10:57.0671 3704 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 11:10:57.0687 3704 gupdatem - ok 11:10:57.0703 3704 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys 11:10:57.0703 3704 HDAudBus - ok 11:10:57.0765 3704 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll 11:10:57.0765 3704 helpsvc - ok 11:10:57.0765 3704 HidServ - ok 11:10:57.0812 3704 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\windows\System32\kmsvc.dll 11:10:57.0812 3704 hkmsvc - ok 11:10:57.0828 3704 hpn - ok 11:10:57.0875 3704 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\windows\system32\Drivers\HTTP.sys 11:10:57.0875 3704 HTTP - ok 11:10:57.0921 3704 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\windows\System32\w3ssl.dll 11:10:57.0937 3704 HTTPFilter - ok 11:10:57.0953 3704 i2omgmt - ok 11:10:57.0953 3704 i2omp - ok 11:10:57.0968 3704 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys 11:10:57.0968 3704 i8042prt - ok 11:10:58.0031 3704 [ D4405BD2B6E95EFDC8E674ED4032874F ] ialm C:\windows\system32\DRIVERS\ialmnt5.sys 11:10:58.0062 3704 ialm - ok 11:10:58.0125 3704 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 11:10:58.0156 3704 idsvc - ok 11:10:58.0156 3704 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\windows\system32\DRIVERS\imapi.sys 11:10:58.0156 3704 Imapi - ok 11:10:58.0203 3704 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe 11:10:58.0250 3704 ImapiService - ok 11:10:58.0265 3704 ini910u - ok 11:10:58.0625 3704 [ A30685283F90AE02F1CD50972C6065E3 ] IntcAzAudAddService C:\windows\system32\drivers\RtkHDAud.sys 11:10:58.0750 3704 IntcAzAudAddService - ok 11:10:58.0796 3704 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\windows\system32\DRIVERS\intelide.sys 11:10:58.0812 3704 IntelIde - ok 11:10:58.0843 3704 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 11:10:58.0875 3704 intelppm - ok 11:10:58.0890 3704 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\windows\system32\drivers\ip6fw.sys 11:10:58.0890 3704 Ip6Fw - ok 11:10:58.0906 3704 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 11:10:58.0906 3704 IpFilterDriver - ok 11:10:58.0921 3704 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\windows\system32\DRIVERS\ipinip.sys 11:10:58.0937 3704 IpInIp - ok 11:10:58.0953 3704 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\windows\system32\DRIVERS\ipnat.sys 11:10:58.0953 3704 IpNat - ok 11:10:59.0000 3704 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 11:10:59.0031 3704 iPod Service - ok 11:10:59.0031 3704 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\windows\system32\DRIVERS\ipsec.sys 11:10:59.0046 3704 IPSec - ok 11:10:59.0078 3704 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\windows\system32\DRIVERS\irenum.sys 11:10:59.0093 3704 IRENUM - ok 11:10:59.0109 3704 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys 11:10:59.0109 3704 isapnp - ok 11:10:59.0203 3704 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe 11:10:59.0203 3704 JavaQuickStarterService - ok 11:10:59.0234 3704 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\windows\system32\DRIVERS\kbdclass.sys 11:10:59.0234 3704 Kbdclass - ok 11:10:59.0281 3704 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\windows\system32\drivers\kmixer.sys 11:10:59.0281 3704 kmixer - ok 11:10:59.0328 3704 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\windows\system32\drivers\KSecDD.sys 11:10:59.0328 3704 KSecDD - ok 11:10:59.0359 3704 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\windows\System32\srvsvc.dll 11:10:59.0375 3704 lanmanserver - ok 11:10:59.0406 3704 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\windows\System32\wkssvc.dll 11:10:59.0437 3704 lanmanworkstation - ok 11:10:59.0437 3704 lbrtfdc - ok 11:10:59.0625 3704 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe 11:10:59.0796 3704 LeapFrog Connect Device Service - ok 11:10:59.0828 3704 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\windows\System32\lmhsvc.dll 11:10:59.0843 3704 LmHosts - ok 11:10:59.0859 3704 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\windows\system32\drivers\mbam.sys 11:10:59.0859 3704 MBAMProtector - ok 11:10:59.0968 3704 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 11:11:00.0015 3704 MBAMService - ok 11:11:00.0156 3704 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe 11:11:00.0156 3704 McciCMService - ok 11:11:00.0250 3704 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 11:11:00.0281 3704 MDM - ok 11:11:00.0375 3704 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\windows\System32\msgsvc.dll 11:11:00.0390 3704 Messenger - ok 11:11:00.0453 3704 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\windows\system32\drivers\mnmdd.sys 11:11:00.0484 3704 mnmdd - ok 11:11:00.0546 3704 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 11:11:00.0562 3704 mnmsrvc - ok 11:11:00.0593 3704 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\windows\system32\drivers\Modem.sys 11:11:00.0593 3704 Modem - ok 11:11:00.0609 3704 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\windows\system32\DRIVERS\mouclass.sys 11:11:00.0625 3704 Mouclass - ok 11:11:00.0656 3704 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\windows\system32\drivers\MountMgr.sys 11:11:00.0656 3704 MountMgr - ok 11:11:00.0718 3704 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 11:11:00.0718 3704 MozillaMaintenance - ok 11:11:00.0734 3704 mraid35x - ok 11:11:00.0734 3704 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\windows\system32\DRIVERS\mrxdav.sys 11:11:00.0750 3704 MRxDAV - ok 11:11:00.0812 3704 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\windows\system32\DRIVERS\mrxsmb.sys 11:11:00.0828 3704 MRxSmb - ok 11:11:00.0859 3704 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe 11:11:00.0875 3704 MSDTC - ok 11:11:00.0921 3704 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\windows\system32\drivers\Msfs.sys 11:11:00.0921 3704 Msfs - ok 11:11:00.0921 3704 MSIServer - ok 11:11:01.0015 3704 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 11:11:01.0015 3704 MSKSSRV - ok 11:11:01.0109 3704 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 11:11:01.0140 3704 MSPCLOCK - ok 11:11:01.0156 3704 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\windows\system32\drivers\MSPQM.sys 11:11:01.0156 3704 MSPQM - ok 11:11:01.0218 3704 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys 11:11:01.0218 3704 mssmbios - ok 11:11:01.0265 3704 MSSQL$SONY_MEDIAMGR - ok 11:11:01.0343 3704 [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe 11:11:01.0343 3704 MSSQLServerADHelper - ok 11:11:01.0359 3704 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\windows\system32\drivers\Mup.sys 11:11:01.0375 3704 Mup - ok 11:11:01.0421 3704 [ 0102140028FAD045756796E1C685D695 ] napagent C:\windows\System32\qagentrt.dll 11:11:01.0437 3704 napagent - ok 11:11:01.0453 3704 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\windows\system32\drivers\NDIS.sys 11:11:01.0453 3704 NDIS - ok 11:11:01.0484 3704 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 11:11:01.0484 3704 NdisTapi - ok 11:11:01.0515 3704 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 11:11:01.0515 3704 Ndisuio - ok 11:11:01.0531 3704 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 11:11:01.0531 3704 NdisWan - ok 11:11:01.0562 3704 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\windows\system32\drivers\NDProxy.sys 11:11:01.0562 3704 NDProxy - ok 11:11:01.0562 3704 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 11:11:01.0578 3704 NetBIOS - ok 11:11:01.0609 3704 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\windows\system32\DRIVERS\netbt.sys 11:11:01.0609 3704 NetBT - ok 11:11:01.0640 3704 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\windows\system32\netdde.exe 11:11:01.0656 3704 NetDDE - ok 11:11:01.0656 3704 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\windows\system32\netdde.exe 11:11:01.0671 3704 NetDDEdsdm - ok 11:11:01.0703 3704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\windows\system32\lsass.exe 11:11:01.0718 3704 Netlogon - ok 11:11:01.0765 3704 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\windows\System32\netman.dll 11:11:01.0781 3704 Netman - ok 11:11:01.0812 3704 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 11:11:01.0828 3704 NetTcpPortSharing - ok 11:11:01.0843 3704 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\windows\system32\DRIVERS\nic1394.sys 11:11:01.0843 3704 NIC1394 - ok 11:11:01.0937 3704 [ 9CCBCA1FE056F67960C9420FCE635691 ] NitroReaderDriverReadSpool C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe 11:11:01.0953 3704 NitroReaderDriverReadSpool - ok 11:11:02.0031 3704 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\windows\System32\mswsock.dll 11:11:02.0046 3704 Nla - ok 11:11:02.0125 3704 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU C:\Program Files\CDBurnerXP\NMSAccessU.exe 11:11:02.0125 3704 NMSAccessU - ok 11:11:02.0140 3704 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\windows\system32\drivers\Npfs.sys 11:11:02.0140 3704 Npfs - ok 11:11:02.0218 3704 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\windows\system32\drivers\Ntfs.sys 11:11:02.0218 3704 Ntfs - ok 11:11:02.0234 3704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\windows\system32\lsass.exe 11:11:02.0234 3704 NtLmSsp - ok 11:11:02.0281 3704 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\windows\system32\ntmssvc.dll 11:11:02.0296 3704 NtmsSvc - ok 11:11:02.0328 3704 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\windows\system32\drivers\Null.sys 11:11:02.0328 3704 Null - ok 11:11:02.0359 3704 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\windows\system32\DRIVERS\nwlnkflt.sys 11:11:02.0375 3704 NwlnkFlt - ok 11:11:02.0375 3704 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\windows\system32\DRIVERS\nwlnkfwd.sys 11:11:02.0390 3704 NwlnkFwd - ok 11:11:02.0421 3704 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 11:11:02.0437 3704 odserv - ok 11:11:02.0453 3704 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys 11:11:02.0468 3704 ohci1394 - ok 11:11:02.0484 3704 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:11:02.0500 3704 ose - ok 11:11:02.0515 3704 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\windows\system32\DRIVERS\parport.sys 11:11:02.0515 3704 Parport - ok 11:11:02.0531 3704 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\windows\system32\drivers\PartMgr.sys 11:11:02.0546 3704 PartMgr - ok 11:11:02.0578 3704 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\windows\system32\drivers\ParVdm.sys 11:11:02.0593 3704 ParVdm - ok 11:11:02.0625 3704 pccsmcfd - ok 11:11:02.0640 3704 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\windows\system32\DRIVERS\pci.sys 11:11:02.0640 3704 PCI - ok 11:11:02.0656 3704 PCIDump - ok 11:11:02.0656 3704 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\windows\system32\drivers\PCIIde.sys 11:11:02.0656 3704 PCIIde - ok 11:11:02.0687 3704 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\windows\system32\drivers\Pcmcia.sys 11:11:02.0703 3704 Pcmcia - ok 11:11:02.0703 3704 PDCOMP - ok 11:11:02.0718 3704 PDFRAME - ok 11:11:02.0718 3704 PDRELI - ok 11:11:02.0718 3704 PDRFRAME - ok 11:11:02.0734 3704 perc2 - ok 11:11:02.0734 3704 perc2hib - ok 11:11:02.0765 3704 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\windows\system32\services.exe 11:11:02.0781 3704 PlugPlay - ok 11:11:02.0812 3704 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe 11:11:02.0828 3704 Pml Driver HPZ12 - ok 11:11:02.0828 3704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\windows\system32\lsass.exe 11:11:02.0843 3704 PolicyAgent - ok 11:11:02.0875 3704 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 11:11:02.0875 3704 PptpMiniport - ok 11:11:02.0890 3704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\windows\system32\lsass.exe 11:11:02.0890 3704 ProtectedStorage - ok 11:11:02.0906 3704 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\windows\system32\DRIVERS\psched.sys 11:11:02.0906 3704 PSched - ok 11:11:02.0937 3704 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\windows\system32\DRIVERS\ptilink.sys 11:11:02.0953 3704 Ptilink - ok 11:11:02.0953 3704 ql1080 - ok 11:11:02.0953 3704 Ql10wnt - ok 11:11:02.0968 3704 ql12160 - ok 11:11:02.0968 3704 ql1240 - ok 11:11:02.0984 3704 ql1280 - ok 11:11:02.0984 3704 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 11:11:02.0984 3704 RasAcd - ok 11:11:03.0015 3704 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\windows\System32\rasauto.dll 11:11:03.0031 3704 RasAuto - ok 11:11:03.0062 3704 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 11:11:03.0109 3704 Rasl2tp - ok 11:11:03.0140 3704 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\windows\System32\rasmans.dll 11:11:03.0156 3704 RasMan - ok 11:11:03.0171 3704 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 11:11:03.0171 3704 RasPppoe - ok 11:11:03.0187 3704 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\windows\system32\DRIVERS\raspti.sys 11:11:03.0187 3704 Raspti - ok 11:11:03.0250 3704 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\windows\system32\DRIVERS\rdbss.sys 11:11:03.0250 3704 Rdbss - ok 11:11:03.0250 3704 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 11:11:03.0250 3704 RDPCDD - ok 11:11:03.0265 3704 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\windows\system32\DRIVERS\rdpdr.sys 11:11:03.0296 3704 rdpdr - ok 11:11:03.0343 3704 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys 11:11:03.0359 3704 RDPWD - ok 11:11:03.0390 3704 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 11:11:03.0421 3704 RDSessMgr - ok 11:11:03.0437 3704 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\windows\system32\DRIVERS\redbook.sys 11:11:03.0453 3704 redbook - ok 11:11:03.0468 3704 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\windows\System32\mprdim.dll 11:11:03.0484 3704 RemoteAccess - ok 11:11:03.0500 3704 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\windows\system32\regsvc.dll 11:11:03.0515 3704 RemoteRegistry - ok 11:11:03.0546 3704 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\windows\system32\Drivers\RimUsb.sys 11:11:03.0562 3704 RimUsb - ok 11:11:03.0578 3704 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\windows\system32\locator.exe 11:11:03.0593 3704 RpcLocator - ok 11:11:03.0625 3704 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\windows\system32\rpcss.dll 11:11:03.0640 3704 RpcSs - ok 11:11:03.0703 3704 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\windows\system32\rsvp.exe 11:11:03.0750 3704 RSVP - ok 11:11:03.0765 3704 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\windows\system32\DRIVERS\RTL8139.SYS 11:11:03.0781 3704 rtl8139 - ok 11:11:03.0796 3704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\windows\system32\lsass.exe 11:11:03.0796 3704 SamSs - ok 11:11:03.0828 3704 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\windows\System32\SCardSvr.exe 11:11:03.0843 3704 SCardSvr - ok 11:11:03.0875 3704 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\windows\system32\schedsvc.dll 11:11:03.0906 3704 Schedule - ok 11:11:03.0937 3704 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\windows\system32\DRIVERS\secdrv.sys 11:11:03.0937 3704 Secdrv - ok 11:11:03.0968 3704 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\windows\System32\seclogon.dll 11:11:03.0984 3704 seclogon - ok 11:11:03.0984 3704 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\windows\system32\sens.dll 11:11:04.0000 3704 SENS - ok 11:11:04.0015 3704 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\windows\system32\drivers\Serial.sys 11:11:04.0015 3704 Serial - ok 11:11:04.0062 3704 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\windows\system32\drivers\Sfloppy.sys 11:11:04.0062 3704 Sfloppy - ok 11:11:04.0109 3704 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\windows\System32\ipnathlp.dll 11:11:04.0125 3704 SharedAccess - ok 11:11:04.0187 3704 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\windows\System32\shsvcs.dll 11:11:04.0187 3704 ShellHWDetection - ok 11:11:04.0203 3704 Simbad - ok 11:11:04.0203 3704 Sparrow - ok 11:11:04.0250 3704 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\windows\system32\drivers\splitter.sys 11:11:04.0250 3704 splitter - ok 11:11:04.0281 3704 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\windows\system32\spoolsv.exe 11:11:04.0296 3704 Spooler - ok 11:11:04.0343 3704 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\windows\system32\Drivers\sptd.sys 11:11:04.0343 3704 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505 11:11:04.0359 3704 sptd ( LockedFile.Multi.Generic ) - warning 11:11:04.0359 3704 sptd - detected LockedFile.Multi.Generic (1) 11:11:04.0359 3704 SQLAgent$SONY_MEDIAMGR - ok 11:11:04.0375 3704 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\windows\system32\DRIVERS\sr.sys 11:11:04.0390 3704 sr - ok 11:11:04.0421 3704 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll 11:11:04.0437 3704 srservice - ok 11:11:04.0453 3704 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\windows\system32\DRIVERS\srv.sys 11:11:04.0468 3704 Srv - ok 11:11:04.0484 3704 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 11:11:04.0500 3704 SSDPSRV - ok 11:11:04.0546 3704 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\windows\system32\DRIVERS\serscan.sys 11:11:04.0546 3704 StillCam - ok 11:11:04.0640 3704 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\windows\system32\wiaservc.dll 11:11:04.0703 3704 stisvc - ok 11:11:04.0734 3704 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\windows\system32\DRIVERS\swenum.sys 11:11:04.0734 3704 swenum - ok 11:11:04.0765 3704 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\windows\system32\drivers\swmidi.sys 11:11:04.0765 3704 swmidi - ok 11:11:04.0765 3704 SwPrv - ok 11:11:04.0781 3704 symc810 - ok 11:11:04.0781 3704 symc8xx - ok 11:11:04.0796 3704 sym_hi - ok 11:11:04.0796 3704 sym_u3 - ok 11:11:04.0843 3704 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\windows\system32\drivers\sysaudio.sys 11:11:04.0859 3704 sysaudio - ok 11:11:04.0890 3704 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\windows\system32\smlogsvc.exe 11:11:04.0906 3704 SysmonLog - ok 11:11:04.0953 3704 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\windows\System32\tapisrv.dll 11:11:04.0968 3704 TapiSrv - ok 11:11:05.0015 3704 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\windows\system32\DRIVERS\tcpip.sys 11:11:05.0031 3704 Tcpip - ok 11:11:05.0062 3704 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\windows\system32\drivers\TDPIPE.sys 11:11:05.0062 3704 TDPIPE - ok 11:11:05.0078 3704 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\windows\system32\drivers\TDTCP.sys 11:11:05.0093 3704 TDTCP - ok 11:11:05.0109 3704 [ 88155247177638048422893737429D9E ] TermDD C:\windows\system32\DRIVERS\termdd.sys 11:11:05.0125 3704 TermDD - ok 11:11:05.0156 3704 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\windows\System32\termsrv.dll 11:11:05.0203 3704 TermService - ok 11:11:05.0250 3704 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\windows\System32\shsvcs.dll 11:11:05.0250 3704 Themes - ok 11:11:05.0281 3704 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 11:11:05.0328 3704 TlntSvr - ok 11:11:05.0328 3704 TosIde - ok 11:11:05.0375 3704 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\windows\system32\trkwks.dll 11:11:05.0406 3704 TrkWks - ok 11:11:05.0468 3704 [ B3C9C35DC93563B8D19AD414EDF2FC82 ] TrueSight c:\windows\system32\drivers\TrueSight.sys 11:11:05.0468 3704 TrueSight - ok 11:11:05.0500 3704 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\windows\system32\drivers\Udfs.sys 11:11:05.0500 3704 Udfs - ok 11:11:05.0515 3704 ultra - ok 11:11:05.0562 3704 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\windows\system32\DRIVERS\update.sys 11:11:05.0578 3704 Update - ok 11:11:05.0609 3704 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\windows\System32\upnphost.dll 11:11:05.0625 3704 upnphost - ok 11:11:05.0640 3704 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\windows\System32\ups.exe 11:11:05.0656 3704 UPS - ok 11:11:05.0703 3704 [ 60A68A5EA173A97971EE9F1FF49EB2B3 ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys 11:11:05.0718 3704 USBAAPL - ok 11:11:05.0765 3704 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 11:11:05.0765 3704 usbccgp - ok 11:11:05.0781 3704 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys 11:11:05.0781 3704 usbehci - ok 11:11:05.0812 3704 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 11:11:05.0812 3704 usbhub - ok 11:11:05.0843 3704 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys 11:11:05.0859 3704 usbprint - ok 11:11:05.0875 3704 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys 11:11:05.0890 3704 usbscan - ok 11:11:05.0906 3704 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 11:11:05.0921 3704 USBSTOR - ok 11:11:05.0937 3704 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys 11:11:05.0937 3704 usbuhci - ok 11:11:05.0953 3704 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\windows\System32\drivers\vga.sys 11:11:05.0953 3704 VgaSave - ok 11:11:05.0953 3704 ViaIde - ok 11:11:06.0000 3704 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\windows\system32\drivers\VolSnap.sys 11:11:06.0000 3704 VolSnap - ok 11:11:06.0031 3704 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\windows\System32\vssvc.exe 11:11:06.0078 3704 VSS - ok 11:11:06.0093 3704 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll 11:11:06.0109 3704 W32Time - ok 11:11:06.0156 3704 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys 11:11:06.0156 3704 Wanarp - ok 11:11:06.0156 3704 WDICA - ok 11:11:06.0187 3704 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\windows\system32\drivers\wdmaud.sys 11:11:06.0187 3704 wdmaud - ok 11:11:06.0218 3704 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\windows\System32\webclnt.dll 11:11:06.0234 3704 WebClient - ok 11:11:06.0296 3704 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\windows\system32\wbem\WMIsvc.dll 11:11:06.0296 3704 winmgmt - ok 11:11:06.0343 3704 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 11:11:06.0343 3704 WmdmPmSN - ok 11:11:06.0390 3704 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\windows\System32\advapi32.dll 11:11:06.0406 3704 Wmi - ok 11:11:06.0437 3704 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 11:11:06.0453 3704 WmiApSrv - ok 11:11:06.0531 3704 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe 11:11:06.0562 3704 WMPNetworkSvc - ok 11:11:06.0609 3704 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\windows\system32\wscsvc.dll 11:11:06.0625 3704 wscsvc - ok 11:11:06.0656 3704 WSearch - ok 11:11:06.0687 3704 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\windows\system32\wuauserv.dll 11:11:06.0703 3704 wuauserv - ok 11:11:06.0734 3704 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\windows\system32\DRIVERS\WudfPf.sys 11:11:06.0750 3704 WudfPf - ok 11:11:06.0781 3704 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\windows\system32\DRIVERS\wudfrd.sys 11:11:06.0781 3704 WudfRd - ok 11:11:06.0796 3704 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\windows\System32\WUDFSvc.dll 11:11:06.0812 3704 WudfSvc - ok 11:11:06.0859 3704 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\windows\System32\wzcsvc.dll 11:11:06.0906 3704 WZCSVC - ok 11:11:06.0937 3704 [ 6D87C2DAD885A8A98B9D2AD680A4086E ] XE102Mp5 C:\windows\system32\Drivers\XE102Mp5.sys 11:11:06.0953 3704 XE102Mp5 - ok 11:11:07.0000 3704 [ 8368BD6DEE11A749B7DB2B64648DD0D4 ] XE102Sp5 C:\windows\system32\Drivers\XE102Sp5.sys 11:11:07.0000 3704 XE102Sp5 - ok 11:11:07.0031 3704 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\windows\System32\xmlprov.dll 11:11:07.0062 3704 xmlprov - ok 11:11:07.0078 3704 ================ Scan global =============================== 11:11:07.0109 3704 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\windows\system32\basesrv.dll 11:11:07.0140 3704 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll 11:11:07.0187 3704 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll 11:11:07.0234 3704 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\windows\system32\services.exe 11:11:07.0234 3704 [Global] - ok 11:11:07.0234 3704 ================ Scan MBR ================================== 11:11:07.0250 3704 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 11:11:07.0250 3704 Suspicious mbr (Forged): \Device\Harddisk0\DR0 11:11:07.0281 3704 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 11:11:07.0281 3704 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 11:11:07.0281 3704 ================ Scan VBR ================================== 11:11:07.0296 3704 [ 3513EDB8D179794C7208D8874233C52E ] \Device\Harddisk0\DR0\Partition1 11:11:07.0296 3704 \Device\Harddisk0\DR0\Partition1 - ok 11:11:07.0312 3704 [ FFF1261264F8869689AEF43AABCB0581 ] \Device\Harddisk0\DR0\Partition2 11:11:07.0312 3704 \Device\Harddisk0\DR0\Partition2 - ok 11:11:07.0312 3704 ============================================================ 11:11:07.0312 3704 Scan finished 11:11:07.0312 3704 ============================================================ 11:11:07.0328 1716 Detected object count: 2 11:11:07.0328 1716 Actual detected object count: 2 11:11:47.0171 1716 sptd ( LockedFile.Multi.Generic ) - skipped by user 11:11:47.0171 1716 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 11:11:48.0312 1716 \Device\Harddisk0\DR0\# - copied to quarantine 11:11:48.0312 1716 \Device\Harddisk0\DR0 - copied to quarantine 11:11:48.0343 1716 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 11:11:48.0359 1716 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 11:11:48.0359 1716 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 11:11:48.0375 1716 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 11:11:48.0375 1716 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 11:11:48.0421 1716 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 11:11:48.0453 1716 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 11:11:48.0453 1716 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 11:11:48.0453 1716 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 11:11:48.0468 1716 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 11:11:48.0562 1716 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 11:11:48.0562 1716 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 11:11:48.0578 1716 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 11:11:48.0578 1716 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 11:11:48.0593 1716 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 11:11:48.0593 1716 \Device\Harddisk0\DR0 - ok 11:11:49.0031 1716 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 11:12:43.0765 1152 Deinitialize success
  16. Spartan_fan98
    Ran RKill. Here are the results: Rkill 2.3.1 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 08/23/2012 10:53:55 AM in x86 mode. Windows Version: Windows XP Service Pack 3 Checking for Windows services to stop. * No malware services found to stop. Checking for processes to terminate. * C:\WINDOWS\system32\HPZipm12.exe (PID: 4012) [WD-HEUR] * C:\windows\system32\HPZinw12.exe (PID: 2076) [WD-HEUR] 2 proccesses terminated! Checking Registry for malware related settings. * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks. * No issues found. Checking Windows Service Integrity: * Background Intelligent Transfer Service (BITS) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Program finished at: 08/23/2012 10:54:59 AM Execution time: 0 hours(s), 1 minute(s), and 4 seconds(s) Will now run TDSSKILLER.
  17. Spartan_fan98
    Hello, I downloaded Rogue Killer and ran the .exe file. It goes through the prescan, then I click on scan. The program runs for a few minutes and then the computer reboots itself without the program finishing. It's done this three times when I try to run the program. Not sure what to do at this point.
  18. Spartan_fan98
    Okay, I found another spot to download DDS.scr and ran the program. Attach.txt results . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 5/9/2009 11:31:47 PM System Uptime: 8/21/2012 3:56:28 PM (18 hours ago) . Motherboard: ASUSTeK Computer INC. | | Goldfish2 Processor: Intel® Pentium® 4 CPU 3.00GHz | CPU 1 | 3000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 244 GiB total, 203.612 GiB free. D: is FIXED (NTFS) - 222 GiB total, 155.829 GiB free. E: is CDROM () F: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: PCI Simple Communications Controller Device ID: PCI\VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03\4&23C0B1C&0&28F0 Manufacturer: Name: PCI Simple Communications Controller PNP Device ID: PCI\VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03\4&23C0B1C&0&28F0 Service: . ==== System Restore Points =================== . RP1119: 5/24/2012 1:04:45 PM - System Checkpoint RP1120: 5/25/2012 2:04:43 PM - System Checkpoint RP1121: 5/26/2012 3:04:44 PM - System Checkpoint RP1122: 5/27/2012 3:52:43 PM - System Checkpoint RP1123: 5/28/2012 5:04:25 PM - System Checkpoint RP1124: 5/29/2012 5:52:25 PM - System Checkpoint RP1125: 5/30/2012 6:52:27 PM - System Checkpoint RP1126: 5/31/2012 9:06:57 PM - System Checkpoint RP1127: 6/3/2012 12:00:21 AM - System Checkpoint RP1128: 6/5/2012 12:00:23 PM - Software Distribution Service 3.0 RP1129: 6/6/2012 12:22:09 PM - System Checkpoint RP1130: 6/7/2012 1:22:09 PM - System Checkpoint RP1131: 6/8/2012 2:22:13 PM - System Checkpoint RP1132: 6/9/2012 3:22:10 PM - System Checkpoint RP1133: 6/10/2012 4:21:55 PM - System Checkpoint RP1134: 6/11/2012 5:21:54 PM - System Checkpoint RP1135: 6/12/2012 6:21:56 PM - System Checkpoint RP1136: 6/13/2012 7:21:53 PM - System Checkpoint RP1137: 6/14/2012 12:00:19 PM - Software Distribution Service 3.0 RP1138: 6/15/2012 12:36:51 PM - System Checkpoint RP1139: 6/16/2012 12:37:22 PM - System Checkpoint RP1140: 6/17/2012 1:34:09 PM - System Checkpoint RP1141: 6/18/2012 5:47:27 PM - System Checkpoint RP1142: 6/19/2012 6:25:07 PM - System Checkpoint RP1143: 6/20/2012 7:26:12 PM - System Checkpoint RP1144: 6/21/2012 8:25:06 PM - System Checkpoint RP1145: 6/22/2012 8:33:21 PM - System Checkpoint RP1146: 6/23/2012 9:33:19 PM - System Checkpoint RP1147: 6/24/2012 10:33:03 PM - System Checkpoint RP1148: 6/25/2012 11:33:06 PM - System Checkpoint RP1149: 6/27/2012 12:33:07 AM - System Checkpoint RP1150: 6/28/2012 1:33:31 AM - System Checkpoint RP1151: 6/29/2012 2:33:07 AM - System Checkpoint RP1152: 6/30/2012 2:58:43 AM - System Checkpoint RP1153: 7/1/2012 3:18:16 AM - System Checkpoint RP1154: 7/2/2012 4:16:21 AM - System Checkpoint RP1155: 7/3/2012 5:16:48 AM - System Checkpoint RP1156: 7/4/2012 5:40:34 AM - System Checkpoint RP1157: 7/5/2012 11:15:52 AM - System Checkpoint RP1158: 7/6/2012 10:37:27 AM - Software Distribution Service 3.0 RP1159: 7/7/2012 11:16:29 AM - System Checkpoint RP1160: 7/8/2012 11:40:28 AM - System Checkpoint RP1161: 7/9/2012 4:30:53 PM - System Checkpoint RP1162: 7/10/2012 4:52:30 PM - System Checkpoint RP1163: 7/11/2012 8:26:38 AM - Software Distribution Service 3.0 RP1164: 7/12/2012 10:40:38 AM - System Checkpoint RP1165: 7/13/2012 11:45:11 AM - System Checkpoint RP1166: 7/14/2012 12:06:29 PM - System Checkpoint RP1167: 7/15/2012 1:53:46 PM - System Checkpoint RP1168: 7/16/2012 5:20:26 PM - System Checkpoint RP1169: 7/17/2012 5:51:45 PM - System Checkpoint RP1170: 7/18/2012 6:51:46 PM - System Checkpoint RP1171: 7/19/2012 7:49:03 PM - System Checkpoint RP1172: 7/20/2012 8:46:14 PM - System Checkpoint RP1173: 7/21/2012 8:49:51 PM - System Checkpoint RP1174: 7/22/2012 9:48:21 PM - System Checkpoint RP1175: 7/23/2012 10:48:21 PM - System Checkpoint RP1176: 7/24/2012 11:48:22 PM - System Checkpoint RP1177: 7/26/2012 12:46:17 AM - System Checkpoint RP1178: 7/27/2012 1:23:12 AM - System Checkpoint RP1179: 7/28/2012 1:46:54 AM - System Checkpoint RP1180: 7/29/2012 3:14:52 AM - System Checkpoint RP1181: 7/30/2012 3:28:21 AM - System Checkpoint RP1182: 7/31/2012 4:22:55 AM - System Checkpoint RP1183: 8/1/2012 4:46:03 AM - System Checkpoint RP1184: 8/2/2012 12:24:53 PM - System Checkpoint RP1185: 8/3/2012 3:39:11 PM - System Checkpoint RP1186: 8/4/2012 4:04:50 PM - System Checkpoint RP1187: 8/5/2012 5:04:50 PM - System Checkpoint RP1188: 8/6/2012 5:11:15 PM - System Checkpoint RP1189: 8/7/2012 5:55:10 PM - System Checkpoint RP1190: 8/8/2012 6:55:10 PM - System Checkpoint RP1191: 8/9/2012 7:51:56 PM - System Checkpoint RP1192: 8/10/2012 12:45:34 PM - Installed iTunes RP1193: 8/11/2012 12:54:55 PM - System Checkpoint RP1194: 8/12/2012 1:54:54 PM - System Checkpoint RP1195: 8/13/2012 2:27:53 PM - System Checkpoint RP1196: 8/14/2012 5:14:25 PM - System Checkpoint RP1197: 8/15/2012 10:47:36 AM - OTL Restore Point - 8/15/2012 10:47:28 AM RP1198: 8/15/2012 12:01:04 PM - Software Distribution Service 3.0 RP1199: 8/16/2012 5:27:55 PM - System Checkpoint RP1200: 8/17/2012 5:35:50 PM - System Checkpoint RP1201: 8/18/2012 6:35:49 PM - System Checkpoint RP1202: 8/19/2012 7:35:50 PM - System Checkpoint RP1203: 8/20/2012 7:42:49 PM - System Checkpoint RP1204: 8/21/2012 8:01:11 PM - System Checkpoint . ==== Installed Programs ====================== . 2600 2600_Help 2600Trb ACID Pro 7.0 Acrobat.com Adobe Flash Player 11 Plugin Adobe Reader 9.5.1 Adobe Shockwave Player 11.6 AiO_Scan AiOSoftware Amazon MP3 Downloader 1.0.5 Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 1.2.6 avast! Free Antivirus Bonjour BufferChm CDBurnerXP Cohen - Medical Terminology Compatibility Pack for the 2007 Office system Copy Coupon Printer for Windows CP_AtenaShokunin1Config cp_dwShrek2Albums1 cp_dwShrek2Cards1 CreativeProjects CreativeProjectsTemplates Critical Update for Windows Media Player 11 (KB959772) CueTour Destinations Director DocProc DocumentViewer Fax Free M4a to MP3 Converter 6.0 Garmin Communicator Plugin Garmin USB Drivers Glary Utilities 2.46.0.1518 Google Chrome Google Earth Plug-in Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Extended Capabilities 4.7 HP Image Zone 4.7 HP Product Assistant HP PSC & OfficeJet 4.7 HP Software Update HPSystemDiagnostics Inkscape 0.46 InstantShare Intel AppUp(SM) center Intel® Graphics Media Accelerator Driver iTunes Java Auto Updater Java™ 6 Update 22 Java™ 6 Update 29 LastPass (uninstall only) LeapFrog Connect LeapFrog My Pals Plugin LeapFrog Tag Junior Plugin Malwarebytes Anti-Malware version 1.62.0.1300 MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Money 2007 Microsoft Money Shared Libraries Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office File Validation Add-In Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard Edition 2003 Microsoft Office Visio 2007 Service Pack 3 (SP3) Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NETGEAR XE102 Powerline Encryption Utility Nitro PDF Reader OpenOffice.org 3.3 PanoStandAlone PhotoGallery PrimoPDF -- brought to you by Nitro PDF Software ProductContext QFolder QuickTime Readme Realtek High Definition Audio Driver Scan ScannerCopy Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974455) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Silvestri Comp Review PN 4e SkinsHP1 Snapshot Viewer Sony ACID Pro 6.0 Sony Media Manager 2.2 Sony Vegas Pro 8.0 Spelling Dictionaries Support For Adobe Reader 9 Spybot - Search & Destroy swMSM TrayApp Unload Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB975364) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB976749) Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) VirtualCom driver Web Games Player Plugin WebEx WebFldrs XP WebReg Windows 7 Upgrade Advisor Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows Search 4.0 Windows XP Service Pack 3 Xtranormal State Xtranormal State - Showpak-Playgoz-Preview Xtranormal State - SoundPack-Starter Kit Xtranormal State - Voicepack-English-UK-Daniel Xtranormal State - Voicepack-English-UK-Serena Xtranormal State - Voicepack-English-US-Samantha Xtranormal State - Voicepack-English-US-Tom Xvid Video Codec . ==== Event Viewer Messages From Past Week ======== . 8/20/2012 11:40:11 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf84c92f, parameter3 f7192aac, parameter4 00000000. 8/15/2012 8:29:15 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service. 8/15/2012 10:16:31 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde . ==== End Of File =========================== DDS.txt results . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by Ray at 9:19:19 on 2012-08-22 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.22 [GMT -4:00] . AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\windows\system32\svchost -k DcomLaunch svchost.exe C:\windows\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\windows\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\HPZipm12.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\SearchIndexer.exe C:\windows\Explorer.EXE C:\windows\SOUNDMAN.EXE C:\windows\ALCWZRD.EXE C:\windows\ALCMTR.EXE C:\WINDOWS\system32\igfxtray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://isearch.glarysoft.com/?src=iehome uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome mDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome mStart Page = hxxp://isearch.glarysoft.com/?src=iehome uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Google Update] "c:\documents and settings\ray\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe" mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341584638406 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 64.233.217.5 64.233.217.2 TCP: Interfaces\{AD92C9BD-59F6-4350-8DFA-6B88E3525973} : DhcpNameServer = 64.233.217.5 64.233.217.2 Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\ray\application data\mozilla\firefox\profiles\mg3y7ybz.default\ FF - prefs.js: browser.startup.homepage - about:home FF - component: c:\documents and settings\ray\application data\mozilla\firefox\profiles\mg3y7ybz.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll FF - plugin: c:\documents and settings\ray\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol308.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-12 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-5-10 353688] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-10 21256] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-23 44808] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-15 655944] R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-1-14 196912] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-15 22344] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-6 250056] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-7-2 18560] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-4-14 36608] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-21 113120] S3 XE102Mp5;XE102Mp5 NDIS Protocol Driver;c:\windows\system32\drivers\XE102Mp5.sys [2009-12-20 21120] S3 XE102Sp5;XE102Sp5 NDIS Protocol Driver;c:\windows\system32\drivers\XE102Sp5.sys [2009-12-20 18176] . =============== Created Last 30 ================ . 2012-08-15 13:56:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-10 16:47:28 -------- d-----w- c:\program files\iPod 2012-08-10 16:47:17 -------- d-----w- c:\program files\iTunes 2012-08-10 16:47:17 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2012-08-10 16:36:50 -------- d-----w- c:\program files\Bonjour . ==================== Find3M ==================== . 2012-08-15 05:14:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-15 05:14:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-11 16:31:30 81920 -c--a-w- c:\windows\ALCFDRTM.VER 2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec 2012-06-07 00:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2010-12-13 19:53:56 9163464 ----a-w- c:\program files\common files\lpuninstall.exe . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: WDC_WD5000AAKS-00H2B0 rev.07.04C07 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x862884B1]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8628f93c]; MOV EAX, [0x8628fab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8649FAB8] 3 CLASSPNP[0xF75E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8635B798] \Driver\atapi[0x86324C08] -> IRP_MJ_CREATE -> 0x862884B1 error: Read A device attached to the system is not functioning. kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x862882E2 user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 9:22:35.01 ===============
  19. Spartan_fan98
    I haven't been helped yet. Thanks for hanging in there with me. I'm attempting to download the DDS files, however, the links are not working for me. The first link under tech support forum, when I click it takes me to a page that says the page I'm looking for cannot be found. The second link opens a window but stays a blank page. The third link comes back in spanish, I let google translate it and clicked the download button, but nothing happens.
  20. Spartan_fan98
    Bump for help
  21. Spartan_fan98
    I'm running Avast and I'm getting a repeat Malicious URL Repelled notice constantly. It says: Object: Http://colexity777.com/x/ or espeak911.com/x/ or 37.220.36.44/x/ URL: Mal Process: C\Windows\System32\svchost.exe I've run Malwarebytes Quickscan and it removed something, but the Malicious URL Repelled continues to occur. Need help, not sure how to fix this issue.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.