Jump to content

Ad Sounds in the background


Recommended Posts

Hello,

Recently I've been hearing random ad sounds in the background. They seem to come up randomly. I've scanned using latest Spyware Doctor but the sounds are still there. Any help would be greatly appreciated.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by Mk at 0:13:29 on 2012-07-23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.160 [GMT -7:00]

.

AV: PC Tools Internet Security Anti-Virus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: PC Tools Internet Security Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\dlcicoms.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\PC Tools Security\pctsAuxs.exe

C:\Program Files\PC Tools Security\pctsSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Creative\Mixer\CTSVolFE.exe

svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\stsystra.exe

C:\Program Files\PC Tools Security\pctsGui.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AIM\aim.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PC Tools Security\TFEngine\TFService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\taskmgr.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uWindow Title = Gdooey Mae

uSearch Bar = hxxp://search.jzip.com/sidebar.html?src=ssb&sysid=102

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://search.jzip.com/sidebar.html?src=ssb&sysid=102

mSearchAssistant = hxxp://search.jzip.com/sidebar.html?src=ssb&sysid=102

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: !{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {00000000-0000-0000-0000-000000000000} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US

uRun: [Google Update] "c:\documents and settings\mk\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [Zip] wscript.exe /E:vbs C:\autoexec.bat

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [DLCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCItime.dll,_RunDLLEntry@16

mRun: [iSTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

LSP: mswsock.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{2449264F-C2CC-4357-91B0-0AC9A26F81C2} : DhcpNameServer = 192.168.1.254

Notify: igfxcui - igfxdev.dll

AppInit_DLLs:

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mk\application data\mozilla\firefox\profiles\jzj6y0gg.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\mk\application data\mozilla\firefox\profiles\jzj6y0gg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\np-mswmp.dll

FF - plugin: c:\documents and settings\mk\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-3-3 383368]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-3-3 342168]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-3-3 909728]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-7-21 54328]

R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-7-21 574424]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-3-3 254912]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-7-21 203088]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2012-7-21 575448]

R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]

R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-3-3 162584]

R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-7-21 70768]

R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2012-7-21 91648]

R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2012-7-21 57536]

R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2012-7-21 125888]

R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-3-3 70536]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-7-21 35264]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-28 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250056]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-28 136176]

S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-3-22 21744]

S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2012-7-21 57536]

.

=============== Created Last 30 ================

.

2012-07-21 22:26:18 -------- d-----w- c:\documents and settings\mk\application data\Spam Monitor

2012-07-21 22:07:56 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys

2012-07-21 22:07:55 767960 ----a-w- c:\windows\BDTSupport.dll

2012-07-21 22:07:55 149464 ----a-w- c:\windows\SGDetectionTool.dll

2012-07-21 22:07:54 2267096 ----a-w- c:\windows\PCTBDCore.dll

2012-07-21 22:07:54 1681368 ----a-w- c:\windows\PCTBDRes.dll

2012-07-21 22:06:11 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-07-21 22:06:11 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys

2012-07-21 22:06:00 574424 ----a-w- c:\windows\system32\drivers\TfSysMon.sys

2012-07-21 22:06:00 54328 ----a-w- c:\windows\system32\drivers\TfFsMon.sys

2012-07-21 22:06:00 35264 ----a-w- c:\windows\system32\drivers\TfNetMon.sys

2012-07-21 22:05:24 91648 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys

2012-07-21 22:05:24 32936 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys

2012-07-21 22:05:23 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys

2012-07-21 22:05:23 125888 ----a-w- c:\windows\system32\drivers\pctplfw.sys

2012-07-21 21:59:40 -------- d-----w- c:\documents and settings\mk\application data\TestApp

.

==================== Find3M ====================

.

2012-07-18 08:06:24 952 --sha-w- c:\windows\system32\KGyGaAvL.sys

2012-07-12 13:54:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-12 13:54:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-18 10:13:08 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-05-18 10:13:08 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 18:14:44 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2012-05-11 18:08:46 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec

2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: TOSHIBA_MK8034GSX rev.AH301D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x864CA4B1]<<

c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x864d193c]; MOV EAX, [0x864d1ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x86D58AB8]

3 CLASSPNP[0xF769DFD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x86D6C9F0]

5 PCTCore[0xF740D82D] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\00000077[0x86D5E9E8]

7 ACPI[0xF74F4620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x86D5ED98]

\Driver\atapi[0x86683120] -> IRP_MJ_CREATE -> 0x864CA4B1

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x864CA2E2

user & kernel MBR OK

copy of MBR has been found in sector 146352150

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 0:28:05.33 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 10/1/2010 4:10:42 PM

System Uptime: 7/22/2012 5:42:48 PM (7 hours ago)

.

Motherboard: Dell Inc. | | 0MG532

Processor: Genuine Intel® CPU T2050 @ 1.60GHz | Microprocessor | 798/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 68 GiB total, 7.806 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP410: 5/7/2012 4:31:54 AM - System Checkpoint

RP411: 5/8/2012 9:18:34 PM - Software Distribution Service 3.0

RP412: 5/10/2012 4:01:59 AM - System Checkpoint

RP413: 5/13/2012 9:56:46 PM - Software Distribution Service 3.0

RP414: 5/16/2012 12:35:42 AM - System Checkpoint

RP415: 5/19/2012 12:09:54 AM - System Checkpoint

RP416: 5/20/2012 1:21:02 AM - Installed HP Product Detection

RP417: 5/20/2012 1:21:24 AM - Installed Hewlett-Packard ACLM.NET v1.1.0.0.

RP418: 5/21/2012 6:09:55 PM - System Checkpoint

RP419: 5/22/2012 3:01:12 AM - Software Distribution Service 3.0

RP420: 5/22/2012 3:22:41 AM - Software Distribution Service 3.0

RP421: 5/28/2012 9:09:39 PM - System Checkpoint

RP422: 6/2/2012 2:58:31 PM - System Checkpoint

RP423: 6/4/2012 9:27:23 PM - Software Distribution Service 3.0

RP424: 6/7/2012 9:35:07 AM - System Checkpoint

RP425: 6/9/2012 10:59:27 PM - System Checkpoint

RP426: 6/12/2012 2:42:14 PM - System Checkpoint

RP427: 6/13/2012 8:40:01 AM - Software Distribution Service 3.0

RP428: 6/14/2012 3:35:48 PM - System Checkpoint

RP429: 6/16/2012 8:30:46 AM - System Checkpoint

RP430: 6/17/2012 7:37:32 PM - System Checkpoint

RP431: 6/17/2012 8:20:21 PM - Installed QuickTime

RP432: 6/19/2012 8:08:29 PM - System Checkpoint

RP433: 6/20/2012 10:27:54 PM - System Checkpoint

RP434: 6/25/2012 8:12:32 PM - System Checkpoint

RP435: 6/27/2012 7:32:15 AM - System Checkpoint

RP436: 6/29/2012 6:14:53 AM - System Checkpoint

RP437: 7/1/2012 12:04:17 PM - System Checkpoint

RP438: 7/3/2012 12:23:38 PM - System Checkpoint

RP439: 7/4/2012 3:40:31 PM - System Checkpoint

RP440: 7/7/2012 8:24:24 AM - System Checkpoint

RP441: 7/8/2012 12:19:16 PM - System Checkpoint

RP442: 7/9/2012 5:03:04 PM - System Checkpoint

RP443: 7/11/2012 7:22:50 AM - Software Distribution Service 3.0

RP444: 7/12/2012 6:07:02 PM - System Checkpoint

RP445: 7/13/2012 7:45:57 PM - System Checkpoint

RP446: 7/16/2012 12:29:56 AM - System Checkpoint

RP447: 7/17/2012 2:03:10 AM - System Checkpoint

RP448: 7/18/2012 11:45:26 PM - System Checkpoint

RP449: 7/20/2012 6:28:21 PM - System Checkpoint

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

AIM 7

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

Browser Guard 4.0

BufferChm

Compatibility Pack for the 2007 Office system

Conexant HDA D110 MDC V.92 Modem

Copy

Corel Paint Shop Pro Photo XI

Dell Driver Download Manager

Dell ResourceCD

Dell Support Center

Dell Wireless WLAN Card

Destinations

DeviceDiscovery

DivX Setup

DJ_AIO_05_F4400_Software_Min

Download Updater (AOL LLC)

ESPNMotion

F4400

GemMaster Mystic

Google Chrome

Google Earth

Google Update Helper

Google Updater

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.0.0

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 13.0

HP Deskjet F4400 Printer Driver Software 13.0 Rel .5

HP Imaging Device Functions 13.0

HP Print Projects 1.0

HP Product Detection

HP Smart Web Printing 4.5

HP Solution Center 13.0

HP Update

hpPrintProjects

HPProductAssistant

HPSSupply

hpWLPGInstaller

Intel® Graphics Media Accelerator Driver

iTunes

Java Auto Updater

Java 6 Update 31

jZip

MarketResearch

McAfee Security Scan Plus

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.0 Hotfix (KB2604042)

Microsoft .NET Framework 1.0 Hotfix (KB2656378)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Office File Validation Add-In

Microsoft Office Small Business Edition 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mixer

MobileMe Control Panel

Modem Helper

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

Norton Security Scan

Otto

PC Tools Internet Security 9.0

PokerStove version 1.23

PokerTracker 3 (remove only)

PostgreSQL 8.3

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Safari

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2482017)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2497640)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2530548)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2559049)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2586448)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Shop for HP Supplies

SigmaTel Audio

SmartWebPrinting

SolutionCenter

Sonic Encoders

Status

StreamTorrent 1.0

Synaptics Pointing Device Driver

Toolbox

TrayApp

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

VC80CRTRedist - 8.0.50727.4053

Veetle TV 0.9.18

VLC media player 1.1.11

vShare.tv plugin 1.3

WebFldrs XP

WebReg

WIDCOMM Bluetooth Software

Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 8

Windows Media Format Runtime

Windows Media Player Firefox Plugin

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB908250

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

.

==== Event Viewer Messages From Past Week ========

.

7/21/2012 4:34:13 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

7/21/2012 3:26:45 PM, error: PCTCore [280] -

7/21/2012 1:40:11 PM, error: Dhcp [1008] - Your computer was unable to initialize a Network Interface attached to the system. The error code is: Insufficient system resources exist to complete the requested service. .

7/17/2012 6:16:40 PM, error: NetBT [4321] - The name "HOME :0" could not be registered on the Interface with IP address 192.168.1.70. The machine with the IP address 192.168.1.73 did not allow the name to be claimed by this machine.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello Tran12! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall this application: vShare.tv plugin 1.3

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Link to post
Share on other sites

15:41:20.0250 5072 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30

15:41:22.0390 5072 ============================================================

15:41:22.0390 5072 Current date / time: 2012/07/23 15:41:22.0390

15:41:22.0390 5072 SystemInfo:

15:41:22.0390 5072

15:41:22.0390 5072 OS Version: 5.1.2600 ServicePack: 3.0

15:41:22.0390 5072 Product type: Workstation

15:41:22.0390 5072 ComputerName: HOME

15:41:22.0500 5072 UserName: Mk

15:41:22.0500 5072 Windows directory: C:\WINDOWS

15:41:22.0500 5072 System windows directory: C:\WINDOWS

15:41:22.0500 5072 Processor architecture: Intel x86

15:41:22.0500 5072 Number of processors: 2

15:41:22.0500 5072 Page size: 0x1000

15:41:22.0500 5072 Boot type: Normal boot

15:41:22.0500 5072 ============================================================

15:42:29.0828 5072 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

15:42:29.0875 5072 ============================================================

15:42:29.0875 5072 \Device\Harddisk0\DR0:

15:42:29.0921 5072 MBR partitions:

15:42:29.0921 5072 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x877B4CB

15:42:29.0953 5072 ============================================================

15:42:30.0187 5072 C: <-> \Device\Harddisk0\DR0\Partition0

15:42:30.0187 5072 ============================================================

15:42:30.0187 5072 Initialize success

15:42:30.0187 5072 ============================================================

15:43:39.0703 3812 ============================================================

15:43:39.0703 3812 Scan started

15:43:39.0703 3812 Mode: Manual; SigCheck; TDLFS;

15:43:39.0703 3812 ============================================================

15:44:53.0125 3812 Abiosdsk - ok

15:44:53.0140 3812 abp480n5 - ok

15:44:53.0250 3812 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:45:28.0140 3812 ACPI - ok

15:45:28.0468 3812 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

15:45:28.0750 3812 ACPIEC - ok

15:45:29.0953 3812 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

15:45:30.0406 3812 AdobeFlashPlayerUpdateSvc - ok

15:45:30.0421 3812 adpu160m - ok

15:45:32.0031 3812 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:45:32.0812 3812 aec - ok

15:45:33.0312 3812 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

15:45:33.0593 3812 AFD - ok

15:45:33.0593 3812 Aha154x - ok

15:45:33.0593 3812 aic78u2 - ok

15:45:33.0609 3812 aic78xx - ok

15:45:33.0812 3812 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

15:45:34.0187 3812 Alerter - ok

15:45:34.0453 3812 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

15:45:34.0953 3812 ALG - ok

15:45:34.0953 3812 AliIde - ok

15:45:34.0953 3812 amsint - ok

15:45:35.0171 3812 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:45:35.0375 3812 Apple Mobile Device - ok

15:45:35.0671 3812 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

15:45:36.0000 3812 AppMgmt - ok

15:45:36.0093 3812 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

15:45:36.0328 3812 Arp1394 - ok

15:45:36.0328 3812 asc - ok

15:45:36.0328 3812 asc3350p - ok

15:45:36.0343 3812 asc3550 - ok

15:45:36.0546 3812 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

15:45:36.0625 3812 aspnet_state - ok

15:45:36.0671 3812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:45:36.0875 3812 AsyncMac - ok

15:45:37.0171 3812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:45:37.0703 3812 atapi - ok

15:45:37.0703 3812 Atdisk - ok

15:45:37.0796 3812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:45:38.0328 3812 Atmarpc - ok

15:45:39.0078 3812 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

15:45:39.0328 3812 AudioSrv - ok

15:45:39.0406 3812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:45:39.0656 3812 audstub - ok

15:45:40.0828 3812 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

15:45:42.0234 3812 BCM43XX - ok

15:45:42.0312 3812 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

15:45:42.0500 3812 bcm4sbxp - ok

15:45:44.0515 3812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:45:44.0921 3812 Beep - ok

15:45:45.0625 3812 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

15:45:46.0156 3812 BITS - ok

15:45:46.0828 3812 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

15:45:46.0968 3812 Bonjour Service - ok

15:45:47.0718 3812 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

15:45:48.0078 3812 Browser - ok

15:45:49.0484 3812 Browser Defender Update Service (ce37210c345f6c8b019625a1fbc8a011) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

15:45:50.0953 3812 Browser Defender Update Service - ok

15:45:53.0406 3812 BTKRNL (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

15:45:54.0703 3812 BTKRNL ( UnsignedFile.Multi.Generic ) - warning

15:45:54.0703 3812 BTKRNL - detected UnsignedFile.Multi.Generic (1)

15:45:56.0359 3812 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys

15:45:59.0234 3812 BTSERIAL ( UnsignedFile.Multi.Generic ) - warning

15:45:59.0234 3812 BTSERIAL - detected UnsignedFile.Multi.Generic (1)

15:46:20.0734 3812 btwdins (3a462eba453d84d036046772104cfbcb) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

15:46:21.0265 3812 btwdins ( UnsignedFile.Multi.Generic ) - warning

15:46:21.0265 3812 btwdins - detected UnsignedFile.Multi.Generic (1)

15:46:55.0781 3812 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys

15:47:04.0500 3812 BTWUSB ( UnsignedFile.Multi.Generic ) - warning

15:47:04.0500 3812 BTWUSB - detected UnsignedFile.Multi.Generic (1)

15:47:07.0234 3812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:47:17.0500 3812 cbidf2k - ok

15:47:17.0500 3812 cd20xrnt - ok

15:47:18.0687 3812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:47:19.0062 3812 Cdaudio - ok

15:47:20.0453 3812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:47:20.0921 3812 Cdfs - ok

15:47:21.0937 3812 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:47:23.0984 3812 Cdrom - ok

15:47:24.0734 3812 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

15:47:25.0156 3812 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

15:47:25.0156 3812 cercsr6 - detected UnsignedFile.Multi.Generic (1)

15:47:25.0156 3812 Changer - ok

15:47:26.0250 3812 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

15:47:26.0671 3812 CiSvc - ok

15:47:30.0765 3812 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

15:47:31.0265 3812 ClipSrv - ok

15:47:35.0265 3812 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:47:35.0703 3812 clr_optimization_v2.0.50727_32 - ok

15:47:37.0843 3812 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

15:47:38.0171 3812 CmBatt - ok

15:47:38.0187 3812 CmdIde - ok

15:47:39.0656 3812 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

15:47:39.0890 3812 Compbatt - ok

15:47:39.0890 3812 COMSysApp - ok

15:47:39.0906 3812 Cpqarray - ok

15:47:42.0171 3812 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

15:47:42.0546 3812 CryptSvc - ok

15:47:42.0546 3812 dac2w2k - ok

15:47:42.0562 3812 dac960nt - ok

15:48:07.0203 3812 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

15:48:08.0312 3812 DcomLaunch - ok

15:48:10.0031 3812 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

15:48:19.0843 3812 Dhcp - ok

15:48:26.0546 3812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:48:27.0062 3812 Disk - ok

15:48:27.0125 3812 dlci_device - ok

15:48:27.0125 3812 dmadmin - ok

15:49:03.0718 3812 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

15:49:06.0531 3812 dmboot - ok

15:49:06.0609 3812 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

15:49:08.0359 3812 dmio - ok

15:49:08.0453 3812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:49:08.0937 3812 dmload - ok

15:49:09.0062 3812 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

15:49:09.0328 3812 dmserver - ok

15:49:09.0390 3812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:49:09.0765 3812 DMusic - ok

15:49:10.0015 3812 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

15:49:10.0453 3812 Dnscache - ok

15:49:10.0640 3812 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

15:49:10.0953 3812 Dot3svc - ok

15:49:10.0953 3812 dpti2o - ok

15:49:11.0046 3812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:49:11.0281 3812 drmkaud - ok

15:49:11.0656 3812 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

15:49:11.0875 3812 EapHost - ok

15:49:13.0562 3812 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe

15:49:15.0015 3812 ehRecvr - ok

15:49:15.0843 3812 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe

15:49:15.0984 3812 ehSched - ok

15:49:16.0156 3812 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

15:49:16.0375 3812 ERSvc - ok

15:49:17.0812 3812 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

15:49:17.0937 3812 Eventlog - ok

15:49:22.0875 3812 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

15:49:37.0968 3812 EventSystem - ok

15:49:38.0578 3812 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:49:38.0859 3812 Fastfat - ok

15:49:40.0671 3812 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

15:49:40.0906 3812 FastUserSwitchingCompatibility - ok

15:49:41.0156 3812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

15:49:41.0375 3812 Fdc - ok

15:49:42.0328 3812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

15:49:42.0734 3812 Fips - ok

15:49:44.0953 3812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

15:49:45.0421 3812 Flpydisk - ok

15:49:49.0734 3812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:49:51.0609 3812 FltMgr - ok

15:49:53.0000 3812 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

15:49:53.0109 3812 FontCache3.0.0.0 - ok

15:49:53.0187 3812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:49:53.0421 3812 Fs_Rec - ok

15:49:53.0906 3812 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:49:54.0234 3812 Ftdisk - ok

15:49:54.0343 3812 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

15:49:54.0390 3812 GEARAspiWDM - ok

15:49:54.0671 3812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:49:56.0984 3812 Gpc - ok

15:50:04.0250 3812 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

15:50:06.0437 3812 gupdate - ok

15:50:06.0656 3812 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

15:50:08.0718 3812 gupdatem - ok

15:50:11.0562 3812 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

15:50:14.0218 3812 gusvc - ok

15:50:15.0000 3812 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

15:50:16.0015 3812 HDAudBus - ok

15:51:12.0156 3812 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

15:52:15.0593 3812 helpsvc - ok

15:52:54.0015 3812 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

15:52:54.0500 3812 HidServ - ok

15:53:06.0125 3812 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:53:06.0703 3812 hidusb - ok

15:53:17.0484 3812 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

15:53:17.0937 3812 hkmsvc - ok

15:53:17.0937 3812 hpn - ok

15:53:29.0796 3812 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

15:53:30.0046 3812 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

15:53:30.0125 3812 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

15:53:39.0078 3812 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

15:53:39.0296 3812 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

15:53:39.0296 3812 hpqddsvc - detected UnsignedFile.Multi.Generic (1)

15:53:41.0656 3812 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

15:53:42.0453 3812 HPZid412 - ok

15:53:42.0515 3812 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

15:53:42.0953 3812 HPZipr12 - ok

15:53:43.0109 3812 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

15:53:43.0687 3812 HPZius12 - ok

15:53:44.0234 3812 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys

15:53:44.0890 3812 HSF_DPV - ok

15:53:45.0000 3812 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys

15:53:45.0578 3812 HSXHWAZL - ok

15:53:45.0765 3812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

15:53:46.0234 3812 HTTP - ok

15:53:46.0640 3812 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

15:53:47.0046 3812 HTTPFilter - ok

15:53:47.0046 3812 i2omgmt - ok

15:53:47.0046 3812 i2omp - ok

15:53:52.0859 3812 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:53:53.0203 3812 i8042prt - ok

15:54:15.0140 3812 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

15:54:20.0968 3812 ialm - ok

15:55:32.0906 3812 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:55:35.0203 3812 idsvc - ok

15:55:45.0703 3812 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:55:53.0125 3812 Imapi - ok

15:55:54.0703 3812 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

15:55:55.0390 3812 ImapiService - ok

15:55:55.0406 3812 ini910u - ok

15:55:55.0437 3812 IntelIde - ok

15:55:55.0531 3812 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:55:56.0562 3812 intelppm - ok

15:55:56.0593 3812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:55:57.0343 3812 Ip6Fw - ok

15:55:57.0390 3812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:55:57.0640 3812 IpFilterDriver - ok

15:55:57.0718 3812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:55:58.0109 3812 IpInIp - ok

15:55:58.0703 3812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:55:59.0125 3812 IpNat - ok

15:56:02.0421 3812 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe

15:56:03.0031 3812 iPod Service - ok

15:56:03.0187 3812 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:56:03.0453 3812 IPSec - ok

15:56:03.0484 3812 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:56:03.0796 3812 IRENUM - ok

15:56:04.0000 3812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:56:04.0375 3812 isapnp - ok

15:56:04.0921 3812 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe

15:56:05.0015 3812 JavaQuickStarterService - ok

15:56:05.0093 3812 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:56:05.0421 3812 Kbdclass - ok

15:56:05.0468 3812 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

15:56:05.0734 3812 kbdhid - ok

15:56:06.0093 3812 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:56:07.0281 3812 kmixer - ok

15:56:08.0093 3812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

15:56:08.0437 3812 KSecDD - ok

15:56:08.0593 3812 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

15:56:08.0781 3812 lanmanserver - ok

15:56:09.0000 3812 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

15:56:09.0187 3812 lanmanworkstation - ok

15:56:09.0203 3812 lbrtfdc - ok

15:56:09.0312 3812 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

15:56:09.0484 3812 LmHosts - ok

15:56:10.0343 3812 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

15:56:23.0593 3812 McComponentHostService - ok

15:56:24.0171 3812 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe

15:56:24.0343 3812 McrdSvc - ok

15:56:24.0500 3812 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

15:56:24.0625 3812 mdmxsdk - ok

15:56:24.0765 3812 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

15:56:25.0812 3812 Messenger - ok

15:56:26.0000 3812 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll

15:56:26.0078 3812 MHN ( UnsignedFile.Multi.Generic ) - warning

15:56:26.0078 3812 MHN - detected UnsignedFile.Multi.Generic (1)

15:56:26.0109 3812 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

15:56:26.0156 3812 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

15:56:26.0156 3812 MHNDRV - detected UnsignedFile.Multi.Generic (1)

15:56:26.0187 3812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:56:26.0390 3812 mnmdd - ok

15:56:26.0500 3812 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

15:56:26.0750 3812 mnmsrvc - ok

15:56:26.0953 3812 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

15:56:27.0187 3812 Modem - ok

15:56:27.0296 3812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:56:27.0515 3812 Mouclass - ok

15:56:27.0625 3812 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:56:27.0859 3812 mouhid - ok

15:56:28.0000 3812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:56:28.0234 3812 MountMgr - ok

15:56:28.0703 3812 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

15:56:28.0859 3812 MozillaMaintenance - ok

15:56:28.0859 3812 mraid35x - ok

15:56:29.0421 3812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:56:29.0812 3812 MRxDAV - ok

15:56:30.0531 3812 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:56:31.0406 3812 MRxSmb - ok

15:56:31.0484 3812 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

15:56:31.0812 3812 MSDTC - ok

15:56:31.0953 3812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:56:32.0156 3812 Msfs - ok

15:56:32.0156 3812 MSIServer - ok

15:56:32.0187 3812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:56:32.0390 3812 MSKSSRV - ok

15:56:32.0406 3812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:56:32.0578 3812 MSPCLOCK - ok

15:56:32.0718 3812 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:56:32.0968 3812 MSPQM - ok

15:56:33.0078 3812 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:56:33.0312 3812 mssmbios - ok

15:56:33.0578 3812 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

15:56:33.0750 3812 Mup - ok

15:56:34.0515 3812 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

15:56:34.0875 3812 napagent - ok

15:56:35.0078 3812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:56:35.0343 3812 NDIS - ok

15:56:35.0437 3812 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:56:35.0625 3812 NdisTapi - ok

15:56:35.0687 3812 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:56:35.0859 3812 Ndisuio - ok

15:56:36.0062 3812 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:56:36.0265 3812 NdisWan - ok

15:56:37.0203 3812 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

15:56:37.0359 3812 NDProxy - ok

15:56:37.0562 3812 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll

15:56:37.0656 3812 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

15:56:37.0656 3812 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

15:56:37.0765 3812 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:56:38.0171 3812 NetBIOS - ok

15:56:38.0515 3812 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:56:38.0765 3812 NetBT - ok

15:56:38.0906 3812 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

15:56:39.0187 3812 NetDDE - ok

15:56:39.0187 3812 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

15:56:39.0390 3812 NetDDEdsdm - ok

15:56:39.0515 3812 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:56:39.0687 3812 Netlogon - ok

15:56:40.0328 3812 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

15:56:40.0546 3812 Netman - ok

15:56:41.0125 3812 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:56:41.0265 3812 NetTcpPortSharing - ok

15:56:41.0437 3812 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

15:56:41.0671 3812 NIC1394 - ok

15:56:42.0000 3812 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

15:56:42.0140 3812 Nla - ok

15:56:42.0906 3812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:56:43.0109 3812 Npfs - ok

15:56:44.0453 3812 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:56:45.0156 3812 Ntfs - ok

15:56:45.0156 3812 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:56:45.0312 3812 NtLmSsp - ok

15:56:46.0187 3812 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

15:56:46.0625 3812 NtmsSvc - ok

15:56:46.0671 3812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:56:46.0953 3812 Null - ok

15:56:46.0984 3812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:56:47.0312 3812 NwlnkFlt - ok

15:56:47.0359 3812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:56:47.0656 3812 NwlnkFwd - ok

15:56:47.0750 3812 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

15:56:48.0812 3812 ohci1394 - ok

15:56:48.0968 3812 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS

15:56:49.0031 3812 OMCI ( UnsignedFile.Multi.Generic ) - warning

15:56:49.0031 3812 OMCI - detected UnsignedFile.Multi.Generic (1)

15:56:49.0687 3812 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:56:49.0843 3812 ose - ok

15:56:50.0093 3812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

15:56:50.0437 3812 Parport - ok

15:56:50.0484 3812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:56:50.0750 3812 PartMgr - ok

15:56:50.0875 3812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:56:51.0156 3812 ParVdm - ok

15:56:51.0703 3812 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms

15:56:52.0281 3812 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok

15:56:52.0390 3812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

15:56:53.0015 3812 PCI - ok

15:56:53.0046 3812 PCIDump - ok

15:56:53.0078 3812 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:56:53.0781 3812 PCIIde - ok

15:56:54.0343 3812 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

15:56:55.0125 3812 Pcmcia - ok

15:56:55.0562 3812 PCTAppEvent (00caa3faad97916b9299c20e30b336f2) C:\WINDOWS\system32\drivers\PCTAppEvent.sys

15:56:55.0687 3812 PCTAppEvent - ok

15:56:55.0843 3812 PCTBD (c6f3106f935dc7a93d131dae8744f805) C:\WINDOWS\system32\Drivers\PCTBD.sys

15:56:56.0828 3812 PCTBD - ok

15:56:58.0531 3812 PCTCore (f7da28f2ab6cd32b2f76ee96edad8f20) C:\WINDOWS\system32\drivers\PCTCore.sys

15:56:58.0734 3812 PCTCore - ok

15:56:59.0328 3812 pctDS (3c9fd593e95b98c642b4486cd122c2fb) C:\WINDOWS\system32\drivers\pctDS.sys

15:56:59.0453 3812 pctDS - ok

15:57:01.0265 3812 pctEFA (db6b6e47165b9647b215ceeb4db33b87) C:\WINDOWS\system32\drivers\pctEFA.sys

15:57:01.0890 3812 pctEFA - ok

15:57:02.0140 3812 PCTFW-PacketFilter (054526743b36d659c3e3d20710b99361) C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys

15:57:02.0250 3812 PCTFW-PacketFilter - ok

15:57:05.0078 3812 pctgntdi (44f1a3783bfb232117210a1ca7458f29) C:\WINDOWS\system32\drivers\pctgntdi.sys

15:57:05.0359 3812 pctgntdi - ok

15:57:05.0656 3812 pctNdis (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys

15:57:05.0750 3812 pctNdis - ok

15:57:05.0750 3812 pctNdisMP (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys

15:57:06.0000 3812 pctNdisMP - ok

15:57:06.0500 3812 pctplfw (d4d98ad14e2cf1103151f5b2fff9878d) C:\WINDOWS\system32\drivers\pctplfw.sys

15:57:06.0656 3812 pctplfw - ok

15:57:06.0906 3812 pctplsg (e0ad22bc7e8147e669d5cb894fc02df1) C:\WINDOWS\system32\drivers\pctplsg.sys

15:57:06.0953 3812 pctplsg - ok

15:57:07.0343 3812 PCTSD (4ef1f03db9064459b9019a19a860db89) C:\WINDOWS\system32\Drivers\PCTSD.sys

15:57:07.0500 3812 PCTSD - ok

15:57:07.0515 3812 PDCOMP - ok

15:57:07.0515 3812 PDFRAME - ok

15:57:07.0515 3812 PDRELI - ok

15:57:07.0531 3812 PDRFRAME - ok

15:57:07.0562 3812 perc2 - ok

15:57:07.0578 3812 perc2hib - ok

15:57:08.0046 3812 pgsql-8.3 (acc93675d78d1c07dad09d7837f2397a) C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe

15:57:08.0171 3812 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - warning

15:57:08.0171 3812 pgsql-8.3 - detected UnsignedFile.Multi.Generic (1)

15:57:09.0015 3812 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

15:57:09.0187 3812 PlugPlay - ok

15:57:09.0406 3812 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll

15:57:09.0453 3812 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

15:57:09.0468 3812 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

15:57:09.0578 3812 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:57:09.0796 3812 PolicyAgent - ok

15:57:10.0031 3812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:57:10.0250 3812 PptpMiniport - ok

15:57:10.0265 3812 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:57:11.0296 3812 ProtectedStorage - ok

15:57:12.0781 3812 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:57:12.0984 3812 PSched - ok

15:57:13.0125 3812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:57:13.0328 3812 Ptilink - ok

15:57:13.0500 3812 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

15:57:13.0625 3812 PxHelp20 - ok

15:57:13.0625 3812 ql1080 - ok

15:57:13.0640 3812 Ql10wnt - ok

15:57:13.0640 3812 ql12160 - ok

15:57:13.0640 3812 ql1240 - ok

15:57:13.0656 3812 ql1280 - ok

15:57:13.0765 3812 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:57:13.0953 3812 RasAcd - ok

15:57:14.0234 3812 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

15:57:14.0453 3812 RasAuto - ok

15:57:14.0531 3812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:57:14.0875 3812 Rasl2tp - ok

15:57:15.0265 3812 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

15:57:15.0531 3812 RasMan - ok

15:57:15.0718 3812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:57:15.0937 3812 RasPppoe - ok

15:57:16.0062 3812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:57:17.0296 3812 Raspti - ok

15:57:17.0906 3812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:57:18.0203 3812 Rdbss - ok

15:57:18.0281 3812 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:57:18.0468 3812 RDPCDD - ok

15:57:18.0890 3812 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:57:19.0093 3812 rdpdr - ok

15:57:19.0343 3812 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

15:57:19.0546 3812 RDPWD - ok

15:57:19.0828 3812 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

15:57:20.0171 3812 RDSessMgr - ok

15:57:20.0484 3812 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:57:20.0671 3812 redbook - ok

15:57:20.0937 3812 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

15:57:21.0140 3812 RemoteAccess - ok

15:57:21.0546 3812 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

15:57:21.0812 3812 RemoteRegistry - ok

15:57:21.0953 3812 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

15:57:22.0218 3812 rimmptsk - ok

15:57:23.0156 3812 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

15:57:23.0343 3812 rimsptsk - ok

15:57:23.0531 3812 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

15:57:23.0703 3812 rismxdp - ok

15:57:23.0937 3812 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

15:57:24.0156 3812 RpcLocator - ok

15:57:24.0765 3812 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

15:57:24.0984 3812 RpcSs - ok

15:57:25.0609 3812 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

15:57:26.0015 3812 RSVP - ok

15:57:26.0125 3812 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:57:26.0328 3812 SamSs - ok

15:57:26.0687 3812 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

15:57:26.0921 3812 SCardSvr - ok

15:57:27.0531 3812 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

15:57:27.0859 3812 Schedule - ok

15:57:29.0187 3812 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools Security\pctsAuxs.exe

15:57:29.0312 3812 sdAuxService - ok

15:57:29.0781 3812 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

15:57:29.0968 3812 sdbus - ok

15:57:32.0171 3812 sdCoreService (44323c0bcbffa66a7a90e93f5d027999) C:\Program Files\PC Tools Security\pctsSvc.exe

15:57:32.0781 3812 sdCoreService - ok

15:57:32.0859 3812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:57:33.0046 3812 Secdrv - ok

15:57:33.0187 3812 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

15:57:33.0343 3812 seclogon - ok

15:57:33.0390 3812 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

15:57:33.0578 3812 SENS - ok

15:57:33.0859 3812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

15:57:34.0359 3812 Serial - ok

15:57:34.0468 3812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:57:34.0734 3812 Sfloppy - ok

15:57:35.0093 3812 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

15:57:35.0281 3812 ShellHWDetection - ok

15:57:35.0281 3812 Simbad - ok

15:57:35.0296 3812 Sparrow - ok

15:57:35.0359 3812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:57:35.0562 3812 splitter - ok

15:57:35.0812 3812 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

15:57:36.0000 3812 Spooler - ok

15:57:36.0187 3812 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

15:57:36.0515 3812 sr - ok

15:57:37.0062 3812 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

15:57:37.0296 3812 srservice - ok

15:57:37.0859 3812 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

15:57:38.0515 3812 Srv - ok

15:57:38.0734 3812 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

15:57:39.0265 3812 SSDPSRV - ok

15:57:41.0984 3812 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys

15:57:42.0656 3812 STHDA - ok

15:57:43.0109 3812 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

15:57:43.0765 3812 stisvc - ok

15:57:43.0906 3812 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:57:44.0125 3812 swenum - ok

15:57:44.0218 3812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:57:44.0484 3812 swmidi - ok

15:57:44.0546 3812 SwPrv - ok

15:57:44.0546 3812 symc810 - ok

15:57:44.0562 3812 symc8xx - ok

15:57:44.0562 3812 sym_hi - ok

15:57:44.0578 3812 sym_u3 - ok

15:57:45.0968 3812 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys

15:57:46.0281 3812 SynTP - ok

15:57:46.0406 3812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:57:46.0750 3812 sysaudio - ok

15:57:47.0250 3812 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

15:57:47.0500 3812 SysmonLog - ok

15:57:47.0625 3812 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

15:57:47.0937 3812 TapiSrv - ok

15:57:50.0109 3812 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:57:50.0484 3812 Tcpip - ok

15:57:50.0593 3812 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:57:51.0640 3812 TDPIPE - ok

15:57:51.0812 3812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:57:52.0125 3812 TDTCP - ok

15:57:52.0250 3812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:57:52.0500 3812 TermDD - ok

15:57:54.0500 3812 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

15:57:54.0859 3812 TermService - ok

15:57:55.0125 3812 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\WINDOWS\system32\drivers\TfFsMon.sys

15:57:55.0500 3812 TfFsMon - ok

15:57:55.0593 3812 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\WINDOWS\system32\drivers\TfNetMon.sys

15:57:55.0671 3812 TfNetMon - ok

15:57:56.0203 3812 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\WINDOWS\system32\drivers\TfSysMon.sys

15:57:58.0218 3812 TFSysMon - ok

15:57:58.0515 3812 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

15:57:58.0671 3812 Themes - ok

15:57:58.0906 3812 ThreatFire - ok

15:57:59.0218 3812 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

15:57:59.0437 3812 TlntSvr - ok

15:57:59.0453 3812 TosIde - ok

15:57:59.0656 3812 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

15:57:59.0875 3812 TrkWks - ok

15:58:00.0031 3812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:58:00.0234 3812 Udfs - ok

15:58:00.0250 3812 UIUSys - ok

15:58:00.0281 3812 ultra - ok

15:58:00.0453 3812 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe

15:58:00.0609 3812 UMWdf - ok

15:58:00.0875 3812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:58:01.0328 3812 Update - ok

15:58:01.0875 3812 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

15:58:02.0093 3812 upnphost - ok

15:58:02.0187 3812 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

15:58:02.0921 3812 UPS - ok

15:58:03.0046 3812 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

15:58:03.0343 3812 USBAAPL - ok

15:58:03.0515 3812 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:58:03.0765 3812 usbccgp - ok

15:58:03.0937 3812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:58:04.0156 3812 usbehci - ok

15:58:04.0312 3812 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:58:04.0515 3812 usbhub - ok

15:58:04.0718 3812 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

15:58:04.0921 3812 usbprint - ok

15:58:04.0984 3812 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

15:58:05.0250 3812 usbscan - ok

15:58:05.0593 3812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:58:05.0937 3812 USBSTOR - ok

15:58:05.0968 3812 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:58:06.0140 3812 usbuhci - ok

15:58:06.0218 3812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:58:06.0421 3812 VgaSave - ok

15:58:06.0421 3812 ViaIde - ok

15:58:07.0484 3812 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

15:58:07.0843 3812 VolSnap - ok

15:58:08.0562 3812 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

15:58:09.0015 3812 VSS - ok

15:58:09.0203 3812 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

15:58:09.0546 3812 W32Time - ok

15:58:09.0734 3812 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:58:09.0953 3812 Wanarp - ok

15:58:09.0968 3812 WDICA - ok

15:58:10.0562 3812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:58:10.0765 3812 wdmaud - ok

15:58:10.0890 3812 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

15:58:11.0093 3812 WebClient - ok

15:58:12.0281 3812 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys

15:58:14.0515 3812 winachsf - ok

15:58:15.0265 3812 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

15:58:15.0468 3812 winmgmt - ok

15:58:15.0531 3812 wltrysvc - ok

15:58:15.0687 3812 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll

15:58:15.0781 3812 WmdmPmSN - ok

15:58:16.0468 3812 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

15:58:16.0953 3812 Wmi - ok

15:58:17.0421 3812 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

15:58:17.0703 3812 WmiAcpi - ok

15:58:18.0500 3812 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

15:58:18.0718 3812 WmiApSrv - ok

15:58:18.0812 3812 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

15:58:19.0062 3812 WS2IFSL - ok

15:58:19.0171 3812 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

15:58:19.0468 3812 wuauserv - ok

15:58:20.0843 3812 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

15:58:21.0187 3812 WZCSVC - ok

15:58:21.0281 3812 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

15:58:21.0515 3812 xmlprov - ok

15:58:21.0593 3812 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

15:58:21.0796 3812 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

15:58:21.0828 3812 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

15:58:22.0218 3812 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

15:58:22.0218 3812 \Device\Harddisk0\DR0 - detected TDSS File System (1)

15:58:22.0250 3812 Boot (0x1200) (233eaa7b0831b0bb12f233e2d94bfac4) \Device\Harddisk0\DR0\Partition0

15:58:22.0281 3812 \Device\Harddisk0\DR0\Partition0 - ok

15:58:22.0281 3812 ============================================================

15:58:22.0281 3812 Scan finished

15:58:22.0281 3812 ============================================================

15:58:23.0125 5748 Detected object count: 15

15:58:23.0140 5748 Actual detected object count: 15

15:59:48.0859 5748 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user

15:59:48.0859 5748 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:59:48.0859 5748 BTSERIAL ( UnsignedFile.Multi.Generic ) - skipped by user

15:59:48.0859 5748 BTSERIAL ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:59:48.0859 5748 btwdins ( UnsignedFile.Multi.Generic ) - skipped by user

15:59:48.0859 5748 btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:59:48.0859 5748 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user

15:59:48.0859 5748 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:59:48.0859 5748 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

15:59:48.0859 5748 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:59:48.0859 5748 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

15:59:48.0859 5748 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:59:48.0875 5748 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

15:59:48.0875 5748 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:59:48.0875 5748 MHN ( UnsignedFile.Multi.Generic ) - skipped by user

15:59:48.0875 5748 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:59:48.0875 5748 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

15:59:48.0875 5748 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:59:48.0875 5748 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

15:59:48.0875 5748 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:59:48.0875 5748 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user

15:59:48.0875 5748 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:59:48.0875 5748 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - skipped by user

15:59:48.0875 5748 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:59:48.0875 5748 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

15:59:48.0875 5748 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:59:51.0000 5748 \Device\Harddisk0\DR0\# - copied to quarantine

15:59:51.0046 5748 \Device\Harddisk0\DR0 - copied to quarantine

15:59:51.0140 5748 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

15:59:51.0156 5748 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

15:59:51.0171 5748 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

15:59:51.0234 5748 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

15:59:51.0234 5748 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

15:59:51.0265 5748 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

15:59:51.0359 5748 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

15:59:51.0375 5748 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

15:59:51.0375 5748 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

15:59:51.0375 5748 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

15:59:51.0390 5748 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

15:59:51.0390 5748 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

15:59:51.0406 5748 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

15:59:51.0406 5748 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

15:59:51.0437 5748 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

15:59:51.0468 5748 \Device\Harddisk0\DR0 - ok

15:59:51.0562 5748 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

15:59:51.0562 5748 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

15:59:51.0562 5748 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

16:00:15.0765 4556 Deinitialize success

Should I download Malwarebytes Anti-Malware or just run a scan with Spyware Doctor?

Link to post
Share on other sites

This is help section for Malwarebytes users, of course you should.

http://www.malwarebytes.org/mbam-download.php

Before run it with the instructions from step 3, do the following: Re-run TDSSKiller and use Delete[/b option for this entry:

15:59:51.0562 5748 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

15:59:51.0562 5748 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.24.12

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Mk :: HOME [administrator]

7/24/2012 3:02:09 PM

mbam-log-2012-07-24 (15-02-09).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 243636

Time elapsed: 47 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

Registry Values Detected: 3

HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Data: -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Data: 8197 -> Quarantined and deleted successfully.

HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\Mk\Local Settings\Application Data\{63f958fe-75ea-a37e-d655-7f8503a795a8}\n. -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Documents and Settings\Mk\Local Settings\Temp\1158.tmp (Trojan.Agent.EXPD1) -> Quarantined and deleted successfully.

(end)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by Mk at 16:09:54 on 2012-07-24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.143 [GMT -7:00]

.

AV: PC Tools Internet Security Anti-Virus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: PC Tools Internet Security Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\dlcicoms.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\PC Tools Security\pctsAuxs.exe

C:\Program Files\PC Tools Security\pctsSvc.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Creative\Mixer\CTSVolFE.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\PC Tools Security\pctsGui.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AIM\aim.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\PC Tools Security\TFEngine\TFService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\PC Tools Security\TFEngine\TFUN.exe

c:\program files\real\realplayer\RealPlay.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uWindow Title = Gdooey Mae

uSearch Bar = hxxp://search.jzip.com/sidebar.html?src=ssb&sysid=102

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://search.jzip.com/sidebar.html?src=ssb&sysid=102

mSearchAssistant = hxxp://search.jzip.com/sidebar.html?src=ssb&sysid=102

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: !{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {00000000-0000-0000-0000-000000000000} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US

uRun: [Google Update] "c:\documents and settings\mk\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [Zip] wscript.exe /E:vbs C:\autoexec.bat

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [DLCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCItime.dll,_RunDLLEntry@16

mRun: [iSTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

LSP: mswsock.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{2449264F-C2CC-4357-91B0-0AC9A26F81C2} : DhcpNameServer = 192.168.1.254

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mk\application data\mozilla\firefox\profiles\jzj6y0gg.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\mk\application data\mozilla\firefox\profiles\jzj6y0gg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\np-mswmp.dll

FF - plugin: c:\documents and settings\mk\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-3-3 383368]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-3-3 342168]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-3-3 909728]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-7-21 54328]

R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-7-21 574424]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-3-3 254912]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-7-21 203088]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2012-7-21 575448]

R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-3-3 162584]

R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2009-12-10 65536]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2012-7-21 402336]

R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-3-3 1118648]

R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-7-21 70768]

R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2012-7-21 91648]

R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2012-7-21 57536]

R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2012-7-21 125888]

R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-3-3 70536]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-7-21 35264]

R3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]

S?4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-28 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250056]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-28 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 113120]

S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-3-22 21744]

S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2012-7-21 57536]

.

=============== Created Last 30 ================

.

2012-07-24 21:59:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-24 21:59:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-23 22:59:48 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-21 22:26:18 -------- d-----w- c:\documents and settings\mk\application data\Spam Monitor

2012-07-21 22:07:56 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys

2012-07-21 22:07:55 767960 ----a-w- c:\windows\BDTSupport.dll

2012-07-21 22:07:55 149464 ----a-w- c:\windows\SGDetectionTool.dll

2012-07-21 22:07:54 2267096 ----a-w- c:\windows\PCTBDCore.dll

2012-07-21 22:07:54 1681368 ----a-w- c:\windows\PCTBDRes.dll

2012-07-21 22:06:11 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-07-21 22:06:11 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys

2012-07-21 22:06:00 574424 ----a-w- c:\windows\system32\drivers\TfSysMon.sys

2012-07-21 22:06:00 54328 ----a-w- c:\windows\system32\drivers\TfFsMon.sys

2012-07-21 22:06:00 35264 ----a-w- c:\windows\system32\drivers\TfNetMon.sys

2012-07-21 22:05:24 91648 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys

2012-07-21 22:05:24 32936 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys

2012-07-21 22:05:23 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys

2012-07-21 22:05:23 125888 ----a-w- c:\windows\system32\drivers\pctplfw.sys

2012-07-21 21:59:40 -------- d-----w- c:\documents and settings\mk\application data\TestApp

.

==================== Find3M ====================

.

2012-07-18 08:06:24 952 --sha-w- c:\windows\system32\KGyGaAvL.sys

2012-07-12 13:54:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-12 13:54:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-18 10:13:08 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-05-18 10:13:08 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 18:14:44 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2012-05-11 18:08:46 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec

2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

============= FINISH: 16:14:55.00 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 10/1/2010 4:10:42 PM

System Uptime: 7/24/2012 3:56:42 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0MG532

Processor: Genuine Intel® CPU T2050 @ 1.60GHz | Microprocessor | 798/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 68 GiB total, 15.966 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP410: 5/7/2012 4:31:54 AM - System Checkpoint

RP411: 5/8/2012 9:18:34 PM - Software Distribution Service 3.0

RP412: 5/10/2012 4:01:59 AM - System Checkpoint

RP413: 5/13/2012 9:56:46 PM - Software Distribution Service 3.0

RP414: 5/16/2012 12:35:42 AM - System Checkpoint

RP415: 5/19/2012 12:09:54 AM - System Checkpoint

RP416: 5/20/2012 1:21:02 AM - Installed HP Product Detection

RP417: 5/20/2012 1:21:24 AM - Installed Hewlett-Packard ACLM.NET v1.1.0.0.

RP418: 5/21/2012 6:09:55 PM - System Checkpoint

RP419: 5/22/2012 3:01:12 AM - Software Distribution Service 3.0

RP420: 5/22/2012 3:22:41 AM - Software Distribution Service 3.0

RP421: 5/28/2012 9:09:39 PM - System Checkpoint

RP422: 6/2/2012 2:58:31 PM - System Checkpoint

RP423: 6/4/2012 9:27:23 PM - Software Distribution Service 3.0

RP424: 6/7/2012 9:35:07 AM - System Checkpoint

RP425: 6/9/2012 10:59:27 PM - System Checkpoint

RP426: 6/12/2012 2:42:14 PM - System Checkpoint

RP427: 6/13/2012 8:40:01 AM - Software Distribution Service 3.0

RP428: 6/14/2012 3:35:48 PM - System Checkpoint

RP429: 6/16/2012 8:30:46 AM - System Checkpoint

RP430: 6/17/2012 7:37:32 PM - System Checkpoint

RP431: 6/17/2012 8:20:21 PM - Installed QuickTime

RP432: 6/19/2012 8:08:29 PM - System Checkpoint

RP433: 6/20/2012 10:27:54 PM - System Checkpoint

RP434: 6/25/2012 8:12:32 PM - System Checkpoint

RP435: 6/27/2012 7:32:15 AM - System Checkpoint

RP436: 6/29/2012 6:14:53 AM - System Checkpoint

RP437: 7/1/2012 12:04:17 PM - System Checkpoint

RP438: 7/3/2012 12:23:38 PM - System Checkpoint

RP439: 7/4/2012 3:40:31 PM - System Checkpoint

RP440: 7/7/2012 8:24:24 AM - System Checkpoint

RP441: 7/8/2012 12:19:16 PM - System Checkpoint

RP442: 7/9/2012 5:03:04 PM - System Checkpoint

RP443: 7/11/2012 7:22:50 AM - Software Distribution Service 3.0

RP444: 7/12/2012 6:07:02 PM - System Checkpoint

RP445: 7/13/2012 7:45:57 PM - System Checkpoint

RP446: 7/16/2012 12:29:56 AM - System Checkpoint

RP447: 7/17/2012 2:03:10 AM - System Checkpoint

RP448: 7/18/2012 11:45:26 PM - System Checkpoint

RP449: 7/20/2012 6:28:21 PM - System Checkpoint

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

AIM 7

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

Browser Guard 4.0

BufferChm

Compatibility Pack for the 2007 Office system

Conexant HDA D110 MDC V.92 Modem

Copy

Corel Paint Shop Pro Photo XI

Dell Driver Download Manager

Dell ResourceCD

Dell Support Center

Dell Wireless WLAN Card

Destinations

DeviceDiscovery

DivX Setup

DJ_AIO_05_F4400_Software_Min

Download Updater (AOL LLC)

ESPNMotion

F4400

GemMaster Mystic

Google Chrome

Google Earth

Google Update Helper

Google Updater

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.0.0

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 13.0

HP Deskjet F4400 Printer Driver Software 13.0 Rel .5

HP Imaging Device Functions 13.0

HP Print Projects 1.0

HP Product Detection

HP Smart Web Printing 4.5

HP Solution Center 13.0

HP Update

hpPrintProjects

HPProductAssistant

HPSSupply

hpWLPGInstaller

Intel® Graphics Media Accelerator Driver

iTunes

Java Auto Updater

Java 6 Update 31

jZip

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

McAfee Security Scan Plus

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.0 Hotfix (KB2604042)

Microsoft .NET Framework 1.0 Hotfix (KB2656378)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Office File Validation Add-In

Microsoft Office Small Business Edition 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mixer

MobileMe Control Panel

Modem Helper

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

Norton Security Scan

Otto

PC Tools Internet Security 9.0

PokerStove version 1.23

PokerTracker 3 (remove only)

PostgreSQL 8.3

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Safari

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2482017)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2497640)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2530548)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2559049)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2586448)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Shop for HP Supplies

SigmaTel Audio

SmartWebPrinting

SolutionCenter

Sonic Encoders

Status

StreamTorrent 1.0

Synaptics Pointing Device Driver

Toolbox

TrayApp

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

VC80CRTRedist - 8.0.50727.4053

Veetle TV 0.9.18

VLC media player 1.1.11

WebFldrs XP

WebReg

WIDCOMM Bluetooth Software

Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 8

Windows Media Format Runtime

Windows Media Player Firefox Plugin

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB908250

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

.

==== Event Viewer Messages From Past Week ========

.

7/23/2012 3:55:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.

7/23/2012 3:55:19 PM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/23/2012 3:15:29 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

7/21/2012 4:34:13 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

7/21/2012 3:26:45 PM, error: PCTCore [280] -

7/21/2012 1:40:11 PM, error: Dhcp [1008] - Your computer was unable to initialize a Network Interface attached to the system. The error code is: Insufficient system resources exist to complete the requested service. .

7/18/2012 11:49:29 AM, error: NetBT [4321] - The name "HOME :0" could not be registered on the Interface with IP address 192.168.1.70. The machine with the IP address 192.168.1.73 did not allow the name to be claimed by this machine.

.

==== End Of File ===========================

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ComboFix 12-07-27.03 - Mk 07/27/2012 9:00.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.389 [GMT -7:00]

Running from: c:\documents and settings\Mk\Desktop\ComboFix.exe

AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: PC Tools Internet Security Firewall *Disabled* {2BF21FEC-A5BE-424D-BDD7-3229CC84ED22}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\autorun.inf

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP

c:\documents and settings\Mk\Application Data\PriceGong

c:\documents and settings\Mk\Application Data\PriceGong\Data\1.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\4873.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\a.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\b.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\c.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\d.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\e.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\f.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\g.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\h.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\i.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\j.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\k.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\l.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\m.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Mk\Application Data\PriceGong\Data\n.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\o.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\p.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\q.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\r.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\s.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\t.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\u.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\v.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\w.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\wlu.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\x.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\y.txt

c:\documents and settings\Mk\Application Data\PriceGong\Data\z.txt

c:\documents and settings\Mk\My Documents\~WRD0004.tmp

c:\windows\EventSystem.log

.

.

((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))

.

.

2012-07-24 21:59 . 2012-07-24 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-24 21:59 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-23 22:59 . 2012-07-24 21:56 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-21 22:26 . 2012-07-21 22:26 -------- d-----w- c:\documents and settings\Mk\Application Data\Spam Monitor

2012-07-21 22:07 . 2012-06-14 19:31 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys

2012-07-21 22:07 . 2012-06-14 19:31 149464 ----a-w- c:\windows\SGDetectionTool.dll

2012-07-21 22:07 . 2012-06-14 19:31 767960 ----a-w- c:\windows\BDTSupport.dll

2012-07-21 22:07 . 2012-06-14 19:31 2267096 ----a-w- c:\windows\PCTBDCore.dll

2012-07-21 22:07 . 2012-06-14 19:31 1681368 ----a-w- c:\windows\PCTBDRes.dll

2012-07-21 22:06 . 2012-05-11 18:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-07-21 22:06 . 2012-05-11 18:13 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys

2012-07-21 22:06 . 2012-05-11 17:07 574424 ----a-w- c:\windows\system32\drivers\TfSysMon.sys

2012-07-21 22:06 . 2012-05-11 17:07 54328 ----a-w- c:\windows\system32\drivers\TfFsMon.sys

2012-07-21 22:06 . 2012-05-11 17:07 35264 ----a-w- c:\windows\system32\drivers\TfNetMon.sys

2012-07-21 22:05 . 2012-04-19 16:56 91648 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys

2012-07-21 22:05 . 2011-07-08 16:55 32936 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys

2012-07-21 22:05 . 2012-05-11 18:14 125888 ----a-w- c:\windows\system32\drivers\pctplfw.sys

2012-07-21 22:05 . 2010-07-08 15:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys

2012-07-21 21:59 . 2012-07-21 21:59 -------- d-----w- c:\documents and settings\Mk\Application Data\TestApp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 13:54 . 2012-04-01 02:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-12 13:54 . 2011-05-15 20:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-14 18:03 . 2012-07-21 22:07 3488 ----a-w- c:\windows\UDB.zip

2012-06-14 18:03 . 2012-07-21 22:07 131 ----a-w- c:\windows\IDB.zip

2012-06-13 13:19 . 2004-08-10 11:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2009-08-20 00:07 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2004-08-10 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2004-08-10 11:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19 . 2010-10-01 23:02 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 22:19 . 2010-10-01 23:02 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 22:19 . 2010-10-01 23:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19 . 2010-10-01 23:02 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2010-10-01 23:02 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2009-08-07 02:24 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 22:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:19 . 2010-10-01 23:02 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2010-10-01 23:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:18 . 2010-10-06 21:27 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 22:18 . 2010-10-06 21:27 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 22:18 . 2010-10-06 21:27 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-18 10:13 . 2010-10-20 07:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-05-18 10:13 . 2010-10-20 07:14 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 18:14 . 2011-03-03 08:48 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2012-05-11 18:08 . 2011-03-03 08:49 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2012-05-11 14:42 . 2004-08-10 11:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2004-08-10 11:00 385024 ------w- c:\windows\system32\html.iec

2012-05-04 13:16 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2010-10-01 22:56 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-19 14:43 . 2011-04-01 02:05 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-18 39408]

"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"Zip"="wscript.exe" [2008-05-08 155648]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-10 2183168]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]

"DLCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-21 73728]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-05-18 296056]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDTSysTrayApp]

2007-09-06 04:24 405504 ----a-w- c:\windows\sttray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/3/2011 1:48 AM 383368]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [3/3/2011 1:49 AM 342168]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [3/3/2011 1:49 AM 909728]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [7/21/2012 3:06 PM 54328]

R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [7/21/2012 3:06 PM 574424]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/3/2011 1:49 AM 254912]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [7/21/2012 3:06 PM 203088]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [7/21/2012 3:07 PM 575448]

R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]

R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [3/3/2011 1:48 AM 162584]

R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [12/10/2009 3:39 AM 65536]

R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [7/21/2012 3:07 PM 70768]

R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [7/21/2012 3:05 PM 91648]

R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [7/21/2012 3:05 PM 57536]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [7/21/2012 3:06 PM 35264]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2011 4:58 PM 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 7:49 PM 250056]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2011 4:58 PM 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/5/2012 3:51 PM 113120]

S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [3/22/2012 11:28 AM 21744]

S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [7/21/2012 3:05 PM 57536]

S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [7/21/2012 3:05 PM 125888]

S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [3/3/2011 1:48 AM 70536]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [7/21/2012 3:04 PM 402336]

S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 13:54]

.

2012-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]

.

2012-07-23 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-10-18 09:21]

.

2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 23:58]

.

2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 23:58]

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-796845957-682003330-1003Core.job

- c:\documents and settings\Mk\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-19 23:15]

.

2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-796845957-682003330-1003UA.job

- c:\documents and settings\Mk\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-19 23:15]

.

2012-07-27 c:\windows\Tasks\Norton Security Scan for Mk.job

- c:\progra~1\NORTON~2\Engine\360~1.31\Nss.exe [2011-10-29 09:45]

.

2012-07-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-796845957-682003330-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]

.

2012-07-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-796845957-682003330-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]

.

2012-07-27 c:\windows\Tasks\User_Feed_Synchronization-{FB420701-81CA-4614-8B20-F86BC21E50DA}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://search.jzip.com/sidebar.html?src=ssb&sysid=102

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Mk\Application Data\Mozilla\Firefox\Profiles\jzj6y0gg.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-27 09:26

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(1400)

c:\windows\System32\BCMLogon.dll

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

.

Completion time: 2012-07-27 09:39:27

ComboFix-quarantined-files.txt 2012-07-27 16:39

.

Pre-Run: 16,338,759,680 bytes free

Post-Run: 19,809,947,648 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - C935C8F4D5ADACF4C2966CA440708119

Link to post
Share on other sites

Please uninstall StreamTorrent 1.0 and then:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DDS::
uSearchAssistant = hxxp://search.jzip.com/sidebar.html?src=ssb&sysid=102

FireFox::
FF - ProfilePath - c:\documents and settings\Mk\Application Data\Mozilla\Firefox\Profiles\jzj6y0gg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 12-07-27.03 - Mk 07/28/2012 6:58.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.562 [GMT -7:00]

Running from: c:\documents and settings\Mk\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Mk\Desktop\CFScript.txt

AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: PC Tools Internet Security Firewall *Disabled* {2BF21FEC-A5BE-424D-BDD7-3229CC84ED22}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

.

.

((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))

.

.

2012-07-24 21:59 . 2012-07-24 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-24 21:59 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-23 22:59 . 2012-07-24 21:56 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-21 22:26 . 2012-07-21 22:26 -------- d-----w- c:\documents and settings\Mk\Application Data\Spam Monitor

2012-07-21 22:07 . 2012-06-14 19:31 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys

2012-07-21 22:07 . 2012-06-14 19:31 149464 ----a-w- c:\windows\SGDetectionTool.dll

2012-07-21 22:07 . 2012-06-14 19:31 767960 ----a-w- c:\windows\BDTSupport.dll

2012-07-21 22:07 . 2012-06-14 19:31 2267096 ----a-w- c:\windows\PCTBDCore.dll

2012-07-21 22:07 . 2012-06-14 19:31 1681368 ----a-w- c:\windows\PCTBDRes.dll

2012-07-21 22:06 . 2012-05-11 18:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-07-21 22:06 . 2012-05-11 18:13 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys

2012-07-21 22:06 . 2012-05-11 17:07 574424 ----a-w- c:\windows\system32\drivers\TfSysMon.sys

2012-07-21 22:06 . 2012-05-11 17:07 54328 ----a-w- c:\windows\system32\drivers\TfFsMon.sys

2012-07-21 22:06 . 2012-05-11 17:07 35264 ----a-w- c:\windows\system32\drivers\TfNetMon.sys

2012-07-21 22:05 . 2012-04-19 16:56 91648 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys

2012-07-21 22:05 . 2011-07-08 16:55 32936 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys

2012-07-21 22:05 . 2012-05-11 18:14 125888 ----a-w- c:\windows\system32\drivers\pctplfw.sys

2012-07-21 22:05 . 2010-07-08 15:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys

2012-07-21 21:59 . 2012-07-21 21:59 -------- d-----w- c:\documents and settings\Mk\Application Data\TestApp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-27 21:58 . 2012-04-01 02:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-27 21:58 . 2011-05-15 20:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-14 18:03 . 2012-07-21 22:07 3488 ----a-w- c:\windows\UDB.zip

2012-06-14 18:03 . 2012-07-21 22:07 131 ----a-w- c:\windows\IDB.zip

2012-06-13 13:19 . 2004-08-10 11:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2009-08-20 00:07 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2004-08-10 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2004-08-10 11:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19 . 2010-10-01 23:02 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 22:19 . 2010-10-01 23:02 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 22:19 . 2010-10-01 23:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19 . 2010-10-01 23:02 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2010-10-01 23:02 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2009-08-07 02:24 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 22:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:19 . 2010-10-01 23:02 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2010-10-01 23:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:18 . 2010-10-06 21:27 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 22:18 . 2010-10-06 21:27 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 22:18 . 2010-10-06 21:27 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-18 10:13 . 2010-10-20 07:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-05-18 10:13 . 2010-10-20 07:14 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 18:14 . 2011-03-03 08:48 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2012-05-11 18:08 . 2011-03-03 08:49 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2012-05-11 14:42 . 2004-08-10 11:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2004-08-10 11:00 385024 ------w- c:\windows\system32\html.iec

2012-05-04 13:16 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2010-10-01 22:56 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-19 14:43 . 2011-04-01 02:05 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-27_16.27.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-07-28 13:52 . 2012-07-28 13:52 16384 c:\windows\Temp\Perflib_Perfdata_468.dat

+ 2012-07-27 21:58 . 2012-07-27 21:58 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe

+ 2012-07-27 16:54 . 2012-07-27 16:54 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe

+ 2012-07-27 16:54 . 2012-07-27 16:54 466632 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.dll

+ 2012-04-01 02:49 . 2012-07-27 21:59 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

- 2012-04-01 02:49 . 2012-07-12 13:54 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

+ 2012-07-27 21:58 . 2012-07-27 21:58 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-18 39408]

"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"Zip"="wscript.exe" [2008-05-08 155648]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-10 2183168]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]

"DLCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-21 73728]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-05-18 296056]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDTSysTrayApp]

2007-09-06 04:24 405504 ----a-w- c:\windows\sttray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/3/2011 1:48 AM 383368]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [3/3/2011 1:49 AM 342168]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [3/3/2011 1:49 AM 909728]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [7/21/2012 3:06 PM 54328]

R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [7/21/2012 3:06 PM 574424]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/3/2011 1:49 AM 254912]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [7/21/2012 3:06 PM 203088]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [7/21/2012 3:07 PM 575448]

R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]

R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [3/3/2011 1:48 AM 162584]

R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [12/10/2009 3:39 AM 65536]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [7/21/2012 3:04 PM 402336]

R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [7/21/2012 3:07 PM 70768]

R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [7/21/2012 3:05 PM 57536]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2011 4:58 PM 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 7:49 PM 250056]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2011 4:58 PM 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/5/2012 3:51 PM 113120]

S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [3/22/2012 11:28 AM 21744]

S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [7/21/2012 3:05 PM 91648]

S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [7/21/2012 3:05 PM 57536]

S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [7/21/2012 3:05 PM 125888]

S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [3/3/2011 1:48 AM 70536]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [7/21/2012 3:06 PM 35264]

S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:59]

.

2012-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]

.

2012-07-27 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-10-18 09:21]

.

2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 23:58]

.

2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 23:58]

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-796845957-682003330-1003Core.job

- c:\documents and settings\Mk\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-19 23:15]

.

2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-796845957-682003330-1003UA.job

- c:\documents and settings\Mk\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-19 23:15]

.

2012-07-28 c:\windows\Tasks\Norton Security Scan for Mk.job

- c:\progra~1\NORTON~2\Engine\360~1.31\Nss.exe [2011-10-29 09:45]

.

2012-07-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-796845957-682003330-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]

.

2012-07-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-796845957-682003330-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]

.

2012-07-28 c:\windows\Tasks\User_Feed_Synchronization-{FB420701-81CA-4614-8B20-F86BC21E50DA}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://search.jzip.com/sidebar.html?src=ssb&sysid=102

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Mk\Application Data\Mozilla\Firefox\Profiles\jzj6y0gg.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-28 07:19

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(1396)

c:\windows\System32\BCMLogon.dll

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

.

- - - - - - - > 'explorer.exe'(172)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2012-07-28 07:28:48

ComboFix-quarantined-files.txt 2012-07-28 14:28

ComboFix2.txt 2012-07-27 16:39

.

Pre-Run: 19,770,753,024 bytes free

Post-Run: 19,749,535,744 bytes free

.

- - End Of File - - 8589CCB6D6731F58D4E6EDCC320D3226

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=7e38ea3e1593e54c8d07c3262d385d61

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-30 05:07:03

# local_time=2012-07-30 10:07:03 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=2560 16777175 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=113918

# found=14

# cleaned=14

# scan_time=8377

C:\Qoobox\Quarantine\C\autorun.inf.vir VBS/AutoRun.AR worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0131A367-A42B-4386-8896-226A6F1A9C7D}\RP450\A0207547.inf VBS/AutoRun.AR worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\23.07.2012_15.41.22\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\23.07.2012_15.41.22\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\23.07.2012_15.41.22\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\23.07.2012_15.41.22\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\23.07.2012_15.41.22\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\23.07.2012_15.41.22\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\24.07.2012_14.53.41\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\24.07.2012_14.53.41\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\24.07.2012_14.53.41\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\24.07.2012_14.53.41\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\24.07.2012_14.53.41\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\24.07.2012_14.53.41\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.