Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wave volume and random IE processes


  • This topic is locked This topic is locked
12 replies to this topic

#1 outofbody

outofbody

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 06 December 2012 - 04:41 PM

Hello and an initial Thank You!

As of last night I noticed that my sound was not working. I checked all my cords, my drivers, etc. I noticed in my volume controls that the wave volume was at 0%. Turned it up and about 2 minutes later the sound went out, turned the volume up and same thing happened. I started researching today and found your web site. I have read a lot of the entries with the same problem and have also found that I have multiple IExplore.exe process running with no windows open. I am sorry to repeat a post on your forum about earlier issue but did not want to follow previous directions since I am not 100% sure of what I am doing. Thank you and here are my DDS and ATTACH reports.

Thank You Again!

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Clayton Bruyn at 15:25:00 on 2012-12-06
#Option MBR scan is disabled.
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1887 [GMT -6:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Clayton Bruyn\Local Settings\Application Data\svcxdcl32.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://go.purenetworks.com/redir/click/tour/?pn=nm&a=5%2E5%2E9195%2E0&as=0&ad=1&bt=shp&b=Pure&dc=Pure0&dt=OLN&k=1343447090&ct=&ag=d48e81ad0db254cc&g=96bd8435db981863%2Ca89af72608316cd9&lcid=1033&ulcid=1033&am=99&it=clean
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [Threat Expert] RUNDLL32.EXE "c:\documents and settings\clayton bruyn\local settings\application data\threat expert\oyafvpfa.dll",ir_fe_ocr_1line
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Svc2dll] c:\documents and settings\clayton bruyn\local settings\application data\svcxdcl32.exe
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
StartupFolder: c:\docume~1\clayto~1\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353975623046
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: Interfaces\{1D53452F-E91A-4D63-8BE6-B1594C2F4CF6} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{AE16B1E7-CE4C-43ED-AE7D-B5E670958A26} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{BDB469C0-0F99-40AD-88C3-A9852EF954B0} : DHCPNameServer = 192.168.0.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\clayton bruyn\application data\mozilla\firefox\profiles\p5yrhroq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.xfinity.com/customer/start/?attr=self&cid=insDate04012011
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2010-07-05 21:14; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn2
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-7-30 218592]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-6-20 12216]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2011-6-15 20480]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2011-6-15 57440]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 43704]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 12216]
R3 ntkvpnMP;ntkvpnMP;c:\windows\system32\drivers\ntkvpn.sys [2010-12-13 28768]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-3-22 547744]
S3 ntkvpn;Loki VPN Service;c:\windows\system32\drivers\ntkvpn.sys [2010-12-13 28768]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-7-30 112592]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-11-19 1435568]
S4 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\d-link\dwa-552 reva\jswpsapi.exe [2011-6-15 356433]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S4 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-7-30 233136]
S4 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-7-30 63360]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-7-30 366840]
S4 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-7-30 1142224]
S4 WLSVC;WLSVC;c:\program files\d-link\dwa-552 reva\WLSVC.exe [2011-6-15 167936]
.
=============== Created Last 30 ================
.
2012-12-06 20:05:43 53248 ----a-r- c:\documents and settings\clayton bruyn\application data\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2012-12-06 20:05:32 -------- d-----w- c:\documents and settings\clayton bruyn\local settings\application data\Logishrd
2012-12-06 20:05:16 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2012-12-06 20:04:29 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-12-06 19:58:05 -------- d-----w- c:\documents and settings\clayton bruyn\application data\Logishrd
2012-11-27 17:48:22 117248 ----a-w- c:\documents and settings\clayton bruyn\local settings\application data\svcxdcl32.exe
2012-11-27 17:48:18 148796 ----a-w- c:\documents and settings\clayton bruyn\wgsdgsdgdsgsd.exe
2012-11-27 01:12:40 -------- d-sh--w- c:\documents and settings\clayton bruyn\IETldCache
2012-11-27 00:54:26 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-11-27 00:53:56 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-11-27 00:53:40 -------- d-----w- c:\windows\ie8updates
2012-11-27 00:53:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-11-27 00:53:34 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-11-27 00:53:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-11-27 00:52:36 -------- dc-h--w- c:\windows\ie8
2012-11-27 00:47:46 -------- d-----w- c:\program files\MSXML 4.0
2012-11-27 00:36:40 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-11-27 00:32:14 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-11-27 00:32:14 3072 ------w- c:\windows\system32\iacenc.dll
2012-11-27 00:31:22 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-11-27 00:31:21 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-11-27 00:29:49 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-11-27 00:29:41 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-11-27 00:29:34 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2012-11-27 00:29:34 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-11-27 00:29:27 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-11-27 00:28:50 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-11-27 00:27:51 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-11-27 00:27:51 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-11-20 18:27:34 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-11-18 08:50:25 -------- d-----w- c:\documents and settings\clayton bruyn\local settings\application data\SWTOR
2012-11-17 23:46:53 -------- d-----w- c:\program files\common files\BioWare
2012-11-17 23:46:38 -------- d-----w- C:\Users
2012-11-12 10:56:33 -------- d-----w- c:\documents and settings\clayton bruyn\application data\Mumble
2012-11-12 10:55:54 -------- d-----w- c:\program files\Mumble
.
==================== Find3M ====================
.
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-22 05:27:51 1102344 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-10-22 05:27:51 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-10-22 05:27:49 1102344 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-10-09 10:32:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 10:32:05 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-23 14:28:00 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-09-23 14:28:00 7446528 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-23 14:28:00 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-09-23 14:28:00 4494208 ----a-w- c:\windows\system32\nv4_disp.dll
2012-09-23 14:28:00 2578792 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-23 14:28:00 2376704 ----a-w- c:\windows\system32\nvapi.dll
2012-09-23 14:28:00 19103744 ----a-w- c:\windows\system32\nvoglnt.dll
2012-09-23 14:28:00 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-23 14:28:00 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-23 14:28:00 12557728 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-09-23 14:28:00 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-09-23 13:04:24 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-09-23 13:04:12 15512424 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-23 13:04:11 164200 ----a-w- c:\windows\system32\nvsvc32.exe
2012-09-23 13:04:11 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-09-23 13:04:11 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-09-18 09:33:00 55096 ----a-w- c:\windows\system32\LMouFiltCoInst.dll
2012-09-18 09:33:00 43960 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2012-09-18 09:33:00 39608 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2012-09-18 09:33:00 1583928 ----a-w- c:\windows\system32\LkmdfCoInst.dll
2012-09-18 09:32:56 43704 ----a-w- c:\windows\system32\drivers\LEqdUsb.sys
2012-09-18 09:32:56 12216 ----a-w- c:\windows\system32\drivers\LHidEqd.sys
2012-09-18 09:32:56 12216 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
.
============= FINISH: 15:26:06.76 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:51 AM

Posted 06 December 2012 - 08:42 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 outofbody

outofbody
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 07 December 2012 - 01:23 AM

Hi Gringo. Again, Thank You so much for your help. Here are the logs you requested:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Clayton Bruyn at 0:18:47 on 2012-12-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Clayton Bruyn\Local Settings\Application Data\svcxdcl32.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://go.purenetworks.com/redir/click/tour/?pn=nm&a=5%2E5%2E9195%2E0&as=0&ad=1&bt=shp&b=Pure&dc=Pure0&dt=OLN&k=1343447090&ct=&ag=d48e81ad0db254cc&g=96bd8435db981863%2Ca89af72608316cd9&lcid=1033&ulcid=1033&am=99&it=clean
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [Threat Expert] RUNDLL32.EXE "c:\documents and settings\clayton bruyn\local settings\application data\threat expert\oyafvpfa.dll",ir_fe_ocr_1line
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Svc2dll] c:\documents and settings\clayton bruyn\local settings\application data\svcxdcl32.exe
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
StartupFolder: c:\docume~1\clayto~1\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353975623046
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: Interfaces\{1D53452F-E91A-4D63-8BE6-B1594C2F4CF6} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{AE16B1E7-CE4C-43ED-AE7D-B5E670958A26} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{BDB469C0-0F99-40AD-88C3-A9852EF954B0} : DHCPNameServer = 192.168.0.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\clayton bruyn\application data\mozilla\firefox\profiles\p5yrhroq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.xfinity.com/customer/start/?attr=self&cid=insDate04012011
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2010-07-05 21:14; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn2
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-7-30 218592]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-6-20 12216]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2011-6-15 20480]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2011-6-15 57440]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 43704]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 12216]
R3 ntkvpnMP;ntkvpnMP;c:\windows\system32\drivers\ntkvpn.sys [2010-12-13 28768]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-3-22 547744]
S3 ntkvpn;Loki VPN Service;c:\windows\system32\drivers\ntkvpn.sys [2010-12-13 28768]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-7-30 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-7-30 1142224]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-7-30 112592]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-11-19 1435568]
S4 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\d-link\dwa-552 reva\jswpsapi.exe [2011-6-15 356433]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S4 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-7-30 233136]
S4 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-7-30 63360]
S4 WLSVC;WLSVC;c:\program files\d-link\dwa-552 reva\WLSVC.exe [2011-6-15 167936]
.
=============== Created Last 30 ================
.
2012-12-06 20:05:43 53248 ----a-r- c:\documents and settings\clayton bruyn\application data\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2012-12-06 20:05:32 -------- d-----w- c:\documents and settings\clayton bruyn\local settings\application data\Logishrd
2012-12-06 20:05:16 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2012-12-06 20:04:29 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-12-06 19:58:05 -------- d-----w- c:\documents and settings\clayton bruyn\application data\Logishrd
2012-11-27 17:48:22 117248 ----a-w- c:\documents and settings\clayton bruyn\local settings\application data\svcxdcl32.exe
2012-11-27 17:48:18 148796 ----a-w- c:\documents and settings\clayton bruyn\wgsdgsdgdsgsd.exe
2012-11-27 01:12:40 -------- d-sh--w- c:\documents and settings\clayton bruyn\IETldCache
2012-11-27 00:54:26 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-11-27 00:53:56 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-11-27 00:53:40 -------- d-----w- c:\windows\ie8updates
2012-11-27 00:53:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-11-27 00:53:34 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-11-27 00:53:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-11-27 00:52:36 -------- dc-h--w- c:\windows\ie8
2012-11-27 00:47:46 -------- d-----w- c:\program files\MSXML 4.0
2012-11-27 00:36:40 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-11-27 00:32:14 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-11-27 00:32:14 3072 ------w- c:\windows\system32\iacenc.dll
2012-11-27 00:31:22 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-11-27 00:31:21 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-11-27 00:29:49 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-11-27 00:29:41 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-11-27 00:29:34 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2012-11-27 00:29:34 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-11-27 00:29:27 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-11-27 00:28:50 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-11-27 00:27:51 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-11-27 00:27:51 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-11-20 18:27:34 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-11-18 08:50:25 -------- d-----w- c:\documents and settings\clayton bruyn\local settings\application data\SWTOR
2012-11-17 23:46:53 -------- d-----w- c:\program files\common files\BioWare
2012-11-17 23:46:38 -------- d-----w- C:\Users
2012-11-12 10:56:33 -------- d-----w- c:\documents and settings\clayton bruyn\application data\Mumble
2012-11-12 10:55:54 -------- d-----w- c:\program files\Mumble
.
==================== Find3M ====================
.
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-22 05:27:51 1102344 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-10-22 05:27:51 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-10-22 05:27:49 1102344 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-10-09 10:32:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 10:32:05 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-23 14:28:00 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-09-23 14:28:00 7446528 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-23 14:28:00 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-09-23 14:28:00 4494208 ----a-w- c:\windows\system32\nv4_disp.dll
2012-09-23 14:28:00 2578792 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-23 14:28:00 2376704 ----a-w- c:\windows\system32\nvapi.dll
2012-09-23 14:28:00 19103744 ----a-w- c:\windows\system32\nvoglnt.dll
2012-09-23 14:28:00 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-23 14:28:00 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-23 14:28:00 12557728 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-09-23 14:28:00 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-09-23 13:04:24 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-09-23 13:04:12 15512424 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-23 13:04:11 164200 ----a-w- c:\windows\system32\nvsvc32.exe
2012-09-23 13:04:11 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-09-23 13:04:11 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-09-18 09:33:00 55096 ----a-w- c:\windows\system32\LMouFiltCoInst.dll
2012-09-18 09:33:00 43960 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2012-09-18 09:33:00 39608 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2012-09-18 09:33:00 1583928 ----a-w- c:\windows\system32\LkmdfCoInst.dll
2012-09-18 09:32:56 43704 ----a-w- c:\windows\system32\drivers\LEqdUsb.sys
2012-09-18 09:32:56 12216 ----a-w- c:\windows\system32\drivers\LHidEqd.sys
2012-09-18 09:32:56 12216 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3500630AS rev.3.AAK -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x8AD0C4B1]<<
c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8ad1393c]; MOV EAX, [0x8ad13ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Harddisk1\DR1[0x8ADA2AB8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> [0x8AE65E50]
5 PCTCore[0xB7EADEAE] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\0000007a[0x8ADD39E8]
7 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> [0x8AE2ED98]
\Driver\atapi[0x8AE2CF38] -> IRP_MJ_CREATE -> 0x8AD0C4B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AD0C2E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 0:19:55.89 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/2/2010 2:15:11 AM
System Uptime: 12/7/2012 12:14:27 AM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | M57SLI-S4
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5000+ | Socket M2 | 2613/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 38.909 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 0.367 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro 8000 A809
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro 8000 A809
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro 8000 A809
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Officejet Pro 8000 A809
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro 8000 A809
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet Pro 8000 A809
PNP Device ID: ROOT\PRINTER\0000
Service:
.
==== System Restore Points ===================
.
RP378: 9/7/2012 5:23:59 PM - System Checkpoint
RP379: 9/9/2012 6:57:35 PM - System Checkpoint
RP380: 9/10/2012 8:29:46 PM - System Checkpoint
RP381: 9/13/2012 2:35:08 AM - System Checkpoint
RP382: 9/14/2012 5:11:44 AM - System Checkpoint
RP383: 9/15/2012 5:49:00 AM - System Checkpoint
RP384: 9/16/2012 7:01:48 AM - System Checkpoint
RP385: 9/17/2012 7:47:52 AM - System Checkpoint
RP386: 9/19/2012 1:33:25 PM - System Checkpoint
RP387: 9/20/2012 1:52:42 PM - System Checkpoint
RP388: 9/21/2012 2:09:43 PM - System Checkpoint
RP389: 9/22/2012 5:22:02 PM - System Checkpoint
RP390: 9/23/2012 9:18:39 PM - System Checkpoint
RP391: 9/24/2012 9:33:05 PM - System Checkpoint
RP392: 9/25/2012 9:41:15 PM - System Checkpoint
RP393: 9/27/2012 5:05:42 AM - System Checkpoint
RP394: 9/29/2012 6:26:42 PM - System Checkpoint
RP395: 9/30/2012 7:20:39 PM - System Checkpoint
RP396: 10/2/2012 3:45:36 AM - System Checkpoint
RP397: 10/3/2012 5:02:59 AM - System Checkpoint
RP398: 10/4/2012 5:04:12 AM - System Checkpoint
RP399: 10/5/2012 5:29:34 AM - System Checkpoint
RP400: 10/6/2012 6:29:34 AM - System Checkpoint
RP401: 10/7/2012 7:29:34 AM - System Checkpoint
RP402: 10/8/2012 8:29:36 AM - System Checkpoint
RP403: 10/9/2012 9:29:34 AM - System Checkpoint
RP404: 10/11/2012 5:07:12 AM - System Checkpoint
RP405: 10/12/2012 5:18:12 AM - System Checkpoint
RP406: 10/13/2012 6:19:16 AM - System Checkpoint
RP407: 10/14/2012 7:18:11 AM - System Checkpoint
RP408: 10/16/2012 2:56:33 AM - System Checkpoint
RP409: 10/17/2012 3:18:12 AM - System Checkpoint
RP410: 10/18/2012 6:04:50 AM - System Checkpoint
RP411: 10/20/2012 11:37:39 PM - System Checkpoint
RP412: 10/22/2012 5:28:01 AM - System Checkpoint
RP413: 10/23/2012 7:59:29 PM - System Checkpoint
RP414: 10/25/2012 9:13:09 PM - System Checkpoint
RP415: 10/27/2012 6:17:33 AM - System Checkpoint
RP416: 10/28/2012 6:18:53 AM - System Checkpoint
RP417: 10/29/2012 6:39:37 AM - System Checkpoint
RP418: 10/30/2012 6:45:39 AM - System Checkpoint
RP419: 10/31/2012 7:05:15 AM - System Checkpoint
RP420: 11/2/2012 4:29:32 PM - System Checkpoint
RP421: 11/3/2012 9:29:13 PM - System Checkpoint
RP422: 11/5/2012 11:54:12 PM - System Checkpoint
RP423: 11/7/2012 7:08:35 PM - System Checkpoint
RP424: 11/8/2012 9:22:05 PM - System Checkpoint
RP425: 11/9/2012 10:22:30 PM - System Checkpoint
RP426: 11/12/2012 4:55:52 AM - Installed Mumble 1.2.3
RP427: 11/13/2012 5:25:05 AM - System Checkpoint
RP428: 11/14/2012 6:18:53 AM - System Checkpoint
RP429: 11/15/2012 6:34:18 AM - System Checkpoint
RP430: 11/16/2012 7:12:18 AM - System Checkpoint
RP431: 11/17/2012 8:04:55 AM - System Checkpoint
RP432: 11/17/2012 12:50:18 PM - Removed Oblivion - Horse Armor Pack
RP433: 11/18/2012 1:40:28 PM - System Checkpoint
RP434: 11/20/2012 2:29:19 AM - System Checkpoint
RP435: 11/20/2012 8:01:13 PM - Removed Oblivion - Knights of the Nine
RP436: 11/20/2012 8:01:36 PM - Removed Oblivion - Mehrunes Razor
RP437: 11/20/2012 8:03:23 PM - Removed Oblivion - Orrery
RP438: 11/20/2012 8:03:44 PM - Removed Oblivion - Spell Tomes
RP439: 11/20/2012 8:04:05 PM - Removed Oblivion - Thieves Den
RP440: 11/20/2012 8:04:26 PM - Removed Oblivion - Vile Lair
RP441: 11/20/2012 8:04:46 PM - Removed Oblivion - Wizard's Tower
RP442: 11/20/2012 8:05:23 PM - Removed Dawn of War - Soulstorm
RP443: 11/20/2012 8:07:22 PM - Removed Dawn of War - Dark Crusade
RP444: 11/20/2012 8:07:36 PM - Configured DawnOfWar
RP445: 11/21/2012 11:03:44 PM - System Checkpoint
RP446: 11/24/2012 5:05:52 AM - System Checkpoint
RP447: 11/25/2012 4:42:09 PM - System Checkpoint
RP448: 11/26/2012 6:23:57 PM - Software Distribution Service 3.0
RP449: 11/26/2012 6:34:11 PM - Software Distribution Service 3.0
RP450: 11/26/2012 7:14:27 PM - Installed Windows XP WgaNotify.
RP451: 11/26/2012 7:15:10 PM - Software Distribution Service 3.0
RP452: 11/27/2012 7:31:56 PM - System Checkpoint
RP453: 11/28/2012 12:00:26 PM - Software Distribution Service 3.0
RP454: 11/30/2012 3:22:51 AM - System Checkpoint
RP455: 12/5/2012 5:40:53 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
8000A809
8000A809_eDocs
8000A809_Help
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.2
AIM 7
AIO_Scan
AirPlus G DWL-G510
ANIO Service
ANIWZCS2 Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AudioConverter Studio 6.1
Audiosurf
Baldur's Gate™ II - Throne of Bhaal ™
Bonjour
BPDSoftware
BPDSoftware_Ini
Browser Defender 2.0.6.15
BufferChm
CCleaner
Cisco Network Magic
Comcast Desktop Software (v1.2.0.9)
Copy
Counter-Strike: Source
Crusader Kings
Crusader Kings II
Daggerfall
Dawn Of War - Winter Assault
Day of Defeat
Desktop Doctor
Destinations
Deus Ex
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
Download Manager 2.3.10
Download Updater (AOL LLC)
Dungeon Crawl Stone Soup
DWA-552
eReg
erLT
F4100
F4100_Help
Font_Setup
GPBaseService2
Grand Theft Auto IV
Half-Life 2
Half-Life 2: Lost Coast
Half-Life: Blue Shift
Half-Life: Opposing Force
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Customer Participation Program 12.0
HP Deskjet All-In-One Software 8.0
HP Imaging Device Functions 12.0
HP Officejet Pro 8000 A809 Series
HP Photosmart Essential
HP Smart Web Printing
HP Solution Center 12.0
HP Update
HPProductAssistant
HPSSupply
iTunes
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
Logitech SetPoint 6.51
LogMeIn Hamachi
Loki VPN Client version 1.7.5.142
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 3.1
Morrowind
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Mumble 1.2.3
myPrintMileage (Officejet Pro 8000 A809)
Network
Network Magic
NVIDIA Control Panel 306.81
NVIDIA Drivers
NVIDIA Graphics Driver 306.81
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA nView 136.28
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Update 1.10.8
NVIDIA Update Components
Oblivion
Photobleepet
Plain Sight
Portal
ProductContext
Pure Networks Platform
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Red Faction
RegCure
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Shop for HP Supplies
SmartWebPrinting
SOAP Toolkit
SolutionCenter
Source SDK Base 2007
Spyware Doctor 7.0
Status
Steam
TES Construction Set
Times Reader
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
ViewSonic Monitor Drivers
VLC media player 1.1.0
WebEx Support Manager for Internet Explorer
WebFldrs XP
WebReg
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
Wizardry 8
Worms Reloaded
XML Paper Specification Shared Components Pack 1.0
Zoosk Messenger
.
==== Event Viewer Messages From Past Week ========
.
12/7/2012 12:08:24 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
12/4/2012 2:48:20 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{BDB469C0-0F99-40AD-88C3-A9852EF954B0} because another computer on the network has the same name. The server could not start.
12/4/2012 2:48:20 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{19B526F1-C9B5-4FD8-9A17-63C9B160FD86} because another computer on the network has the same name. The server could not start.
12/4/2012 2:48:20 AM, error: NetBT [4321] - The name "CLAYTONS-PC :20" could not be registered on the Interface with IP address 5.3.19.95. The machine with the IP address 5.3.19.95 did not allow the name to be claimed by this machine.
12/4/2012 2:48:20 AM, error: NetBT [4321] - The name "CLAYTONS-PC :20" could not be registered on the Interface with IP address 192.168.0.102. The machine with the IP address 192.168.0.100 did not allow the name to be claimed by this machine.
12/4/2012 2:48:20 AM, error: NetBT [4321] - The name "CLAYTONS-PC :0" could not be registered on the Interface with IP address 5.3.19.95. The machine with the IP address 5.3.19.95 did not allow the name to be claimed by this machine.
12/4/2012 2:48:20 AM, error: NetBT [4321] - The name "CLAYTONS-PC :0" could not be registered on the Interface with IP address 192.168.0.102. The machine with the IP address 192.168.0.100 did not allow the name to be claimed by this machine.
.
==== End Of File ===========================



Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
S
p
y
w
a
r
e
ECHO is off.
D
o
c
t
o
r
ECHO is off.
w
i
t
h
ECHO is off.
A
n
t
i
V
i
r
u
s
ECHO is off.
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spyware Doctor 7.0
CCleaner
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:13 on 07/12/2012 (Clayton Bruyn)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

Edited by outofbody, 07 December 2012 - 01:23 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:51 AM

Posted 07 December 2012 - 11:22 AM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 outofbody

outofbody
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 07 December 2012 - 02:44 PM

I had no issues running these programs. I am not seeing any IE processes at this time but am still experiencing the wave volume issue. I will keep an eye on my task manager through out the day and let you know in the next post if anything changes.

# AdwCleaner v2.011 - Logfile created 12/07/2012 at 13:34:39
# Updated 02/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Clayton Bruyn - CLAYTONS-PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Clayton Bruyn\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Clayton Bruyn\Application Data\Mozilla\Firefox\Profiles\p5yrhroq.default\prefs.js

C:\Documents and Settings\Clayton Bruyn\Application Data\Mozilla\Firefox\Profiles\p5yrhroq.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Clayton Bruyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2612 octets] - [07/12/2012 13:34:39]

########## EOF - C:\AdwCleaner[S1].txt - [2672 octets] ##########


RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Clayton Bruyn [Admin rights]
Mode : Remove -- Date : 12/07/2012 13:39:48

Bad processes : 2
[][DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : C:\Documents and Settings\Clayton Bruyn\Local Settings\Application Data\Threat Expert\oyafvpfa.dll -> KILLED [TermProc]
[SUSP PATH] svcxdcl32.exe -- C:\Documents and Settings\Clayton Bruyn\Local Settings\Application Data\svcxdcl32.exe -> KILLED [TermProc]

Registry Entries : 3
[RUN][NOTFOUND] HKCU\[...]\Run : Threat Expert (RUNDLL32.EXE "C:\Documents and Settings\Clayton Bruyn\Local Settings\Application Data\Threat Expert\oyafvpfa.dll",ir_fe_ocr_1line) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Svc2dll (C:\Documents and Settings\Clayton Bruyn\Local Settings\Application Data\svcxdcl32.exe) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [LOADED]
IRP[DriverStartIo] : atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8ADEB2E2)

Extern Hives:
-> D:\windows\system32\config\SOFTWARE
-> D:\Documents and Settings\Clayton\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT
-> D:\Documents and Settings\LocalService\NTUSER.DAT
-> D:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
-> D:\Documents and Settings\LocalService.NT AUTHORITY.000\NTUSER.DAT
-> D:\Documents and Settings\LocalService.NT AUTHORITY.001\NTUSER.DAT
-> D:\Documents and Settings\NetworkService\NTUSER.DAT
-> D:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
-> D:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT
-> D:\Documents and Settings\NetworkService.NT AUTHORITY.001\NTUSER.DAT

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD1600JB-00GVA0 +++++
--- User ---
[MBR] 760b16fb0f1364fa3e6de40946f1865f
[BSP] f082e4e89ec42ed5bc7fdbabecc5c044 : Standard MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 2d173e5653fea94507aa1481c5e191b2
[BSP] 3836cd11e39879aa2b65f25983cfb01e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 21bf19ccf88e58949696184627f4e258
[BSP] 3836cd11e39879aa2b65f25983cfb01e : Windows XP MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo

Finished : << RKreport[2]_D_12072012_02d1339.txt >>
RKreport[1]_S_12072012_02d1338.txt ; RKreport[2]_D_12072012_02d1339.txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:51 AM

Posted 07 December 2012 - 02:55 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 outofbody

outofbody
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 07 December 2012 - 05:10 PM

Hi Gringo,
Combofix, is all finished. I did have to install the Recovery Console, but other than that there were no issues running the program. From step 1 till now I have noticed a much greater response time from the computer. From two days ago when the pc would stall booting up or opening a browser to the now immediate action. I have been paying attention to my task manager since my last post and have seen no random IE processes. However, I am still receiving a lose of wave audio. I tested it again through various media formats and just about every two minutes my sound drops out and i have to go into the volume control panel and turn the wave volume up from 0%. Here is the report from combo fix. Thank You so much for all your help thus far!

ComboFix 12-12-04.01 - Clayton Bruyn 12/07/2012 15:32:58.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2469 [GMT -6:00]
Running from: c:\documents and settings\Clayton Bruyn\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Clayton Bruyn\Local Settings\Application Data\svcxdcl32.exe
c:\documents and settings\Clayton Bruyn\wgsdgsdgdsgsd.exe
c:\windows\explorer(2).exe
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\service
c:\windows\system32\service\03072010_TIS17_SfFniAU.log
c:\windows\system32\service\13072010_TIS17_SfFniAU.log
c:\windows\system32\service\19072010_TIS17_SfFniAU.log
c:\windows\system32\service\21072010_TIS17_SfFniAU.log
c:\windows\system32\service\22072010_TIS17_SfFniAU.log
c:\windows\system32\service\30072010_TIS17_SfFniAU.log
c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-07 to 2012-12-07 )))))))))))))))))))))))))))))))
.
.
2012-12-07 00:42 . 2012-12-07 00:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2012-12-06 20:05 . 2012-12-06 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2012-12-06 20:05 . 2012-12-06 20:05 53248 ----a-r- c:\documents and settings\Clayton Bruyn\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-12-06 20:05 . 2012-12-06 20:05 -------- d-----w- c:\documents and settings\Clayton Bruyn\Local Settings\Application Data\Logishrd
2012-12-06 20:05 . 2008-04-14 11:41 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2012-12-06 20:04 . 2012-12-06 20:04 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-12-06 20:03 . 2012-12-06 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2012-12-06 20:03 . 2012-12-06 20:03 -------- d-----w- c:\program files\Logitech
2012-12-06 19:58 . 2012-12-06 19:58 -------- d-----w- c:\documents and settings\Clayton Bruyn\Application Data\Logishrd
2012-11-27 01:13 . 2012-11-27 01:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-11-27 01:12 . 2012-11-27 01:12 -------- d-sh--w- c:\documents and settings\Clayton Bruyn\IETldCache
2012-11-27 00:54 . 2012-08-28 15:14 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-11-27 00:53 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-11-27 00:53 . 2012-08-28 15:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-11-27 00:53 . 2012-08-28 15:14 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-11-27 00:53 . 2012-08-28 15:14 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-11-27 00:52 . 2012-11-27 00:53 -------- dc-h--w- c:\windows\ie8
2012-11-27 00:47 . 2012-11-27 00:47 -------- d-----w- c:\program files\MSXML 4.0
2012-11-27 00:36 . 2008-04-14 10:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-11-27 00:32 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-11-27 00:32 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-11-27 00:31 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-11-27 00:31 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-11-27 00:29 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-11-27 00:29 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-11-27 00:29 . 2011-02-08 13:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2012-11-27 00:29 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-11-27 00:29 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-11-27 00:28 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-11-27 00:27 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-11-27 00:27 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-11-20 18:27 . 2012-11-20 18:27 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-11-18 08:50 . 2012-11-18 08:50 -------- d-----w- c:\documents and settings\Clayton Bruyn\Local Settings\Application Data\SWTOR
2012-11-17 23:46 . 2012-11-17 23:50 -------- d-----w- c:\program files\Common Files\BioWare
2012-11-17 23:46 . 2012-11-17 23:46 -------- d-----w- c:\program files\Electronic Arts
2012-11-17 23:46 . 2012-11-17 23:46 -------- d-----w- C:\Users
2012-11-12 10:56 . 2012-12-06 08:18 -------- d-----w- c:\documents and settings\Clayton Bruyn\Application Data\Mumble
2012-11-12 10:55 . 2012-11-12 10:55 -------- d-----w- c:\program files\Mumble
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 08:37 . 2002-08-29 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 10:32 . 2012-07-16 07:47 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 10:32 . 2012-07-16 07:47 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-02 18:04 . 2002-08-29 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-23 14:28 . 2012-10-11 02:58 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-09-23 14:28 . 2012-10-11 02:58 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-09-23 14:28 . 2010-12-04 01:43 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-09-23 14:28 . 2010-07-02 07:25 12557728 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-09-23 14:28 . 2010-07-02 07:25 4494208 ----a-w- c:\windows\system32\nv4_disp.dll
2012-09-23 14:28 . 2010-04-28 22:11 7446528 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-23 14:28 . 2010-04-28 22:11 2578792 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-23 14:28 . 2010-04-28 22:11 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-23 14:28 . 2010-04-28 22:11 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-23 14:28 . 2007-04-13 03:44 2376704 ----a-w- c:\windows\system32\nvapi.dll
2012-09-23 14:28 . 2007-04-13 03:44 19103744 ----a-w- c:\windows\system32\nvoglnt.dll
2012-09-23 13:09 . 2010-04-28 22:47 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-09-23 13:09 . 2010-04-28 22:47 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-09-23 13:09 . 2010-04-28 22:47 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-09-23 13:09 . 2010-04-28 22:47 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-09-23 13:09 . 2010-04-28 22:47 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-09-23 13:09 . 2010-04-28 22:47 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-09-23 13:09 . 2010-04-28 22:47 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-09-23 13:09 . 2010-04-28 22:47 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-09-23 13:09 . 2010-04-28 22:47 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-09-23 13:09 . 2010-04-28 22:47 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-09-23 13:09 . 2010-04-28 22:47 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-09-23 13:09 . 2010-04-28 22:47 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-09-23 13:09 . 2010-04-28 22:47 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-09-23 13:09 . 2010-04-28 22:47 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-09-23 13:09 . 2010-04-28 22:47 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-09-23 13:09 . 2010-04-28 22:47 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-09-23 13:09 . 2010-04-28 22:47 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-09-23 13:09 . 2010-04-28 22:47 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-09-23 13:09 . 2010-04-28 22:47 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-09-23 13:09 . 2010-04-28 22:47 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-09-23 13:09 . 2010-04-28 22:47 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-09-23 13:09 . 2010-04-28 22:47 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-09-23 13:09 . 2010-04-28 22:47 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-09-23 13:09 . 2010-04-28 22:47 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-09-23 13:09 . 2010-04-28 22:47 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-09-23 13:09 . 2010-04-28 22:47 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-09-23 13:09 . 2010-04-28 22:47 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-09-23 13:09 . 2010-04-28 22:47 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-09-23 13:04 . 2010-10-16 18:04 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-09-23 13:04 . 2010-10-16 18:04 15512424 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-23 13:04 . 2010-10-16 18:04 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-09-23 13:04 . 2010-10-16 18:04 164200 ----a-w- c:\windows\system32\nvsvc32.exe
2012-09-23 13:04 . 2010-10-16 18:04 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-09-18 09:33 . 2012-09-18 09:33 55096 ----a-w- c:\windows\system32\LMouFiltCoInst.dll
2012-09-18 09:33 . 2012-09-18 09:33 1583928 ----a-w- c:\windows\system32\LkmdfCoInst.dll
2012-09-18 09:33 . 2009-06-17 16:56 39608 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2012-09-18 09:33 . 2009-06-17 16:56 43960 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2012-09-18 09:32 . 2012-06-20 18:51 12216 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2012-09-18 09:32 . 2009-06-17 16:55 12216 ----a-w- c:\windows\system32\drivers\LHidEqd.sys
2012-09-18 09:32 . 2009-06-17 16:55 43704 ----a-w- c:\windows\system32\drivers\LEqdUsb.sys
2012-12-05 01:20 . 2012-12-05 01:20 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-29 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 1851192]
.
c:\documents and settings\Clayton Bruyn\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2012-10-01 07:22 66360 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Connection Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
backup=c:\windows\pss\Wireless Connection Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Clayton Bruyn^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\documents and settings\Clayton Bruyn\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-01-05 17:11 4321112 -c--a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 02:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2007-01-19 16:49 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G DWL-G510]
2007-10-24 19:30 1552384 ----a-w- c:\program files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 18:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-05-11 16:51 1287120 -c--a-w- c:\program files\Spyware Doctor\pctsTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 20:33 421160 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-11-20 03:48 2254768 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 -c----w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2009-07-08 07:53 472112 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-07-07 19:48 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-09-23 13:04 15512424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-09-23 13:04 108392 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-09-23 14:28 1634112 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-10-30 03:49 16269312 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 02:04 2879488 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-11-30 08:45 1354736 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 16:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-03-29 13:19 273544 -c--a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-03-29 12:45 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSVC"=2 (0x2)
"Hamachi2Svc"=2 (0x2)
"Browser Defender Update Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"sprtsvc_ddoctorv2"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"nvUpdatusService"=2 (0x2)
"NVSvc"=2 (0x2)
"nmservice"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
"McComponentHostService"=3 (0x3)
"LBTServ"=3 (0x3)
"jswpsapi"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\worms reloaded\\WormsReloaded.exe"=
"c:\\Program Files\\Steam\\steamapps\\claytonbruyn@hotmail.com\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\claytonbruyn@hotmail.com\\half-life blue shift\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\claytonbruyn@hotmail.com\\opposing force\\hl.exe"=
"c:\\Program Files\\THQ\\Dawn of War\\W40kWA.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Steam\\steamapps\\gm_daliwamma@hotmail.com\\team fortress 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\plain sight\\PlainSight.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Red Faction\\RedFaction.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Red Faction\\RF.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Crusader Kings II\\ck2game.exe"=
"c:\\Program Files\\Steam\\steamapps\\claytonbruyn@hotmail.com\\day of defeat\\hl.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Audiosurf\\engine\\QuestViewer.exe"=
"c:\\Program Files\\Steam\\steamapps\\gm_daliwamma@hotmail.com\\counter-strike source\\hl2.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/30/2010 12:20 PM 218592]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/20/2012 12:51 PM 12216]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [6/15/2011 12:20 PM 20480]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [6/15/2011 12:20 PM 57440]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 10:55 AM 43704]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 10:55 AM 12216]
R3 ntkvpnMP;ntkvpnMP;c:\windows\system32\drivers\ntkvpn.sys [12/13/2010 12:14 PM 28768]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [3/22/2005 6:17 PM 547744]
S3 ntkvpn;Loki VPN Service;c:\windows\system32\drivers\ntkvpn.sys [12/13/2010 12:14 PM 28768]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [7/30/2010 12:22 PM 112592]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [11/19/2012 9:48 PM 1435568]
S4 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\D-Link\DWA-552 revA\jswpsapi.exe [6/15/2011 12:20 PM 356433]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [9/3/2010 12:45 AM 227232]
S4 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [7/30/2010 12:20 PM 233136]
S4 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [7/30/2010 12:20 PM 63360]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/30/2010 12:20 PM 366840]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/4/2010 1:14 PM 691696]
S4 WLSVC;WLSVC;c:\program files\D-Link\DWA-552 revA\WLSVC.exe [6/15/2011 12:20 PM 167936]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 10:32]
.
2012-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
2012-12-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1364589140-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-12-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1364589140-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-12-06 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-11-22 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://go.purenetworks.com/redir/click/tour/?pn=nm&a=5%2E5%2E9195%2E0&as=0&ad=1&bt=shp&b=Pure&dc=Pure0&dt=OLN&k=1343447090&ct=&ag=d48e81ad0db254cc&g=96bd8435db981863%2Ca89af72608316cd9&lcid=1033&ulcid=1033&am=99&it=clean
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: microsoft.com\www.update
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1D53452F-E91A-4D63-8BE6-B1594C2F4CF6}: NameServer = 208.67.222.222,208.67.220.220
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Clayton Bruyn\Application Data\Mozilla\Firefox\Profiles\p5yrhroq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.xfinity.com/customer/start/?attr=self&cid=insDate04012011
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2010-07-05 21:14; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-DriverCD - E:\Run.exe
MSConfigStartUp-Kernel and Hardware Abstraction Layer - KHALMNPR.EXE
MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
AddRemove-DaggerfallSetup_is1 - c:\program files\Bethesda Softworks\Daggerfall\unins000.exe
AddRemove-Deus Ex - c:\deusex\System\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-07 15:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3500630AS rev.3.AAK -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8ADEB2E2
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-725345543-1364589140-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:dd,97,97,4f,fd,28,3b,47,b1,da,1b,d1,fc,c6,0d,04,2d,5c,1c,e4,42,
3a,19,9f,48,36,3f,aa,2a,f5,b2,1e,6c,2b,be,f2,33,b3,8c,00,a1,94,fe,a0,82,25,\
"rkeysecu"=hex:38,eb,0d,2a,b7,13,e0,06,5d,ac,b4,ee,bb,94,3e,d0
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1496)
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'lsass.exe'(1556)
c:\windows\system32\WININET.dll
.
Completion time: 2012-12-07 15:50:36
ComboFix-quarantined-files.txt 2012-12-07 21:50
.
Pre-Run: 41,487,572,992 bytes free
Post-Run: 42,292,101,120 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
.
- - End Of File - - 810FF33A1A1E541AA1B1D4C0D9838BEE

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:51 AM

Posted 07 December 2012 - 09:12 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 outofbody

outofbody
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 09 December 2012 - 04:39 PM

Hello,
No problems running the programs.

15:18:05.0625 1572 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:18:05.0937 1572 ============================================================
15:18:05.0937 1572 Current date / time: 2012/12/09 15:18:05.0937
15:18:05.0937 1572 SystemInfo:
15:18:05.0937 1572
15:18:05.0937 1572 OS Version: 5.1.2600 ServicePack: 3.0
15:18:05.0937 1572 Product type: Workstation
15:18:05.0937 1572 ComputerName: CLAYTONS-PC
15:18:05.0937 1572 UserName: Clayton Bruyn
15:18:05.0937 1572 Windows directory: C:\WINDOWS
15:18:05.0937 1572 System windows directory: C:\WINDOWS
15:18:05.0937 1572 Processor architecture: Intel x86
15:18:05.0937 1572 Number of processors: 2
15:18:05.0937 1572 Page size: 0x1000
15:18:05.0937 1572 Boot type: Normal boot
15:18:05.0937 1572 ============================================================
15:18:06.0812 1572 Drive \Device\Harddisk0\DR0 - Size: 0x25432CDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:18:06.0812 1572 Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:18:06.0812 1572 ============================================================
15:18:06.0812 1572 \Device\Harddisk0\DR0:
15:18:06.0812 1572 MBR partitions:
15:18:06.0812 1572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
15:18:06.0812 1572 \Device\Harddisk1\DR1:
15:18:06.0812 1572 MBR partitions:
15:18:06.0812 1572 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
15:18:06.0812 1572 ============================================================
15:18:06.0859 1572 C: <-> \Device\Harddisk1\DR1\Partition1
15:18:06.0875 1572 D: <-> \Device\Harddisk0\DR0\Partition1
15:18:06.0890 1572 ============================================================
15:18:06.0890 1572 Initialize success
15:18:06.0890 1572 ============================================================
15:18:10.0406 3928 ============================================================
15:18:10.0406 3928 Scan started
15:18:10.0406 3928 Mode: Manual;
15:18:10.0406 3928 ============================================================
15:18:11.0218 3928 ================ Scan system memory ========================
15:18:11.0234 3928 System memory - ok
15:18:11.0234 3928 ================ Scan services =============================
15:18:11.0406 3928 [ 21AF8E9C727C6D7643AD497268F55BF1 ] A3AB C:\WINDOWS\system32\DRIVERS\A3AB.sys
15:18:11.0421 3928 A3AB - ok
15:18:11.0421 3928 Abiosdsk - ok
15:18:11.0421 3928 abp480n5 - ok
15:18:11.0468 3928 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:18:11.0468 3928 ACPI - ok
15:18:11.0500 3928 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:18:11.0500 3928 ACPIEC - ok
15:18:11.0562 3928 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:18:11.0562 3928 AdobeFlashPlayerUpdateSvc - ok
15:18:11.0578 3928 adpu160m - ok
15:18:11.0640 3928 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:18:11.0671 3928 aec - ok
15:18:11.0703 3928 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:18:11.0734 3928 AFD - ok
15:18:11.0734 3928 Aha154x - ok
15:18:11.0734 3928 aic78u2 - ok
15:18:11.0750 3928 aic78xx - ok
15:18:11.0781 3928 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:18:11.0781 3928 Alerter - ok
15:18:11.0796 3928 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:18:11.0812 3928 ALG - ok
15:18:11.0812 3928 AliIde - ok
15:18:11.0859 3928 [ 0A4D13B388C814560BD69C3A496ECFA8 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
15:18:11.0859 3928 AmdK8 - ok
15:18:11.0859 3928 amsint - ok
15:18:11.0890 3928 [ 920298C7AEF97D8168D219D35975D295 ] ANIO C:\WINDOWS\system32\ANIO.SYS
15:18:11.0890 3928 ANIO - ok
15:18:11.0984 3928 [ AA3D68F26B2A27F660AFC46039B061A4 ] ANIWZCSdService C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
15:18:11.0984 3928 ANIWZCSdService - ok
15:18:12.0031 3928 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:18:12.0031 3928 Apple Mobile Device - ok
15:18:12.0078 3928 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:18:12.0078 3928 AppMgmt - ok
15:18:12.0140 3928 [ 1B8FABA82AD0946451440AC30E492C71 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
15:18:12.0156 3928 AR5416 - ok
15:18:12.0187 3928 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:18:12.0187 3928 Arp1394 - ok
15:18:12.0203 3928 asc - ok
15:18:12.0203 3928 asc3350p - ok
15:18:12.0203 3928 asc3550 - ok
15:18:12.0343 3928 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:18:12.0390 3928 aspnet_state - ok
15:18:12.0406 3928 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:18:12.0406 3928 AsyncMac - ok
15:18:12.0437 3928 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:18:12.0437 3928 atapi - ok
15:18:12.0437 3928 Atdisk - ok
15:18:12.0468 3928 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:18:12.0468 3928 Atmarpc - ok
15:18:12.0484 3928 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:18:12.0484 3928 AudioSrv - ok
15:18:12.0531 3928 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:18:12.0531 3928 audstub - ok
15:18:12.0578 3928 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:18:12.0578 3928 Beep - ok
15:18:12.0625 3928 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
15:18:12.0640 3928 BITS - ok
15:18:12.0718 3928 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:18:12.0734 3928 Bonjour Service - ok
15:18:12.0750 3928 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
15:18:12.0750 3928 Browser - ok
15:18:12.0859 3928 [ 21FA3E51618FF8E2F4B29964ABC5884F ] Browser Defender Update Service C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
15:18:12.0859 3928 Browser Defender Update Service - ok
15:18:12.0968 3928 catchme - ok
15:18:13.0000 3928 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:18:13.0000 3928 cbidf2k - ok
15:18:13.0000 3928 cd20xrnt - ok
15:18:13.0031 3928 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:18:13.0031 3928 Cdaudio - ok
15:18:13.0046 3928 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:18:13.0062 3928 Cdfs - ok
15:18:13.0078 3928 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:18:13.0078 3928 Cdrom - ok
15:18:13.0093 3928 Changer - ok
15:18:13.0125 3928 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:18:13.0125 3928 CiSvc - ok
15:18:13.0140 3928 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:18:13.0140 3928 ClipSrv - ok
15:18:13.0171 3928 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:18:13.0187 3928 clr_optimization_v2.0.50727_32 - ok
15:18:13.0203 3928 CmdIde - ok
15:18:13.0203 3928 COMSysApp - ok
15:18:13.0218 3928 Cpqarray - ok
15:18:13.0281 3928 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:18:13.0281 3928 CryptSvc - ok
15:18:13.0281 3928 dac2w2k - ok
15:18:13.0296 3928 dac960nt - ok
15:18:13.0343 3928 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:18:13.0343 3928 DcomLaunch - ok
15:18:13.0390 3928 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:18:13.0406 3928 Dhcp - ok
15:18:13.0437 3928 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:18:13.0453 3928 Disk - ok
15:18:13.0453 3928 dmadmin - ok
15:18:13.0500 3928 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:18:13.0515 3928 dmboot - ok
15:18:13.0515 3928 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:18:13.0515 3928 dmio - ok
15:18:13.0531 3928 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:18:13.0531 3928 dmload - ok
15:18:13.0546 3928 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:18:13.0546 3928 dmserver - ok
15:18:13.0562 3928 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:18:13.0562 3928 DMusic - ok
15:18:13.0593 3928 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:18:13.0593 3928 Dnscache - ok
15:18:13.0609 3928 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:18:13.0625 3928 Dot3svc - ok
15:18:13.0625 3928 dpti2o - ok
15:18:13.0625 3928 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:18:13.0625 3928 drmkaud - ok
15:18:13.0671 3928 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:18:13.0671 3928 EapHost - ok
15:18:13.0687 3928 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:18:13.0687 3928 ERSvc - ok
15:18:13.0734 3928 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:18:13.0734 3928 Eventlog - ok
15:18:13.0781 3928 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
15:18:13.0781 3928 EventSystem - ok
15:18:13.0796 3928 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:18:13.0796 3928 Fastfat - ok
15:18:13.0828 3928 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:18:13.0843 3928 FastUserSwitchingCompatibility - ok
15:18:13.0843 3928 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:18:13.0843 3928 Fdc - ok
15:18:13.0890 3928 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:18:13.0890 3928 Fips - ok
15:18:13.0921 3928 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:18:13.0921 3928 Flpydisk - ok
15:18:13.0953 3928 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:18:13.0953 3928 FltMgr - ok
15:18:14.0015 3928 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:18:14.0015 3928 FontCache3.0.0.0 - ok
15:18:14.0031 3928 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:18:14.0031 3928 Fs_Rec - ok
15:18:14.0031 3928 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:18:14.0031 3928 Ftdisk - ok
15:18:14.0046 3928 gdrv - ok
15:18:14.0093 3928 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:18:14.0093 3928 GEARAspiWDM - ok
15:18:14.0125 3928 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:18:14.0125 3928 Gpc - ok
15:18:14.0187 3928 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
15:18:14.0187 3928 hamachi - ok
15:18:14.0281 3928 [ A7EBBF64C7610B7C67D46AE620AADBA3 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
15:18:14.0296 3928 Hamachi2Svc - ok
15:18:14.0312 3928 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:18:14.0312 3928 HDAudBus - ok
15:18:14.0375 3928 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:18:14.0375 3928 helpsvc - ok
15:18:14.0421 3928 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
15:18:14.0421 3928 HidServ - ok
15:18:14.0453 3928 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:18:14.0453 3928 hidusb - ok
15:18:14.0484 3928 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:18:14.0484 3928 hkmsvc - ok
15:18:14.0500 3928 hpn - ok
15:18:14.0593 3928 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:18:14.0609 3928 hpqcxs08 - ok
15:18:14.0640 3928 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:18:14.0640 3928 hpqddsvc - ok
15:18:14.0671 3928 [ 14229263AA19C704E0D6D2E7404A8455 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
15:18:14.0671 3928 HPSLPSVC - ok
15:18:14.0703 3928 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:18:14.0703 3928 HPZid412 - ok
15:18:14.0734 3928 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:18:14.0734 3928 HPZipr12 - ok
15:18:14.0750 3928 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:18:14.0750 3928 HPZius12 - ok
15:18:14.0781 3928 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:18:14.0781 3928 HTTP - ok
15:18:14.0812 3928 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:18:14.0812 3928 HTTPFilter - ok
15:18:14.0812 3928 i2omgmt - ok
15:18:14.0812 3928 i2omp - ok
15:18:14.0843 3928 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:18:14.0859 3928 i8042prt - ok
15:18:14.0968 3928 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:18:14.0984 3928 idsvc - ok
15:18:15.0015 3928 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:18:15.0015 3928 Imapi - ok
15:18:15.0062 3928 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:18:15.0062 3928 ImapiService - ok
15:18:15.0062 3928 ini910u - ok
15:18:15.0203 3928 [ 47F27AF890DA3E51C633FDD510910115 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:18:15.0218 3928 IntcAzAudAddService - ok
15:18:15.0234 3928 IntelIde - ok
15:18:15.0265 3928 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:18:15.0265 3928 ip6fw - ok
15:18:15.0281 3928 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:18:15.0281 3928 IpFilterDriver - ok
15:18:15.0296 3928 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:18:15.0296 3928 IpInIp - ok
15:18:15.0328 3928 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:18:15.0328 3928 IpNat - ok
15:18:15.0375 3928 [ 9033D67B7112D23EDED6789BACDED128 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:18:15.0390 3928 iPod Service - ok
15:18:15.0390 3928 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:18:15.0390 3928 IPSec - ok
15:18:15.0421 3928 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:18:15.0421 3928 IRENUM - ok
15:18:15.0437 3928 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:18:15.0437 3928 isapnp - ok
15:18:15.0484 3928 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
15:18:15.0500 3928 JavaQuickStarterService - ok
15:18:15.0546 3928 [ E8DC67BA8D13D07D9EC5AC60643A85A8 ] jswpsapi C:\Program Files\D-Link\DWA-552 revA\jswpsapi.exe
15:18:15.0562 3928 jswpsapi - ok
15:18:15.0593 3928 [ AD67795900AA8C05CC4570F5349E0639 ] JSWSCIMD C:\WINDOWS\system32\DRIVERS\jswscimd.sys
15:18:15.0593 3928 JSWSCIMD - ok
15:18:15.0625 3928 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:18:15.0625 3928 Kbdclass - ok
15:18:15.0640 3928 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:18:15.0640 3928 kbdhid - ok
15:18:15.0671 3928 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:18:15.0687 3928 kmixer - ok
15:18:15.0718 3928 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:18:15.0734 3928 KSecDD - ok
15:18:15.0796 3928 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:18:15.0796 3928 lanmanserver - ok
15:18:15.0828 3928 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:18:15.0828 3928 lanmanworkstation - ok
15:18:15.0859 3928 [ 12E54181D584F72296FD6EC72309BD94 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
15:18:15.0859 3928 LBeepKE - ok
15:18:15.0875 3928 lbrtfdc - ok
15:18:15.0953 3928 [ 54581F1B8A4B517040AD316E5C430A2C ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:18:15.0953 3928 LBTServ - ok
15:18:15.0984 3928 [ 2A727534372EDE8C0A4EDB1F037A44BF ] LEqdUsb C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
15:18:15.0984 3928 LEqdUsb - ok
15:18:16.0015 3928 [ 9C694DFC271AC043E4FA8DDF8BB4C57E ] LHidEqd C:\WINDOWS\system32\Drivers\LHidEqd.Sys
15:18:16.0015 3928 LHidEqd - ok
15:18:16.0031 3928 [ 5001C2B3557B53DED02ABED3BCC6FD2D ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:18:16.0031 3928 LHidFilt - ok
15:18:16.0062 3928 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:18:16.0062 3928 LmHosts - ok
15:18:16.0093 3928 [ 3AD9369E5D17014971A11728F198994C ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:18:16.0093 3928 LMouFilt - ok
15:18:16.0140 3928 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe
15:18:16.0140 3928 McComponentHostService - ok
15:18:16.0171 3928 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:18:16.0171 3928 Messenger - ok
15:18:16.0203 3928 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:18:16.0203 3928 mnmdd - ok
15:18:16.0234 3928 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
15:18:16.0234 3928 mnmsrvc - ok
15:18:16.0265 3928 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:18:16.0265 3928 Modem - ok
15:18:16.0281 3928 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:18:16.0281 3928 Mouclass - ok
15:18:16.0296 3928 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:18:16.0296 3928 mouhid - ok
15:18:16.0328 3928 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:18:16.0343 3928 MountMgr - ok
15:18:16.0406 3928 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:18:16.0421 3928 MozillaMaintenance - ok
15:18:16.0421 3928 mraid35x - ok
15:18:16.0421 3928 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:18:16.0437 3928 MRxDAV - ok
15:18:16.0468 3928 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:18:16.0484 3928 MRxSmb - ok
15:18:16.0515 3928 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
15:18:16.0515 3928 MSDTC - ok
15:18:16.0531 3928 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:18:16.0531 3928 Msfs - ok
15:18:16.0531 3928 MSIServer - ok
15:18:16.0562 3928 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:18:16.0562 3928 MSKSSRV - ok
15:18:16.0578 3928 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:18:16.0578 3928 MSPCLOCK - ok
15:18:16.0578 3928 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:18:16.0578 3928 MSPQM - ok
15:18:16.0609 3928 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:18:16.0609 3928 mssmbios - ok
15:18:16.0640 3928 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:18:16.0640 3928 Mup - ok
15:18:16.0671 3928 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:18:16.0687 3928 napagent - ok
15:18:16.0703 3928 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:18:16.0718 3928 NDIS - ok
15:18:16.0734 3928 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:18:16.0734 3928 NdisTapi - ok
15:18:16.0750 3928 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:18:16.0750 3928 Ndisuio - ok
15:18:16.0765 3928 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:18:16.0765 3928 NdisWan - ok
15:18:16.0781 3928 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:18:16.0781 3928 NDProxy - ok
15:18:16.0828 3928 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\System32\HPZinw12.dll
15:18:16.0828 3928 Net Driver HPZ12 - ok
15:18:16.0828 3928 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:18:16.0828 3928 NetBIOS - ok
15:18:16.0843 3928 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:18:16.0843 3928 NetBT - ok
15:18:16.0875 3928 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:18:16.0875 3928 NetDDE - ok
15:18:16.0890 3928 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:18:16.0890 3928 NetDDEdsdm - ok
15:18:16.0921 3928 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:18:16.0921 3928 Netlogon - ok
15:18:16.0937 3928 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:18:16.0937 3928 Netman - ok
15:18:16.0968 3928 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:18:16.0968 3928 NetTcpPortSharing - ok
15:18:17.0000 3928 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:18:17.0000 3928 NIC1394 - ok
15:18:17.0015 3928 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:18:17.0015 3928 Nla - ok
15:18:17.0109 3928 [ CD569FA91EC6F59D045C19D0D3850F44 ] nmservice C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
15:18:17.0109 3928 nmservice - ok
15:18:17.0125 3928 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:18:17.0125 3928 Npfs - ok
15:18:17.0140 3928 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:18:17.0156 3928 Ntfs - ok
15:18:17.0203 3928 [ 3A66B1BCFD4A75624700AA051323BA21 ] ntkvpn C:\WINDOWS\system32\DRIVERS\ntkvpn.sys
15:18:17.0203 3928 ntkvpn - ok
15:18:17.0203 3928 [ 3A66B1BCFD4A75624700AA051323BA21 ] ntkvpnMP C:\WINDOWS\system32\DRIVERS\ntkvpn.sys
15:18:17.0203 3928 ntkvpnMP - ok
15:18:17.0203 3928 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
15:18:17.0203 3928 NtLmSsp - ok
15:18:17.0234 3928 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:18:17.0250 3928 NtmsSvc - ok
15:18:17.0265 3928 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:18:17.0265 3928 Null - ok
15:18:17.0593 3928 [ 68B8C35782FFD20973524F748234B5A9 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:18:17.0859 3928 nv - ok
15:18:17.0875 3928 [ 1B83B60541BE1B6DB81641C448007F21 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:18:17.0875 3928 NVENETFD - ok
15:18:17.0890 3928 [ A211AB524324E84C2C805B52DFCDD544 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
15:18:17.0890 3928 NVHDA - ok
15:18:17.0906 3928 [ 57B669F9234604A350174B86764444B0 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:18:17.0921 3928 nvnetbus - ok
15:18:17.0953 3928 [ FFD30DAAF62D605069F6EB42D2E807C3 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
15:18:17.0953 3928 NVSvc - ok
15:18:18.0031 3928 [ 210EE09CB9C2655E55BD48D851369DC1 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:18:18.0062 3928 nvUpdatusService - ok
15:18:18.0093 3928 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:18:18.0093 3928 NwlnkFlt - ok
15:18:18.0093 3928 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:18:18.0109 3928 NwlnkFwd - ok
15:18:18.0125 3928 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:18:18.0125 3928 ohci1394 - ok
15:18:18.0171 3928 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:18:18.0171 3928 Parport - ok
15:18:18.0171 3928 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:18:18.0171 3928 PartMgr - ok
15:18:18.0203 3928 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:18:18.0203 3928 ParVdm - ok
15:18:18.0218 3928 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:18:18.0218 3928 PCI - ok
15:18:18.0218 3928 PCIDump - ok
15:18:18.0218 3928 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:18:18.0234 3928 PCIIde - ok
15:18:18.0265 3928 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:18:18.0265 3928 Pcmcia - ok
15:18:18.0312 3928 [ 807FF1DD6E1BDF8E7D2062FCA0DAECAF ] PCTCore C:\WINDOWS\system32\drivers\PCTCore.sys
15:18:18.0312 3928 PCTCore - ok
15:18:18.0343 3928 [ D15669BD3E1CF18F00B46A7949EA541F ] pctgntdi C:\WINDOWS\system32\drivers\pctgntdi.sys
15:18:18.0343 3928 pctgntdi - ok
15:18:18.0406 3928 [ 30C931FCB8DF713BCD2FB7CE763A0B47 ] pctplsg C:\WINDOWS\system32\drivers\pctplsg.sys
15:18:18.0421 3928 pctplsg - ok
15:18:18.0421 3928 PDCOMP - ok
15:18:18.0421 3928 PDFRAME - ok
15:18:18.0437 3928 PDRELI - ok
15:18:18.0437 3928 PDRFRAME - ok
15:18:18.0453 3928 perc2 - ok
15:18:18.0453 3928 perc2hib - ok
15:18:18.0500 3928 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:18:18.0500 3928 PlugPlay - ok
15:18:18.0515 3928 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\System32\HPZipm12.dll
15:18:18.0515 3928 Pml Driver HPZ12 - ok
15:18:18.0546 3928 [ 36FCAC4FA28B462CA867742DEA59B0D0 ] pnarp C:\WINDOWS\system32\DRIVERS\pnarp.sys
15:18:18.0546 3928 pnarp - ok
15:18:18.0562 3928 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:18:18.0562 3928 PolicyAgent - ok
15:18:18.0562 3928 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:18:18.0562 3928 PptpMiniport - ok
15:18:18.0593 3928 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
15:18:18.0593 3928 Processor - ok
15:18:18.0593 3928 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:18:18.0593 3928 ProtectedStorage - ok
15:18:18.0609 3928 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:18:18.0609 3928 PSched - ok
15:18:18.0656 3928 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:18:18.0656 3928 Ptilink - ok
15:18:18.0687 3928 [ D8AC00388262B1A4878A7EE12F31D376 ] purendis C:\WINDOWS\system32\DRIVERS\purendis.sys
15:18:18.0687 3928 purendis - ok
15:18:18.0687 3928 ql1080 - ok
15:18:18.0687 3928 Ql10wnt - ok
15:18:18.0703 3928 ql12160 - ok
15:18:18.0703 3928 ql1240 - ok
15:18:18.0718 3928 ql1280 - ok
15:18:18.0750 3928 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:18:18.0750 3928 RasAcd - ok
15:18:18.0781 3928 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:18:18.0781 3928 RasAuto - ok
15:18:18.0796 3928 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:18:18.0796 3928 Rasl2tp - ok
15:18:18.0828 3928 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:18:18.0843 3928 RasMan - ok
15:18:18.0843 3928 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:18:18.0843 3928 RasPppoe - ok
15:18:18.0843 3928 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:18:18.0843 3928 Raspti - ok
15:18:18.0859 3928 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:18:18.0875 3928 Rdbss - ok
15:18:18.0890 3928 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:18:18.0890 3928 RDPCDD - ok
15:18:18.0890 3928 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:18:18.0890 3928 rdpdr - ok
15:18:18.0921 3928 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:18:18.0937 3928 RDPWD - ok
15:18:18.0968 3928 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:18:18.0968 3928 RDSessMgr - ok
15:18:18.0984 3928 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:18:18.0984 3928 redbook - ok
15:18:19.0000 3928 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:18:19.0000 3928 RemoteAccess - ok
15:18:19.0031 3928 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:18:19.0031 3928 RemoteRegistry - ok
15:18:19.0046 3928 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
15:18:19.0046 3928 RpcLocator - ok
15:18:19.0062 3928 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:18:19.0062 3928 RpcSs - ok
15:18:19.0093 3928 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
15:18:19.0093 3928 RSVP - ok
15:18:19.0109 3928 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:18:19.0109 3928 SamSs - ok
15:18:19.0125 3928 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:18:19.0125 3928 SCardSvr - ok
15:18:19.0171 3928 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:18:19.0187 3928 Schedule - ok
15:18:19.0234 3928 [ A1089AC7683826E6C7C9FAB9723DD80F ] sdAuxService C:\Program Files\Spyware Doctor\pctsAuxs.exe
15:18:19.0234 3928 sdAuxService - ok
15:18:19.0312 3928 [ 06F95756353653C7D505361117186713 ] sdCoreService C:\Program Files\Spyware Doctor\pctsSvc.exe
15:18:19.0343 3928 sdCoreService - ok
15:18:19.0375 3928 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:18:19.0375 3928 Secdrv - ok
15:18:19.0390 3928 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:18:19.0406 3928 seclogon - ok
15:18:19.0437 3928 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:18:19.0453 3928 SENS - ok
15:18:19.0453 3928 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:18:19.0453 3928 serenum - ok
15:18:19.0468 3928 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:18:19.0468 3928 Serial - ok
15:18:19.0484 3928 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:18:19.0484 3928 Sfloppy - ok
15:18:19.0531 3928 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:18:19.0531 3928 SharedAccess - ok
15:18:19.0546 3928 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:18:19.0546 3928 ShellHWDetection - ok
15:18:19.0562 3928 Simbad - ok
15:18:19.0562 3928 Sparrow - ok
15:18:19.0609 3928 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:18:19.0609 3928 splitter - ok
15:18:19.0640 3928 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:18:19.0640 3928 Spooler - ok
15:18:19.0718 3928 [ C3716EC0D36AD924B6888D794563E647 ] sprtsvc_ddoctorv2 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
15:18:19.0718 3928 sprtsvc_ddoctorv2 - ok
15:18:19.0765 3928 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
15:18:19.0781 3928 sptd - ok
15:18:19.0843 3928 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:18:19.0843 3928 sr - ok
15:18:19.0906 3928 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:18:19.0906 3928 srservice - ok
15:18:19.0921 3928 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:18:19.0937 3928 Srv - ok
15:18:19.0937 3928 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:18:19.0953 3928 SSDPSRV - ok
15:18:19.0968 3928 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:18:19.0968 3928 stisvc - ok
15:18:19.0984 3928 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:18:19.0984 3928 swenum - ok
15:18:20.0000 3928 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:18:20.0000 3928 swmidi - ok
15:18:20.0000 3928 SwPrv - ok
15:18:20.0015 3928 symc810 - ok
15:18:20.0015 3928 symc8xx - ok
15:18:20.0031 3928 sym_hi - ok
15:18:20.0046 3928 sym_u3 - ok
15:18:20.0062 3928 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:18:20.0062 3928 sysaudio - ok
15:18:20.0078 3928 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:18:20.0078 3928 SysmonLog - ok
15:18:20.0093 3928 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:18:20.0093 3928 TapiSrv - ok
15:18:20.0140 3928 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:18:20.0140 3928 Tcpip - ok
15:18:20.0156 3928 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:18:20.0156 3928 TDPIPE - ok
15:18:20.0171 3928 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:18:20.0171 3928 TDTCP - ok
15:18:20.0187 3928 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:18:20.0187 3928 TermDD - ok
15:18:20.0203 3928 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:18:20.0218 3928 TermService - ok
15:18:20.0234 3928 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:18:20.0234 3928 Themes - ok
15:18:20.0265 3928 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
15:18:20.0265 3928 TlntSvr - ok
15:18:20.0265 3928 TosIde - ok
15:18:20.0296 3928 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:18:20.0296 3928 TrkWks - ok
15:18:20.0328 3928 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:18:20.0328 3928 Udfs - ok
15:18:20.0328 3928 ultra - ok
15:18:20.0343 3928 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:18:20.0343 3928 Update - ok
15:18:20.0375 3928 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:18:20.0390 3928 upnphost - ok
15:18:20.0406 3928 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:18:20.0421 3928 UPS - ok
15:18:20.0453 3928 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
15:18:20.0453 3928 USBAAPL - ok
15:18:20.0484 3928 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:18:20.0484 3928 usbccgp - ok
15:18:20.0500 3928 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:18:20.0500 3928 usbehci - ok
15:18:20.0500 3928 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:18:20.0500 3928 usbhub - ok
15:18:20.0546 3928 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:18:20.0546 3928 usbohci - ok
15:18:20.0562 3928 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:18:20.0562 3928 usbprint - ok
15:18:20.0593 3928 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:18:20.0593 3928 usbscan - ok
15:18:20.0640 3928 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:18:20.0640 3928 USBSTOR - ok
15:18:20.0656 3928 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:18:20.0656 3928 VgaSave - ok
15:18:20.0656 3928 ViaIde - ok
15:18:20.0671 3928 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:18:20.0671 3928 VolSnap - ok
15:18:20.0687 3928 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:18:20.0687 3928 VSS - ok
15:18:20.0734 3928 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
15:18:20.0734 3928 W32Time - ok
15:18:20.0750 3928 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:18:20.0750 3928 Wanarp - ok
15:18:20.0781 3928 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:18:20.0781 3928 Wdf01000 - ok
15:18:20.0781 3928 WDICA - ok
15:18:20.0796 3928 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:18:20.0796 3928 wdmaud - ok
15:18:20.0812 3928 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:18:20.0812 3928 WebClient - ok
15:18:20.0890 3928 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:18:20.0890 3928 winmgmt - ok
15:18:20.0937 3928 [ BB2C5A7A555B387B85481B8BDE5370D7 ] WLNdis50 C:\WINDOWS\system32\DRIVERS\wlndis50.sys
15:18:20.0937 3928 WLNdis50 - ok
15:18:20.0953 3928 [ 5BF6D377D3C277A3A174CAFAE32E5831 ] WLSVC C:\Program Files\D-Link\DWA-552 revA\WLSVC.exe
15:18:20.0953 3928 WLSVC - ok
15:18:20.0984 3928 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:18:20.0984 3928 WmdmPmSN - ok
15:18:21.0031 3928 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:18:21.0031 3928 Wmi - ok
15:18:21.0062 3928 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
15:18:21.0062 3928 WmiApSrv - ok
15:18:21.0093 3928 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:18:21.0093 3928 WpdUsb - ok
15:18:21.0140 3928 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:18:21.0140 3928 WS2IFSL - ok
15:18:21.0171 3928 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:18:21.0171 3928 wscsvc - ok
15:18:21.0218 3928 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:18:21.0218 3928 wuauserv - ok
15:18:21.0250 3928 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:18:21.0250 3928 WudfPf - ok
15:18:21.0265 3928 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:18:21.0281 3928 WudfRd - ok
15:18:21.0312 3928 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:18:21.0312 3928 WudfSvc - ok
15:18:21.0375 3928 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:18:21.0375 3928 WZCSVC - ok
15:18:21.0406 3928 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:18:21.0406 3928 xmlprov - ok
15:18:21.0421 3928 ================ Scan global ===============================
15:18:21.0453 3928 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:18:21.0500 3928 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:18:21.0515 3928 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:18:21.0531 3928 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:18:21.0531 3928 [Global] - ok
15:18:21.0531 3928 ================ Scan MBR ==================================
15:18:21.0546 3928 [ 35C6B2FCDE68FACBEFE0A4A7200BAE58 ] \Device\Harddisk0\DR0
15:18:21.0718 3928 \Device\Harddisk0\DR0 - ok
15:18:21.0718 3928 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
15:18:21.0718 3928 Suspicious mbr (Forged): \Device\Harddisk1\DR1
15:18:21.0734 3928 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - infected
15:18:21.0734 3928 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Pihar.c (0)
15:18:21.0734 3928 ================ Scan VBR ==================================
15:18:21.0734 3928 [ 597392A61BBD5AA340222DA3DE661A2D ] \Device\Harddisk0\DR0\Partition1
15:18:21.0734 3928 \Device\Harddisk0\DR0\Partition1 - ok
15:18:21.0734 3928 [ 91D09A241F2B07E31C4BF379838E295F ] \Device\Harddisk1\DR1\Partition1
15:18:21.0750 3928 \Device\Harddisk1\DR1\Partition1 - ok
15:18:21.0750 3928 ============================================================
15:18:21.0750 3928 Scan finished
15:18:21.0750 3928 ============================================================
15:18:21.0750 3920 Detected object count: 1
15:18:21.0750 3920 Actual detected object count: 1
15:18:29.0718 3920 \Device\Harddisk1\DR1\# - copied to quarantine
15:18:29.0718 3920 \Device\Harddisk1\DR1 - copied to quarantine
15:18:29.0734 3920 \Device\Harddisk1\DR1\TDLFS\ldrm - copied to quarantine
15:18:29.0750 3920 \Device\Harddisk1\DR1\TDLFS\cmd.dll - copied to quarantine
15:18:29.0750 3920 \Device\Harddisk1\DR1\TDLFS\cmd64.dll - copied to quarantine
15:18:29.0750 3920 \Device\Harddisk1\DR1\TDLFS\drv32 - copied to quarantine
15:18:29.0750 3920 \Device\Harddisk1\DR1\TDLFS\drv64 - copied to quarantine
15:18:29.0796 3920 \Device\Harddisk1\DR1\TDLFS\servers.dat - copied to quarantine
15:18:29.0796 3920 \Device\Harddisk1\DR1\TDLFS\config.ini - copied to quarantine
15:18:29.0796 3920 \Device\Harddisk1\DR1\TDLFS\ldr16 - copied to quarantine
15:18:29.0796 3920 \Device\Harddisk1\DR1\TDLFS\ldr32 - copied to quarantine
15:18:29.0796 3920 \Device\Harddisk1\DR1\TDLFS\ldr64 - copied to quarantine
15:18:29.0812 3920 \Device\Harddisk1\DR1\TDLFS\s - copied to quarantine
15:18:29.0812 3920 \Device\Harddisk1\DR1\TDLFS\u - copied to quarantine
15:18:29.0812 3920 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
15:18:29.0812 3920 \Device\Harddisk1\DR1 - ok
15:18:30.0906 3920 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
15:18:39.0390 4076 Deinitialize success

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-09 15:22:02
-----------------------------
15:22:02.687 OS Version: Windows 5.1.2600 Service Pack 3
15:22:02.687 Number of processors: 2 586 0x6B02
15:22:02.687 ComputerName: CLAYTONS-PC UserName:
15:22:04.234 Initialize success
15:23:08.921 AVAST engine defs: 12120901
15:23:37.765 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
15:23:37.765 Disk 0 Vendor: WDC_WD1600JB-00GVA0 08.02D08 Size: 152626MB BusType: 3
15:23:37.765 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17
15:23:37.765 Disk 1 Vendor: ST3500630AS 3.AAK Size: 476938MB BusType: 3
15:23:37.781 Disk 1 MBR read successfully
15:23:37.781 Disk 1 MBR scan
15:23:37.812 Disk 1 Windows XP default MBR code
15:23:37.812 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
15:23:37.812 Disk 1 scanning sectors +976752000
15:23:37.890 Disk 1 scanning C:\WINDOWS\system32\drivers
15:23:47.453 Service scanning
15:24:03.093 Modules scanning
15:24:08.765 Disk 1 trace - called modules:
15:24:08.781 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:24:08.781 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a764ab8]
15:24:08.781 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> [0x8a70f920]
15:24:08.781 5 PCTCore.sys[b7e7feae] -> nt!IofCallDriver -> \Device\0000007b[0x8a6f4f18]
15:24:08.781 7 ACPI.sys[b7f51620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x8a6f2d98]
15:24:10.203 AVAST engine scan C:\WINDOWS
15:24:26.421 AVAST engine scan C:\WINDOWS\system32
15:27:25.421 AVAST engine scan C:\WINDOWS\system32\drivers
15:27:52.140 AVAST engine scan C:\Documents and Settings\Clayton Bruyn
15:29:18.156 File: C:\Documents and Settings\Clayton Bruyn\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\39\6ae6b1a7-5f3bc424 **INFECTED** Win32:Karagany-KC [Trj]
15:29:25.718 File: C:\Documents and Settings\Clayton Bruyn\Local Settings\Application Data\Threat Expert\oyafvpfa.dll **INFECTED** Win32:Tracur-JK [Trj]
15:34:09.546 AVAST engine scan C:\Documents and Settings\All Users
15:36:48.765 Scan finished successfully
15:36:56.171 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Clayton Bruyn\Desktop\MBR.dat"
15:36:56.171 The log file has been saved successfully to "C:\Documents and Settings\Clayton Bruyn\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:51 AM

Posted 09 December 2012 - 04:53 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:51 AM

Posted 12 December 2012 - 12:40 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:51 AM

Posted 15 December 2012 - 02:37 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:51 AM

Posted 20 December 2012 - 11:57 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users