-
Posts
21 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Spartan_fan98
-
-
When I run that program I get: No entries found in Update History
-
Okay ran Fix-it with default and aggressive settings. Rebooted then did windows update on custom scan, all the updates were optional.
-
Okay, I have Flash Player, Adobe Reader and Java all sorted out and updated per your instructions.
-
MBAM log:
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.24.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ray :: SCOTT1 [administrator]
Protection: Disabled
8/24/2012 9:22:26 AM
mbam-log-2012-08-24 (09-22-26).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216866
Time elapsed: 5 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
I can also get to Google search now. Before it would just time out.
-
FSS results:
Farbar Service Scanner Version: 06-08-2012
Ran by Ray (administrator) on 24-08-2012 at 09:18:19
Running from "C:\Documents and Settings\Ray\desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\windows\system32\dhcpcsvc.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\Drivers\ipsec.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\netman.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\srsvc.dll => MD5 is legit
C:\windows\system32\Drivers\sr.sys => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuauserv.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.
**** End of log ****
Will run MBAM next.
-
Avast found the following:
C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0001.dta High Threat: MBR: Alureon-B [Rtk]
C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0003.dta High Threat: Win32:Alureon-MJ@mbr [Rtk]
C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0004.dta High Threat: Win32:Malware-gen
C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0005.dta High Threat: Win32:Rootkit-gen [Rtk]
C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0006.dta High Threat: Win32:Rootkit-gen [Rtk]
C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0009.dta High Threat: MBR: Alureon-B [Rtk]
C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk00001.dta High Threat: Win32: Rootkit-gen [Rtk]
C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0001.dta High Threat: Win64: Alureon-B@mbr [Rtk]
I have left Avast on the Scan Results screen because you did not say to let Avast clean those out. I did not want to do anything else before I let you know those results.
Let me know if I should let Avast delete those files.
-
I also restarted and turned Avast back on and I'm no longer getting messages in Avast regarding malicious URL's being repelled.
-
Okay, installed combo-fix.exe and ran it. Here is the report:
ComboFix 12-08-22.03 - Ray 08/23/2012 13:26:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.572 [GMT -4:00]
Running from: c:\documents and settings\Ray\Desktop\Combo-Fix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ray\System
c:\documents and settings\Ray\System\win_qs8.jqx
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))
.
.
2012-08-23 16:27 . 2012-08-23 16:27 -------- d-----w- c:\program files\ERUNT
2012-08-23 15:11 . 2012-08-23 15:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-23 15:06 . 2012-08-23 15:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-08-15 13:56 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-10 16:47 . 2012-08-10 16:47 -------- d-----w- c:\program files\iPod
2012-08-10 16:47 . 2012-08-10 16:48 -------- d-----w- c:\program files\iTunes
2012-08-10 16:47 . 2012-08-10 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-08-10 16:44 . 2012-08-10 16:44 -------- d-----w- c:\program files\Apple Software Update
2012-08-10 16:37 . 2012-08-10 16:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-08-10 16:36 . 2012-08-10 16:36 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 09:13 . 2011-04-12 16:43 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2009-05-10 04:37 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2009-05-10 04:37 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2009-05-10 04:37 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2009-05-10 04:37 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2009-05-10 04:37 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2009-05-10 04:37 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:13 . 2009-05-10 04:37 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2010-07-06 04:24 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2009-05-10 04:37 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-15 05:14 . 2012-07-06 14:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 05:14 . 2012-07-06 14:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-11 16:31 . 2009-05-16 06:23 81920 -c--a-w- c:\windows\ALCFDRTM.VER
2012-07-06 13:58 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-05-10 03:26 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2008-10-16 21:07 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2008-10-16 21:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2009-05-10 03:27 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2009-05-10 03:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2009-05-10 03:27 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2009-05-10 03:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2009-05-10 03:27 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2008-10-16 21:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2008-10-16 21:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2009-05-10 03:27 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2009-05-10 03:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2009-05-16 04:40 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2009-05-16 04:40 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2010-12-13 19:53 . 2010-12-13 19:53 9163464 ----a-w- c:\program files\Common Files\lpuninstall.exe
2010-12-07 18:48 . 2010-12-07 18:48 288568 -c--a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2012-07-26 18:39 . 2011-05-04 13:25 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intel AppUp(SM) center]
2011-03-07 15:50 933 -c--a-w- c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2011-11-12 16:04 268640 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"InstallVCOM"=c:\windows\system32\InstallVCOM.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/18/2010 3:46 PM 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/12/2011 12:43 PM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/10/2009 12:37 AM 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/10/2009 12:37 AM 21256]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/15/2012 9:56 AM 655944]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [1/14/2011 1:35 PM 196912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/15/2012 9:56 AM 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/14/2010 10:54 AM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/6/2012 10:21 AM 250056]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [7/2/2009 8:53 PM 18560]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4/14/2010 10:36 AM 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/14/2010 10:54 AM 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/21/2012 1:53 PM 113120]
S3 XE102Mp5;XE102Mp5 NDIS Protocol Driver;c:\windows\system32\drivers\XE102Mp5.sys [12/20/2009 1:04 PM 21120]
S3 XE102Sp5;XE102Sp5 NDIS Protocol Driver;c:\windows\system32\drivers\XE102Sp5.sys [12/20/2009 1:04 PM 18176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - DMADMIN
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 05:14]
.
2012-08-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-08-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-02 09:12]
.
2012-08-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-05-24 13:43]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 14:54]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 14:54]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1202660629-725345543-1004Core.job
- c:\documents and settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 03:24]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1202660629-725345543-1004UA.job
- c:\documents and settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 03:24]
.
2012-08-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2012-07-06 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.glarysoft.com/?src=iehome
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 64.233.217.5 64.233.217.2
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Ray\Application Data\Mozilla\Firefox\Profiles\mg3y7ybz.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-58483566.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-23 13:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-08-23 13:41:56
ComboFix-quarantined-files.txt 2012-08-23 17:41
.
Pre-Run: 218,301,607,936 bytes free
Post-Run: 220,416,376,832 bytes free
.
- - End Of File - - 68140897E9D793214FBB3B2A137B0DC5
-
Okay, installed and ran Listparts. Here is the report:
ListParts by Farbar Version: 10-08-2012
Ran by Ray (administrator) on 23-08-2012 at 12:51:47
Windows XP (X86)
Running From: C:\Documents and Settings\Ray\desktop
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 55%
Total physical RAM: 1015.29 MB
Available physical RAM: 454.21 MB
Total Pagefile: 2442 MB
Available Pagefile: 2006.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 2003.38 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:244.14 GB) (Free:203.4 GB) NTFS
2 Drive d: (Storage) (Fixed) (Total:221.61 GB) (Free:155.83 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 244 GB 32 KB
Partition 2 Extended 222 GB 244 GB
Partition 3 Logical 222 GB 244 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 244 GB Healthy System (partition with boot components)
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
-
Installed ERUNT and made the back-up folder for the registry files and backed everything up.
Ran Rogue Killer again. Here is the report:
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Ray [Admin rights]
Mode: Scan -- Date: 08/23/2012 12:33:47
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
IRP[iRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E9B40)
IRP[iRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E9B40)
IRP[iRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E9B40)
IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E9B40)
IRP[iRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E9B40)
IRP[iRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E9B40)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]
¤¤¤ MBR Check: ¤¤¤
-
Ran RKill, here is the report:
Rkill 2.3.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/23/2012 12:23:41 PM in x86 mode.
Windows Version: Windows XP Service Pack 3
Checking for Windows services to stop.
* No malware services found to stop.
Checking for processes to terminate.
* No malware processes found to kill.
Checking Registry for malware related settings.
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks.
* No issues found.
Checking Windows Service Integrity:
* Background Intelligent Transfer Service (BITS) is not Running.
Startup Type set to: Manual
Searching for Missing Digital Signatures:
* No issues found.
Program finished at: 08/23/2012 12:24:23 PM
Execution time: 0 hours(s), 0 minute(s), and 41 seconds(s)
I will now download ERUNT.
-
Yes, let's keep going with cleaning the system.
-
So at this point it's clean, but I should probably reformat my harddrive? I'm guessing I'll need to take it somewhere to do that.
-
Okay, ran TDSSKILLER. Here is the report file:
11:10:25.0218 2632 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
11:10:26.0109 2632 ============================================================
11:10:26.0109 2632 Current date / time: 2012/08/23 11:10:26.0109
11:10:26.0109 2632 SystemInfo:
11:10:26.0109 2632
11:10:26.0109 2632 OS Version: 5.1.2600 ServicePack: 3.0
11:10:26.0109 2632 Product type: Workstation
11:10:26.0109 2632 ComputerName: SCOTT1
11:10:26.0109 2632 UserName: Ray
11:10:26.0109 2632 Windows directory: C:\windows
11:10:26.0109 2632 System windows directory: C:\windows
11:10:26.0109 2632 Processor architecture: Intel x86
11:10:26.0109 2632 Number of processors: 2
11:10:26.0109 2632 Page size: 0x1000
11:10:26.0109 2632 Boot type: Normal boot
11:10:26.0109 2632 ============================================================
11:10:30.0468 2632 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:10:30.0906 2632 ============================================================
11:10:30.0906 2632 \Device\Harddisk0\DR0:
11:10:30.0921 2632 MBR partitions:
11:10:30.0921 2632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1E846621
11:10:30.0953 2632 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E84669F, BlocksNum 0x1BB3A6E1
11:10:30.0953 2632 ============================================================
11:10:31.0015 2632 C: <-> \Device\Harddisk0\DR0\Partition1
11:10:31.0078 2632 D: <-> \Device\Harddisk0\DR0\Partition2
11:10:31.0281 2632 ============================================================
11:10:31.0281 2632 Initialize success
11:10:31.0281 2632 ============================================================
11:10:50.0750 3704 ============================================================
11:10:50.0750 3704 Scan started
11:10:50.0750 3704 Mode: Manual;
11:10:50.0750 3704 ============================================================
11:10:54.0625 3704 ================ Scan system memory ========================
11:10:54.0625 3704 System memory - ok
11:10:54.0625 3704 ================ Scan services =============================
11:10:54.0812 3704 [ 0B27AE82C113D3687024D18459440426 ] Aavmker4 C:\windows\system32\drivers\Aavmker4.sys
11:10:54.0828 3704 Aavmker4 - ok
11:10:54.0828 3704 Abiosdsk - ok
11:10:54.0843 3704 abp480n5 - ok
11:10:54.0875 3704 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
11:10:54.0875 3704 ACPI - ok
11:10:54.0921 3704 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\windows\system32\drivers\ACPIEC.sys
11:10:54.0921 3704 ACPIEC - ok
11:10:55.0031 3704 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:10:55.0031 3704 AdobeFlashPlayerUpdateSvc - ok
11:10:55.0031 3704 adpu160m - ok
11:10:55.0078 3704 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\windows\system32\drivers\aec.sys
11:10:55.0078 3704 aec - ok
11:10:55.0109 3704 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\windows\System32\drivers\afd.sys
11:10:55.0125 3704 AFD - ok
11:10:55.0125 3704 Aha154x - ok
11:10:55.0140 3704 aic78u2 - ok
11:10:55.0140 3704 aic78xx - ok
11:10:55.0171 3704 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\windows\system32\alrsvc.dll
11:10:55.0171 3704 Alerter - ok
11:10:55.0187 3704 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\windows\System32\alg.exe
11:10:55.0203 3704 ALG - ok
11:10:55.0203 3704 AliIde - ok
11:10:55.0203 3704 amsint - ok
11:10:55.0296 3704 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:10:55.0296 3704 Apple Mobile Device - ok
11:10:55.0328 3704 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\windows\System32\appmgmts.dll
11:10:55.0343 3704 AppMgmt - ok
11:10:55.0343 3704 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\windows\system32\DRIVERS\arp1394.sys
11:10:55.0343 3704 Arp1394 - ok
11:10:55.0359 3704 asc - ok
11:10:55.0359 3704 asc3350p - ok
11:10:55.0375 3704 asc3550 - ok
11:10:55.0453 3704 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:10:55.0453 3704 aspnet_state - ok
11:10:55.0484 3704 [ 1C1F3D6DDDC046C920C493A779649F66 ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
11:10:55.0484 3704 aswFsBlk - ok
11:10:55.0500 3704 [ 9E912FE7B41650701EF2B227ACA440F3 ] aswMon2 C:\windows\system32\drivers\aswMon2.sys
11:10:55.0500 3704 aswMon2 - ok
11:10:55.0515 3704 [ 982E275D1C5801042FE94209FB0160FB ] aswRdr C:\windows\system32\drivers\aswRdr.sys
11:10:55.0531 3704 aswRdr - ok
11:10:55.0578 3704 [ 73DBCF808E00580F2A47F93DD9B03876 ] aswSnx C:\windows\system32\drivers\aswSnx.sys
11:10:55.0593 3704 aswSnx - ok
11:10:55.0609 3704 [ 6CBD7D3A33F498D09C831CDD732DA2E0 ] aswSP C:\windows\system32\drivers\aswSP.sys
11:10:55.0625 3704 aswSP - ok
11:10:55.0640 3704 [ 7109A9AA551F37CD168C02368465957E ] aswTdi C:\windows\system32\drivers\aswTdi.sys
11:10:55.0640 3704 aswTdi - ok
11:10:55.0656 3704 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
11:10:55.0656 3704 AsyncMac - ok
11:10:55.0671 3704 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\windows\system32\DRIVERS\atapi.sys
11:10:55.0671 3704 atapi - ok
11:10:55.0671 3704 Atdisk - ok
11:10:55.0687 3704 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\windows\system32\DRIVERS\atmarpc.sys
11:10:55.0703 3704 Atmarpc - ok
11:10:55.0734 3704 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\windows\System32\audiosrv.dll
11:10:55.0734 3704 AudioSrv - ok
11:10:55.0765 3704 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\windows\system32\DRIVERS\audstub.sys
11:10:55.0765 3704 audstub - ok
11:10:55.0812 3704 [ 2F7C0F3E39C45E0127FB78B2F18A41F3 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
11:10:55.0828 3704 avast! Antivirus - ok
11:10:55.0859 3704 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\windows\system32\drivers\Beep.sys
11:10:55.0859 3704 Beep - ok
11:10:55.0875 3704 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:10:55.0968 3704 BITS - ok
11:10:56.0046 3704 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:10:56.0062 3704 Bonjour Service - ok
11:10:56.0093 3704 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\windows\System32\browser.dll
11:10:56.0093 3704 Browser - ok
11:10:56.0140 3704 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\windows\system32\drivers\cbidf2k.sys
11:10:56.0156 3704 cbidf2k - ok
11:10:56.0171 3704 cd20xrnt - ok
11:10:56.0187 3704 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\windows\system32\drivers\Cdaudio.sys
11:10:56.0203 3704 Cdaudio - ok
11:10:56.0218 3704 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\windows\system32\drivers\Cdfs.sys
11:10:56.0218 3704 Cdfs - ok
11:10:56.0265 3704 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\windows\system32\DRIVERS\cdrom.sys
11:10:56.0265 3704 Cdrom - ok
11:10:56.0281 3704 Changer - ok
11:10:56.0312 3704 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\windows\system32\cisvc.exe
11:10:56.0312 3704 CiSvc - ok
11:10:56.0328 3704 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\windows\system32\clipsrv.exe
11:10:56.0328 3704 ClipSrv - ok
11:10:56.0359 3704 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:10:56.0390 3704 clr_optimization_v2.0.50727_32 - ok
11:10:56.0390 3704 CmdIde - ok
11:10:56.0406 3704 COMSysApp - ok
11:10:56.0406 3704 Cpqarray - ok
11:10:56.0437 3704 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\windows\System32\cryptsvc.dll
11:10:56.0437 3704 CryptSvc - ok
11:10:56.0437 3704 dac2w2k - ok
11:10:56.0453 3704 dac960nt - ok
11:10:56.0484 3704 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\windows\system32\rpcss.dll
11:10:56.0515 3704 DcomLaunch - ok
11:10:56.0546 3704 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\windows\System32\dhcpcsvc.dll
11:10:56.0546 3704 Dhcp - ok
11:10:56.0546 3704 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\windows\system32\DRIVERS\disk.sys
11:10:56.0546 3704 Disk - ok
11:10:56.0562 3704 dmadmin - ok
11:10:56.0593 3704 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\windows\system32\drivers\dmboot.sys
11:10:56.0609 3704 dmboot - ok
11:10:56.0609 3704 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\windows\system32\drivers\dmio.sys
11:10:56.0625 3704 dmio - ok
11:10:56.0640 3704 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\windows\system32\drivers\dmload.sys
11:10:56.0640 3704 dmload - ok
11:10:56.0656 3704 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\windows\System32\dmserver.dll
11:10:56.0671 3704 dmserver - ok
11:10:56.0703 3704 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\windows\system32\drivers\DMusic.sys
11:10:56.0703 3704 DMusic - ok
11:10:56.0734 3704 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\windows\System32\dnsrslvr.dll
11:10:56.0734 3704 Dnscache - ok
11:10:56.0859 3704 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\windows\System32\dot3svc.dll
11:10:56.0859 3704 Dot3svc - ok
11:10:56.0875 3704 dpti2o - ok
11:10:56.0890 3704 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
11:10:56.0890 3704 drmkaud - ok
11:10:56.0937 3704 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\windows\System32\eapsvc.dll
11:10:56.0937 3704 EapHost - ok
11:10:56.0953 3704 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\windows\System32\ersvc.dll
11:10:56.0953 3704 ERSvc - ok
11:10:57.0000 3704 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\windows\system32\services.exe
11:10:57.0015 3704 Eventlog - ok
11:10:57.0046 3704 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:10:57.0062 3704 EventSystem - ok
11:10:57.0093 3704 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\windows\system32\drivers\Fastfat.sys
11:10:57.0093 3704 Fastfat - ok
11:10:57.0125 3704 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll
11:10:57.0156 3704 FastUserSwitchingCompatibility - ok
11:10:57.0171 3704 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\windows\system32\drivers\Fdc.sys
11:10:57.0171 3704 Fdc - ok
11:10:57.0187 3704 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\windows\system32\drivers\Fips.sys
11:10:57.0187 3704 Fips - ok
11:10:57.0187 3704 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\windows\system32\drivers\Flpydisk.sys
11:10:57.0187 3704 Flpydisk - ok
11:10:57.0218 3704 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
11:10:57.0218 3704 FltMgr - ok
11:10:57.0265 3704 [ 8EFA9BFC940D9EB9348D9DAFB839FE25 ] FlyUsb C:\windows\system32\DRIVERS\FlyUsb.sys
11:10:57.0265 3704 FlyUsb - ok
11:10:57.0343 3704 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:10:57.0343 3704 FontCache3.0.0.0 - ok
11:10:57.0390 3704 [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
11:10:57.0390 3704 FsUsbExDisk - ok
11:10:57.0406 3704 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
11:10:57.0406 3704 Fs_Rec - ok
11:10:57.0421 3704 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\windows\system32\DRIVERS\ftdisk.sys
11:10:57.0437 3704 Ftdisk - ok
11:10:57.0468 3704 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
11:10:57.0484 3704 GEARAspiWDM - ok
11:10:57.0500 3704 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\windows\system32\DRIVERS\msgpc.sys
11:10:57.0500 3704 Gpc - ok
11:10:57.0531 3704 [ D956358054E99E6FFAC69CD87E893A89 ] grmnusb C:\windows\system32\drivers\grmnusb.sys
11:10:57.0546 3704 grmnusb - ok
11:10:57.0656 3704 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:10:57.0671 3704 gupdate - ok
11:10:57.0671 3704 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:10:57.0687 3704 gupdatem - ok
11:10:57.0703 3704 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
11:10:57.0703 3704 HDAudBus - ok
11:10:57.0765 3704 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:10:57.0765 3704 helpsvc - ok
11:10:57.0765 3704 HidServ - ok
11:10:57.0812 3704 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\windows\System32\kmsvc.dll
11:10:57.0812 3704 hkmsvc - ok
11:10:57.0828 3704 hpn - ok
11:10:57.0875 3704 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\windows\system32\Drivers\HTTP.sys
11:10:57.0875 3704 HTTP - ok
11:10:57.0921 3704 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\windows\System32\w3ssl.dll
11:10:57.0937 3704 HTTPFilter - ok
11:10:57.0953 3704 i2omgmt - ok
11:10:57.0953 3704 i2omp - ok
11:10:57.0968 3704 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
11:10:57.0968 3704 i8042prt - ok
11:10:58.0031 3704 [ D4405BD2B6E95EFDC8E674ED4032874F ] ialm C:\windows\system32\DRIVERS\ialmnt5.sys
11:10:58.0062 3704 ialm - ok
11:10:58.0125 3704 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:10:58.0156 3704 idsvc - ok
11:10:58.0156 3704 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\windows\system32\DRIVERS\imapi.sys
11:10:58.0156 3704 Imapi - ok
11:10:58.0203 3704 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:10:58.0250 3704 ImapiService - ok
11:10:58.0265 3704 ini910u - ok
11:10:58.0625 3704 [ A30685283F90AE02F1CD50972C6065E3 ] IntcAzAudAddService C:\windows\system32\drivers\RtkHDAud.sys
11:10:58.0750 3704 IntcAzAudAddService - ok
11:10:58.0796 3704 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\windows\system32\DRIVERS\intelide.sys
11:10:58.0812 3704 IntelIde - ok
11:10:58.0843 3704 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
11:10:58.0875 3704 intelppm - ok
11:10:58.0890 3704 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\windows\system32\drivers\ip6fw.sys
11:10:58.0890 3704 Ip6Fw - ok
11:10:58.0906 3704 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
11:10:58.0906 3704 IpFilterDriver - ok
11:10:58.0921 3704 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\windows\system32\DRIVERS\ipinip.sys
11:10:58.0937 3704 IpInIp - ok
11:10:58.0953 3704 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\windows\system32\DRIVERS\ipnat.sys
11:10:58.0953 3704 IpNat - ok
11:10:59.0000 3704 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:10:59.0031 3704 iPod Service - ok
11:10:59.0031 3704 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\windows\system32\DRIVERS\ipsec.sys
11:10:59.0046 3704 IPSec - ok
11:10:59.0078 3704 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\windows\system32\DRIVERS\irenum.sys
11:10:59.0093 3704 IRENUM - ok
11:10:59.0109 3704 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
11:10:59.0109 3704 isapnp - ok
11:10:59.0203 3704 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:10:59.0203 3704 JavaQuickStarterService - ok
11:10:59.0234 3704 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
11:10:59.0234 3704 Kbdclass - ok
11:10:59.0281 3704 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\windows\system32\drivers\kmixer.sys
11:10:59.0281 3704 kmixer - ok
11:10:59.0328 3704 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\windows\system32\drivers\KSecDD.sys
11:10:59.0328 3704 KSecDD - ok
11:10:59.0359 3704 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\windows\System32\srvsvc.dll
11:10:59.0375 3704 lanmanserver - ok
11:10:59.0406 3704 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\windows\System32\wkssvc.dll
11:10:59.0437 3704 lanmanworkstation - ok
11:10:59.0437 3704 lbrtfdc - ok
11:10:59.0625 3704 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
11:10:59.0796 3704 LeapFrog Connect Device Service - ok
11:10:59.0828 3704 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\windows\System32\lmhsvc.dll
11:10:59.0843 3704 LmHosts - ok
11:10:59.0859 3704 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
11:10:59.0859 3704 MBAMProtector - ok
11:10:59.0968 3704 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:11:00.0015 3704 MBAMService - ok
11:11:00.0156 3704 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
11:11:00.0156 3704 McciCMService - ok
11:11:00.0250 3704 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:11:00.0281 3704 MDM - ok
11:11:00.0375 3704 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\windows\System32\msgsvc.dll
11:11:00.0390 3704 Messenger - ok
11:11:00.0453 3704 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\windows\system32\drivers\mnmdd.sys
11:11:00.0484 3704 mnmdd - ok
11:11:00.0546 3704 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:11:00.0562 3704 mnmsrvc - ok
11:11:00.0593 3704 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\windows\system32\drivers\Modem.sys
11:11:00.0593 3704 Modem - ok
11:11:00.0609 3704 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\windows\system32\DRIVERS\mouclass.sys
11:11:00.0625 3704 Mouclass - ok
11:11:00.0656 3704 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\windows\system32\drivers\MountMgr.sys
11:11:00.0656 3704 MountMgr - ok
11:11:00.0718 3704 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:11:00.0718 3704 MozillaMaintenance - ok
11:11:00.0734 3704 mraid35x - ok
11:11:00.0734 3704 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\windows\system32\DRIVERS\mrxdav.sys
11:11:00.0750 3704 MRxDAV - ok
11:11:00.0812 3704 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\windows\system32\DRIVERS\mrxsmb.sys
11:11:00.0828 3704 MRxSmb - ok
11:11:00.0859 3704 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:11:00.0875 3704 MSDTC - ok
11:11:00.0921 3704 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\windows\system32\drivers\Msfs.sys
11:11:00.0921 3704 Msfs - ok
11:11:00.0921 3704 MSIServer - ok
11:11:01.0015 3704 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
11:11:01.0015 3704 MSKSSRV - ok
11:11:01.0109 3704 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
11:11:01.0140 3704 MSPCLOCK - ok
11:11:01.0156 3704 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\windows\system32\drivers\MSPQM.sys
11:11:01.0156 3704 MSPQM - ok
11:11:01.0218 3704 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
11:11:01.0218 3704 mssmbios - ok
11:11:01.0265 3704 MSSQL$SONY_MEDIAMGR - ok
11:11:01.0343 3704 [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
11:11:01.0343 3704 MSSQLServerADHelper - ok
11:11:01.0359 3704 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\windows\system32\drivers\Mup.sys
11:11:01.0375 3704 Mup - ok
11:11:01.0421 3704 [ 0102140028FAD045756796E1C685D695 ] napagent C:\windows\System32\qagentrt.dll
11:11:01.0437 3704 napagent - ok
11:11:01.0453 3704 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\windows\system32\drivers\NDIS.sys
11:11:01.0453 3704 NDIS - ok
11:11:01.0484 3704 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
11:11:01.0484 3704 NdisTapi - ok
11:11:01.0515 3704 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
11:11:01.0515 3704 Ndisuio - ok
11:11:01.0531 3704 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
11:11:01.0531 3704 NdisWan - ok
11:11:01.0562 3704 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\windows\system32\drivers\NDProxy.sys
11:11:01.0562 3704 NDProxy - ok
11:11:01.0562 3704 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
11:11:01.0578 3704 NetBIOS - ok
11:11:01.0609 3704 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\windows\system32\DRIVERS\netbt.sys
11:11:01.0609 3704 NetBT - ok
11:11:01.0640 3704 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\windows\system32\netdde.exe
11:11:01.0656 3704 NetDDE - ok
11:11:01.0656 3704 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\windows\system32\netdde.exe
11:11:01.0671 3704 NetDDEdsdm - ok
11:11:01.0703 3704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\windows\system32\lsass.exe
11:11:01.0718 3704 Netlogon - ok
11:11:01.0765 3704 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\windows\System32\netman.dll
11:11:01.0781 3704 Netman - ok
11:11:01.0812 3704 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:11:01.0828 3704 NetTcpPortSharing - ok
11:11:01.0843 3704 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\windows\system32\DRIVERS\nic1394.sys
11:11:01.0843 3704 NIC1394 - ok
11:11:01.0937 3704 [ 9CCBCA1FE056F67960C9420FCE635691 ] NitroReaderDriverReadSpool C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
11:11:01.0953 3704 NitroReaderDriverReadSpool - ok
11:11:02.0031 3704 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\windows\System32\mswsock.dll
11:11:02.0046 3704 Nla - ok
11:11:02.0125 3704 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU C:\Program Files\CDBurnerXP\NMSAccessU.exe
11:11:02.0125 3704 NMSAccessU - ok
11:11:02.0140 3704 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\windows\system32\drivers\Npfs.sys
11:11:02.0140 3704 Npfs - ok
11:11:02.0218 3704 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\windows\system32\drivers\Ntfs.sys
11:11:02.0218 3704 Ntfs - ok
11:11:02.0234 3704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\windows\system32\lsass.exe
11:11:02.0234 3704 NtLmSsp - ok
11:11:02.0281 3704 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\windows\system32\ntmssvc.dll
11:11:02.0296 3704 NtmsSvc - ok
11:11:02.0328 3704 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\windows\system32\drivers\Null.sys
11:11:02.0328 3704 Null - ok
11:11:02.0359 3704 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\windows\system32\DRIVERS\nwlnkflt.sys
11:11:02.0375 3704 NwlnkFlt - ok
11:11:02.0375 3704 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\windows\system32\DRIVERS\nwlnkfwd.sys
11:11:02.0390 3704 NwlnkFwd - ok
11:11:02.0421 3704 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:11:02.0437 3704 odserv - ok
11:11:02.0453 3704 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
11:11:02.0468 3704 ohci1394 - ok
11:11:02.0484 3704 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:11:02.0500 3704 ose - ok
11:11:02.0515 3704 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\windows\system32\DRIVERS\parport.sys
11:11:02.0515 3704 Parport - ok
11:11:02.0531 3704 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\windows\system32\drivers\PartMgr.sys
11:11:02.0546 3704 PartMgr - ok
11:11:02.0578 3704 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\windows\system32\drivers\ParVdm.sys
11:11:02.0593 3704 ParVdm - ok
11:11:02.0625 3704 pccsmcfd - ok
11:11:02.0640 3704 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\windows\system32\DRIVERS\pci.sys
11:11:02.0640 3704 PCI - ok
11:11:02.0656 3704 PCIDump - ok
11:11:02.0656 3704 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\windows\system32\drivers\PCIIde.sys
11:11:02.0656 3704 PCIIde - ok
11:11:02.0687 3704 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\windows\system32\drivers\Pcmcia.sys
11:11:02.0703 3704 Pcmcia - ok
11:11:02.0703 3704 PDCOMP - ok
11:11:02.0718 3704 PDFRAME - ok
11:11:02.0718 3704 PDRELI - ok
11:11:02.0718 3704 PDRFRAME - ok
11:11:02.0734 3704 perc2 - ok
11:11:02.0734 3704 perc2hib - ok
11:11:02.0765 3704 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\windows\system32\services.exe
11:11:02.0781 3704 PlugPlay - ok
11:11:02.0812 3704 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
11:11:02.0828 3704 Pml Driver HPZ12 - ok
11:11:02.0828 3704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\windows\system32\lsass.exe
11:11:02.0843 3704 PolicyAgent - ok
11:11:02.0875 3704 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
11:11:02.0875 3704 PptpMiniport - ok
11:11:02.0890 3704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\windows\system32\lsass.exe
11:11:02.0890 3704 ProtectedStorage - ok
11:11:02.0906 3704 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\windows\system32\DRIVERS\psched.sys
11:11:02.0906 3704 PSched - ok
11:11:02.0937 3704 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\windows\system32\DRIVERS\ptilink.sys
11:11:02.0953 3704 Ptilink - ok
11:11:02.0953 3704 ql1080 - ok
11:11:02.0953 3704 Ql10wnt - ok
11:11:02.0968 3704 ql12160 - ok
11:11:02.0968 3704 ql1240 - ok
11:11:02.0984 3704 ql1280 - ok
11:11:02.0984 3704 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
11:11:02.0984 3704 RasAcd - ok
11:11:03.0015 3704 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\windows\System32\rasauto.dll
11:11:03.0031 3704 RasAuto - ok
11:11:03.0062 3704 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
11:11:03.0109 3704 Rasl2tp - ok
11:11:03.0140 3704 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\windows\System32\rasmans.dll
11:11:03.0156 3704 RasMan - ok
11:11:03.0171 3704 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
11:11:03.0171 3704 RasPppoe - ok
11:11:03.0187 3704 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\windows\system32\DRIVERS\raspti.sys
11:11:03.0187 3704 Raspti - ok
11:11:03.0250 3704 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\windows\system32\DRIVERS\rdbss.sys
11:11:03.0250 3704 Rdbss - ok
11:11:03.0250 3704 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
11:11:03.0250 3704 RDPCDD - ok
11:11:03.0265 3704 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\windows\system32\DRIVERS\rdpdr.sys
11:11:03.0296 3704 rdpdr - ok
11:11:03.0343 3704 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
11:11:03.0359 3704 RDPWD - ok
11:11:03.0390 3704 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:11:03.0421 3704 RDSessMgr - ok
11:11:03.0437 3704 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\windows\system32\DRIVERS\redbook.sys
11:11:03.0453 3704 redbook - ok
11:11:03.0468 3704 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\windows\System32\mprdim.dll
11:11:03.0484 3704 RemoteAccess - ok
11:11:03.0500 3704 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\windows\system32\regsvc.dll
11:11:03.0515 3704 RemoteRegistry - ok
11:11:03.0546 3704 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\windows\system32\Drivers\RimUsb.sys
11:11:03.0562 3704 RimUsb - ok
11:11:03.0578 3704 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\windows\system32\locator.exe
11:11:03.0593 3704 RpcLocator - ok
11:11:03.0625 3704 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\windows\system32\rpcss.dll
11:11:03.0640 3704 RpcSs - ok
11:11:03.0703 3704 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\windows\system32\rsvp.exe
11:11:03.0750 3704 RSVP - ok
11:11:03.0765 3704 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\windows\system32\DRIVERS\RTL8139.SYS
11:11:03.0781 3704 rtl8139 - ok
11:11:03.0796 3704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\windows\system32\lsass.exe
11:11:03.0796 3704 SamSs - ok
11:11:03.0828 3704 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\windows\System32\SCardSvr.exe
11:11:03.0843 3704 SCardSvr - ok
11:11:03.0875 3704 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\windows\system32\schedsvc.dll
11:11:03.0906 3704 Schedule - ok
11:11:03.0937 3704 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\windows\system32\DRIVERS\secdrv.sys
11:11:03.0937 3704 Secdrv - ok
11:11:03.0968 3704 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\windows\System32\seclogon.dll
11:11:03.0984 3704 seclogon - ok
11:11:03.0984 3704 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\windows\system32\sens.dll
11:11:04.0000 3704 SENS - ok
11:11:04.0015 3704 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\windows\system32\drivers\Serial.sys
11:11:04.0015 3704 Serial - ok
11:11:04.0062 3704 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\windows\system32\drivers\Sfloppy.sys
11:11:04.0062 3704 Sfloppy - ok
11:11:04.0109 3704 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\windows\System32\ipnathlp.dll
11:11:04.0125 3704 SharedAccess - ok
11:11:04.0187 3704 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:11:04.0187 3704 ShellHWDetection - ok
11:11:04.0203 3704 Simbad - ok
11:11:04.0203 3704 Sparrow - ok
11:11:04.0250 3704 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\windows\system32\drivers\splitter.sys
11:11:04.0250 3704 splitter - ok
11:11:04.0281 3704 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\windows\system32\spoolsv.exe
11:11:04.0296 3704 Spooler - ok
11:11:04.0343 3704 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\windows\system32\Drivers\sptd.sys
11:11:04.0343 3704 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
11:11:04.0359 3704 sptd ( LockedFile.Multi.Generic ) - warning
11:11:04.0359 3704 sptd - detected LockedFile.Multi.Generic (1)
11:11:04.0359 3704 SQLAgent$SONY_MEDIAMGR - ok
11:11:04.0375 3704 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\windows\system32\DRIVERS\sr.sys
11:11:04.0390 3704 sr - ok
11:11:04.0421 3704 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:11:04.0437 3704 srservice - ok
11:11:04.0453 3704 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\windows\system32\DRIVERS\srv.sys
11:11:04.0468 3704 Srv - ok
11:11:04.0484 3704 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
11:11:04.0500 3704 SSDPSRV - ok
11:11:04.0546 3704 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\windows\system32\DRIVERS\serscan.sys
11:11:04.0546 3704 StillCam - ok
11:11:04.0640 3704 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\windows\system32\wiaservc.dll
11:11:04.0703 3704 stisvc - ok
11:11:04.0734 3704 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\windows\system32\DRIVERS\swenum.sys
11:11:04.0734 3704 swenum - ok
11:11:04.0765 3704 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\windows\system32\drivers\swmidi.sys
11:11:04.0765 3704 swmidi - ok
11:11:04.0765 3704 SwPrv - ok
11:11:04.0781 3704 symc810 - ok
11:11:04.0781 3704 symc8xx - ok
11:11:04.0796 3704 sym_hi - ok
11:11:04.0796 3704 sym_u3 - ok
11:11:04.0843 3704 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\windows\system32\drivers\sysaudio.sys
11:11:04.0859 3704 sysaudio - ok
11:11:04.0890 3704 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\windows\system32\smlogsvc.exe
11:11:04.0906 3704 SysmonLog - ok
11:11:04.0953 3704 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\windows\System32\tapisrv.dll
11:11:04.0968 3704 TapiSrv - ok
11:11:05.0015 3704 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\windows\system32\DRIVERS\tcpip.sys
11:11:05.0031 3704 Tcpip - ok
11:11:05.0062 3704 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\windows\system32\drivers\TDPIPE.sys
11:11:05.0062 3704 TDPIPE - ok
11:11:05.0078 3704 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\windows\system32\drivers\TDTCP.sys
11:11:05.0093 3704 TDTCP - ok
11:11:05.0109 3704 [ 88155247177638048422893737429D9E ] TermDD C:\windows\system32\DRIVERS\termdd.sys
11:11:05.0125 3704 TermDD - ok
11:11:05.0156 3704 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\windows\System32\termsrv.dll
11:11:05.0203 3704 TermService - ok
11:11:05.0250 3704 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\windows\System32\shsvcs.dll
11:11:05.0250 3704 Themes - ok
11:11:05.0281 3704 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:11:05.0328 3704 TlntSvr - ok
11:11:05.0328 3704 TosIde - ok
11:11:05.0375 3704 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\windows\system32\trkwks.dll
11:11:05.0406 3704 TrkWks - ok
11:11:05.0468 3704 [ B3C9C35DC93563B8D19AD414EDF2FC82 ] TrueSight c:\windows\system32\drivers\TrueSight.sys
11:11:05.0468 3704 TrueSight - ok
11:11:05.0500 3704 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\windows\system32\drivers\Udfs.sys
11:11:05.0500 3704 Udfs - ok
11:11:05.0515 3704 ultra - ok
11:11:05.0562 3704 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\windows\system32\DRIVERS\update.sys
11:11:05.0578 3704 Update - ok
11:11:05.0609 3704 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\windows\System32\upnphost.dll
11:11:05.0625 3704 upnphost - ok
11:11:05.0640 3704 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\windows\System32\ups.exe
11:11:05.0656 3704 UPS - ok
11:11:05.0703 3704 [ 60A68A5EA173A97971EE9F1FF49EB2B3 ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys
11:11:05.0718 3704 USBAAPL - ok
11:11:05.0765 3704 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
11:11:05.0765 3704 usbccgp - ok
11:11:05.0781 3704 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
11:11:05.0781 3704 usbehci - ok
11:11:05.0812 3704 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
11:11:05.0812 3704 usbhub - ok
11:11:05.0843 3704 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
11:11:05.0859 3704 usbprint - ok
11:11:05.0875 3704 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
11:11:05.0890 3704 usbscan - ok
11:11:05.0906 3704 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
11:11:05.0921 3704 USBSTOR - ok
11:11:05.0937 3704 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
11:11:05.0937 3704 usbuhci - ok
11:11:05.0953 3704 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\windows\System32\drivers\vga.sys
11:11:05.0953 3704 VgaSave - ok
11:11:05.0953 3704 ViaIde - ok
11:11:06.0000 3704 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\windows\system32\drivers\VolSnap.sys
11:11:06.0000 3704 VolSnap - ok
11:11:06.0031 3704 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\windows\System32\vssvc.exe
11:11:06.0078 3704 VSS - ok
11:11:06.0093 3704 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:11:06.0109 3704 W32Time - ok
11:11:06.0156 3704 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
11:11:06.0156 3704 Wanarp - ok
11:11:06.0156 3704 WDICA - ok
11:11:06.0187 3704 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\windows\system32\drivers\wdmaud.sys
11:11:06.0187 3704 wdmaud - ok
11:11:06.0218 3704 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\windows\System32\webclnt.dll
11:11:06.0234 3704 WebClient - ok
11:11:06.0296 3704 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\windows\system32\wbem\WMIsvc.dll
11:11:06.0296 3704 winmgmt - ok
11:11:06.0343 3704 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:11:06.0343 3704 WmdmPmSN - ok
11:11:06.0390 3704 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\windows\System32\advapi32.dll
11:11:06.0406 3704 Wmi - ok
11:11:06.0437 3704 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:11:06.0453 3704 WmiApSrv - ok
11:11:06.0531 3704 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
11:11:06.0562 3704 WMPNetworkSvc - ok
11:11:06.0609 3704 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\windows\system32\wscsvc.dll
11:11:06.0625 3704 wscsvc - ok
11:11:06.0656 3704 WSearch - ok
11:11:06.0687 3704 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\windows\system32\wuauserv.dll
11:11:06.0703 3704 wuauserv - ok
11:11:06.0734 3704 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\windows\system32\DRIVERS\WudfPf.sys
11:11:06.0750 3704 WudfPf - ok
11:11:06.0781 3704 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\windows\system32\DRIVERS\wudfrd.sys
11:11:06.0781 3704 WudfRd - ok
11:11:06.0796 3704 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\windows\System32\WUDFSvc.dll
11:11:06.0812 3704 WudfSvc - ok
11:11:06.0859 3704 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\windows\System32\wzcsvc.dll
11:11:06.0906 3704 WZCSVC - ok
11:11:06.0937 3704 [ 6D87C2DAD885A8A98B9D2AD680A4086E ] XE102Mp5 C:\windows\system32\Drivers\XE102Mp5.sys
11:11:06.0953 3704 XE102Mp5 - ok
11:11:07.0000 3704 [ 8368BD6DEE11A749B7DB2B64648DD0D4 ] XE102Sp5 C:\windows\system32\Drivers\XE102Sp5.sys
11:11:07.0000 3704 XE102Sp5 - ok
11:11:07.0031 3704 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\windows\System32\xmlprov.dll
11:11:07.0062 3704 xmlprov - ok
11:11:07.0078 3704 ================ Scan global ===============================
11:11:07.0109 3704 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\windows\system32\basesrv.dll
11:11:07.0140 3704 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll
11:11:07.0187 3704 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll
11:11:07.0234 3704 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\windows\system32\services.exe
11:11:07.0234 3704 [Global] - ok
11:11:07.0234 3704 ================ Scan MBR ==================================
11:11:07.0250 3704 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:11:07.0250 3704 Suspicious mbr (Forged): \Device\Harddisk0\DR0
11:11:07.0281 3704 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:11:07.0281 3704 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:11:07.0281 3704 ================ Scan VBR ==================================
11:11:07.0296 3704 [ 3513EDB8D179794C7208D8874233C52E ] \Device\Harddisk0\DR0\Partition1
11:11:07.0296 3704 \Device\Harddisk0\DR0\Partition1 - ok
11:11:07.0312 3704 [ FFF1261264F8869689AEF43AABCB0581 ] \Device\Harddisk0\DR0\Partition2
11:11:07.0312 3704 \Device\Harddisk0\DR0\Partition2 - ok
11:11:07.0312 3704 ============================================================
11:11:07.0312 3704 Scan finished
11:11:07.0312 3704 ============================================================
11:11:07.0328 1716 Detected object count: 2
11:11:07.0328 1716 Actual detected object count: 2
11:11:47.0171 1716 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:11:47.0171 1716 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:11:48.0312 1716 \Device\Harddisk0\DR0\# - copied to quarantine
11:11:48.0312 1716 \Device\Harddisk0\DR0 - copied to quarantine
11:11:48.0343 1716 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:11:48.0359 1716 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:11:48.0359 1716 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:11:48.0375 1716 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
11:11:48.0375 1716 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
11:11:48.0421 1716 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:11:48.0453 1716 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:11:48.0453 1716 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:11:48.0453 1716 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:11:48.0468 1716 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:11:48.0562 1716 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:11:48.0562 1716 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:11:48.0578 1716 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:11:48.0578 1716 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:11:48.0593 1716 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:11:48.0593 1716 \Device\Harddisk0\DR0 - ok
11:11:49.0031 1716 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
11:12:43.0765 1152 Deinitialize success
-
Ran RKill. Here are the results:
Rkill 2.3.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/23/2012 10:53:55 AM in x86 mode.
Windows Version: Windows XP Service Pack 3
Checking for Windows services to stop.
* No malware services found to stop.
Checking for processes to terminate.
* C:\WINDOWS\system32\HPZipm12.exe (PID: 4012) [WD-HEUR]
* C:\windows\system32\HPZinw12.exe (PID: 2076) [WD-HEUR]
2 proccesses terminated!
Checking Registry for malware related settings.
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks.
* No issues found.
Checking Windows Service Integrity:
* Background Intelligent Transfer Service (BITS) is not Running.
Startup Type set to: Manual
Searching for Missing Digital Signatures:
* No issues found.
Program finished at: 08/23/2012 10:54:59 AM
Execution time: 0 hours(s), 1 minute(s), and 4 seconds(s)
Will now run TDSSKILLER.
-
Hello,
I downloaded Rogue Killer and ran the .exe file. It goes through the prescan, then I click on scan. The program runs for a few minutes and then the computer reboots itself without the program finishing. It's done this three times when I try to run the program. Not sure what to do at this point.
-
Okay, I found another spot to download DDS.scr and ran the program.
Attach.txt results
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/9/2009 11:31:47 PM
System Uptime: 8/21/2012 3:56:28 PM (18 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Goldfish2
Processor: Intel® Pentium® 4 CPU 3.00GHz | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 244 GiB total, 203.612 GiB free.
D: is FIXED (NTFS) - 222 GiB total, 155.829 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03\4&23C0B1C&0&28F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03\4&23C0B1C&0&28F0
Service:
.
==== System Restore Points ===================
.
RP1119: 5/24/2012 1:04:45 PM - System Checkpoint
RP1120: 5/25/2012 2:04:43 PM - System Checkpoint
RP1121: 5/26/2012 3:04:44 PM - System Checkpoint
RP1122: 5/27/2012 3:52:43 PM - System Checkpoint
RP1123: 5/28/2012 5:04:25 PM - System Checkpoint
RP1124: 5/29/2012 5:52:25 PM - System Checkpoint
RP1125: 5/30/2012 6:52:27 PM - System Checkpoint
RP1126: 5/31/2012 9:06:57 PM - System Checkpoint
RP1127: 6/3/2012 12:00:21 AM - System Checkpoint
RP1128: 6/5/2012 12:00:23 PM - Software Distribution Service 3.0
RP1129: 6/6/2012 12:22:09 PM - System Checkpoint
RP1130: 6/7/2012 1:22:09 PM - System Checkpoint
RP1131: 6/8/2012 2:22:13 PM - System Checkpoint
RP1132: 6/9/2012 3:22:10 PM - System Checkpoint
RP1133: 6/10/2012 4:21:55 PM - System Checkpoint
RP1134: 6/11/2012 5:21:54 PM - System Checkpoint
RP1135: 6/12/2012 6:21:56 PM - System Checkpoint
RP1136: 6/13/2012 7:21:53 PM - System Checkpoint
RP1137: 6/14/2012 12:00:19 PM - Software Distribution Service 3.0
RP1138: 6/15/2012 12:36:51 PM - System Checkpoint
RP1139: 6/16/2012 12:37:22 PM - System Checkpoint
RP1140: 6/17/2012 1:34:09 PM - System Checkpoint
RP1141: 6/18/2012 5:47:27 PM - System Checkpoint
RP1142: 6/19/2012 6:25:07 PM - System Checkpoint
RP1143: 6/20/2012 7:26:12 PM - System Checkpoint
RP1144: 6/21/2012 8:25:06 PM - System Checkpoint
RP1145: 6/22/2012 8:33:21 PM - System Checkpoint
RP1146: 6/23/2012 9:33:19 PM - System Checkpoint
RP1147: 6/24/2012 10:33:03 PM - System Checkpoint
RP1148: 6/25/2012 11:33:06 PM - System Checkpoint
RP1149: 6/27/2012 12:33:07 AM - System Checkpoint
RP1150: 6/28/2012 1:33:31 AM - System Checkpoint
RP1151: 6/29/2012 2:33:07 AM - System Checkpoint
RP1152: 6/30/2012 2:58:43 AM - System Checkpoint
RP1153: 7/1/2012 3:18:16 AM - System Checkpoint
RP1154: 7/2/2012 4:16:21 AM - System Checkpoint
RP1155: 7/3/2012 5:16:48 AM - System Checkpoint
RP1156: 7/4/2012 5:40:34 AM - System Checkpoint
RP1157: 7/5/2012 11:15:52 AM - System Checkpoint
RP1158: 7/6/2012 10:37:27 AM - Software Distribution Service 3.0
RP1159: 7/7/2012 11:16:29 AM - System Checkpoint
RP1160: 7/8/2012 11:40:28 AM - System Checkpoint
RP1161: 7/9/2012 4:30:53 PM - System Checkpoint
RP1162: 7/10/2012 4:52:30 PM - System Checkpoint
RP1163: 7/11/2012 8:26:38 AM - Software Distribution Service 3.0
RP1164: 7/12/2012 10:40:38 AM - System Checkpoint
RP1165: 7/13/2012 11:45:11 AM - System Checkpoint
RP1166: 7/14/2012 12:06:29 PM - System Checkpoint
RP1167: 7/15/2012 1:53:46 PM - System Checkpoint
RP1168: 7/16/2012 5:20:26 PM - System Checkpoint
RP1169: 7/17/2012 5:51:45 PM - System Checkpoint
RP1170: 7/18/2012 6:51:46 PM - System Checkpoint
RP1171: 7/19/2012 7:49:03 PM - System Checkpoint
RP1172: 7/20/2012 8:46:14 PM - System Checkpoint
RP1173: 7/21/2012 8:49:51 PM - System Checkpoint
RP1174: 7/22/2012 9:48:21 PM - System Checkpoint
RP1175: 7/23/2012 10:48:21 PM - System Checkpoint
RP1176: 7/24/2012 11:48:22 PM - System Checkpoint
RP1177: 7/26/2012 12:46:17 AM - System Checkpoint
RP1178: 7/27/2012 1:23:12 AM - System Checkpoint
RP1179: 7/28/2012 1:46:54 AM - System Checkpoint
RP1180: 7/29/2012 3:14:52 AM - System Checkpoint
RP1181: 7/30/2012 3:28:21 AM - System Checkpoint
RP1182: 7/31/2012 4:22:55 AM - System Checkpoint
RP1183: 8/1/2012 4:46:03 AM - System Checkpoint
RP1184: 8/2/2012 12:24:53 PM - System Checkpoint
RP1185: 8/3/2012 3:39:11 PM - System Checkpoint
RP1186: 8/4/2012 4:04:50 PM - System Checkpoint
RP1187: 8/5/2012 5:04:50 PM - System Checkpoint
RP1188: 8/6/2012 5:11:15 PM - System Checkpoint
RP1189: 8/7/2012 5:55:10 PM - System Checkpoint
RP1190: 8/8/2012 6:55:10 PM - System Checkpoint
RP1191: 8/9/2012 7:51:56 PM - System Checkpoint
RP1192: 8/10/2012 12:45:34 PM - Installed iTunes
RP1193: 8/11/2012 12:54:55 PM - System Checkpoint
RP1194: 8/12/2012 1:54:54 PM - System Checkpoint
RP1195: 8/13/2012 2:27:53 PM - System Checkpoint
RP1196: 8/14/2012 5:14:25 PM - System Checkpoint
RP1197: 8/15/2012 10:47:36 AM - OTL Restore Point - 8/15/2012 10:47:28 AM
RP1198: 8/15/2012 12:01:04 PM - Software Distribution Service 3.0
RP1199: 8/16/2012 5:27:55 PM - System Checkpoint
RP1200: 8/17/2012 5:35:50 PM - System Checkpoint
RP1201: 8/18/2012 6:35:49 PM - System Checkpoint
RP1202: 8/19/2012 7:35:50 PM - System Checkpoint
RP1203: 8/20/2012 7:42:49 PM - System Checkpoint
RP1204: 8/21/2012 8:01:11 PM - System Checkpoint
.
==== Installed Programs ======================
.
2600
2600_Help
2600Trb
ACID Pro 7.0
Acrobat.com
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Adobe Shockwave Player 11.6
AiO_Scan
AiOSoftware
Amazon MP3 Downloader 1.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
avast! Free Antivirus
Bonjour
BufferChm
CDBurnerXP
Cohen - Medical Terminology
Compatibility Pack for the 2007 Office system
Copy
Coupon Printer for Windows
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Destinations
Director
DocProc
DocumentViewer
Fax
Free M4a to MP3 Converter 6.0
Garmin Communicator Plugin
Garmin USB Drivers
Glary Utilities 2.46.0.1518
Google Chrome
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Software Update
HPSystemDiagnostics
Inkscape 0.46
InstantShare
Intel AppUp(SM) center
Intel® Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 29
LastPass (uninstall only)
LeapFrog Connect
LeapFrog My Pals Plugin
LeapFrog Tag Junior Plugin
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2007
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office File Validation Add-In
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR XE102 Powerline Encryption Utility
Nitro PDF Reader
OpenOffice.org 3.3
PanoStandAlone
PhotoGallery
PrimoPDF -- brought to you by Nitro PDF Software
ProductContext
QFolder
QuickTime
Readme
Realtek High Definition Audio Driver
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Silvestri Comp Review PN 4e
SkinsHP1
Snapshot Viewer
Sony ACID Pro 6.0
Sony Media Manager 2.2
Sony Vegas Pro 8.0
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
swMSM
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
VirtualCom driver
Web Games Player Plugin
WebEx
WebFldrs XP
WebReg
Windows 7 Upgrade Advisor
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Xtranormal State
Xtranormal State - Showpak-Playgoz-Preview
Xtranormal State - SoundPack-Starter Kit
Xtranormal State - Voicepack-English-UK-Daniel
Xtranormal State - Voicepack-English-UK-Serena
Xtranormal State - Voicepack-English-US-Samantha
Xtranormal State - Voicepack-English-US-Tom
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
8/20/2012 11:40:11 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf84c92f, parameter3 f7192aac, parameter4 00000000.
8/15/2012 8:29:15 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
8/15/2012 10:16:31 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
.
==== End Of File ===========================
DDS.txt results
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Ray at 9:19:19 on 2012-08-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.22 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\SearchIndexer.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\windows\ALCWZRD.EXE
C:\windows\ALCMTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
mDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\ray\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [soundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341584638406
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 64.233.217.5 64.233.217.2
TCP: Interfaces\{AD92C9BD-59F6-4350-8DFA-6B88E3525973} : DhcpNameServer = 64.233.217.5 64.233.217.2
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ray\application data\mozilla\firefox\profiles\mg3y7ybz.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - component: c:\documents and settings\ray\application data\mozilla\firefox\profiles\mg3y7ybz.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\ray\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-12 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-5-10 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-10 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-23 44808]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-15 655944]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-1-14 196912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-15 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-6 250056]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-7-2 18560]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-4-14 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-21 113120]
S3 XE102Mp5;XE102Mp5 NDIS Protocol Driver;c:\windows\system32\drivers\XE102Mp5.sys [2009-12-20 21120]
S3 XE102Sp5;XE102Sp5 NDIS Protocol Driver;c:\windows\system32\drivers\XE102Sp5.sys [2009-12-20 18176]
.
=============== Created Last 30 ================
.
2012-08-15 13:56:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-10 16:47:28 -------- d-----w- c:\program files\iPod
2012-08-10 16:47:17 -------- d-----w- c:\program files\iTunes
2012-08-10 16:47:17 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-08-10 16:36:50 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2012-08-15 05:14:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 05:14:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-11 16:31:30 81920 -c--a-w- c:\windows\ALCFDRTM.VER
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-07 00:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2010-12-13 19:53:56 9163464 ----a-w- c:\program files\common files\lpuninstall.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD5000AAKS-00H2B0 rev.07.04C07 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x862884B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8628f93c]; MOV EAX, [0x8628fab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8649FAB8]
3 CLASSPNP[0xF75E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8635B798]
\Driver\atapi[0x86324C08] -> IRP_MJ_CREATE -> 0x862884B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x862882E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 9:22:35.01 ===============
-
I haven't been helped yet. Thanks for hanging in there with me. I'm attempting to download the DDS files, however, the links are not working for me. The first link under tech support forum, when I click it takes me to a page that says the page I'm looking for cannot be found. The second link opens a window but stays a blank page. The third link comes back in spanish, I let google translate it and clicked the download button, but nothing happens.
-
-
I'm running Avast and I'm getting a repeat Malicious URL Repelled notice constantly.
It says:
Object: Http://colexity777.com/x/ or espeak911.com/x/ or 37.220.36.44/x/
URL: Mal
Process: C\Windows\System32\svchost.exe
I've run Malwarebytes Quickscan and it removed something, but the Malicious URL Repelled continues to occur.
Need help, not sure how to fix this issue.
Malicious URL Repelled Constantly - espeak911.com, colexity777.com and 37.220.36.44
in Resolved Malware Removal Logs
Posted
When I run Microsoft Update, it comes back with 0 High Priority, 11 Software - Optional and 2 Hardware, Optional.