DsOperator

Chris, thanks for all. Great company Malwarebytes, and what a professional staff! Will do all you said and report, but if you want you can close this thread - i'm clean! Cheers from Portugal Carlos Filipe Sousa

Hi Screen317. Thanks for getting back! So the ESET online scanner log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.17099 (vista_gdr.110617-1500) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=c4d5a84d2dff3c47996d27ca86936c72 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-09-13 09:49:39 # local_time=2011-09-13 10:49:39 (+0000, GMT Daylight Time) # country="Portugal" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 16775125 100 93 212580 52479950 290204 0 # compatibility_mode=8192 67108863 100 0 9613 9613 0 0 # scanned=120535 # found=0 # cleaned=0 # scan_time=3585 and the Security Checkup logs Results of screen317's Security Check version 0.99.18 Windows XP Service Pack 3 Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Avira AntiVir Personal - Free Antivirus ESET Online Scanner v3 Antivirus up to date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 14 Out of date Java installed! Adobe Flash Player 10.3.183.5 Mozilla Firefox (3.6.22) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe ``````````End of Log```````````` The machine is running smoothly, I think you managed to help on killing every trace of virys/malware I had running. Thanks again, Carlos Filipe, Porto, Portugal

Hello again Mr. Screen317! Thank you, since yesterday no more audio ads popping up, nor web pages ads! I run the Eset unnistaller and it found two entries and removed them. The tdskiller scanned and detected no more objects! Followed the instructions on using Combofix with no issues in my part. reactivated Avira and Malwarebytes Pro and runned again dds.src. Bellow are the logs: TDSKILLER 2011/09/08 23:01:02.0140 3204 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34 2011/09/08 23:01:02.0406 3204 ================================================================================ 2011/09/08 23:01:02.0406 3204 SystemInfo: 2011/09/08 23:01:02.0406 3204 2011/09/08 23:01:02.0406 3204 OS Version: 5.1.2600 ServicePack: 3.0 2011/09/08 23:01:02.0406 3204 Product type: Workstation 2011/09/08 23:01:02.0406 3204 ComputerName: DUAL_OPTERON 2011/09/08 23:01:02.0406 3204 UserName: Avid_RPS 2011/09/08 23:01:02.0406 3204 Windows directory: C:\WINDOWS 2011/09/08 23:01:02.0406 3204 System windows directory: C:\WINDOWS 2011/09/08 23:01:02.0406 3204 Processor architecture: Intel x86 2011/09/08 23:01:02.0406 3204 Number of processors: 2 2011/09/08 23:01:02.0406 3204 Page size: 0x1000 2011/09/08 23:01:02.0406 3204 Boot type: Normal boot 2011/09/08 23:01:02.0406 3204 ================================================================================ 2011/09/08 23:01:02.0750 3204 Initialize success 2011/09/08 23:01:04.0000 0864 ================================================================================ 2011/09/08 23:01:04.0000 0864 Scan started 2011/09/08 23:01:04.0000 0864 Mode: Manual; 2011/09/08 23:01:04.0000 0864 ================================================================================ 2011/09/08 23:01:04.0718 0864 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys 2011/09/08 23:01:04.0890 0864 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/09/08 23:01:05.0015 0864 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/09/08 23:01:05.0156 0864 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys 2011/09/08 23:01:05.0312 0864 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys 2011/09/08 23:01:05.0453 0864 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/09/08 23:01:05.0593 0864 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/09/08 23:01:05.0859 0864 AMDAC97 (18412adb1bcd8d35eb0d8498bdfa2ded) C:\WINDOWS\system32\drivers\AMDAC97.sys 2011/09/08 23:01:05.0984 0864 amdagp8p (dadb544c579b858009ab92114f45c414) C:\WINDOWS\system32\DRIVERS\amdagp8p.sys 2011/09/08 23:01:06.0109 0864 amdbusdr (e8ab90c6b47040185fff01ebc9a70a70) C:\WINDOWS\system32\DRIVERS\amdbusdr.sys 2011/09/08 23:01:06.0250 0864 AMDEIDE (4496e7983a3069cfb377300937638904) C:\WINDOWS\system32\DRIVERS\AmdEide.sys 2011/09/08 23:01:06.0515 0864 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/09/08 23:01:06.0765 0864 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/09/08 23:01:06.0906 0864 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/09/08 23:01:07.0046 0864 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/09/08 23:01:07.0187 0864 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/09/08 23:01:07.0218 0864 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys 2011/09/08 23:01:07.0343 0864 AVCSTRM (e625773d7b950842d582f713656859c0) C:\WINDOWS\system32\DRIVERS\avcstrm.sys 2011/09/08 23:01:07.0453 0864 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/09/08 23:01:07.0593 0864 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/09/08 23:01:07.0921 0864 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/09/08 23:01:08.0078 0864 b57w2k (e5359a62ef537c4c25e364029272b439) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2011/09/08 23:01:08.0218 0864 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/09/08 23:01:08.0359 0864 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/09/08 23:01:08.0515 0864 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/09/08 23:01:08.0656 0864 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/09/08 23:01:08.0796 0864 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/09/08 23:01:08.0937 0864 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/09/08 23:01:09.0250 0864 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys 2011/09/08 23:01:09.0453 0864 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/09/08 23:01:09.0609 0864 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/09/08 23:01:09.0765 0864 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/09/08 23:01:09.0890 0864 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/09/08 23:01:09.0937 0864 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/09/08 23:01:10.0109 0864 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/09/08 23:01:10.0296 0864 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/09/08 23:01:10.0312 0864 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/09/08 23:01:10.0453 0864 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/09/08 23:01:10.0609 0864 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/09/08 23:01:10.0750 0864 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/09/08 23:01:10.0796 0864 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/09/08 23:01:10.0937 0864 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/09/08 23:01:11.0078 0864 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys 2011/09/08 23:01:11.0125 0864 GearAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\drivers\gearaspiwdm.sys 2011/09/08 23:01:11.0265 0864 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/09/08 23:01:11.0421 0864 HDLink (4b0d257cf04bd68500bb035a309b2733) C:\WINDOWS\system32\DRIVERS\HDLink.sys 2011/09/08 23:01:11.0578 0864 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/09/08 23:01:11.0671 0864 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/09/08 23:01:11.0906 0864 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/09/08 23:01:12.0046 0864 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/09/08 23:01:12.0250 0864 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/09/08 23:01:12.0375 0864 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/09/08 23:01:12.0421 0864 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/09/08 23:01:12.0562 0864 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/09/08 23:01:12.0703 0864 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/09/08 23:01:12.0828 0864 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/09/08 23:01:12.0968 0864 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/09/08 23:01:13.0109 0864 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/09/08 23:01:13.0140 0864 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/09/08 23:01:13.0265 0864 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/09/08 23:01:13.0453 0864 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys 2011/09/08 23:01:13.0593 0864 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/09/08 23:01:13.0734 0864 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/09/08 23:01:13.0875 0864 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/09/08 23:01:14.0000 0864 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/09/08 23:01:14.0046 0864 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/09/08 23:01:14.0250 0864 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/09/08 23:01:14.0390 0864 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys 2011/09/08 23:01:14.0562 0864 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/09/08 23:01:14.0671 0864 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/09/08 23:01:14.0796 0864 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/09/08 23:01:14.0828 0864 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/09/08 23:01:14.0953 0864 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/09/08 23:01:15.0000 0864 MSTAPE (5c3f9bdf4db23b75306388fc26a0a8e5) C:\WINDOWS\system32\DRIVERS\mstape.sys 2011/09/08 23:01:15.0109 0864 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/09/08 23:01:15.0156 0864 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/09/08 23:01:15.0281 0864 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/09/08 23:01:15.0421 0864 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/09/08 23:01:15.0468 0864 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/09/08 23:01:15.0578 0864 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/09/08 23:01:15.0625 0864 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/09/08 23:01:15.0765 0864 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/09/08 23:01:15.0828 0864 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/09/08 23:01:15.0953 0864 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/09/08 23:01:16.0093 0864 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/09/08 23:01:16.0265 0864 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/09/08 23:01:16.0390 0864 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys 2011/09/08 23:01:16.0437 0864 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/09/08 23:01:16.0593 0864 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/09/08 23:01:16.0750 0864 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/09/08 23:01:16.0921 0864 nv (26a03ef0da5ae61fc484596d053551bb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/09/08 23:01:17.0218 0864 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/09/08 23:01:17.0234 0864 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/09/08 23:01:17.0296 0864 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/09/08 23:01:17.0421 0864 oreans32 (b99575d16f887883b821d372ff292c20) C:\WINDOWS\system32\drivers\oreans32.sys 2011/09/08 23:01:17.0500 0864 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/09/08 23:01:17.0656 0864 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/09/08 23:01:17.0781 0864 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/09/08 23:01:17.0921 0864 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/09/08 23:01:18.0078 0864 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/09/08 23:01:18.0203 0864 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/09/08 23:01:18.0312 0864 pdiddcci (f3b2d982684e215dd1850814ebb87068) C:\WINDOWS\system32\DRIVERS\pdiddcci.sys 2011/09/08 23:01:18.0625 0864 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/09/08 23:01:18.0750 0864 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/09/08 23:01:18.0875 0864 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/09/08 23:01:18.0906 0864 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/09/08 23:01:19.0031 0864 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/09/08 23:01:19.0250 0864 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/09/08 23:01:19.0390 0864 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/09/08 23:01:19.0593 0864 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/09/08 23:01:19.0718 0864 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/09/08 23:01:19.0781 0864 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/09/08 23:01:19.0906 0864 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/09/08 23:01:19.0968 0864 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/09/08 23:01:20.0109 0864 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/09/08 23:01:20.0250 0864 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/09/08 23:01:20.0328 0864 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys 2011/09/08 23:01:20.0484 0864 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys 2011/09/08 23:01:20.0625 0864 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/09/08 23:01:20.0765 0864 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/09/08 23:01:20.0796 0864 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/09/08 23:01:20.0859 0864 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/09/08 23:01:21.0015 0864 SI3114 (290a287d80de7c75ef6d173b41981ea3) C:\WINDOWS\system32\DRIVERS\SI3114.sys 2011/09/08 23:01:21.0156 0864 SiFilter (77add99b502354b5f8ee6cb55d8982e5) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys 2011/09/08 23:01:21.0203 0864 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/09/08 23:01:21.0359 0864 smwdm (5ac51dba9b3a75d6ca79583edbf23001) C:\WINDOWS\system32\drivers\smwdm.sys 2011/09/08 23:01:21.0703 0864 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/09/08 23:01:21.0843 0864 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/09/08 23:01:21.0968 0864 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/09/08 23:01:22.0125 0864 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/09/08 23:01:22.0171 0864 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/09/08 23:01:22.0312 0864 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/09/08 23:01:22.0437 0864 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/09/08 23:01:22.0625 0864 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/09/08 23:01:22.0781 0864 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/09/08 23:01:22.0906 0864 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/09/08 23:01:23.0031 0864 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/09/08 23:01:23.0062 0864 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/09/08 23:01:23.0250 0864 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/09/08 23:01:23.0421 0864 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/09/08 23:01:23.0703 0864 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/09/08 23:01:23.0875 0864 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/09/08 23:01:24.0015 0864 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/09/08 23:01:24.0140 0864 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/09/08 23:01:24.0328 0864 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/09/08 23:01:24.0453 0864 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/09/08 23:01:24.0734 0864 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/09/08 23:01:24.0875 0864 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/09/08 23:01:25.0000 0864 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/09/08 23:01:25.0093 0864 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/09/08 23:01:25.0234 0864 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/09/08 23:01:25.0484 0864 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/09/08 23:01:25.0625 0864 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/09/08 23:01:25.0671 0864 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/09/08 23:01:25.0765 0864 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/09/08 23:01:25.0859 0864 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 2011/09/08 23:01:25.0953 0864 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1 2011/09/08 23:01:26.0218 0864 Boot (0x1200) (749c164af85e3a2f7ab87b13c645c579) \Device\Harddisk0\DR0\Partition0 2011/09/08 23:01:26.0218 0864 Boot (0x1200) (a4f67c4ba1ed01a95723c6085ffa8e64) \Device\Harddisk1\DR1\Partition0 2011/09/08 23:01:26.0234 0864 ================================================================================ 2011/09/08 23:01:26.0234 0864 Scan finished 2011/09/08 23:01:26.0234 0864 ================================================================================ 2011/09/08 23:01:26.0281 3432 Detected object count: 0 2011/09/08 23:01:26.0281 3432 Actual detected object count: 0 COMBOFIX LOGS ComboFix 11-09-08.03 - Avid_RPS 08-09-2011 23:15:18.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2583 [GMT 1:00] Running from: c:\documents and settings\Avid_RPS\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Avid_RPS\Local Settings\Application Data\ApplicationHistory c:\documents and settings\Avid_RPS\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini c:\documents and settings\Avid_RPS\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.11f1da13.ini c:\documents and settings\Avid_RPS\Local Settings\Application Data\ApplicationHistory\SL7E.tmp.6e678d5e.ini c:\documents and settings\Avid_RPS\Local Settings\Application Data\ApplicationHistory\WinColor.exe.7590d086.ini c:\windows\kb913800.exe c:\windows\system32\mcaacadec.dll c:\windows\system32\Temp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF . . ((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 ))))))))))))))))))))))))))))))) . . 2011-08-24 19:47 . 2011-08-24 19:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer 2011-08-12 10:32 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-12 10:31 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2011-08-10 16:43 . 2011-08-10 16:43 -------- d-----w- c:\program files\Imagineer Systems Ltd . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-12 17:10 . 2011-08-05 12:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-05 08:49 . 2010-12-31 13:40 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-08-05 08:49 . 2010-12-31 13:40 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-07-15 13:29 . 2007-01-20 14:09 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-06 18:52 . 2010-09-18 15:48 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 18:52 . 2010-09-18 15:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 14:10 . 2009-01-31 22:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-21 18:45 . 2007-01-20 14:10 832512 ----a-w- c:\windows\system32\wininet.dll 2011-06-21 18:45 . 2004-08-03 23:56 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-06-21 18:45 . 2004-08-03 23:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-06-21 18:45 . 2004-08-03 23:56 17408 ----a-w- c:\windows\system32\corpol.dll 2011-06-21 11:47 . 2004-08-03 21:59 389120 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2007-01-20 14:10 293376 ----a-w- c:\windows\system32\winsrv.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Avid_RPS\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Avid_RPS\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Avid_RPS\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Avid_RPS\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-03-21 611712] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 5926912] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440] . c:\documents and settings\Avid_RPS\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Avid_RPS\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 05:42 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2005-06-15 16:25 5926912 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2005-06-15 16:25 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-06-24 20:00 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Avid_RPS\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Documents and Settings\\Avid_RPS\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [01-02-2009 18:00 27136] R0 amdbusdr;amdbusdr;c:\windows\system32\drivers\AmdBusDr.sys [01-02-2009 18:00 22656] R0 AMDEIDE;AMD EIDE Driver;c:\windows\system32\drivers\AmdEide.sys [01-02-2009 18:00 37760] R0 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [01-02-2009 17:58 54088] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [24-01-2010 3:48 33824] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [31-12-2010 14:40 136360] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-09-2010 16:48 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-09-2010 16:48 22712] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04-07-2010 11:17 136176] S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\Common Files\BinarySense\disksvc.exe" --> c:\program files\Common Files\BinarySense\disksvc.exe [?] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15-08-2008 6:46 288112] S3 AMDAC97;AMD AC'97 Audio Driver (WDM);c:\windows\system32\drivers\AMDAC97.sys [01-02-2009 18:00 38784] S3 gupdatem;Serviço Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [04-07-2010 11:17 136176] S3 HDLink;Blackmagic Design HDLink Driver;c:\windows\system32\drivers\HDLink.sys [18-11-2009 17:01 38528] . Contents of the 'Scheduled Tasks' folder . 2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 17:33] . 2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 17:33] . 2011-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1563985344-839522115-1003Core.job - c:\documents and settings\Avid_RPS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-15 11:57] . 2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1563985344-839522115-1003UA.job - c:\documents and settings\Avid_RPS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-15 11:57] . 2011-09-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02] . 2011-09-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1563985344-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02] . 2011-09-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1563985344-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02] . 2011-09-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1563985344-839522115-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02] . 2011-09-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02] . 2011-09-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1563985344-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02] . 2011-09-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1563985344-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02] . 2011-09-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1563985344-839522115-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.pt/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all by FlashGet3 - c:\documents and settings\Avid_RPS\Application Data\FlashGetBHO\GetAllUrl.htm IE: Download by FlashGet3 - c:\documents and settings\Avid_RPS\Application Data\FlashGetBHO\GetUrl.htm TCP: DhcpNameServer = 192.168.1.254 192.168.1.254 FF - ProfilePath - c:\documents and settings\Avid_RPS\Application Data\Mozilla\Firefox\Profiles\7ptwuf24.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-09-08 23:22 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-602162358-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E7697BB1-482F-3B8F-F691-69457FDB8DC9}*] "iabkmipdklddfjjmpd"=hex:6b,61,69,6b,63,6a,6b,6f,6c,70,62,65,6d,66,6c,65,6d,6c, 69,61,64,6c,00,00 "halkoggihkmionjd"=hex:6b,61,69,6b,63,6a,6b,6f,6c,70,62,65,6d,66,6c,65,6d,6c, 69,61,64,6c,00,00 . [HKEY_LOCAL_MACHINE\software\Assimilate Inc\Base*] "CheckOut"="NO" "LicDate"="NO" "SRV_STATE"="Closed" "AS_SYS_ID"="e3e4-96ab-739f-5163-1a01-0f45-7dbd-589f" "SSLS_HIGHTIME"="1580934220" "SXD"="14713127 41190" "SSLS_LCLK"="N/A" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:49,ab,e3,ba,cc,c9,01,23,ad,7d,c6,88,3a,99,f6,e8,11,03,3a,6c,94, 45,61,ed,3c,4f,ba,80,49,51,2c,1f,40,ad,2f,28,fe,ec,30,b0,0a,76,71,fd,74,dc,\ . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:49,ab,e3,ba,cc,c9,01,23,ad,7d,c6,88,3a,99,f6,e8,11,03,3a,6c,94, 45,61,ed,3c,4f,ba,80,49,51,2c,1f,40,ad,2f,28,fe,ec,30,b0,0a,76,71,fd,74,dc,\ . [HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F03\4&26dcf72f&0\LogConf] @DACL=(02 0000) "BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\ "BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00, 00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2600) c:\windows\system32\WININET.dll c:\documents and settings\Avid_RPS\Application Data\Dropbox\bin\DropboxExt.14.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-09-08 23:27:27 - machine was rebooted ComboFix-quarantined-files.txt 2011-09-08 22:27 . Pre-Run: 13.862.604.800 bytes free Post-Run: 13.855.526.912 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - D99CB37B35F4A98D350C2415847113A3 DDS LOGS . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 Run by Avid_RPS at 23:44:33 on 2011-09-08 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2582 [GMT 1:00] . AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.pt/ BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe StartupFolder: c:\docume~1\avid_rps\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\avid_rps\application data\dropbox\bin\Dropbox.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all by FlashGet3 - c:\documents and settings\avid_rps\application data\flashgetbho\GetAllUrl.htm IE: Download by FlashGet3 - c:\documents and settings\avid_rps\application data\flashgetbho\GetUrl.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234699789390 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234699777968 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 192.168.1.254 TCP: Interfaces\{ADABA224-7CCB-433B-8327-475D0CD98521} : DhcpNameServer = 192.168.1.254 192.168.1.254 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\avid_rps\application data\mozilla\firefox\profiles\7ptwuf24.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\avid_rps\application data\mozilla\firefox\profiles\7ptwuf24.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - c:\program files\mozilla firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [2009-2-1 27136] R0 amdbusdr;amdbusdr;c:\windows\system32\drivers\AmdBusDr.sys [2009-2-1 22656] R0 AMDEIDE;AMD EIDE Driver;c:\windows\system32\drivers\AmdEide.sys [2009-2-1 37760] R0 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [2009-2-1 54088] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-31 11608] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-1-24 33824] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-31 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-31 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-31 66616] R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-2-3 12672] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-18 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-18 22712] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-4 136176] S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\common files\binarysense\disksvc.exe" --> c:\program files\common files\binarysense\disksvc.exe [?] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112] S3 AMDAC97;AMD AC'97 Audio Driver (WDM);c:\windows\system32\drivers\AMDAC97.sys [2009-2-1 38784] S3 gupdatem;Serviço Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-4 136176] S3 HDLink;Blackmagic Design HDLink Driver;c:\windows\system32\drivers\HDLink.sys [2009-11-18 38528] . =============== Created Last 30 ================ . 2011-09-08 22:14:16 -------- d-sha-r- C:\cmdcons 2011-09-08 22:11:19 98816 ----a-w- c:\windows\sed.exe 2011-09-08 22:11:19 518144 ----a-w- c:\windows\SWREG.exe 2011-09-08 22:11:19 256000 ----a-w- c:\windows\PEV.exe 2011-09-08 22:11:19 208896 ----a-w- c:\windows\MBR.exe 2011-08-12 10:32:07 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-12 10:31:57 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2011-08-10 16:43:03 -------- d-----w- c:\program files\Imagineer Systems Ltd . ==================== Find3M ==================== . 2011-08-12 17:10:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-05 08:49:02 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll 2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-06-21 18:45:57 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-06-21 18:45:57 17408 ----a-w- c:\windows\system32\corpol.dll 2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll . ============= FINISH: 23:44:49,65 =============== Screen317, I hope the main problem is gone now, at least the annoying popups are gone. But this is like taking one's son to the doctor: He may look like he has no virus, but we'll do as the doctor prescribed to the end of the medication! Thanks for you help, Carlos

Hello and thanks for helping! I only had installed ESET online scanner to fix something over an year ago and unninstalled it pronto. I checked now and it was not listed in the unninstall app in control pannel. So right now I deleted the orphanned folders it left. I only have Avira free and Malwarebytes Pro securing the PC. I've run the tdskiller and it found two itens and set to cure. Rebooted and up to now no audio or pages popup, but sometimes it went for over an hour without poping ads... so not sure if it cured it. The logs bellow: first one: 2011/09/07 23:17:01.0031 2988 TDSS rootkit removing tool 2.5.18.0 Sep 5 2011 09:53:09 2011/09/07 23:17:04.0250 2988 Perform update action was selected 2011/09/07 23:17:04.0250 2820 Deinitialize success and second one: 2011/09/07 23:17:40.0093 0468 TDSS rootkit removing tool 2.5.19.0 Sep 6 2011 19:23:56 2011/09/07 23:17:40.0265 0468 ================================================================================ 2011/09/07 23:17:40.0265 0468 SystemInfo: 2011/09/07 23:17:40.0265 0468 2011/09/07 23:17:40.0265 0468 OS Version: 5.1.2600 ServicePack: 3.0 2011/09/07 23:17:40.0265 0468 Product type: Workstation 2011/09/07 23:17:40.0265 0468 ComputerName: DUAL_OPTERON 2011/09/07 23:17:40.0265 0468 UserName: Avid_RPS 2011/09/07 23:17:40.0265 0468 Windows directory: C:\WINDOWS 2011/09/07 23:17:40.0265 0468 System windows directory: C:\WINDOWS 2011/09/07 23:17:40.0265 0468 Processor architecture: Intel x86 2011/09/07 23:17:40.0265 0468 Number of processors: 2 2011/09/07 23:17:40.0265 0468 Page size: 0x1000 2011/09/07 23:17:40.0265 0468 Boot type: Normal boot 2011/09/07 23:17:40.0265 0468 ================================================================================ 2011/09/07 23:17:40.0625 0468 Initialize success 2011/09/07 23:17:48.0593 1612 ================================================================================ 2011/09/07 23:17:48.0593 1612 Scan started 2011/09/07 23:17:48.0593 1612 Mode: Manual; 2011/09/07 23:17:48.0593 1612 ================================================================================ 2011/09/07 23:17:49.0046 1612 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys 2011/09/07 23:17:49.0468 1612 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/09/07 23:17:49.0609 1612 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/09/07 23:17:49.0796 1612 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys 2011/09/07 23:17:50.0093 1612 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys 2011/09/07 23:17:50.0250 1612 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/09/07 23:17:50.0468 1612 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/09/07 23:17:50.0718 1612 AMDAC97 (18412adb1bcd8d35eb0d8498bdfa2ded) C:\WINDOWS\system32\drivers\AMDAC97.sys 2011/09/07 23:17:50.0859 1612 amdagp8p (dadb544c579b858009ab92114f45c414) C:\WINDOWS\system32\DRIVERS\amdagp8p.sys 2011/09/07 23:17:50.0984 1612 amdbusdr (e8ab90c6b47040185fff01ebc9a70a70) C:\WINDOWS\system32\DRIVERS\amdbusdr.sys 2011/09/07 23:17:51.0140 1612 AMDEIDE (4496e7983a3069cfb377300937638904) C:\WINDOWS\system32\DRIVERS\AmdEide.sys 2011/09/07 23:17:51.0609 1612 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/09/07 23:17:52.0140 1612 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/09/07 23:17:52.0296 1612 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/09/07 23:17:52.0578 1612 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/09/07 23:17:52.0765 1612 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/09/07 23:17:52.0921 1612 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys 2011/09/07 23:17:53.0093 1612 AVCSTRM (e625773d7b950842d582f713656859c0) C:\WINDOWS\system32\DRIVERS\avcstrm.sys 2011/09/07 23:17:53.0203 1612 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/09/07 23:17:53.0375 1612 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/09/07 23:17:53.0531 1612 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/09/07 23:17:53.0703 1612 b57w2k (e5359a62ef537c4c25e364029272b439) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2011/09/07 23:17:53.0906 1612 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/09/07 23:17:54.0093 1612 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/09/07 23:17:54.0234 1612 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/09/07 23:17:54.0515 1612 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/09/07 23:17:54.0671 1612 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/09/07 23:17:54.0828 1612 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/09/07 23:17:55.0453 1612 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys 2011/09/07 23:17:55.0687 1612 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/09/07 23:17:55.0890 1612 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/09/07 23:17:56.0062 1612 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/09/07 23:17:56.0234 1612 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/09/07 23:17:56.0406 1612 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/09/07 23:17:56.0687 1612 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/09/07 23:17:56.0906 1612 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/09/07 23:17:57.0062 1612 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/09/07 23:17:57.0250 1612 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/09/07 23:17:57.0484 1612 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/09/07 23:17:57.0703 1612 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/09/07 23:17:57.0875 1612 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/09/07 23:17:58.0031 1612 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/09/07 23:17:58.0171 1612 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys 2011/09/07 23:17:58.0296 1612 GearAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\drivers\gearaspiwdm.sys 2011/09/07 23:17:58.0484 1612 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/09/07 23:17:58.0687 1612 HDLink (4b0d257cf04bd68500bb035a309b2733) C:\WINDOWS\system32\DRIVERS\HDLink.sys 2011/09/07 23:17:58.0859 1612 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/09/07 23:17:59.0187 1612 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/09/07 23:17:59.0750 1612 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/09/07 23:17:59.0906 1612 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/09/07 23:18:00.0328 1612 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/09/07 23:18:00.0515 1612 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/09/07 23:18:00.0625 1612 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/09/07 23:18:00.0781 1612 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/09/07 23:18:00.0937 1612 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/09/07 23:18:01.0078 1612 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/09/07 23:18:01.0234 1612 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/09/07 23:18:01.0421 1612 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/09/07 23:18:01.0593 1612 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/09/07 23:18:01.0734 1612 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/09/07 23:18:02.0031 1612 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys 2011/09/07 23:18:02.0203 1612 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/09/07 23:18:02.0359 1612 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/09/07 23:18:02.0546 1612 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/09/07 23:18:02.0703 1612 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/09/07 23:18:03.0015 1612 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/09/07 23:18:03.0187 1612 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/09/07 23:18:03.0328 1612 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys 2011/09/07 23:18:03.0468 1612 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/09/07 23:18:03.0593 1612 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/09/07 23:18:03.0765 1612 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/09/07 23:18:03.0937 1612 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/09/07 23:18:04.0109 1612 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/09/07 23:18:04.0265 1612 MSTAPE (5c3f9bdf4db23b75306388fc26a0a8e5) C:\WINDOWS\system32\DRIVERS\mstape.sys 2011/09/07 23:18:04.0453 1612 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/09/07 23:18:04.0609 1612 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/09/07 23:18:04.0765 1612 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/09/07 23:18:04.0921 1612 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/09/07 23:18:05.0078 1612 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/09/07 23:18:05.0218 1612 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/09/07 23:18:05.0375 1612 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/09/07 23:18:05.0531 1612 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/09/07 23:18:05.0687 1612 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/09/07 23:18:05.0843 1612 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/09/07 23:18:06.0046 1612 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/09/07 23:18:06.0234 1612 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/09/07 23:18:06.0421 1612 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys 2011/09/07 23:18:06.0593 1612 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/09/07 23:18:06.0765 1612 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/09/07 23:18:06.0921 1612 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/09/07 23:18:07.0187 1612 nv (26a03ef0da5ae61fc484596d053551bb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/09/07 23:18:07.0500 1612 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/09/07 23:18:07.0671 1612 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/09/07 23:18:07.0843 1612 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/09/07 23:18:08.0000 1612 oreans32 (b99575d16f887883b821d372ff292c20) C:\WINDOWS\system32\drivers\oreans32.sys 2011/09/07 23:18:08.0156 1612 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/09/07 23:18:08.0312 1612 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/09/07 23:18:08.0484 1612 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/09/07 23:18:08.0640 1612 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/09/07 23:18:08.0968 1612 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/09/07 23:18:09.0078 1612 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/09/07 23:18:09.0515 1612 pdiddcci (f3b2d982684e215dd1850814ebb87068) C:\WINDOWS\system32\DRIVERS\pdiddcci.sys 2011/09/07 23:18:09.0843 1612 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/09/07 23:18:10.0000 1612 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/09/07 23:18:10.0156 1612 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/09/07 23:18:10.0312 1612 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/09/07 23:18:10.0515 1612 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/09/07 23:18:11.0328 1612 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/09/07 23:18:11.0515 1612 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/09/07 23:18:11.0671 1612 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/09/07 23:18:11.0843 1612 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/09/07 23:18:12.0015 1612 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/09/07 23:18:12.0171 1612 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/09/07 23:18:12.0343 1612 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/09/07 23:18:12.0531 1612 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/09/07 23:18:12.0687 1612 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/09/07 23:18:12.0875 1612 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys 2011/09/07 23:18:13.0062 1612 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys 2011/09/07 23:18:13.0234 1612 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/09/07 23:18:13.0421 1612 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/09/07 23:18:13.0578 1612 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/09/07 23:18:13.0765 1612 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/09/07 23:18:13.0937 1612 SI3114 (290a287d80de7c75ef6d173b41981ea3) C:\WINDOWS\system32\DRIVERS\SI3114.sys 2011/09/07 23:18:14.0125 1612 SiFilter (77add99b502354b5f8ee6cb55d8982e5) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys 2011/09/07 23:18:14.0421 1612 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/09/07 23:18:14.0625 1612 smwdm (5ac51dba9b3a75d6ca79583edbf23001) C:\WINDOWS\system32\drivers\smwdm.sys 2011/09/07 23:18:14.0796 1612 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/09/07 23:18:14.0953 1612 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/09/07 23:18:15.0125 1612 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/09/07 23:18:15.0296 1612 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/09/07 23:18:15.0468 1612 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/09/07 23:18:15.0609 1612 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/09/07 23:18:15.0796 1612 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/09/07 23:18:16.0625 1612 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/09/07 23:18:16.0796 1612 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/09/07 23:18:16.0937 1612 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/09/07 23:18:17.0078 1612 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/09/07 23:18:17.0234 1612 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/09/07 23:18:17.0593 1612 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/09/07 23:18:17.0875 1612 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/09/07 23:18:18.0062 1612 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/09/07 23:18:18.0234 1612 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/09/07 23:18:18.0390 1612 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/09/07 23:18:18.0546 1612 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/09/07 23:18:18.0703 1612 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/09/07 23:18:18.0859 1612 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/09/07 23:18:19.0062 1612 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/09/07 23:18:19.0218 1612 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/09/07 23:18:19.0437 1612 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/09/07 23:18:19.0609 1612 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/09/07 23:18:19.0906 1612 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/09/07 23:18:20.0187 1612 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/09/07 23:18:20.0375 1612 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/09/07 23:18:20.0515 1612 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/09/07 23:18:20.0640 1612 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/09/07 23:18:20.0734 1612 MBR (0x1B8) (56c545673a143e70bb6729220c7ef69a) \Device\Harddisk0\DR0 2011/09/07 23:18:20.0750 1612 \Device\Harddisk0\DR0 - detected Trojan-Clicker.Win32.Wistler.a (0) 2011/09/07 23:18:20.0781 1612 MBR (0x1B8) (56c545673a143e70bb6729220c7ef69a) \Device\Harddisk1\DR1 2011/09/07 23:18:20.0796 1612 \Device\Harddisk1\DR1 - detected Trojan-Clicker.Win32.Wistler.a (0) 2011/09/07 23:18:20.0812 1612 Boot (0x1200) (749c164af85e3a2f7ab87b13c645c579) \Device\Harddisk0\DR0\Partition0 2011/09/07 23:18:20.0843 1612 Boot (0x1200) (3e3ff2631ef9da747e2d44d44b3a2090) \Device\Harddisk1\DR1\Partition0 2011/09/07 23:18:20.0875 1612 ================================================================================ 2011/09/07 23:18:20.0875 1612 Scan finished 2011/09/07 23:18:20.0875 1612 ================================================================================ 2011/09/07 23:18:20.0906 1520 Detected object count: 2 2011/09/07 23:18:20.0906 1520 Actual detected object count: 2 2011/09/07 23:18:34.0187 1520 \Device\Harddisk0\DR0 (Trojan-Clicker.Win32.Wistler.a) - will be cured after reboot 2011/09/07 23:18:34.0187 1520 \Device\Harddisk0\DR0 - ok 2011/09/07 23:18:34.0187 1520 Trojan-Clicker.Win32.Wistler.a(\Device\Harddisk0\DR0) - User select action: Cure 2011/09/07 23:18:34.0203 1520 \Device\Harddisk1\DR1 (Trojan-Clicker.Win32.Wistler.a) - will be cured after reboot 2011/09/07 23:18:34.0203 1520 \Device\Harddisk1\DR1 - ok 2011/09/07 23:18:34.0203 1520 Trojan-Clicker.Win32.Wistler.a(\Device\Harddisk1\DR1) - User select action: Cure 2011/09/07 23:18:40.0609 2732 Deinitialize success now the contents of the DDS log: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 Run by Avid_RPS at 23:25:37 on 2011-09-07 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2544 [GMT 1:00] . AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *Enabled* . ============== Running Processes =============== . C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.pt/ BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File uRun: [EPSON PX650 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifme.exe /fu "c:\docume~1\avid_rps\locals~1\temp\E_S15.tmp" /EF "HKCU" mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [EPSON PX650 Series on dual_opteron (from KLAU-ASUS)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifme.exe /fu "c:\windows\temp\E_S8.tmp" /EF "HKCU" dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe StartupFolder: c:\docume~1\avid_rps\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\avid_rps\application data\dropbox\bin\Dropbox.exe uPolicies-explorer: DisallowRun = 1 (0x1) uPolicies-disallowrun: 1 = avnotify.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all by FlashGet3 - c:\documents and settings\avid_rps\application data\flashgetbho\GetAllUrl.htm IE: Download by FlashGet3 - c:\documents and settings\avid_rps\application data\flashgetbho\GetUrl.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234699789390 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234699777968 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 192.168.1.254 TCP: Interfaces\{ADABA224-7CCB-433B-8327-475D0CD98521} : DhcpNameServer = 192.168.1.254 192.168.1.254 Notify: Antiwpa - antiwpa.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\avid_rps\application data\mozilla\firefox\profiles\7ptwuf24.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\avid_rps\application data\mozilla\firefox\profiles\7ptwuf24.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\avid_rps\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - c:\program files\mozilla firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [2009-2-1 27136] R0 amdbusdr;amdbusdr;c:\windows\system32\drivers\AmdBusDr.sys [2009-2-1 22656] R0 AMDEIDE;AMD EIDE Driver;c:\windows\system32\drivers\AmdEide.sys [2009-2-1 37760] R0 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [2009-2-1 54088] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-31 11608] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-1-24 33824] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-31 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-31 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-31 66616] R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-2-3 12672] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-18 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-18 22712] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-4 136176] S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\common files\binarysense\disksvc.exe" --> c:\program files\common files\binarysense\disksvc.exe [?] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112] S3 AMDAC97;AMD AC'97 Audio Driver (WDM);c:\windows\system32\drivers\AMDAC97.sys [2009-2-1 38784] S3 gupdatem;Serviço Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-4 136176] S3 HDLink;Blackmagic Design HDLink Driver;c:\windows\system32\drivers\HDLink.sys [2009-11-18 38528] . =============== Created Last 30 ================ . 2011-08-12 10:32:07 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-12 10:31:57 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2011-08-10 16:43:03 -------- d-----w- c:\program files\Imagineer Systems Ltd . ==================== Find3M ==================== . 2011-08-12 17:10:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-05 08:49:02 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll 2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-06-21 18:45:57 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-06-21 18:45:57 17408 ----a-w- c:\windows\system32\corpol.dll 2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll . ============= FINISH: 23:26:22,87 =============== Thanks again for following Carlos

Greetings, I'm infected with something... a annoying audio add is poping all the time. Not only this but also some adds pages pop-up for no reason. I'm a post-production professional, I need audio on my speakers all the time, and loud. This machine is the one I use to browse online and now is infected. I've been following the instructions on the topic "I'm infected - What do I do now?". Actions taken: MalwarebytePro updated, full scan Avira free updated, full scan Run dds.scr and GMER. My Malwarebytes Log: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7658 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 05-09-2011 20:40:10 mbam-log-2011-09-05 (20-40-09).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 331874 Time elapsed: 1 hour(s), 49 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) My malwarebytes protection log contents: 21:38:07 Avid_RPS MESSAGE IP Protection started successfully 21:51:09 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 21:51:12 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 21:51:18 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 21:57:02 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 21:57:05 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 21:57:11 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 22:21:44 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 22:21:47 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 22:21:53 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 22:27:37 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 22:27:40 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 22:27:46 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 22:52:20 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 22:52:23 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 22:52:28 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 22:58:12 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 22:58:15 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 22:58:21 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 23:22:57 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 23:22:59 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 23:23:05 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 23:28:48 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 23:28:51 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) 23:28:57 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing) The dds.txt contents: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 Run by Avid_RPS at 0:03:15 on 2011-09-06 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2541 [GMT 1:00] . AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *Enabled* . ============== Running Processes =============== . C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe svchost.exe 4 C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe svchost.exe 4 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Documents and Settings\Avid_RPS\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe C:\WINDOWS\system32\ctfmon.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.pt/ BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File uRun: [Google Update] "c:\documents and settings\avid_rps\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [EPSON PX650 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifme.exe /fu "c:\docume~1\avid_rps\locals~1\temp\E_S15.tmp" /EF "HKCU" mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [EPSON PX650 Series on dual_opteron (from KLAU-ASUS)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifme.exe /fu "c:\windows\temp\E_S8.tmp" /EF "HKCU" dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe StartupFolder: c:\docume~1\avid_rps\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\avid_rps\application data\dropbox\bin\Dropbox.exe uPolicies-explorer: DisallowRun = 1 (0x1) uPolicies-disallowrun: 1 = avnotify.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all by FlashGet3 - c:\documents and settings\avid_rps\application data\flashgetbho\GetAllUrl.htm IE: Download by FlashGet3 - c:\documents and settings\avid_rps\application data\flashgetbho\GetUrl.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234699789390 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234699777968 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: Antiwpa - antiwpa.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\avid_rps\application data\mozilla\firefox\profiles\7ptwuf24.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\avid_rps\application data\mozilla\firefox\profiles\7ptwuf24.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\avid_rps\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - c:\program files\mozilla firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [2009-2-1 27136] R0 amdbusdr;amdbusdr;c:\windows\system32\drivers\AmdBusDr.sys [2009-2-1 22656] R0 AMDEIDE;AMD EIDE Driver;c:\windows\system32\drivers\AmdEide.sys [2009-2-1 37760] R0 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [2009-2-1 54088] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-31 11608] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-1-24 33824] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-31 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-31 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-31 66616] R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-2-3 12672] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-18 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-18 22712] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-4 136176] S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\common files\binarysense\disksvc.exe" --> c:\program files\common files\binarysense\disksvc.exe [?] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112] S3 AMDAC97;AMD AC'97 Audio Driver (WDM);c:\windows\system32\drivers\AMDAC97.sys [2009-2-1 38784] S3 gupdatem;Serviço Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-4 136176] S3 HDLink;Blackmagic Design HDLink Driver;c:\windows\system32\drivers\HDLink.sys [2009-11-18 38528] . =============== Created Last 30 ================ . 2011-08-12 10:32:07 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-12 10:31:57 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2011-08-10 16:43:03 -------- d-----w- c:\program files\Imagineer Systems Ltd . ==================== Find3M ==================== . 2011-08-12 17:10:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-05 08:49:02 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll 2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-06-21 18:45:57 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-06-21 18:45:57 17408 ----a-w- c:\windows\system32\corpol.dll 2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS AmdEide.sys c:\windows\system32\drivers\AmdEide.sys AMD Corporation AMD IDE Bus Mastering 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AA74890] 3 CLASSPNP[0xBA128FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000072[0x8AA7B880] 5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Scsi\AMDEIDE1Port1Path0Target0Lun0[0x8AA7B998] kernel: MBR read successfully _asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x80; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x61e; } user != kernel MBR !!! . ============= FINISH: 0:03:58,31 =============== I've read some posts of others with problems and being no stranger to technology...this is realy confusing how you guys read those logs... If any good soul can provide a help to kill this annoying audio add poping up all the time, I would thank you. Regards, Carlos Filipe, Porto, Portugal attach.zip