Jump to content

Creo

Honorary Members
  • Posts

    30
  • Joined

  • Last visited

Everything posted by Creo

  1. Oh! I have been running MBAM for years in the belief it was a full AV solution. At least something good has come out of my recent problems. Though I now am asking myself why I paid for a program that is a "second layer of defense", I would prefer a first layer of defense. I dl'd and installed the Beta version of MBAM, but same thing, as soon as I started it up it hung my PC. Ive been running Avast and performed a full system scan, all it found was a virus in an ancient gif animator prog thats been on my PC for many years. Mind you, was surprised that MBAM never reported it. Whatever, I think I am pretty much done with MBAM, if its not an AV solution and isnt working on my system then its not really worth the time and agro to try and get it fixed. Of course there may be some other problem with my PC causing the MBAM issue, but I havent had any other problems, and Avast seems to think my system is ok. VERY dissapointed to find out MBAM isnt a full AV solution, I would never have bought it if I had known.
  2. Yes, I was exasperated! Thank you for the 1.75 solution, but I cant see that will be a permanent solution as some time or other it wont be supported/updated. I was (rather badly) trying to make the point that the latest version *appears* to have caused me a problem. I tried MBAM uninstalling and re-installing again (just in case), and it didn't resolve it. I may try the latest Beta as you have advised, has to be worth a shot. For now, I have disabled MBAM and installed Avast to ensure I have some AV and Malware protection while this issue with MBAM is locking up my PC.
  3. Ive done the MBAM clean removal, and that hasnt fixed the problem. I really dont have time to do any more messing around try to fix the problem with this crappy product. My problem has occured when I "upgraded" to the new version. I now cannot scan anything, and MLB hangs my entire system. Guess I will have to remove MLB and get a different AV product. Consider this an unhappy customer.
  4. Since it upgraded to the latest version I am unable to scan without the system hanging. If I leave it alone in what appears to be a hung state for 15 or so minutes it starts scanning and completes. While it is hung the system is completely locked out. The timer in the prescan is progressing incredibly slowly, each second of reported elapsed time is several minutes of real time. Eventually the scan progresses normally. This is ok for a full system scan once a day or week, but when I want to scan a single file its unusable. I ran Chkdsk and it reported several indexes corrupt and said it fixed them. I also uninstalled and re-installed MWB. Still the problem persists. Also, worryingly, when the full system scan completes it says no threats found but Superantimalware finds tracking cookies. I am running Windows XP SP3. I have the "Premium" version of MWB and am a paying customer. As I said this only started happening when MWB upgraded. Please advise me of any simple diagnosis I can undertake to resolve this issue. Last time I had a problem I spent a couple of weeks running your diagnotic tools, completely buggering my system in the process, and in the end it turned out there was no problem, it was MWB reporting attempts to access servers for Quake. Thank you
  5. Last time I followed the Malware removal instructions it took me weeks to get my PC back together having disabled so much of it. After having near destroyed my PC in the process I finally realised myself what the issue was having been told by the MWB expert my router was infected. I would only go through that process again as a last resort and we arent at last resort status yet. Could someone please just look and see if there are any internal notes regarding an Adobe Reader Updater Virus/Trojan. IF I have it then what I am seeing from Google searches is that its quite old, 2009 era, so should be handled by the normal scan of Malwarebytes. Thank you.
  6. Each day in the notification area I am getting a message to update my Adobe Reader, however I believe this is a Virus or Trojan as when I click the link it wants to download non-Adobe software. Have searched Google and it appears there is a Trojan. Ran Malwarebytes Full scan (fully up to date) and it detected 5 various Adobe components which I quarantined. It then rebooted the system, and I thought all solved. But today the notification pop-up has appeared, so I still have the problem. System is Win XP SP3 32bit. I searched this forum but couldnt find anything related to this Trojan, also there isnt much on the Google hits, so I am at a loss what to do now. Help!.
  7. I am also getting lots of blocks to 93.188.128.xx The sites I am visiting are John Lewis, wimp.com and dump.com I have used these sites for ages with no issues. I believe these are false positives. Can someone pls resolve this as I am sick of the Malwarebytes block and about to switch off protection. Thank you. (paying customer of Malwarebytes)
  8. Afraid you lost me there. If Firefox isnt running then it cant do anything. The net connection may be there but if the program isnt in memory then it cant do anything. FF uses a net connection, but because a net connection is active doesnt mean FF is. If I dont start FF no matter how I stare at the screen I wont see any FF windows. A net connection isnt an application. An application may use a net connection, but they are two discrete different things, albeit they share similar properties. When I run a game the game starts, I run it, use it, or whatever, then close/end it. There may be some legacy programs in memory from running it if it doesnt close correctly. But if I dont start it then it isnt active on my system. So my concern is that why is a Quake generated call to an IP address occurring when the program hasnt been started since the last reboot of the system? The only way I can see that it would do this is if somehow Quake, or more likely an add-on has created some malware that is starting a process, and its that process that is making calls to IP addresses. I, and many people have run Quake for years and years and I dont see hits on Google about malicious IP calls. No way is an old game like Quake making calls to websites when it hasnt been started and none of its processes are active. So logically (to me anyway!) I must have some sort of Malware type prog active which is creating these calls to IP addresses.
  9. I just Googled the three IP addresses that I posted in 3 posts above. All are Quake3 and Urban Terror servers. So its all starting to add up. What doesnt add up is why these are occuring when Quake3 isnt running.
  10. What confuses me, and why I didnt think of this before, is the outgoing block times and number seem unrelated to Quake3 usage. I have played the game a lot, but the blocks have come at various times, not related to the usage of the game. For example I have had the outgoing blocks when I HAVEN'T played the game, I mean when the PC has been rebooted and Quake3 hasnt been fired up. It was only just now it occurred to me to seriously try and think what I had installed lately and go through the MBAM logs to see if there were any relations to time/dates. Of course, will see what happens and let you know. I have been using computers since 1975 when I started at IBM. I just knew I should have moved to Apple this time!
  11. Groan, its back 19:19:01 Joe IP-BLOCK 193.106.173.194 (Type: outgoing) 19:19:02 Joe IP-BLOCK 193.106.173.194 (Type: outgoing) 19:19:02 Joe IP-BLOCK 109.235.50.153 (Type: outgoing) 19:19:03 Joe IP-BLOCK 213.163.64.115 (Type: outgoing) I changed my router admin access pw and my wep encryption 16 byte code today. Rebooted router and PC, and PC was clean all day until this evening. I have been digging around my system, and noticed that these outgoing blocks started at 11.09am on 30/1/2011, and I installed the old game Quake3 6 minutes before then. Seems too much of a co-incidence. My instant reaction was that each time I fired up Quake 3 it started some process that caused these outgoing blocks, which made sense EXCEPT I was playing the game this morning and had no blocks. All in all though, it does seem quite a co-incidence. Also, I have a laptop connected wirelessly (as is the PC) to the same router. Has same MBAM installed, updated, scanned as this PC, and that has had no outgoing blocks. So strikes me that this affliction is on this PC only. I have now uninstalled and removed Quake3, rebooted my router, and am just about to reboot the PC.
  12. LD Tate has fixed my problem, as detailed here:- Forum Thread Topic Link The problem was a Router Infection! My system has been clean for 24 hours, and I just wanted to post my thanks to LD Tate, Grant Gardiner, and anyone else who may have helped behind the scenes.
  13. I have had no outgoing blocks messages in the MBAM logs for the last 18 hours. I have undertaken the actions in your all clear post, and have changed the password to the wireless router and rebooted it. I have never been aware that a router could be infected! Makes a lot of sense now, and as I have had the router for several years I have no memory of ever changing the access password, though of course I have a WEP encrypted password, which I shall also now attempt to change. I will report back in a couple of days to confirm the system is all ok. I thank you sincerely for your help and assistance. You're one of the good guys.
  14. I'll get onto those actions just as soon as I have had dinner! Thank you so much for your assistance, fingers crossed that the problem is fixed. I built the PC myself a few weeks ago and from word go have had Windows Firewall running (before I ever connected to the net) and I paid for the full version of Malwarebytes which has been updated daily and a scan run daily, so I guess I am wondering how I get infected if I am taking what appears to beto be sensible and thorough security measures. What more can I do? I also am asking in a rehtorical sense, why I have paid for Anti-Malware software that hasn't protected my system. Could I also you ask what exactly you believe it was causing the problem of outgoing attempts? Thank you.
  15. Latest Combofix output follows. I am now getting Google popup baloons saying another program is attempting to change my default search engine, never seen a Google popup in the taskbar before. I also now have new folders on my Hard Disk called:- cmdcons and Qoobox - are these output files from the progs I have been running? Should I keep or delete these folders? I believe the temp programs are legacy of progs I have installed, I use a folder called "temp" and dl and unzip everything there. I have now deleted thate ntire folder. BTW When Combofix ran and rebooted it didnt then close my net connection while it continued. ComboFix 11-01-31.02 - Joe 02/02/2011 20:17:36.2.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3575.3220 [GMT 0:00] Running from: c:\malwarebytes\ComboFix.exe Command switches used :: c:\malwarebytes\CFScript.txt FILE :: "c:\docume~1\Joe\LOCALS~1\Temp\ALSysIO.sys" "c:\temp\alln. t.fxrape\amd64\English.dll" "c:\temp\alln. t.fxrape\i386\English.dll" "c:\temp\alln. t.fxrape\ia64\English.dll" "c:\temp\alln. t.fxrape\setup.exe" "c:\temp\alln. t.fxrape\wow64\English.dll" "c:\temp\apple\amd64\English.dll" "c:\temp\apple\i386\English.dll" "c:\temp\apple\ia64\English.dll" "c:\temp\apple\setup.exe" "c:\temp\apple\wow64\English.dll" "c:\temp\bigfishgames_p59164172_s1_l1.exe" "c:\temp\bigfishgames_p94168616_s1_l1.exe" "c:\temp\MSKLC.exe" "c:\temp\SS\Shell\gloss2\shellstyle.dll" "c:\temp\SS\Shell\NormalColor\shellstyle.dll" "c:\temp\SS\Shell\smooth\shellstyle.dll" "c:\temp\SS\Shell\smooth2\shellstyle.dll" "c:\temp\Wolf_Update_1_4.exe" "c:\temp\WolfMP.exe" "c:\windows\system32\Joey.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\temp\alln. t.fxrape\amd64\English.dll c:\temp\alln. t.fxrape\i386\English.dll c:\temp\alln. t.fxrape\ia64\English.dll c:\temp\alln. t.fxrape\setup.exe c:\temp\alln. t.fxrape\wow64\English.dll c:\temp\apple\amd64\English.dll c:\temp\apple\i386\English.dll c:\temp\apple\ia64\English.dll c:\temp\apple\setup.exe c:\temp\apple\wow64\English.dll c:\temp\bigfishgames_p59164172_s1_l1.exe c:\temp\bigfishgames_p94168616_s1_l1.exe c:\temp\MSKLC.exe c:\temp\SS\Shell\gloss2\shellstyle.dll c:\temp\SS\Shell\NormalColor\shellstyle.dll c:\temp\SS\Shell\smooth\shellstyle.dll c:\temp\SS\Shell\smooth2\shellstyle.dll c:\temp\Wolf_Update_1_4.exe c:\temp\WolfMP.exe c:\windows\system32\Joey.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_cerc6 ((((((((((((((((((((((((( Files Created from 2011-01-02 to 2011-02-02 ))))))))))))))))))))))))))))))) . 2011-01-31 20:47 . 2011-02-02 20:16 -------- d-----w- C:\Malwarebytes 2011-01-31 19:57 . 2011-01-31 19:57 -------- d-----w- c:\documents and settings\Joe\Application Data\Mystery of Mortlake Mansion 2011-01-31 19:09 . 2011-01-31 19:10 -------- d-----w- c:\program files\Mystery of Mortlake Mansion 2011-01-30 19:16 . 2011-01-30 19:17 -------- d-----w- C:\Unzipped 2011-01-30 18:53 . 2011-01-30 18:53 249856 ------w- c:\windows\Setup1.exe 2011-01-30 18:53 . 2011-01-30 18:53 73216 ----a-w- c:\windows\ST6UNST.EXE 2011-01-30 18:53 . 1999-12-17 10:13 86016 ----a-w- c:\windows\unvise32.exe 2011-01-30 18:50 . 2011-02-02 17:06 -------- d-----w- c:\program files\Quake III Arena 2011-01-30 10:09 . 2011-01-30 15:06 -------- d-----w- c:\program files\Call of Duty 2011-01-30 08:46 . 2011-01-30 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2011-01-30 08:45 . 2011-01-30 08:45 -------- d-----w- c:\program files\ATI Stream 2011-01-30 08:44 . 2011-01-05 02:46 1112576 ----a-w- c:\windows\system32\ativvamv.dll 2011-01-30 08:43 . 2011-01-30 08:43 -------- d-----w- C:\ATI 2011-01-28 15:12 . 2011-01-28 17:36 -------- d-----w- c:\program files\Return to Castle Wolfenstein 2011-01-22 21:51 . 2011-01-22 21:52 -------- d-----w- c:\program files\Drawn - Dark Flight 2011-01-22 21:42 . 2011-01-22 21:43 -------- d-----w- c:\program files\Mystery Case Files - Dire Grove 2011-01-21 10:46 . 2011-01-21 10:46 -------- d-----w- c:\program files\Mystery Case Files - Ravenhearst 2011-01-21 10:40 . 2011-01-21 10:40 208072 ----a-w- c:\temp\bigfishgames_p29958078_s1_l1.exe 2011-01-17 02:40 . 2011-01-17 02:42 -------- d-----w- c:\documents and settings\Joe\Application Data\Phantasmat_bf_ce1 2011-01-17 02:40 . 2011-01-17 02:40 -------- d-----w- c:\program files\Phantasmat Collector's Edition 2011-01-16 03:42 . 2011-01-22 23:44 -------- d-----w- c:\documents and settings\Joe\Application Data\Big Fish Games 2011-01-15 23:02 . 2011-01-15 23:03 -------- d-----w- c:\program files\Mystery Case Files - 13th Skull 2011-01-12 18:49 . 2011-01-15 13:44 -------- d-----w- c:\program files\SpeedFan 2011-01-07 12:13 . 2009-11-05 20:35 27744 ----a-w- c:\windows\system32\drivers\point32.sys 2011-01-06 21:04 . 2011-01-06 21:05 -------- d-----w- C:\ATI Demos 2011-01-06 15:23 . 2011-01-06 15:23 -------- d-----w- c:\program files\Bullfrog 2011-01-06 11:33 . 2011-01-06 11:33 -------- d-----w- c:\program files\Common Files\ATI Technologies 2011-01-06 11:32 . 2010-05-17 12:04 101904 ----a-r- c:\windows\system32\drivers\AtiHdmi.sys 2011-01-06 11:32 . 2010-11-26 03:12 311296 ----a-w- c:\windows\system32\atiiiexx.dll 2011-01-06 11:32 . 2010-11-26 02:55 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-01-06 11:31 . 2011-01-30 08:45 -------- d-----w- c:\program files\ATI Technologies 2011-01-06 10:24 . 2011-01-06 10:24 -------- d-----w- c:\documents and settings\Joe\Local Settings\Application Data\ATI 2011-01-06 10:24 . 2011-01-06 10:24 -------- d-----w- c:\documents and settings\Joe\Application Data\ATI 2011-01-06 10:22 . 2011-01-06 10:22 0 ----a-w- c:\windows\ativpsrm.bin 2011-01-06 10:20 . 2011-01-06 16:00 -------- d-----w- c:\program files\ATI 2011-01-05 20:54 . 2011-01-05 20:54 -------- d-----w- c:\program files\Firaxis Games 2011-01-05 20:17 . 2011-01-05 20:17 -------- d-----w- c:\windows\system32\wbem\Repository 2011-01-05 20:05 . 2008-04-14 12:00 218624 ----a-w- c:\windows\system32\uxtheme.dll.backup 2011-01-05 12:41 . 2011-01-05 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare 2011-01-05 12:41 . 2011-01-05 12:41 -------- d-----w- c:\documents and settings\Joe\Application Data\NVIDIA 2011-01-05 12:28 . 2011-01-05 12:28 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP 2011-01-05 12:28 . 2011-01-05 12:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2011-01-05 12:16 . 2011-01-05 14:43 -------- d-----w- c:\program files\Common Files\BioWare 2011-01-04 14:45 . 2008-04-14 00:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2011-01-04 14:45 . 2008-04-14 00:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2011-01-04 14:29 . 2011-01-04 14:29 -------- d-----w- C:\logs 2011-01-04 14:29 . 2008-04-14 00:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2011-01-04 14:29 . 2008-04-14 00:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2011-01-04 14:29 . 2001-08-17 22:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll 2011-01-04 14:29 . 2001-08-17 22:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll 2011-01-04 14:29 . 2011-01-04 14:29 -------- d-----w- c:\program files\Lexmark Toolbar 2011-01-04 13:52 . 2011-01-04 13:52 -------- d-----w- c:\documents and settings\All Users\lx_cats . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 18:09 . 2010-12-16 21:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 18:08 . 2010-12-16 21:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-16 19:36 . 2010-12-16 19:36 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-12-07 12:14 . 2010-12-07 12:14 51200 ----a-w- c:\windows\system32\OpenCL.dll 2010-11-18 18:12 . 2010-12-16 13:00 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-09 14:52 . 2008-04-14 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-11-05 05:05 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll 2010-11-05 05:05 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx 2010-11-05 05:05 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-16 39408] "Google Update"="c:\documents and settings\Joe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-16 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-13 129536] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-13 163328] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-13 138752] "RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 98304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-16 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"= "c:\\Program Files\\Quake III Arena\\quake3.exe"= R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [16/12/2010 13:15 19496] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16/12/2010 21:59 363344] R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [16/12/2010 13:14 2320920] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16/12/2010 21:59 20952] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/12/2010 14:15 136176] S3 ALSysIO;ALSysIO;\??\c:\docume~1\Joe\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Joe\LOCALS~1\Temp\ALSysIO.sys [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16/12/2010 13:14 1691480] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [16/12/2010 13:13 235520] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys --> c:\windows\system32\drivers\nvhda32.sys [?] . Contents of the 'Scheduled Tasks' folder 2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 14:15] 2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 14:15] 2011-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-57989841-1801674531-1003Core.job - c:\documents and settings\Joe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 14:15] 2011-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-57989841-1801674531-1003UA.job - c:\documents and settings\Joe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 14:15] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\etynf2i8.default\ FF - prefs.js: browser.startup.homepage - FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com FF - Ext: Full Fullscreen: {bfe3406c-6f31-4789-86d5-efa50e12c9eb} - %profile%\extensions\{bfe3406c-6f31-4789-86d5-efa50e12c9eb} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-02 20:23 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(592) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\RTHDCPL.EXE c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Completion time: 2011-02-02 20:24:57 - machine was rebooted ComboFix-quarantined-files.txt 2011-02-02 20:24 Pre-Run: 915,981,996,032 bytes free Post-Run: 915,888,898,048 bytes free - - End Of File - - C154EC59C504BDB6B94251F7FC0B3B91
  16. I wish there was an edit button on this forum as I just reread the instructions on the gif and it says Combofix will start. Ok, just off to run Combofix.
  17. When I drag and drop the CFScript.txt that I have created into Combofix, Comfix immediately starts as I let go of the house button. I get no confirmation that the file info has been accepted into Combofix. Should I just allow it to start?
  18. I already ran ATF cleaner earlier today as one of the instructions in your first post. Is it not working correctly on my system?
  19. I am afraid it isnt fixed, just had several outgoing blocks:- 19:12:41 Joe IP-BLOCK 193.106.173.194 (Type: outgoing) 19:12:42 Joe IP-BLOCK 193.106.173.194 (Type: outgoing) 19:12:46 Joe IP-BLOCK 95.211.21.78 (Type: outgoing) 19:16:39 Joe IP-BLOCK 193.106.173.194 (Type: outgoing) 19:16:40 Joe IP-BLOCK 193.106.173.194 (Type: outgoing) 19:16:47 Joe IP-BLOCK 95.211.21.78 (Type: outgoing) 19:17:02 Joe IP-BLOCK 193.106.173.194 (Type: outgoing) 19:17:02 Joe IP-BLOCK 193.106.173.194 (Type: outgoing) 19:17:04 Joe IP-BLOCK 95.211.21.78 (Type: outgoing) 19:17:07 Joe IP-BLOCK 109.235.50.153 (Type: outgoing) 19:17:08 Joe IP-BLOCK 213.163.64.115 (Type: outgoing) 19:17:25 Joe IP-BLOCK 95.211.21.78 (Type: outgoing)
  20. Its been under 1.5 hours since I ran Combofix and havent had an outgoing block since then BUT the blocks I have been getting are sporadic, sometimes several hours between them, so at the moment its too early to tell if the problem has been fixed.
  21. When Combofix was running it said it detected rootkit activity and asked to reboot, I clicked the "ok" but it just sat there hung, so I manually rebooted. Output from Combofix follows, as to how the computer is behaving, it seems a bit sluggish, but that could just be my imagination. Once again, thank you for your assistance. ComboFix 11-01-31.02 - Joe 02/02/2011 17:28:21.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3575.3219 [GMT 0:00] Running from: c:\malwarebytes\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\SysInfo.dll . ((((((((((((((((((((((((( Files Created from 2011-01-02 to 2011-02-02 ))))))))))))))))))))))))))))))) . 2011-01-31 20:47 . 2011-02-02 17:16 -------- d-----w- C:\Malwarebytes 2011-01-31 19:57 . 2011-01-31 19:57 -------- d-----w- c:\documents and settings\Joe\Application Data\Mystery of Mortlake Mansion 2011-01-31 19:09 . 2011-01-31 19:10 -------- d-----w- c:\program files\Mystery of Mortlake Mansion 2011-01-30 19:16 . 2011-01-30 19:17 -------- d-----w- C:\Unzipped 2011-01-30 18:53 . 2011-01-30 18:53 249856 ------w- c:\windows\Setup1.exe 2011-01-30 18:53 . 2011-01-30 18:53 73216 ----a-w- c:\windows\ST6UNST.EXE 2011-01-30 18:53 . 1999-12-17 10:13 86016 ----a-w- c:\windows\unvise32.exe 2011-01-30 18:50 . 2011-02-02 17:06 -------- d-----w- c:\program files\Quake III Arena 2011-01-30 10:09 . 2011-01-30 15:06 -------- d-----w- c:\program files\Call of Duty 2011-01-30 08:46 . 2011-01-30 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2011-01-30 08:45 . 2011-01-30 08:45 -------- d-----w- c:\program files\ATI Stream 2011-01-30 08:44 . 2011-01-05 02:46 1112576 ----a-w- c:\windows\system32\ativvamv.dll 2011-01-30 08:43 . 2011-01-30 08:43 -------- d-----w- C:\ATI 2011-01-28 17:07 . 2006-05-08 14:33 1089536 ------w- c:\temp\WolfMP.exe 2011-01-28 17:03 . 2011-01-28 17:07 12054753 ----a-w- c:\temp\Wolf_Update_1_4.exe 2011-01-28 15:12 . 2011-01-28 17:36 -------- d-----w- c:\program files\Return to Castle Wolfenstein 2011-01-22 21:51 . 2011-01-22 21:52 -------- d-----w- c:\program files\Drawn - Dark Flight 2011-01-22 21:42 . 2011-01-22 21:43 -------- d-----w- c:\program files\Mystery Case Files - Dire Grove 2011-01-22 21:12 . 2011-01-22 21:12 208072 ----a-w- c:\temp\bigfishgames_p59164172_s1_l1.exe 2011-01-21 10:46 . 2011-01-21 10:46 -------- d-----w- c:\program files\Mystery Case Files - Ravenhearst 2011-01-21 10:40 . 2011-01-21 10:40 208072 ----a-w- c:\temp\bigfishgames_p29958078_s1_l1.exe 2011-01-17 02:40 . 2011-01-17 02:42 -------- d-----w- c:\documents and settings\Joe\Application Data\Phantasmat_bf_ce1 2011-01-17 02:40 . 2011-01-17 02:40 -------- d-----w- c:\program files\Phantasmat Collector's Edition 2011-01-16 03:42 . 2011-01-22 23:44 -------- d-----w- c:\documents and settings\Joe\Application Data\Big Fish Games 2011-01-15 23:02 . 2011-01-15 23:03 -------- d-----w- c:\program files\Mystery Case Files - 13th Skull 2011-01-15 22:20 . 2011-01-15 22:20 208072 ----a-w- c:\temp\bigfishgames_p94168616_s1_l1.exe 2011-01-12 18:49 . 2011-01-15 13:44 -------- d-----w- c:\program files\SpeedFan 2011-01-07 12:13 . 2009-11-05 20:35 27744 ----a-w- c:\windows\system32\drivers\point32.sys 2011-01-06 21:04 . 2011-01-06 21:05 -------- d-----w- C:\ATI Demos 2011-01-06 15:23 . 2011-01-06 15:23 -------- d-----w- c:\program files\Bullfrog 2011-01-06 11:33 . 2011-01-06 11:33 -------- d-----w- c:\program files\Common Files\ATI Technologies 2011-01-06 11:32 . 2010-05-17 12:04 101904 ----a-r- c:\windows\system32\drivers\AtiHdmi.sys 2011-01-06 11:32 . 2010-11-26 03:12 311296 ----a-w- c:\windows\system32\atiiiexx.dll 2011-01-06 11:32 . 2010-11-26 02:55 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-01-06 11:31 . 2011-01-30 08:45 -------- d-----w- c:\program files\ATI Technologies 2011-01-06 10:24 . 2011-01-06 10:24 -------- d-----w- c:\documents and settings\Joe\Local Settings\Application Data\ATI 2011-01-06 10:24 . 2011-01-06 10:24 -------- d-----w- c:\documents and settings\Joe\Application Data\ATI 2011-01-06 10:22 . 2011-01-06 10:22 0 ----a-w- c:\windows\ativpsrm.bin 2011-01-06 10:20 . 2011-01-06 16:00 -------- d-----w- c:\program files\ATI 2011-01-05 20:54 . 2011-01-05 20:54 -------- d-----w- c:\program files\Firaxis Games 2011-01-05 20:17 . 2011-01-05 20:17 -------- d-----w- c:\windows\system32\wbem\Repository 2011-01-05 20:05 . 2008-04-14 12:00 218624 ----a-w- c:\windows\system32\uxtheme.dll.backup 2011-01-05 19:46 . 2001-02-14 18:06 939520 ----a-w- c:\temp\SS\Shell\smooth2\shellstyle.dll 2011-01-05 19:46 . 2001-02-14 18:06 939520 ----a-w- c:\temp\SS\Shell\smooth\shellstyle.dll 2011-01-05 19:46 . 2001-02-14 15:48 939520 ----a-w- c:\temp\SS\Shell\gloss2\shellstyle.dll 2011-01-05 19:46 . 2001-02-14 15:47 939520 ----a-w- c:\temp\SS\Shell\NormalColor\shellstyle.dll 2011-01-05 12:41 . 2011-01-05 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare 2011-01-05 12:41 . 2011-01-05 12:41 -------- d-----w- c:\documents and settings\Joe\Application Data\NVIDIA 2011-01-05 12:28 . 2011-01-05 12:28 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP 2011-01-05 12:28 . 2011-01-05 12:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2011-01-05 12:16 . 2011-01-05 14:43 -------- d-----w- c:\program files\Common Files\BioWare 2011-01-04 14:45 . 2008-04-14 00:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2011-01-04 14:45 . 2008-04-14 00:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2011-01-04 14:29 . 2011-01-04 14:29 -------- d-----w- C:\logs 2011-01-04 14:29 . 2008-04-14 00:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2011-01-04 14:29 . 2008-04-14 00:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2011-01-04 14:29 . 2001-08-17 22:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll 2011-01-04 14:29 . 2001-08-17 22:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll 2011-01-04 14:29 . 2011-01-04 14:29 -------- d-----w- c:\program files\Lexmark Toolbar 2011-01-04 13:52 . 2011-01-04 13:52 -------- d-----w- c:\documents and settings\All Users\lx_cats 2011-01-03 19:47 . 2011-01-03 19:47 6144 ----a-w- c:\windows\system32\Joey.dll 2011-01-03 19:10 . 2011-01-03 19:10 -------- d-----w- c:\documents and settings\Joe\Local Settings\Application Data\MSKLC 2011-01-03 19:10 . 2011-01-03 19:10 -------- d-----w- c:\program files\Microsoft Keyboard Layout Creator 1.4 2011-01-03 19:09 . 2011-01-03 19:09 10597792 ----a-w- c:\temp\MSKLC.exe 2011-01-03 19:04 . 2010-04-27 06:22 6656 ----a-w- c:\temp\apple\wow64\English.dll 2011-01-03 19:04 . 2010-04-27 06:22 142848 ----a-w- c:\temp\apple\setup.exe 2011-01-03 19:04 . 2010-04-27 06:22 7168 ----a-w- c:\temp\apple\ia64\English.dll 2011-01-03 19:04 . 2010-04-27 06:22 7168 ----a-w- c:\temp\apple\amd64\English.dll 2011-01-03 19:04 . 2010-04-27 06:22 6144 ----a-w- c:\temp\apple\i386\English.dll 2011-01-03 19:03 . 2010-04-27 06:22 6656 ----a-w- c:\temp\alln. t.fxrape\wow64\English.dll 2011-01-03 19:03 . 2010-04-27 06:22 142848 ----a-w- c:\temp\alln. t.fxrape\setup.exe 2011-01-03 19:03 . 2010-04-27 06:22 7168 ----a-w- c:\temp\alln. t.fxrape\ia64\English.dll 2011-01-03 19:03 . 2010-04-27 06:22 7168 ----a-w- c:\temp\alln. t.fxrape\amd64\English.dll 2011-01-03 19:03 . 2010-04-27 06:22 6144 ----a-w- c:\temp\alln. t.fxrape\i386\English.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 18:09 . 2010-12-16 21:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 18:08 . 2010-12-16 21:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-16 19:36 . 2010-12-16 19:36 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-12-07 12:14 . 2010-12-07 12:14 51200 ----a-w- c:\windows\system32\OpenCL.dll 2010-11-18 18:12 . 2010-12-16 13:00 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-09 14:52 . 2008-04-14 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-11-05 05:05 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll 2010-11-05 05:05 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx 2010-11-05 05:05 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-16 39408] "Google Update"="c:\documents and settings\Joe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-16 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-13 129536] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-13 163328] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-13 138752] "RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 98304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-16 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"= "c:\\Program Files\\Quake III Arena\\quake3.exe"= R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [16/12/2010 13:15 19496] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16/12/2010 21:59 363344] R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [16/12/2010 13:14 2320920] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16/12/2010 21:59 20952] S0 cerc6;cerc6; [x] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/12/2010 14:15 136176] S3 ALSysIO;ALSysIO;\??\c:\docume~1\Joe\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Joe\LOCALS~1\Temp\ALSysIO.sys [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16/12/2010 13:14 1691480] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [16/12/2010 13:13 235520] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys --> c:\windows\system32\drivers\nvhda32.sys [?] . Contents of the 'Scheduled Tasks' folder 2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 14:15] 2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 14:15] 2011-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-57989841-1801674531-1003Core.job - c:\documents and settings\Joe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 14:15] 2011-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-57989841-1801674531-1003UA.job - c:\documents and settings\Joe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 14:15] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\etynf2i8.default\ FF - prefs.js: browser.startup.homepage - FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com FF - Ext: Full Fullscreen: {bfe3406c-6f31-4789-86d5-efa50e12c9eb} - %profile%\extensions\{bfe3406c-6f31-4789-86d5-efa50e12c9eb} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-02 17:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(592) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . Completion time: 2011-02-02 17:33:14 ComboFix-quarantined-files.txt 2011-02-02 17:33 Pre-Run: 915,049,209,856 bytes free Post-Run: 915,958,734,848 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 2647DB88E7E8194E9709F22708F5DF59
  22. DDS Scan outputs:- Attach.txt DDS (Ver_10-12-12.02) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 16/12/2010 13:04:14 System Uptime: 02/02/2011 12:59:19 (4 hours ago) Motherboard: Gigabyte Technology Co., Ltd. | | H55-UD3H Processor: Intel Pentium II Xeon processor | Socket 1156 | 3066/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 931 GiB total, 852.27 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} Description: USB Human Interface Device Device ID: USB\VID_05AC&PID_9223\6&BBA9302&0&2 Manufacturer: (Standard system devices) Name: USB Human Interface Device PNP Device ID: USB\VID_05AC&PID_9223\6&BBA9302&0&2 Service: HidUsb Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Realtek PCIe GBE Family Controller Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_06\4&64B821A&0&00E5 Manufacturer: Realtek Semiconductor Corp. Name: Realtek PCIe GBE Family Controller PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_06\4&64B821A&0&00E5 Service: RTLE8023xp ==== System Restore Points =================== RP1: 16/12/2010 13:06:24 - System Checkpoint RP2: 16/12/2010 13:11:08 - Installed Windows KB954550-v5. RP3: 16/12/2010 13:11:11 - Printer Driver Microsoft XPS Document Writer Installed RP4: 16/12/2010 13:11:13 - Printer Driver Microsoft XPS Document Writer Installed RP5: 16/12/2010 13:14:40 - Installed Realtek High Definition Audio Driver RP6: 16/12/2010 13:15:24 - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver RP7: 16/12/2010 13:28:34 - Installed Atheros Client Installation Program RP8: 16/12/2010 13:42:33 - Software Distribution Service 3.0 RP9: 16/12/2010 13:51:26 - Software Distribution Service 3.0 RP10: 16/12/2010 14:11:34 - Software Distribution Service 3.0 RP11: 16/12/2010 15:10:40 - Installed ClearType Tuning Control Panel Applet RP12: 16/12/2010 16:20:53 - After XP installed RP13: 16/12/2010 17:02:10 - Installed Windows XP WgaNotify. RP14: 16/12/2010 17:22:43 - Installed Microsoft Office 2000 Professional RP15: 16/12/2010 19:38:11 - Installed Oblivion RP16: 16/12/2010 19:38:14 - Installed DirectX 9.0 RP17: 16/12/2010 20:07:22 - Installed Oblivion - Shivering Isles/Knights of the Nine RP18: 16/12/2010 20:31:30 - Installed MSN Messenger 5.0 RP19: 16/12/2010 21:41:50 - Installed Civilization III Complete Edition RP20: 16/12/2010 21:52:44 - Installed Adobe Reader X. RP21: 17/12/2010 08:06:02 - Software Distribution Service 3.0 RP22: 17/12/2010 17:47:07 - Software Distribution Service 3.0 RP23: 17/12/2010 19:32:37 - Installed Address Magic Personal RP24: 18/12/2010 14:15:39 - Software Distribution Service 3.0 RP25: 18/12/2010 16:01:20 - Software Distribution Service 3.0 RP26: 20/12/2010 17:09:14 - Software Distribution Service 3.0 RP27: 20/12/2010 17:25:13 - Software Distribution Service 3.0 RP28: 21/12/2010 12:10:35 - Installed DirectX RP29: 21/12/2010 19:05:41 - Software Distribution Service 3.0 RP30: 22/12/2010 11:25:37 - Software Distribution Service 3.0 RP31: 22/12/2010 19:38:35 - Software Distribution Service 3.0 RP32: 23/12/2010 00:29:24 - Software Distribution Service 3.0 RP33: 23/12/2010 18:37:21 - Removed Oblivion RP34: 23/12/2010 18:38:38 - Installed Oblivion RP35: 23/12/2010 18:38:41 - Installed DirectX 9.0 RP36: 23/12/2010 19:01:03 - Installed Oblivion - Shivering Isles/Knights of the Nine RP37: 23/12/2010 19:07:18 - Installed Oblivion - Shivering Isles/Knights of the Nine RP38: 23/12/2010 19:18:25 - Revo Uninstaller Pro's restore point - Oblivion RP39: 23/12/2010 19:19:24 - Revo Uninstaller Pro's restore point - Oblivion RP40: 23/12/2010 19:23:05 - Installed Oblivion RP41: 23/12/2010 19:23:07 - Installed DirectX 9.0 RP42: 23/12/2010 19:36:25 - Installed Oblivion - Shivering Isles/Knights of the Nine RP43: 23/12/2010 20:42:48 - Pre Codec reset for Oblivion RP44: 23/12/2010 20:49:15 - Restore Operation RP45: 25/12/2010 00:00:34 - System Checkpoint RP46: 26/12/2010 00:23:38 - System Checkpoint RP47: 27/12/2010 00:45:08 - System Checkpoint RP48: 28/12/2010 01:11:53 - System Checkpoint RP49: 29/12/2010 13:20:55 - System Checkpoint RP50: 30/12/2010 15:27:10 - System Checkpoint RP51: 30/12/2010 18:33:12 - Installed Morrowind RP52: 30/12/2010 18:35:43 - Installed TES Construction Set RP53: 30/12/2010 20:37:28 - Removed Morrowind RP54: 30/12/2010 20:38:04 - Removed TES Construction Set RP55: 31/12/2010 10:56:14 - Software Distribution Service 3.0 RP56: 01/01/2011 12:26:59 - System Checkpoint RP57: 02/01/2011 12:55:41 - System Checkpoint RP58: 03/01/2011 11:04:48 - Reg maint RP59: 03/01/2011 19:04:27 - Installed United Kingdom - Apple RP60: 03/01/2011 19:10:13 - Installed Microsoft Keyboard Layout Creator 1.4 RP61: 03/01/2011 19:47:28 - Installed United Kingdom - Custom - Custom RP62: 04/01/2011 17:32:56 - Unsigned driver install RP63: 05/01/2011 11:18:02 - Software Distribution Service 3.0 RP64: 05/01/2011 12:37:12 - Installed Microsoft Visual C++ 2005 Redistributable RP65: 05/01/2011 18:16:06 - Uninstall Palit 460GTX RP66: 05/01/2011 19:45:41 - Pre Mac theme RP67: 05/01/2011 20:17:07 - Restore Operation RP68: 05/01/2011 20:54:25 - Installed Civilization III Complete Edition RP69: 06/01/2011 05:12:17 - Removed Browser Configuration Utility. RP70: 06/01/2011 16:48:20 - After 5770 latest drivers RP71: 06/01/2011 21:04:39 - Installed ATI RADEON 9700 Moebius Strip Screen Saver v1.1 RP72: 06/01/2011 21:05:25 - Installed ATI RADEON 9800 Caves Screen Saver v1.1 RP73: 07/01/2011 23:39:53 - System Checkpoint RP74: 08/01/2011 14:29:08 - Removed Microsoft IntelliPoint 7.1 RP75: 09/01/2011 14:42:55 - System Checkpoint RP76: 10/01/2011 14:45:45 - System Checkpoint RP77: 11/01/2011 15:24:07 - System Checkpoint RP78: 12/01/2011 12:45:10 - Software Distribution Service 3.0 RP79: 13/01/2011 13:52:05 - System Checkpoint RP80: 14/01/2011 14:18:44 - System Checkpoint RP81: 15/01/2011 14:23:47 - System Checkpoint RP82: 16/01/2011 16:40:37 - System Checkpoint RP83: 17/01/2011 16:45:45 - System Checkpoint RP84: 18/01/2011 17:45:45 - System Checkpoint RP85: 19/01/2011 18:53:51 - System Checkpoint RP86: 20/01/2011 22:17:21 - System Checkpoint RP87: 21/01/2011 23:34:31 - System Checkpoint RP88: 23/01/2011 00:23:06 - System Checkpoint RP89: 24/01/2011 13:09:28 - System Checkpoint RP90: 25/01/2011 13:29:07 - System Checkpoint RP91: 26/01/2011 14:01:27 - System Checkpoint RP92: 26/01/2011 16:55:47 - Installed Assassin's Creed RP93: 26/01/2011 17:05:20 - Installed DirectX RP94: 26/01/2011 17:06:29 - Installed Microsoft Visual C++ 2005 Redistributable RP95: 27/01/2011 18:09:47 - System Checkpoint RP96: 28/01/2011 15:09:46 - Removed Assassin's Creed RP97: 29/01/2011 15:17:40 - System Checkpoint RP98: 30/01/2011 17:06:46 - System Checkpoint RP99: 31/01/2011 17:53:20 - System Checkpoint RP100: 01/02/2011 23:41:01 - System Checkpoint RP101: 02/02/2011 10:50:51 - Pre Malware fixes ==== Installed Programs ====================== 7-Zip 9.20 Address Magic Personal Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Photoshop 7.0.1 Adobe Reader X ATI AVIVO Codecs ATI Catalyst Install Manager ATI Catalyst Registration ATI Problem Report Wizard ATI RADEON 9700 Moebius Strip Screen Saver v1.1 ATI RADEON 9800 Caves Screen Saver v1.1 ATI Stream SDK v2 Developer Audacity 1.2.6 AutoSizer Big Fish Games: Game Manager Can You See What I See? Dream Machine Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy ccc-core-static ccc-utility CCC Help English Civilization III Complete Edition ClearType Tuning Control Panel Applet Command & Conquer Red Alert 2 Command && Conquer Red Alert 2 - Yuri's Revenge Core Temp version 0.99.8 Doozler Drawn: Dark Flight ® Eye Candy 3 Francesco's leveled creatures-items mod 4.5b Francesco's optional new items/creatures 4.5 Google Chrome Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976002-v5) i-Sound Pro 6.9.6.0 Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Macromedia Flash 4 Macromedia Flash 5 Malwarebytes' Anti-Malware Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Halo Microsoft Keyboard Layout Creator 1.4 Microsoft Office 2000 Professional Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox (3.6.13) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Mystery Case Files ®: 13th Skull
  23. UPDATE Unfortunately the problem is still there. Have just had 4 blocked outgoings, as per the Malwarebytes log:- 12:21:47 Joe IP-BLOCK 193.106.173.194 (Type: outgoing) 12:21:47 Joe IP-BLOCK 193.106.173.194 (Type: outgoing) 12:22:08 Joe IP-BLOCK 109.235.50.153 (Type: outgoing) 12:22:09 Joe IP-BLOCK 213.163.64.115 (Type: outgoing) The system was idle at the time as I was in another room. So seems there must be some process running which is creating these attempted outgoings.
  24. Thank you very much for your interest and help. I have run the programs as per your post, and pasted the output from TDSSKiller below. My computer seems to be behaving as per normal. I havent had any of the block outgoings today. However they have previously been fairly random in appearance. I will keep monitoring it and report back if I get any more outgoing blocks. TDSSKiller Log follows:- 2011/02/02 10:58:13.0531 2768 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03 2011/02/02 10:58:13.0890 2768 ================================================================================ 2011/02/02 10:58:13.0890 2768 SystemInfo: 2011/02/02 10:58:13.0890 2768 2011/02/02 10:58:13.0890 2768 OS Version: 5.1.2600 ServicePack: 3.0 2011/02/02 10:58:13.0890 2768 Product type: Workstation 2011/02/02 10:58:13.0890 2768 ComputerName: CREO-PC 2011/02/02 10:58:13.0890 2768 UserName: Joe 2011/02/02 10:58:13.0890 2768 Windows directory: C:\WINDOWS 2011/02/02 10:58:13.0890 2768 System windows directory: C:\WINDOWS 2011/02/02 10:58:13.0890 2768 Processor architecture: Intel x86 2011/02/02 10:58:13.0890 2768 Number of processors: 4 2011/02/02 10:58:13.0890 2768 Page size: 0x1000 2011/02/02 10:58:13.0890 2768 Boot type: Normal boot 2011/02/02 10:58:13.0890 2768 ================================================================================ 2011/02/02 10:58:14.0140 2768 Initialize success 2011/02/02 10:58:21.0718 3760 ================================================================================ 2011/02/02 10:58:21.0718 3760 Scan started 2011/02/02 10:58:21.0718 3760 Mode: Manual; 2011/02/02 10:58:21.0718 3760 ================================================================================ 2011/02/02 10:58:22.0031 3760 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/02/02 10:58:22.0062 3760 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/02/02 10:58:22.0093 3760 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/02/02 10:58:22.0156 3760 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/02/02 10:58:22.0312 3760 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys 2011/02/02 10:58:22.0359 3760 AppleCharger (75a8b998eb259dd512f01ea25bec7f3b) C:\WINDOWS\system32\DRIVERS\AppleCharger.sys 2011/02/02 10:58:22.0390 3760 AR5211 (69645f795bbc22f05bea8b8734e3ee82) C:\WINDOWS\system32\DRIVERS\ar5211.sys 2011/02/02 10:58:22.0453 3760 Aspi32 (20d04091eba710f6988f710507d85868) C:\WINDOWS\system32\drivers\Aspi32.sys 2011/02/02 10:58:22.0484 3760 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/02/02 10:58:22.0515 3760 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/02/02 10:58:22.0609 3760 ati2mtag (3fff73a29663eda8ec7169a7cfde29f4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/02/02 10:58:22.0656 3760 AtiHdmiService (7e13f3f0f4c4c337a6949a18d1d23089) C:\WINDOWS\system32\drivers\AtiHdmi.sys 2011/02/02 10:58:22.0687 3760 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/02/02 10:58:22.0718 3760 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/02/02 10:58:22.0750 3760 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/02/02 10:58:22.0796 3760 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/02/02 10:58:22.0812 3760 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/02/02 10:58:22.0812 3760 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/02/02 10:58:22.0828 3760 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/02/02 10:58:22.0890 3760 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/02/02 10:58:22.0906 3760 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/02/02 10:58:22.0921 3760 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/02/02 10:58:22.0921 3760 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/02/02 10:58:22.0937 3760 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/02/02 10:58:22.0953 3760 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/02/02 10:58:22.0984 3760 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/02/02 10:58:23.0000 3760 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/02/02 10:58:23.0000 3760 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/02/02 10:58:23.0015 3760 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/02/02 10:58:23.0062 3760 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/02/02 10:58:23.0062 3760 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/02/02 10:58:23.0078 3760 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/02/02 10:58:23.0093 3760 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys 2011/02/02 10:58:23.0109 3760 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/02/02 10:58:23.0140 3760 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/02/02 10:58:23.0171 3760 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys 2011/02/02 10:58:23.0203 3760 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/02/02 10:58:23.0265 3760 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/02/02 10:58:23.0328 3760 ialm (6111dc3ec50beea508d813235c7fdeba) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2011/02/02 10:58:23.0359 3760 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/02/02 10:58:23.0468 3760 IntcAzAudAddService (db01625d8e286cd17b94dcf088713d7f) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/02/02 10:58:23.0515 3760 IntcDAud (a58a567b601866bee62d8dda78e6e101) C:\WINDOWS\system32\DRIVERS\IntcDAud.sys 2011/02/02 10:58:23.0531 3760 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/02/02 10:58:23.0578 3760 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/02/02 10:58:23.0609 3760 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/02/02 10:58:23.0609 3760 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/02/02 10:58:23.0625 3760 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/02/02 10:58:23.0625 3760 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/02/02 10:58:23.0656 3760 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/02/02 10:58:23.0671 3760 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/02/02 10:58:23.0703 3760 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/02/02 10:58:23.0703 3760 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/02/02 10:58:23.0718 3760 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/02/02 10:58:23.0734 3760 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/02/02 10:58:23.0765 3760 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys 2011/02/02 10:58:23.0796 3760 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/02/02 10:58:23.0812 3760 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/02/02 10:58:23.0843 3760 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys 2011/02/02 10:58:23.0875 3760 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/02/02 10:58:23.0890 3760 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/02/02 10:58:23.0953 3760 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/02/02 10:58:23.0984 3760 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/02/02 10:58:24.0031 3760 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/02/02 10:58:24.0046 3760 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/02/02 10:58:24.0093 3760 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/02/02 10:58:24.0109 3760 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/02/02 10:58:24.0125 3760 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/02/02 10:58:24.0125 3760 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/02/02 10:58:24.0140 3760 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/02/02 10:58:24.0156 3760 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/02/02 10:58:24.0171 3760 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/02/02 10:58:24.0203 3760 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/02/02 10:58:24.0218 3760 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/02/02 10:58:24.0250 3760 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/02/02 10:58:24.0250 3760 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/02/02 10:58:24.0265 3760 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/02/02 10:58:24.0281 3760 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/02/02 10:58:24.0312 3760 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/02/02 10:58:24.0359 3760 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/02/02 10:58:24.0515 3760 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/02/02 10:58:24.0671 3760 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/02/02 10:58:24.0671 3760 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/02/02 10:58:24.0703 3760 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/02/02 10:58:24.0703 3760 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/02/02 10:58:24.0734 3760 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/02/02 10:58:24.0750 3760 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/02/02 10:58:24.0750 3760 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/02/02 10:58:24.0796 3760 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/02/02 10:58:24.0843 3760 Point32 (2e3394c8ebf31a9b4f0a531eb5cc7bc7) C:\WINDOWS\system32\DRIVERS\point32.sys 2011/02/02 10:58:24.0859 3760 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/02/02 10:58:24.0875 3760 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/02/02 10:58:24.0875 3760 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/02/02 10:58:24.0921 3760 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/02/02 10:58:24.0937 3760 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/02/02 10:58:24.0937 3760 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/02/02 10:58:24.0953 3760 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/02/02 10:58:24.0953 3760 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/02/02 10:58:24.0968 3760 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/02/02 10:58:25.0031 3760 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/02/02 10:58:25.0062 3760 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/02/02 10:58:25.0093 3760 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/02/02 10:58:25.0140 3760 RTLE8023xp (a1ad65718870dbf2bcb81e3c1406469e) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2011/02/02 10:58:25.0156 3760 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/02/02 10:58:25.0171 3760 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/02/02 10:58:25.0187 3760 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/02/02 10:58:25.0187 3760 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/02/02 10:58:25.0234 3760 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys 2011/02/02 10:58:25.0265 3760 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/02/02 10:58:25.0296 3760 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/02/02 10:58:25.0312 3760 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/02/02 10:58:25.0343 3760 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/02/02 10:58:25.0359 3760 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/02/02 10:58:25.0406 3760 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/02/02 10:58:25.0453 3760 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/02/02 10:58:25.0484 3760 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/02/02 10:58:25.0500 3760 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/02/02 10:58:25.0500 3760 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/02/02 10:58:25.0546 3760 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/02/02 10:58:25.0609 3760 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/02/02 10:58:25.0656 3760 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/02/02 10:58:25.0656 3760 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/02/02 10:58:25.0671 3760 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/02/02 10:58:25.0687 3760 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/02/02 10:58:25.0703 3760 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/02/02 10:58:25.0750 3760 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/02/02 10:58:25.0765 3760 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/02/02 10:58:25.0796 3760 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/02/02 10:58:25.0796 3760 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/02/02 10:58:25.0812 3760 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/02/02 10:58:25.0890 3760 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/02/02 10:58:25.0906 3760 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/02/02 10:58:25.0984 3760 ================================================================================ 2011/02/02 10:58:25.0984 3760 Scan finished 2011/02/02 10:58:25.0984 3760 ================================================================================
  25. I am a paying customer for Malwarebytes Anti-Malware and posted today in your forum regarding a problem I have with outgoing blocks. Grant Gardiner replied to my post, looked at my latest Malwarebytes scan log, and said the blocked outgoing URLs were are Holland and Russia, and asked me to undertake some actions and then to post within this forum, so here I am! I am up to date on my Malwarebytes updates and ran a full system scan today with no malware found (I update daily and run a system scan daily). Here is the original forum thread, which includesnGrant's reply posts:- Thread Basically I am getting outgoing blocks to sites that I am not aware that I have tried to visit, these occur when I go to sites I regularly visit that I have never had an issue with before, such as golf forums, my own website, etc. It seems like when I hit enter to go a regularly visited site the browser also sends an outgoing request to another site as well, which is blocked by Malwarebytes. I am only get the outgoing blocks when I hit enter to go to other websites, and it occurs occasionally, not every time. (I am using Firefox version 3.6.13) I have run the various programs as per his instructions and attached the 4 logs to this post from GMER and Malwarebytes: dds.txt, attach.txt, ark.txt, Malwarebytes latest protection log. Please note: I disabled CD emulation with Defogger as instructed, and it said it finished, but did not give me the option to reboot, so I did this manually. I mention it only in case, while it said it completed, it may not have done so correctly. Thank you in advance for any light you can shed on this. Creo Attach.txt DDS.txt protection_log_2011_01_31.txt ark.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.