svchost.exe blocked outgoing (jinksy9)

jinksy9 · June 8, 2012

We've been getting the same message for the same IP address on both our laptops for some days now so I've been trying to find out what the problem is.

I have done a full scan and nothings coming up to indicate a problem.

Should I follow the instructions that you've given to malwarejones or what do you recommend please?

Thanks.

gringo_pr · June 9, 2012

Yews please run the DDS scan for me now

gringo

jinksy9 · June 9, 2012

Hi Gringo,

Thanks for your swift reply. I have followed all the instructions that you gave to malwarejones. I've run defogger and security check as well as DDs and, as per your instructions to me, the following are the DDS results:

the file dds.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by Jinks at 15:28:29 on 2012-06-09

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1353 [GMT 1:00]

.

AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: AVG Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\notepad.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk

uStart Page = hxxp://www.google.co.uk/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = 10.53.2.50:8080

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll

TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [<NO NAME>]

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OUktTkJMQlktQzNGNjItQzMzQkEtUU03RUwtR1dRWkM"&"inst=NzYtNzQ4MTQxODE2LUtWMys3LUJBKzEtWEwrMS1UNS1YTzM2KzEtVEI5KzItTjFEKzEtUEwrOS1BQisxMDMtU1AxKzEtVFVHKzMtU1AxUzIrMS1TVUQrMS1TVVArMy1TMUkrMS1TVTMrMS1TUDFTMysxLUREVCsw"&"prod=94"&"ver=10.0.1390

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

Trusted Zone: betfair.com

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1307904081109

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 8.8.8.8 212.117.175.185

TCP: Interfaces\{AE5411F5-AA94-4BAB-B35E-6700BCBF3966} : DhcpNameServer = 8.8.8.8 212.117.175.185

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jinks\application data\mozilla\firefox\profiles\addhz8as.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc99b86ca-a46d-463c-9269-c12bb58402ba%7D&mid=4e07cfa99153ad82b408cb00d9946d3b-723e59e997752d7593d1d6e72556ca3ab2da8b41&ds=tt014&v=10.2.0.3〈=en&pr=sa&d=2011-12-14%2019%3A17%3A29&sap=ku&q=

FF - component: c:\documents and settings\jinks\application data\mozilla\firefox\profiles\addhz8as.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.0.2\npsitesafety.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-7-14 331880]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-7-14 342168]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-7-14 909728]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-5-20 56248]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-7-14 253352]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-7-14 185560]

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-25 390528]

R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-5-20 71480]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-5-20 164152]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2012-4-3 550864]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-14 654408]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-5-20 931672]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-12-8 1527104]

R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-4-29 932736]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-14 22344]

R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-4-3 56840]

R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-28 21520]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-15 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 257696]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-15 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 113120]

S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-7-14 70536]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-7-14 402336]

S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-7-14 1117624]

.

=============== Created Last 30 ================

.

2012-06-07 22:08:27 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll

2012-06-07 22:08:27 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll

2012-05-20 11:01:38 56248 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

.

==================== Find3M ====================

.

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-08 19:02:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-08 19:02:05 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 15:30:15.84 ===============

the file attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 19/07/2006 18:45:01

System Uptime: 09/06/2012 15:02:25 (0 hours ago)

.

Motherboard: Dell Inc. | | 0KD882

Processor: Genuine Intel® CPU T1350 @ 1.86GHz | Microprocessor | 1862/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 39 GiB total, 14.886 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 12.474 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Broadcom 440x 10/100 Integrated Controller

Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0

Manufacturer: Broadcom

Name: Broadcom 440x 10/100 Integrated Controller

PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0

Service: bcm4sbxp

.

==== System Restore Points ===================

.

RP1352: 18/04/2012 21:46:21 - System Checkpoint

RP1353: 20/04/2012 19:37:59 - System Checkpoint

RP1354: 21/04/2012 19:39:48 - System Checkpoint

RP1355: 22/04/2012 20:01:55 - System Checkpoint

RP1356: 23/04/2012 20:08:03 - Installed Rapport

RP1357: 25/04/2012 20:03:41 - System Checkpoint

RP1358: 26/04/2012 20:13:52 - System Checkpoint

RP1359: 27/04/2012 20:51:32 - System Checkpoint

RP1360: 29/04/2012 11:12:32 - System Checkpoint

RP1361: 30/04/2012 20:30:32 - System Checkpoint

RP1362: 01/05/2012 21:18:33 - System Checkpoint

RP1363: 03/05/2012 19:18:15 - System Checkpoint

RP1364: 04/05/2012 20:01:51 - System Checkpoint

RP1365: 05/05/2012 20:37:25 - System Checkpoint

RP1366: 06/05/2012 14:01:21 - Installed Compatibility Pack for the 2007 Office system

RP1367: 07/05/2012 14:18:29 - System Checkpoint

RP1368: 07/05/2012 19:00:21 - Software Distribution Service 3.0

RP1369: 07/05/2012 23:10:17 - Software Distribution Service 3.0

RP1370: 09/05/2012 19:55:19 - System Checkpoint

RP1371: 09/05/2012 23:31:17 - Software Distribution Service 3.0

RP1372: 11/05/2012 20:42:48 - System Checkpoint

RP1373: 13/05/2012 17:16:45 - System Checkpoint

RP1374: 14/05/2012 19:20:49 - System Checkpoint

RP1375: 15/05/2012 19:25:16 - System Checkpoint

RP1376: 16/05/2012 19:40:12 - System Checkpoint

RP1377: 17/05/2012 21:25:53 - System Checkpoint

RP1378: 19/05/2012 18:59:07 - System Checkpoint

RP1379: 20/05/2012 19:08:29 - System Checkpoint

RP1380: 21/05/2012 21:23:31 - System Checkpoint

RP1381: 22/05/2012 21:48:18 - System Checkpoint

RP1382: 24/05/2012 20:20:06 - System Checkpoint

RP1383: 26/05/2012 14:37:44 - System Checkpoint

RP1384: 27/05/2012 18:27:32 - System Checkpoint

RP1385: 28/05/2012 21:05:44 - System Checkpoint

RP1386: 29/05/2012 21:40:42 - System Checkpoint

RP1387: 31/05/2012 19:07:04 - Installed Rapport

RP1388: 01/06/2012 19:17:13 - System Checkpoint

RP1389: 02/06/2012 19:34:00 - System Checkpoint

RP1390: 04/06/2012 16:03:17 - System Checkpoint

RP1391: 04/06/2012 19:00:16 - Software Distribution Service 3.0

RP1392: 05/06/2012 19:12:56 - System Checkpoint

RP1393: 06/06/2012 21:21:15 - System Checkpoint

RP1394: 08/06/2012 19:29:04 - System Checkpoint

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

ARTEuro

AVG Security Toolbar

Broadcom Management Programs

Browser Defender 4.0

BTOffer

BufferChm

Compatibility Pack for the 2007 Office system

Conexant HDA D110 MDC V.92 Modem

Copy

Corel Paint Shop Pro X

Corel Photo Album 6

CustomerResearchQFolder

Dell Media Experience

Dell Support 5.0.0 (630)

Dell System Restore

Destination Component

DeviceDiscovery

DeviceManagementQFolder

Digital Line Detect

DJ_AIO_03_F2200_ProductContext

DJ_AIO_03_F2200_Software

DJ_AIO_03_F2200_Software_Min

eSupportQFolder

F2200

F2200_Help

GnuCash 2.4.9

Golden Goose

Google Earth Plug-in

Google Update Helper

GPBaseService

GPBaseService2

Hard Drive Powerwash (Remove only)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

HP Customer Participation Program 10.0

HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3

HP Imaging Device Functions 10.0

HP Photosmart Essential 2.5

HP Smart Web Printing 4.60

HP Solution Center 13.0

HP Update

HPProductAssistant

HPSSupply

InfraRecorder

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless Software

Java 2 Runtime Environment, SE v1.4.2_03

Java Auto Updater

Java™ 6 Update 31

Learn2 Player (Uninstall Only)

Malwarebytes Anti-Malware version 1.61.0.1400

MarketResearch

mCore

MCU

mDrWiFi

mHlpDell

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Basic Edition 2003

Microsoft Office File Validation Add-In

Microsoft Sync Framework 2.0 Core Components (x86) ENU

Microsoft Sync Framework 2.0 Provider Services (x86) ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

mIWA

Mixer

mLogView

mMHouse

Modem Helper

Mozilla Firefox 13.0 (x86 en-GB)

Mozilla Maintenance Service

mPfMgr

mPfWiz

mProSafe

mSSO

MSVCSetup

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

mWlsSafe

mWMI

mXML

mZConfig

NetWaiting

OpenOffice.org 3.2

PC Tools Spyware Doctor with AntiVirus 9.0

Picasa 3

PowerDVD 5.7

PSSWCORE

Punters Paymaster

QuickSet

QuickTime

Rapport

RealPlayer Basic

Scan

Search Assist

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2695962)

Shop for HP Supplies

SmartWebPrinting

SolutionCenter

Sonic DLA

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

Sound Blaster Audigy ADVANCED MB Demo

Status

Synaptics Pointing Device Driver

SyncToy 2.1 (x86)

Toolbox

TrayApp

TuneUp Utilities 2011

TuneUp Utilities Language Pack (en-US)

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB971180)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

VideoToolkit01

Viewpoint Media Player

WebFldrs XP

WebReg

Windows Imaging Component

Windows Media Format Runtime

Windows XP Service Pack 3

.

==== Event Viewer Messages From Past Week ========

.

05/06/2012 10:59:35, error: MRxSmb [8003] - The master browser has received a server announcement from the computer JINKS-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AE5411F5-AA94-4. The master browser is stopping or an election is being forced.

05/06/2012 09:54:12, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

05/06/2012 09:54:12, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

04/06/2012 19:20:02, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.

04/06/2012 18:25:00, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The system cannot find the file specified.

04/06/2012 16:49:43, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address 18:F4:6A:D5:4B:F2. Network operations on this system may be disrupted as a result.

02/06/2012 18:54:48, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0013028DEAB0 has been denied by the DHCP server 10.42.188.177 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

Thanks again for any help you can give me to find out what the problem is.

gringo_pr · June 9, 2012

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

jinksy9 · June 9, 2012

Hi Gringo,

Slight hiccup when part way through combofix had blue screen but rebooted and all went ok afterwards.

combofix log follows:

ComboFix 12-06-09.02 - Jinks 09/06/2012 23:20:49.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1508 [GMT 1:00]

Running from: c:\documents and settings\Jinks\Downloads\ComboFix.exe

AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Jinks\WINDOWS

c:\windows\system32\Cache

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\29e0002e9e42cd0e.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\32e3987da5e90be5.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\4489ed3ec0428810.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\a8351db58d6d16e1.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\c631b39a5e15287c.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

.

((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))

.

2012-06-07 22:08 . 2012-06-07 22:08 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-06-07 22:08 . 2012-06-07 22:08 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-05-20 11:01 . 2012-05-20 11:01 56248 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-31 13:22 . 2004-08-11 16:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-08 19:02 . 2012-03-29 18:42 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-08 19:02 . 2011-05-16 10:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-11 13:12 . 2004-08-11 16:00 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 13:10 . 2004-08-11 16:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 12:35 . 2004-08-03 21:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-04 14:56 . 2011-07-14 16:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-07 22:08 . 2011-05-02 07:51 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-04-29 16:34 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-29 2067328]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-29 1116544]

"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OUktTkJMQlktQzNGNjItQzMzQkEtUU03RUwtR1dRWkM&inst=NzYtNzQ4MTQxODE2LUtWMys3LUJBKzEtWEwrMS1UNS1YTzM2KzEtVEI5KzItTjFEKzEtUEwrOS1BQisxMDMtU1AxKzEtVFVHKzMtU1AxUzIrMS1TVUQrMS1TVVArMy1TMUkrMS1TVTMrMS1TUDFTMysxLUREVCsw∏=94&ver=10.0.1390" [?]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" /startup

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Corel Photo Downloader"=c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" /r

"Dell QuickSet"=c:\program files\Dell\QuickSet\quickset.exe

"DMXLauncher"=c:\program files\Dell\Media Experience\DMXLauncher.exe

"dla"=c:\windows\system32\dla\tfswctrl.exe

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start

"igfxtray"=c:\windows\system32\igfxtray.exe

"igfxhkcmd"=c:\windows\system32\hkcmd.exe

"igfxpers"=c:\windows\system32\igfxpers.exe

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"MSKDetectorExe"=c:\program files\McAfee\SpamKiller\MSKDetct.exe /uninstall

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"

"RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

"SigmatelSysTrayApp"=stsystra.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\gnucash\\bin\\gnucash.exe"=

"c:\\Program Files\\gnucash\\bin\\gconfd-2.exe"=

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [14/07/2011 18:07 331880]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [14/07/2011 18:07 342168]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [14/07/2011 18:07 909728]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [20/05/2012 12:01 56248]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [14/07/2011 18:07 253352]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [14/07/2011 18:07 185560]

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [25/02/2010 10:25 390528]

R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 22:54 228208]

R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [20/05/2012 12:01 71480]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [20/05/2012 12:01 164152]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [03/04/2012 20:01 550864]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [14/07/2011 17:58 654408]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [20/05/2012 12:01 931672]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [08/12/2011 17:34 1527104]

R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [29/04/2012 17:34 932736]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [14/07/2011 17:58 22344]

R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [03/04/2012 20:01 56840]

R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [28/05/2012 21:42 21520]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07/10/2010 13:34 10064]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/06/2010 22:31 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29/03/2012 19:42 257696]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/06/2010 22:31 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [28/04/2012 17:16 113120]

S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [14/07/2011 18:07 70536]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [14/07/2011 18:07 402336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:02]

.

2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 21:31]

.

2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 21:31]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = 10.53.2.50:8080

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

Trusted Zone: betfair.com

TCP: DhcpNameServer = 8.8.8.8 212.117.175.185

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\Jinks\Application Data\Mozilla\Firefox\Profiles\addhz8as.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc99b86ca-a46d-463c-9269-c12bb58402ba%7D&mid=4e07cfa99153ad82b408cb00d9946d3b-723e59e997752d7593d1d6e72556ca3ab2da8b41&ds=tt014&v=10.2.0.3〈=en&pr=sa&d=2011-12-14%2019%3A17%3A29&sap=ku&q=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-09 23:37

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(1008)

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

.

Completion time: 2012-06-09 23:43:58

ComboFix-quarantined-files.txt 2012-06-09 22:43

.

Pre-Run: 15,842,844,672 bytes free

Post-Run: 16,303,308,800 bytes free

.

- - End Of File - - C5CCD408B4E8B3557B6D9E8CD197CE91

gringo_pr · June 9, 2012

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

jinksy9 · June 10, 2012

Hi Gringo, here are the logs for TDSSkiller and aswMBR

10:44:04.0640 2316 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

10:44:05.0015 2316 ============================================================

10:44:05.0015 2316 Current date / time: 2012/06/10 10:44:05.0015

10:44:05.0015 2316 SystemInfo:

10:44:05.0015 2316

10:44:05.0015 2316 OS Version: 5.1.2600 ServicePack: 3.0

10:44:05.0015 2316 Product type: Workstation

10:44:05.0015 2316 ComputerName: DELL

10:44:05.0015 2316 UserName: Jinks

10:44:05.0015 2316 Windows directory: C:\WINDOWS

10:44:05.0015 2316 System windows directory: C:\WINDOWS

10:44:05.0015 2316 Processor architecture: Intel x86

10:44:05.0015 2316 Number of processors: 1

10:44:05.0015 2316 Page size: 0x1000

10:44:05.0015 2316 Boot type: Normal boot

10:44:05.0015 2316 ============================================================

10:44:07.0031 2316 Drive \Device\Harddisk0\DR0 - Size: 0xD9F411200 (54.49 Gb), SectorSize: 0x200, Cylinders: 0x1BC9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

10:44:07.0031 2316 ============================================================

10:44:07.0031 2316 \Device\Harddisk0\DR0:

10:44:07.0031 2316 MBR partitions:

10:44:07.0031 2316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x4D668BC

10:44:07.0031 2316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4D91B07, BlocksNum 0x19186E6

10:44:07.0031 2316 ============================================================

10:44:07.0265 2316 C: <-> \Device\Harddisk0\DR0\Partition0

10:44:07.0312 2316 D: <-> \Device\Harddisk0\DR0\Partition1

10:44:07.0312 2316 ============================================================

10:44:07.0312 2316 Initialize success

10:44:07.0312 2316 ============================================================

10:44:13.0343 2464 ============================================================

10:44:13.0343 2464 Scan started

10:44:13.0343 2464 Mode: Manual;

10:44:13.0343 2464 ============================================================

10:44:13.0656 2464 Abiosdsk - ok

10:44:13.0703 2464 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

10:44:13.0703 2464 abp480n5 - ok

10:44:13.0750 2464 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:44:13.0750 2464 ACPI - ok

10:44:13.0796 2464 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

10:44:13.0796 2464 ACPIEC - ok

10:44:13.0890 2464 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

10:44:13.0906 2464 AdobeFlashPlayerUpdateSvc - ok

10:44:13.0937 2464 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

10:44:13.0937 2464 adpu160m - ok

10:44:13.0968 2464 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

10:44:13.0984 2464 aec - ok

10:44:14.0031 2464 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys

10:44:14.0031 2464 AegisP - ok

10:44:14.0093 2464 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

10:44:14.0093 2464 AFD - ok

10:44:14.0140 2464 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

10:44:14.0140 2464 agp440 - ok

10:44:14.0156 2464 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

10:44:14.0156 2464 agpCPQ - ok

10:44:14.0187 2464 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

10:44:14.0187 2464 Aha154x - ok

10:44:14.0203 2464 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

10:44:14.0203 2464 aic78u2 - ok

10:44:14.0234 2464 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

10:44:14.0234 2464 aic78xx - ok

10:44:14.0281 2464 akshasp (64fc197d24a2b240598f29ce0a6660c0) C:\WINDOWS\system32\DRIVERS\akshasp.sys

10:44:14.0281 2464 akshasp - ok

10:44:14.0312 2464 aksusb (cce6c56f18d214de8d66f3f2a774cd5b) C:\WINDOWS\system32\DRIVERS\aksusb.sys

10:44:14.0312 2464 aksusb - ok

10:44:14.0343 2464 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

10:44:14.0343 2464 Alerter - ok

10:44:14.0375 2464 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

10:44:14.0375 2464 ALG - ok

10:44:14.0390 2464 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

10:44:14.0390 2464 AliIde - ok

10:44:14.0421 2464 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

10:44:14.0421 2464 alim1541 - ok

10:44:14.0437 2464 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

10:44:14.0437 2464 amdagp - ok

10:44:14.0484 2464 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

10:44:14.0484 2464 amsint - ok

10:44:14.0515 2464 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

10:44:14.0531 2464 APPDRV - ok

10:44:14.0578 2464 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

10:44:14.0578 2464 AppMgmt - ok

10:44:14.0625 2464 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

10:44:14.0625 2464 Arp1394 - ok

10:44:14.0656 2464 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

10:44:14.0656 2464 asc - ok

10:44:14.0703 2464 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

10:44:14.0703 2464 asc3350p - ok

10:44:14.0718 2464 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

10:44:14.0718 2464 asc3550 - ok

10:44:14.0765 2464 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

10:44:14.0765 2464 ASCTRM - ok

10:44:14.0906 2464 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

10:44:14.0921 2464 aspnet_state - ok

10:44:14.0953 2464 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:44:14.0953 2464 AsyncMac - ok

10:44:14.0984 2464 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

10:44:14.0984 2464 atapi - ok

10:44:14.0984 2464 Atdisk - ok

10:44:15.0015 2464 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:44:15.0015 2464 Atmarpc - ok

10:44:15.0062 2464 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

10:44:15.0062 2464 AudioSrv - ok

10:44:15.0093 2464 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

10:44:15.0109 2464 audstub - ok

10:44:15.0140 2464 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

10:44:15.0140 2464 bcm4sbxp - ok

10:44:15.0171 2464 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

10:44:15.0171 2464 Beep - ok

10:44:15.0250 2464 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

10:44:15.0250 2464 BITS - ok

10:44:15.0281 2464 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

10:44:15.0281 2464 Browser - ok

10:44:15.0453 2464 Browser Defender Update Service (335219836821cb675533ab4731779754) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

10:44:15.0453 2464 Browser Defender Update Service - ok

10:44:15.0562 2464 catchme - ok

10:44:15.0593 2464 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

10:44:15.0593 2464 cbidf - ok

10:44:15.0593 2464 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

10:44:15.0593 2464 cbidf2k - ok

10:44:15.0609 2464 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

10:44:15.0609 2464 cd20xrnt - ok

10:44:15.0671 2464 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

10:44:15.0671 2464 Cdaudio - ok

10:44:15.0687 2464 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

10:44:15.0687 2464 Cdfs - ok

10:44:15.0703 2464 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

10:44:15.0703 2464 Cdrom - ok

10:44:15.0703 2464 Changer - ok

10:44:15.0750 2464 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

10:44:15.0750 2464 CiSvc - ok

10:44:15.0765 2464 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

10:44:15.0765 2464 ClipSrv - ok

10:44:15.0906 2464 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:44:15.0984 2464 clr_optimization_v2.0.50727_32 - ok

10:44:16.0015 2464 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

10:44:16.0015 2464 CmBatt - ok

10:44:16.0062 2464 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

10:44:16.0062 2464 CmdIde - ok

10:44:16.0093 2464 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

10:44:16.0093 2464 Compbatt - ok

10:44:16.0093 2464 COMSysApp - ok

10:44:16.0125 2464 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

10:44:16.0125 2464 Cpqarray - ok

10:44:16.0171 2464 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

10:44:16.0171 2464 CryptSvc - ok

10:44:16.0203 2464 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

10:44:16.0218 2464 dac2w2k - ok

10:44:16.0218 2464 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

10:44:16.0218 2464 dac960nt - ok

10:44:16.0296 2464 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

10:44:16.0296 2464 DcomLaunch - ok

10:44:16.0328 2464 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

10:44:16.0328 2464 Dhcp - ok

10:44:16.0343 2464 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

10:44:16.0343 2464 Disk - ok

10:44:16.0359 2464 dmadmin - ok

10:44:16.0437 2464 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

10:44:16.0453 2464 dmboot - ok

10:44:16.0484 2464 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

10:44:16.0484 2464 dmio - ok

10:44:16.0531 2464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

10:44:16.0531 2464 dmload - ok

10:44:16.0546 2464 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

10:44:16.0546 2464 dmserver - ok

10:44:16.0578 2464 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

10:44:16.0578 2464 DMusic - ok

10:44:16.0625 2464 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

10:44:16.0625 2464 Dnscache - ok

10:44:16.0703 2464 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

10:44:16.0703 2464 Dot3svc - ok

10:44:16.0734 2464 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

10:44:16.0734 2464 dpti2o - ok

10:44:16.0781 2464 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

10:44:16.0781 2464 drmkaud - ok

10:44:16.0812 2464 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys

10:44:16.0812 2464 drvmcdb - ok

10:44:16.0828 2464 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys

10:44:16.0828 2464 drvnddm - ok

10:44:16.0859 2464 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

10:44:16.0859 2464 E100B - ok

10:44:16.0890 2464 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

10:44:16.0890 2464 EapHost - ok

10:44:16.0937 2464 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

10:44:16.0937 2464 ERSvc - ok

10:44:16.0984 2464 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

10:44:17.0000 2464 Eventlog - ok

10:44:17.0062 2464 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

10:44:17.0062 2464 EventSystem - ok

10:44:17.0156 2464 EvtEng (ed9c755312f29d55b8c815eec7115635) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

10:44:17.0156 2464 EvtEng - ok

10:44:17.0187 2464 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

10:44:17.0187 2464 Fastfat - ok

10:44:17.0234 2464 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

10:44:17.0250 2464 FastUserSwitchingCompatibility - ok

10:44:17.0312 2464 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

10:44:17.0312 2464 Fax - ok

10:44:17.0359 2464 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

10:44:17.0359 2464 Fdc - ok

10:44:17.0375 2464 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

10:44:17.0390 2464 Fips - ok

10:44:17.0406 2464 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

10:44:17.0406 2464 Flpydisk - ok

10:44:17.0437 2464 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

10:44:17.0453 2464 FltMgr - ok

10:44:17.0562 2464 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

10:44:17.0578 2464 FontCache3.0.0.0 - ok

10:44:17.0609 2464 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:44:17.0609 2464 Fs_Rec - ok

10:44:17.0671 2464 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:44:17.0671 2464 Ftdisk - ok

10:44:17.0734 2464 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:44:17.0734 2464 Gpc - ok

10:44:17.0843 2464 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

10:44:17.0843 2464 gupdate - ok

10:44:17.0859 2464 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

10:44:17.0859 2464 gupdatem - ok

10:44:17.0906 2464 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

10:44:17.0906 2464 gusvc - ok

10:44:17.0984 2464 hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\WINDOWS\system32\drivers\hardlock.sys

10:44:18.0000 2464 hardlock - ok

10:44:18.0046 2464 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

10:44:18.0046 2464 HDAudBus - ok

10:44:18.0109 2464 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

10:44:18.0109 2464 helpsvc - ok

10:44:18.0125 2464 HidServ - ok

10:44:18.0140 2464 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:44:18.0140 2464 HidUsb - ok

10:44:18.0187 2464 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

10:44:18.0187 2464 hkmsvc - ok

10:44:18.0234 2464 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

10:44:18.0234 2464 hpn - ok

10:44:18.0359 2464 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

10:44:18.0375 2464 hpqcxs08 - ok

10:44:18.0421 2464 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

10:44:18.0421 2464 hpqddsvc - ok

10:44:18.0468 2464 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

10:44:18.0468 2464 HPZid412 - ok

10:44:18.0484 2464 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

10:44:18.0484 2464 HPZipr12 - ok

10:44:18.0500 2464 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

10:44:18.0500 2464 HPZius12 - ok

10:44:18.0562 2464 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

10:44:18.0562 2464 HSFHWAZL - ok

10:44:18.0671 2464 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

10:44:18.0687 2464 HSF_DPV - ok

10:44:18.0781 2464 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

10:44:18.0781 2464 HTTP - ok

10:44:18.0812 2464 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

10:44:18.0828 2464 HTTPFilter - ok

10:44:18.0859 2464 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

10:44:18.0859 2464 i2omgmt - ok

10:44:18.0921 2464 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

10:44:18.0921 2464 i2omp - ok

10:44:18.0953 2464 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

10:44:18.0953 2464 i8042prt - ok

10:44:19.0093 2464 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

10:44:19.0125 2464 ialm - ok

10:44:19.0296 2464 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

10:44:19.0312 2464 idsvc - ok

10:44:19.0437 2464 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

10:44:19.0437 2464 Imapi - ok

10:44:19.0484 2464 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

10:44:19.0484 2464 ImapiService - ok

10:44:19.0531 2464 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

10:44:19.0531 2464 ini910u - ok

10:44:19.0546 2464 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

10:44:19.0546 2464 IntelIde - ok

10:44:19.0578 2464 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

10:44:19.0578 2464 intelppm - ok

10:44:19.0609 2464 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

10:44:19.0609 2464 Ip6Fw - ok

10:44:19.0656 2464 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:44:19.0656 2464 IpFilterDriver - ok

10:44:19.0687 2464 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:44:19.0687 2464 IpInIp - ok

10:44:19.0750 2464 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:44:19.0750 2464 IpNat - ok

10:44:19.0781 2464 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:44:19.0796 2464 IPSec - ok

10:44:19.0812 2464 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

10:44:19.0812 2464 IRENUM - ok

10:44:19.0875 2464 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:44:19.0875 2464 isapnp - ok

10:44:20.0015 2464 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe

10:44:20.0031 2464 JavaQuickStarterService - ok

10:44:20.0046 2464 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:44:20.0046 2464 Kbdclass - ok

10:44:20.0078 2464 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

10:44:20.0078 2464 kmixer - ok

10:44:20.0140 2464 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

10:44:20.0140 2464 KSecDD - ok

10:44:20.0203 2464 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

10:44:20.0203 2464 lanmanserver - ok

10:44:20.0250 2464 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

10:44:20.0265 2464 lanmanworkstation - ok

10:44:20.0265 2464 lbrtfdc - ok

10:44:20.0312 2464 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

10:44:20.0312 2464 LmHosts - ok

10:44:20.0359 2464 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

10:44:20.0359 2464 MBAMProtector - ok

10:44:20.0468 2464 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

10:44:20.0468 2464 MBAMService - ok

10:44:20.0578 2464 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

10:44:20.0593 2464 MDM - ok

10:44:20.0640 2464 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

10:44:20.0640 2464 mdmxsdk - ok

10:44:20.0671 2464 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

10:44:20.0671 2464 Messenger - ok

10:44:20.0750 2464 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

10:44:20.0750 2464 mnmdd - ok

10:44:20.0812 2464 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

10:44:20.0812 2464 mnmsrvc - ok

10:44:20.0859 2464 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

10:44:20.0859 2464 Modem - ok

10:44:20.0906 2464 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:44:20.0906 2464 Mouclass - ok

10:44:21.0000 2464 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:44:21.0000 2464 mouhid - ok

10:44:21.0015 2464 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

10:44:21.0015 2464 MountMgr - ok

10:44:21.0093 2464 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

10:44:21.0093 2464 MozillaMaintenance - ok

10:44:21.0125 2464 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

10:44:21.0140 2464 mraid35x - ok

10:44:21.0171 2464 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:44:21.0171 2464 MRxDAV - ok

10:44:21.0234 2464 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:44:21.0250 2464 MRxSmb - ok

10:44:21.0296 2464 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

10:44:21.0296 2464 MSDTC - ok

10:44:21.0296 2464 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

10:44:21.0312 2464 Msfs - ok

10:44:21.0312 2464 MSIServer - ok

10:44:21.0328 2464 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:44:21.0343 2464 MSKSSRV - ok

10:44:21.0359 2464 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:44:21.0359 2464 MSPCLOCK - ok

10:44:21.0375 2464 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

10:44:21.0375 2464 MSPQM - ok

10:44:21.0406 2464 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:44:21.0406 2464 mssmbios - ok

10:44:21.0468 2464 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

10:44:21.0468 2464 Mup - ok

10:44:21.0515 2464 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

10:44:21.0531 2464 napagent - ok

10:44:21.0546 2464 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

10:44:21.0562 2464 NDIS - ok

10:44:21.0609 2464 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:44:21.0609 2464 NdisTapi - ok

10:44:21.0656 2464 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:44:21.0656 2464 Ndisuio - ok

10:44:21.0734 2464 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:44:21.0734 2464 NdisWan - ok

10:44:21.0781 2464 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

10:44:21.0796 2464 NDProxy - ok

10:44:21.0843 2464 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll

10:44:21.0843 2464 Net Driver HPZ12 - ok

10:44:21.0859 2464 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

10:44:21.0859 2464 NetBIOS - ok

10:44:21.0890 2464 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

10:44:21.0890 2464 NetBT - ok

10:44:21.0937 2464 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

10:44:21.0953 2464 NetDDE - ok

10:44:21.0953 2464 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

10:44:21.0953 2464 NetDDEdsdm - ok

10:44:22.0000 2464 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:44:22.0000 2464 Netlogon - ok

10:44:22.0031 2464 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

10:44:22.0031 2464 Netman - ok

10:44:22.0156 2464 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:44:22.0156 2464 NetTcpPortSharing - ok

10:44:22.0187 2464 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

10:44:22.0187 2464 NIC1394 - ok

10:44:22.0328 2464 NICCONFIGSVC (11d8a00c7eff1aaec8e8464769c84a3d) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

10:44:22.0328 2464 NICCONFIGSVC - ok

10:44:22.0390 2464 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

10:44:22.0390 2464 Nla - ok

10:44:22.0421 2464 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

10:44:22.0421 2464 Npfs - ok

10:44:22.0500 2464 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

10:44:22.0515 2464 Ntfs - ok

10:44:22.0515 2464 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:44:22.0515 2464 NtLmSsp - ok

10:44:22.0578 2464 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

10:44:22.0578 2464 NtmsSvc - ok

10:44:22.0625 2464 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

10:44:22.0625 2464 Null - ok

10:44:22.0843 2464 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

10:44:22.0875 2464 nv - ok

10:44:22.0984 2464 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

10:44:22.0984 2464 NwlnkFlt - ok

10:44:23.0000 2464 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

10:44:23.0000 2464 NwlnkFwd - ok

10:44:23.0046 2464 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

10:44:23.0046 2464 ohci1394 - ok

10:44:23.0093 2464 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys

10:44:23.0093 2464 omci - ok

10:44:23.0187 2464 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:44:23.0187 2464 ose - ok

10:44:23.0234 2464 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

10:44:23.0234 2464 Parport - ok

10:44:23.0265 2464 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

10:44:23.0265 2464 PartMgr - ok

10:44:23.0312 2464 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

10:44:23.0312 2464 ParVdm - ok

10:44:23.0312 2464 PCAMPR5 - ok

10:44:23.0343 2464 PCANDIS5 (ceef86cb35abe95c40a88784f5b631ad) C:\WINDOWS\system32\PCANDIS5.SYS

10:44:23.0343 2464 PCANDIS5 - ok

10:44:23.0359 2464 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

10:44:23.0359 2464 PCI - ok

10:44:23.0375 2464 PCIDump - ok

10:44:23.0390 2464 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

10:44:23.0390 2464 PCIIde - ok

10:44:23.0421 2464 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

10:44:23.0437 2464 Pcmcia - ok

10:44:23.0484 2464 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys

10:44:23.0484 2464 PCTBD - ok

10:44:23.0515 2464 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys

10:44:23.0515 2464 PCTCore - ok

10:44:23.0562 2464 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\WINDOWS\system32\drivers\pctDS.sys

10:44:23.0562 2464 pctDS - ok

10:44:23.0640 2464 pctEFA (653d8079cc000ec454789740a07b84a8) C:\WINDOWS\system32\drivers\pctEFA.sys

10:44:23.0656 2464 pctEFA - ok

10:44:23.0703 2464 pctgntdi (cee55a1df92cb30f87280b6a04aadce8) C:\WINDOWS\system32\drivers\pctgntdi.sys

10:44:23.0718 2464 pctgntdi - ok

10:44:23.0765 2464 pctplsg (061b86fd64a61ad187efc788d6c408b0) C:\WINDOWS\system32\drivers\pctplsg.sys

10:44:23.0765 2464 pctplsg - ok

10:44:23.0812 2464 PCTSD (eb98f7514dcf1b922b318e6182d836b1) C:\WINDOWS\system32\Drivers\PCTSD.sys

10:44:23.0812 2464 PCTSD - ok

10:44:23.0828 2464 PDCOMP - ok

10:44:23.0828 2464 PDFRAME - ok

10:44:23.0843 2464 PDRELI - ok

10:44:23.0843 2464 PDRFRAME - ok

10:44:23.0890 2464 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

10:44:23.0890 2464 perc2 - ok

10:44:23.0906 2464 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

10:44:23.0906 2464 perc2hib - ok

10:44:23.0953 2464 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

10:44:23.0968 2464 PlugPlay - ok

10:44:24.0015 2464 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll

10:44:24.0015 2464 Pml Driver HPZ12 - ok

10:44:24.0015 2464 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:44:24.0031 2464 PolicyAgent - ok

10:44:24.0062 2464 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

10:44:24.0062 2464 PptpMiniport - ok

10:44:24.0078 2464 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:44:24.0078 2464 ProtectedStorage - ok

10:44:24.0093 2464 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

10:44:24.0109 2464 PSched - ok

10:44:24.0125 2464 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

10:44:24.0125 2464 Ptilink - ok

10:44:24.0171 2464 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

10:44:24.0171 2464 PxHelp20 - ok

10:44:24.0203 2464 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

10:44:24.0203 2464 ql1080 - ok

10:44:24.0218 2464 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

10:44:24.0218 2464 Ql10wnt - ok

10:44:24.0250 2464 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

10:44:24.0250 2464 ql12160 - ok

10:44:24.0265 2464 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

10:44:24.0265 2464 ql1240 - ok

10:44:24.0296 2464 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

10:44:24.0296 2464 ql1280 - ok

10:44:24.0359 2464 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\WINDOWS\system32\drivers\RapportBuka.sys

10:44:24.0375 2464 RapportBuka - ok

10:44:24.0625 2464 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys

10:44:24.0625 2464 RapportCerberus_34302 - ok

10:44:24.0812 2464 RapportEI (817ab6c6577d662cadbf25a1a6e7098a) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

10:44:24.0812 2464 RapportEI - ok

10:44:24.0906 2464 RapportIaso (35199ec35edc7dcba71fda711dfb05c0) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys

10:44:24.0906 2464 RapportIaso - ok

10:44:24.0921 2464 RapportKELL (ffa15116e0c8886d07876f58299a1c23) C:\WINDOWS\system32\Drivers\RapportKELL.sys

10:44:24.0921 2464 RapportKELL - ok

10:44:25.0000 2464 RapportMgmtService (9f1dde87a28ef6992d4a0d50a863e87c) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

10:44:25.0015 2464 RapportMgmtService - ok

10:44:25.0046 2464 RapportPG (0b1a027833a920ce8eaf9ff2c4d074b5) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

10:44:25.0046 2464 RapportPG - ok

10:44:25.0093 2464 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

10:44:25.0093 2464 RasAcd - ok

10:44:25.0140 2464 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

10:44:25.0140 2464 RasAuto - ok

10:44:25.0187 2464 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

10:44:25.0187 2464 Rasl2tp - ok

10:44:25.0250 2464 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

10:44:25.0250 2464 RasMan - ok

10:44:25.0281 2464 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

10:44:25.0281 2464 RasPppoe - ok

10:44:25.0296 2464 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

10:44:25.0296 2464 Raspti - ok

10:44:25.0328 2464 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

10:44:25.0328 2464 Rdbss - ok

10:44:25.0343 2464 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

10:44:25.0343 2464 RDPCDD - ok

10:44:25.0375 2464 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

10:44:25.0375 2464 rdpdr - ok

10:44:25.0421 2464 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

10:44:25.0421 2464 RDPWD - ok

10:44:25.0453 2464 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

10:44:25.0468 2464 RDSessMgr - ok

10:44:25.0468 2464 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

10:44:25.0468 2464 redbook - ok

10:44:25.0562 2464 RegSrvc (6f81c8a63fb824eb8a2401ab45795553) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

10:44:25.0578 2464 RegSrvc - ok

10:44:25.0625 2464 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

10:44:25.0625 2464 RemoteAccess - ok

10:44:25.0656 2464 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

10:44:25.0671 2464 RemoteRegistry - ok

10:44:25.0734 2464 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

10:44:25.0734 2464 rimmptsk - ok

10:44:25.0812 2464 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

10:44:25.0812 2464 rimsptsk - ok

10:44:25.0859 2464 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

10:44:25.0906 2464 rismxdp - ok

10:44:25.0968 2464 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

10:44:25.0984 2464 RpcLocator - ok

10:44:26.0046 2464 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

10:44:26.0046 2464 RpcSs - ok

10:44:26.0093 2464 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

10:44:26.0109 2464 RSVP - ok

10:44:26.0171 2464 S24EventMonitor (b792f2c647b1fc3e4987de582ee00fe3) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

10:44:26.0187 2464 S24EventMonitor - ok

10:44:26.0250 2464 s24trans (2e4e912ce95f5ef4d4a5079f6ce367fc) C:\WINDOWS\system32\DRIVERS\s24trans.sys

10:44:26.0250 2464 s24trans - ok

10:44:26.0296 2464 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:44:26.0296 2464 SamSs - ok

10:44:26.0343 2464 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

10:44:26.0343 2464 SCardSvr - ok

10:44:26.0390 2464 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

10:44:26.0406 2464 Schedule - ok

10:44:26.0515 2464 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools Security\pctsAuxs.exe

10:44:26.0531 2464 sdAuxService - ok

10:44:26.0562 2464 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

10:44:26.0578 2464 sdbus - ok

10:44:26.0718 2464 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files\PC Tools Security\pctsSvc.exe

10:44:26.0734 2464 sdCoreService - ok

10:44:26.0781 2464 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

10:44:26.0781 2464 Secdrv - ok

10:44:26.0812 2464 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

10:44:26.0812 2464 seclogon - ok

10:44:26.0828 2464 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

10:44:26.0828 2464 SENS - ok

10:44:26.0875 2464 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

10:44:26.0875 2464 serenum - ok

10:44:26.0906 2464 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

10:44:26.0906 2464 Serial - ok

10:44:26.0937 2464 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

10:44:26.0937 2464 Sfloppy - ok

10:44:27.0000 2464 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

10:44:27.0000 2464 SharedAccess - ok

10:44:27.0062 2464 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

10:44:27.0062 2464 ShellHWDetection - ok

10:44:27.0078 2464 Simbad - ok

10:44:27.0109 2464 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

10:44:27.0109 2464 sisagp - ok

10:44:27.0140 2464 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

10:44:27.0140 2464 Sparrow - ok

10:44:27.0171 2464 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

10:44:27.0171 2464 splitter - ok

10:44:27.0234 2464 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

10:44:27.0234 2464 Spooler - ok

10:44:27.0250 2464 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

10:44:27.0250 2464 sr - ok

10:44:27.0296 2464 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

10:44:27.0312 2464 srservice - ok

10:44:27.0375 2464 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

10:44:27.0375 2464 Srv - ok

10:44:27.0421 2464 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

10:44:27.0421 2464 sscdbhk5 - ok

10:44:27.0453 2464 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

10:44:27.0468 2464 SSDPSRV - ok

10:44:27.0500 2464 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

10:44:27.0500 2464 ssrtln - ok

10:44:27.0625 2464 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys

10:44:27.0640 2464 STHDA - ok

10:44:27.0734 2464 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

10:44:27.0750 2464 stisvc - ok

10:44:27.0906 2464 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

10:44:27.0921 2464 swenum - ok

10:44:27.0937 2464 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

10:44:27.0937 2464 swmidi - ok

10:44:27.0953 2464 SwPrv - ok

10:44:28.0000 2464 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

10:44:28.0000 2464 symc810 - ok

10:44:28.0015 2464 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

10:44:28.0015 2464 symc8xx - ok

10:44:28.0031 2464 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

10:44:28.0031 2464 sym_hi - ok

10:44:28.0046 2464 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

10:44:28.0046 2464 sym_u3 - ok

10:44:28.0093 2464 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys

10:44:28.0093 2464 SynTP - ok

10:44:28.0109 2464 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

10:44:28.0109 2464 sysaudio - ok

10:44:28.0156 2464 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

10:44:28.0156 2464 SysmonLog - ok

10:44:28.0218 2464 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

10:44:28.0218 2464 TapiSrv - ok

10:44:28.0265 2464 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

10:44:28.0265 2464 Tcpip - ok

10:44:28.0296 2464 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

10:44:28.0296 2464 TDPIPE - ok

10:44:28.0312 2464 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

10:44:28.0328 2464 TDTCP - ok

10:44:28.0343 2464 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

10:44:28.0343 2464 TermDD - ok

10:44:28.0406 2464 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

10:44:28.0421 2464 TermService - ok

10:44:28.0468 2464 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys

10:44:28.0468 2464 tfsnboio - ok

10:44:28.0484 2464 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys

10:44:28.0484 2464 tfsncofs - ok

10:44:28.0500 2464 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys

10:44:28.0500 2464 tfsndrct - ok

10:44:28.0515 2464 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys

10:44:28.0515 2464 tfsndres - ok

10:44:28.0546 2464 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys

10:44:28.0546 2464 tfsnifs - ok

10:44:28.0562 2464 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys

10:44:28.0562 2464 tfsnopio - ok

10:44:28.0578 2464 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys

10:44:28.0578 2464 tfsnpool - ok

10:44:28.0609 2464 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys

10:44:28.0609 2464 tfsnudf - ok

10:44:28.0625 2464 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys

10:44:28.0640 2464 tfsnudfa - ok

10:44:28.0703 2464 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

10:44:28.0703 2464 Themes - ok

10:44:28.0781 2464 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

10:44:28.0781 2464 TlntSvr - ok

10:44:28.0828 2464 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

10:44:28.0828 2464 TosIde - ok

10:44:28.0890 2464 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

10:44:28.0906 2464 TrkWks - ok

10:44:29.0171 2464 TuneUp.UtilitiesSvc (118edc3e712ff83ce25612081a69075d) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

10:44:29.0187 2464 TuneUp.UtilitiesSvc - ok

10:44:29.0234 2464 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys

10:44:29.0234 2464 TuneUpUtilitiesDrv - ok

10:44:29.0406 2464 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

10:44:29.0406 2464 Udfs - ok

10:44:29.0421 2464 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

10:44:29.0421 2464 ultra - ok

10:44:29.0468 2464 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe

10:44:29.0468 2464 UMWdf - ok

10:44:29.0531 2464 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

10:44:29.0546 2464 Update - ok

10:44:29.0593 2464 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

10:44:29.0593 2464 upnphost - ok

10:44:29.0625 2464 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

10:44:29.0640 2464 UPS - ok

10:44:29.0671 2464 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

10:44:29.0671 2464 usbccgp - ok

10:44:29.0718 2464 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

10:44:29.0718 2464 usbehci - ok

10:44:29.0765 2464 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

10:44:29.0765 2464 usbhub - ok

10:44:29.0781 2464 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

10:44:29.0781 2464 usbprint - ok

10:44:29.0812 2464 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

10:44:29.0812 2464 usbscan - ok

10:44:29.0843 2464 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

10:44:29.0843 2464 USBSTOR - ok

10:44:29.0843 2464 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

10:44:29.0859 2464 usbuhci - ok

10:44:29.0906 2464 UxTuneUp (24f51fba322f06a3e336c301025d6d12) C:\WINDOWS\System32\uxtuneup.dll

10:44:29.0906 2464 UxTuneUp - ok

10:44:29.0953 2464 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

10:44:29.0953 2464 VgaSave - ok

10:44:29.0984 2464 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

10:44:29.0984 2464 viaagp - ok

10:44:30.0062 2464 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

10:44:30.0062 2464 ViaIde - ok

10:44:30.0093 2464 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

10:44:30.0093 2464 VolSnap - ok

10:44:30.0156 2464 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

10:44:30.0171 2464 VSS - ok

10:44:30.0328 2464 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

10:44:30.0328 2464 vToolbarUpdater11.0.2 - ok

10:44:30.0359 2464 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

10:44:30.0375 2464 w32time - ok

10:44:30.0531 2464 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys

10:44:30.0562 2464 w39n51 - ok

10:44:30.0765 2464 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

10:44:30.0765 2464 Wanarp - ok

10:44:30.0781 2464 wanatw - ok

10:44:30.0781 2464 WDICA - ok

10:44:30.0812 2464 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

10:44:30.0812 2464 wdmaud - ok

10:44:30.0859 2464 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

10:44:30.0859 2464 WebClient - ok

10:44:30.0953 2464 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

10:44:30.0968 2464 winachsf - ok

10:44:31.0031 2464 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

10:44:31.0031 2464 winmgmt - ok

10:44:31.0187 2464 WLANKEEPER (afb5a2a79bb01699a269c316d8b9bef1) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

10:44:31.0187 2464 WLANKEEPER - ok

10:44:31.0218 2464 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\mspmsnsv.dll

10:44:31.0234 2464 WmdmPmSN - ok

10:44:31.0312 2464 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

10:44:31.0328 2464 Wmi - ok

10:44:31.0375 2464 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

10:44:31.0375 2464 WmiApSrv - ok

10:44:31.0437 2464 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

10:44:31.0437 2464 WS2IFSL - ok

10:44:31.0484 2464 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

10:44:31.0484 2464 wscsvc - ok

10:44:31.0531 2464 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

10:44:31.0531 2464 wuauserv - ok

10:44:31.0609 2464 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

10:44:31.0625 2464 WZCSVC - ok

10:44:31.0687 2464 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

10:44:31.0687 2464 xmlprov - ok

10:44:31.0718 2464 MBR (0x1B8) (dea9e81f0228b68c9adaf84c9b0cf931) \Device\Harddisk0\DR0

10:44:32.0171 2464 \Device\Harddisk0\DR0 - ok

10:44:32.0187 2464 Boot (0x1200) (424646a5056014def5a61376b476049c) \Device\Harddisk0\DR0\Partition0

10:44:32.0187 2464 \Device\Harddisk0\DR0\Partition0 - ok

10:44:32.0203 2464 Boot (0x1200) (fc91ac0a7b9e4cfba978764e8aba167c) \Device\Harddisk0\DR0\Partition1

10:44:32.0203 2464 \Device\Harddisk0\DR0\Partition1 - ok

10:44:32.0218 2464 ============================================================

10:44:32.0218 2464 Scan finished

10:44:32.0218 2464 ============================================================

10:44:32.0218 3784 Detected object count: 0

10:44:32.0218 3784 Actual detected object count: 0

Run date: 2012-06-10 10:48:22

-----------------------------

10:48:22.296 OS Version: Windows 5.1.2600 Service Pack 3

10:48:22.296 Number of processors: 1 586 0xE08

10:48:22.296 ComputerName: DELL UserName:

10:48:23.140 Initialize success

10:59:53.015 AVAST engine defs: 12061000

11:06:16.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

11:06:16.031 Disk 0 Vendor: Hitachi_HTS541060G9SA00 MB3OC60R Size: 55796MB BusType: 3

11:06:16.453 Disk 0 MBR read successfully

11:06:16.453 Disk 0 MBR scan

11:06:16.500 Disk 0 unknown MBR code

11:06:16.500 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63

11:06:16.515 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 39629 MB offset 160650

11:06:16.546 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12848 MB offset 81337095

11:06:16.578 Disk 0 Partition 4 00 DB CP/M / CTOS MSDOS5.0 3223 MB offset 107651565

11:06:16.578 Disk 0 scanning sectors +114254280

11:06:16.656 Disk 0 scanning C:\WINDOWS\system32\drivers

11:06:30.296 Service scanning

11:06:53.328 Modules scanning

11:07:00.515 Disk 0 trace - called modules:

11:07:00.531 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS

11:07:00.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a86bab8]

11:07:00.531 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a8be920]

11:07:00.531 5 PCTCore.sys[b9e99407] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a872940]

11:07:01.062 AVAST engine scan C:\WINDOWS

11:07:08.953 AVAST engine scan C:\WINDOWS\system32

11:09:39.609 AVAST engine scan C:\WINDOWS\system32\drivers

11:09:58.296 AVAST engine scan C:\Documents and Settings\Jinks

11:16:16.609 AVAST engine scan C:\Documents and Settings\All Users

11:19:17.453 Scan finished successfully

11:20:02.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jinks\Desktop\MBR.dat"

11:20:02.625 The log file has been saved successfully to "C:\Documents and Settings\Jinks\Desktop\aswMBR.txt"

gringo_pr · June 10, 2012

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

jinksy9 · June 10, 2012

Hi Gringo,

Earlier I was still getting the malwarebytes 'blocking 212.117.175.185 outgoing' message appearing frequently but since running the script I've not seen it.

It took combofix nearly half an hour to run the scan and produce the report below - no problems so hope this has fixed things. What do you think? Thanks

ComboFix 12-06-09.02 - Jinks 10/06/2012 17:31:50.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1303 [GMT 1:00]

Running from: c:\documents and settings\Jinks\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\Jinks\Desktop\Gringo\CFScript.txt

AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\TEMP

.

((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))