Jump to content

Recommended Posts

Windows XP SP3, Malwarebytes 1.60.1.1000 Free Edition, Avast Antivirus 6.0.1367 Free Edition and Advanced System Care Pro 5.1.0

The above programs are fully up to date.

The problem is as follows. When I go to my iGoogle homepage in Firefox or Win IE, I keep getting a popup balloon saying that Malwarebytes has successfully blocked access to a potentially malicious website. TYPE:OUTGOING

The IP address given is normally 79.133.196.104. I have done a search for this address and it seems to be a website in Warsaw, Poland, owned by eTOPSp Zo.o. I sometimes get another IP address which is traced to a site in the Ukraine.

I have done a full scan of my PC with Malwarebytes, Spybot and Avast. Only Spybot found an infection but cleaning it has not made any difference. I have also run CCleaner and done a full scan with Advanced System Care but the pop ups from Maywarebytes still persist.

I have made the changes to Avast which are recommended here so that there is no conflict between Malwarebytes and Avast.

I downloaded and ran tdskiller but this also found nothing.

I can’t think of anything else to do!!

If Malwarebytes is stating that the Type is Outgoing, does this mean that some program on my PC is trying to get access to a malicious website? If so, why can’t any of the programs I have tried find it?

Link to post
Share on other sites

If Malwarebytes is stating that the Type is Outgoing, does this mean that some program on my PC is trying to get access to a malicious website? If so, why can’t any of the programs I have tried find it?

This is not always ture, I get the same message on my system from time to time and MB is doing it's job.

Lets see what we can find.

-------------------------------

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.

-----------------------------

also please do this:

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Link to post
Share on other sites

Original Post ...............

Windows XP SP3, Malwarebytes 1.60.1.1000 Free Edition, Avast Antivirus 6.0.1367 Free Edition and Advanced System Care Pro 5.1.0

The above programs are fully up to date.

The problem is as follows. When I go to my iGoogle homepage in Firefox or Win IE, I keep getting a popup balloon saying that Malwarebytes has successfully blocked access to a potentially malicious website. TYPE:OUTGOING

The IP address given is normally 79.133.196.104. I have done a search for this address and it seems to be a website in Warsaw, Poland, owned by eTOPSp Zo.o. I sometimes get another IP address which is traced to a site in the Ukraine.

I have done a full scan of my PC with Malwarebytes, Spybot and Avast. Only Spybot found an infection but cleaning it has not made any difference. I have also run CCleaner and done a full scan with Advanced System Care but the pop ups from Maywarebytes still persist.

I have made the changes to Avast which are recommended here so that there is no conflict between Malwarebytes and Avast.

I downloaded and ran tdskiller but this also found nothing.

I can’t think of anything else to do!!

If Malwarebytes is stating that the Type is Outgoing, does this mean that some program on my PC is trying to get access to a malicious website? If so, why can’t any of the programs I have tried find it?

Snip/

I have scanned my PC as suggested by Mr C and am pasting the results below.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by Brendan O'Mahony at 21:12:21 on 2012-02-25

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2389 [GMT 0:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe

C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\EHOME\EHTRAY.EXE

C:\WINDOWS\SYSTEM32\DLA\DLACTRLW.EXE

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/ig?refresh=1

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Advertising Cookie Opt-out: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - c:\program files\google\advertising cookie opt-out\opt_out.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\brendan o'mahony\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] ; "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [bitTorrent DNA] ; "c:\program files\dna\btdna.exe"

uRun: [Creative Detector] ; "c:\program files\creative\mediasource\detector\CTDetect.exe" /R

uRun: [kdx] ;

uRun: [MSMSGS] ; "c:\program files\messenger\msmsgs.exe" /background

uRun: [swg] ;

uRun: [updateMgr] ;

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Adobe ARM] ; "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] ; "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [AppleSyncNotifier] ;

mRun: [CanonSolutionMenu] ;

mRun: [CTSysVol] ; "c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe" /r

mRun: [DMXLauncher] ; "c:\program files\dell\media experience\DMXLauncher.exe"

mRun: [Easy-PrintToolBox] ;

mRun: [iSTray] ;

mRun: [iSUSPM Startup] ; "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iTunesHelper] ;

mRun: [MSKDetectorExe] ;

mRun: [NeroFilterCheck] ; c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [QuickTime Task] ; "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sDTray] ;

mRun: [sigmatelSysTrayApp] ; stsystra.exe

mRun: [sunJavaUpdateSched] ; "c:\program files\common files\java\java update\jusched.exe"

mRun: [updReg] ; c:\windows\UpdReg.EXE

mRun: [userFaultCheck] ;

mRun: [KORG USB-MIDI Driver] c:\program files\korg\korg usb-midi driver\EsHelper2.exe /s

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\brenda~1\startm~1\programs\startup\windates.lnk - c:\program files\windates\WinDates.exe

IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

Trusted Zone: exam2score.com\www

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.euro.dell.com/systemprofiler/SysPro.CAB

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://homebase.2020.net/Core/Player/2020PlayerAX_Win32.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - hxxp://www.devalvr.com/instalacion/plugin/devalvrplugin.php

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165595934929

DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://bq.kp.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://202.139.104.2/activex/AxisCamControl.cab

DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://216.123.238.206/activex/AMC.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://edexcel.webex.com/client/T25L/support/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab

DPF: {FE8FE5F0-E1EE-4ACD-81E0-2A6CFECB8431} - hxxp://downloads.e-marking.eu.com/ePenClientSpec.ocx

TCP: Interfaces\{29B39846-0902-49E5-B96A-2F1FC54E9A72} : DhcpNameServer = 208.67.220.220,208.67.222.222

TCP: Interfaces\{58C0D046-5A3A-4A04-ACAD-AF80A584954F} : NameServer = 212.159.13.49,8.8.8.8

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages = :\WINDOW

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\brendan o'mahony\application data\mozilla\firefox\profiles\88e1vnko.new profile\

FF - prefs.js: browser.startup.homepage - hxxp://www.avast.com/en-gb/index

FF - plugin: c:\documents and settings\brendan o'mahony\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll

.

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

============= SERVICES / DRIVERS ===============

.

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-12 56208]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-21 610648]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-21 337112]

R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-12 71440]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-12 164112]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-2 497496]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-21 20696]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-21 44768]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-9-5 21992]

R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2012-2-24 821592]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-4 652360]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-12 931640]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-4 20464]

R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\RapportIaso.sys [2011-11-12 21520]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-8 135664]

S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [2007-2-17 133504]

S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2011-9-24 384576]

S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2011-9-24 39488]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-9-10 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]

S3 DCamUSBSvis;AXIA Stream Driver;c:\windows\system32\drivers\svstream.sys --> c:\windows\system32\drivers\svstream.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-8 135664]

S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2012-1-25 24056]

S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2012-2-24 30368]

S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2012-2-24 16208]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-8-16 14336]

S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2012-2-24 246816]

.

=============== Created Last 30 ================

.

2012-02-19 17:04:00 -------- dc-h--w- c:\documents and settings\all users\application data\{E51ADF6A-7916-46B4-96C1-40D98D096077}

2012-02-19 17:02:10 -------- d-----w- c:\documents and settings\brendan o'mahony\local settings\application data\PackageAware

2012-02-17 16:37:05 -------- dc-h--w- c:\documents and settings\all users\application data\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}

2012-02-17 16:36:55 -------- d-----w- c:\documents and settings\all users\application data\Native Instruments

2012-02-17 16:09:11 -------- dc-h--w- c:\documents and settings\all users\application data\{47960B9E-9E4E-438D-AA0C-2F495913AD7E}

2012-02-17 15:34:56 -------- d-----w- c:\documents and settings\brendan o'mahony\local settings\application data\Native Instruments

2012-02-17 15:34:29 -------- dc-h--w- c:\documents and settings\all users\application data\{CC6D9D89-7E76-4C53-AFA7-F1BE52920BC2}

2012-02-17 15:32:38 -------- d-----w- c:\program files\common files\Native Instruments

2012-02-17 15:32:11 -------- d-----w- c:\program files\Native Instruments

2012-02-15 12:41:32 3072 ------w- c:\windows\system32\iacenc.dll

2012-02-15 12:41:32 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

2012-02-12 16:23:13 -------- d-sh--w- C:\found.000

2012-02-12 15:38:10 -------- d-----w- c:\documents and settings\brendan o'mahony\application data\Fender

2012-02-12 15:33:33 -------- d-----w- c:\program files\Fender

2012-02-12 14:19:19 -------- d-----w- c:\windows\nview

2012-02-12 14:19:17 208896 ----a-w- c:\windows\system32\nvudisp.exe

2012-02-11 14:09:15 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-02-11 14:09:15 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-11 13:57:18 -------- d-----w- c:\windows\system32\FxsTmp

2012-02-11 13:28:34 -------- d-----w- c:\documents and settings\brendan o'mahony\application data\ElevatedDiagnostics

2012-02-05 13:21:28 -------- d-----w- c:\documents and settings\brendan o'mahony\application data\TeamViewer

2012-02-05 13:21:21 -------- d-----w- c:\program files\TeamViewer

2012-02-02 22:50:56 -------- d-----w- c:\documents and settings\brendan o'mahony\local settings\application data\Babylon

2012-02-02 22:50:53 -------- d-----w- c:\documents and settings\brendan o'mahony\application data\Babylon

2012-02-02 22:50:53 -------- d-----w- c:\documents and settings\all users\application data\Babylon

2012-02-02 22:50:40 -------- d-----w- c:\documents and settings\brendan o'mahony\application data\ExpressFiles

2012-02-02 19:53:03 -------- d-----w- c:\documents and settings\brendan o'mahony\local settings\application data\eLicenser

2012-02-01 17:11:23 163840 ----a-w- c:\windows\system32\PhotoImpression Screen Saver.scr

2012-01-27 19:26:28 -------- d-----w- c:\documents and settings\brendan o'mahony\application data\KORG

2012-01-27 19:25:46 -------- d-----w- c:\program files\Vstplugins

2012-01-27 19:25:44 -------- d-----w- c:\program files\common files\Digidesign

2012-01-27 19:25:44 -------- d-----w- c:\documents and settings\all users\application data\KORG

.

==================== Find3M ====================

.

2012-02-23 16:23:26 41184 ----a-w- c:\windows\avastSS.scr

2012-02-23 16:12:28 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-01-27 19:07:44 73 ----a-w- c:\windows\system32\ssprs.dll

2012-01-27 19:07:44 339 ----a-w- c:\windows\system32\lsprst7.dll

2012-01-26 17:41:31 1025 ----a-w- c:\windows\system32\clauth2.dll

2012-01-26 17:41:31 1025 ----a-w- c:\windows\system32\clauth1.dll

2012-01-26 17:41:30 1025 ----a-w- c:\windows\system32\sysprs7.dll

2012-01-14 19:48:01 2892 ----a-w- c:\windows\system32\audcon.sys

2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-29 18:00:00 79360 ----a-w- c:\windows\system32\ff_vfw.dll

2011-12-21 18:14:02 151552 ----a-w- c:\windows\system32\ac3acm.acm

2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec

2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2007-10-02 22:06:42 774144 ----a-w- c:\program files\RngInterstitial.dll

.

============= FINISH: 21:12:57.73 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 13/10/2006 16:51:06

System Uptime: 25/02/2012 19:59:55 (2 hours ago)

.

Motherboard: Dell Inc | | 0CT103

Processor: AMD Athlon 64 X2 Dual Core Processor 3800+ | Socket M2 | 2004/1000mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 228 GiB total, 99.358 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1175: 26/01/2012 17:40:00 - Installed KORG M1 Le

RP1176: 27/01/2012 14:06:10 - Installed KORG USB-MIDI Driver Tools for Windows.

RP1177: 27/01/2012 18:21:18 - Removed KORG M1 Le

RP1178: 27/01/2012 18:33:12 - Installed KORG M1 Le

RP1179: 27/01/2012 19:25:35 - Removed KORG M1 Le

RP1180: 27/01/2012 19:25:44 - Installed KORG M1 Le.

RP1181: 30/01/2012 15:27:01 - System Checkpoint

RP1182: 31/01/2012 23:12:16 - System Checkpoint

RP1183: 02/02/2012 19:50:13 - Installed Steinberg Cubase LE AI Elements 6

RP1184: 02/02/2012 19:51:12 - Installed Steinberg Groove Agent ONE Content

RP1185: 02/02/2012 19:51:27 - Installed Steinberg Groove Agent ONE Vintage Beatboxes

RP1186: 02/02/2012 19:51:41 - Installed Steinberg HALion Sonic SE

RP1187: 02/02/2012 19:51:56 - Installed Steinberg HALion Sonic SE Content for Cubase LE AI Elements

RP1188: 05/02/2012 14:42:27 - System Checkpoint

RP1189: 07/02/2012 19:54:54 - System Checkpoint

RP1190: 11/02/2012 13:56:07 - Restore Operation

RP1191: 13/02/2012 16:19:42 - System Checkpoint

RP1192: 14/02/2012 21:34:44 - System Checkpoint

RP1193: 15/02/2012 13:40:56 - Software Distribution Service 3.0

RP1194: 15/02/2012 21:56:29 - Software Distribution Service 3.0

RP1195: 18/02/2012 21:14:28 - System Checkpoint

RP1196: 19/02/2012 17:01:33 - before alpha driver

RP1197: 19/02/2012 17:04:53 - Installed Windows XP winusb0100.

RP1198: 21/02/2012 22:20:10 - System Checkpoint

RP1199: 22/02/2012 23:57:50 - System Checkpoint

.

==== Installed Programs ======================

.

7-Zip 9.20

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 8.3.1

Adobe Shockwave Player 11

Advanced SystemCare 5

AirZip Plug-in for Internet Explorer

Apple Application Support

Apple Software Update

ArcSoft Camera Suite

ASIO4ALL

Athlon 64 Processor Driver

ATI Catalyst Control Center

ATI Display Driver

avast! Free Antivirus

AXIS Media Control Embedded

BEHRINGER USB AUDIO DRIVER

BestPractice (remove only)

BitTorrent

Blazing Angels Squadrons of WWII Demo

Broadcom Management Programs

Cagles Mill Guitar Tuner Version 1.2

CamToPrint

Canon iP4500 series

Canon iP4500 series User Registration

Canon My Printer

CCleaner

CD-LabelPrint

Clear Cache feature for Internet Explorer

Close Combat Invasion Normandy

CM Alpha

Compatibility Pack for the 2007 Office system

CPUID CPU-Z 1.58

Creative Audio Control Panel

Creative Audio Pack

Creative Console Launcher

Creative MediaSource

Creative MediaSource 5

Creative Software AutoUpdate

Creative WaveStudio 7

Dell CinePlayer

Dell Support 3.2

Dell System Restore

DevalVR for Internet Explorer (remove)

DNA

DVDx 2

Easy-WebPrint

eLicenser Control

ePEN Scoring System

EPSON Copy Utility 3

EPSON Smart Panel

EPSON TWAIN 5

Fender FUSE

Fender FUSE 2.5.0.22

FLV Player 1.3.3

FLV Player 2.0 (build 25)

Free Convert M4A to MP3 AMR OGG AAC Converter 5.8

Free FLV Converter V 2.0

Free M4a to MP3 Converter 6.2

Google Advertising Cookie Opt-out

Google Chrome

Google Earth

Google Earth Plug-in

Google Gears

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

GPL MPEG-1/2 DirectShow Decoder Filter

Guitar Guru Version 2.1.2

Hallmark Smilebox

HDtracks Download Manager

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

IObit Malware Fighter

Java Auto Updater

Java 6 Update 24

K-Lite Mega Codec Pack 8.1.0

KORG K-Series Editor

KORG M1 Le

KORG USB-MIDI Driver Tools for Windows

LADSPA_plugins-win-0.4.15

Legacy 6.0

Lexicon Alpha Driver

Lexicon Pantheon VST Plug-in (remove only)

Malwarebytes Anti-Malware version 1.60.1.1000

Manic Miner for Windows 3.01

Master of the Skies - The Red Ace

MCU

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WinUsb 1.0

Microsoft Works

MixMeister BPM Analyzer 1.0

Mozilla Firefox 10.0.2 (x86 en-US)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Native Instruments Kontakt 4

Native Instruments Kontakt Factory Selection

Native Instruments Service Center

Nero 7 Ultra Edition

neroxml

NVIDIA Drivers

Octoshape add-in for Adobe Flash Player

OpenAL

QuickTime

Rapport

REAPER

Roxio DLA

Roxio MyDVD LE

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

SearchAssist

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB982132)

shortcircuit

Sibelius Scorch (ActiveX Only)

SlimCleaner

Sonic Activation Module

Sonic Advanced Decoder

Sonic Encoders

Sonic Update Manager

Sound Blaster ADVANCED MB Drivers

Sound Blaster Audigy ADVANCED MB

Sound Blaster Audigy ADVANCED MB Product Registration

Sound Blaster for Media Center

Soundbytes Obbo (remove only)

SoundFont Bank Manager

Spotify

Steinberg Cubase LE 5

Steinberg Cubase LE AI Elements 6

Steinberg Groove Agent ONE Content

Steinberg Groove Agent ONE Vintage Beatboxes

Steinberg HALion Sonic SE

Steinberg HALion Sonic SE Content for Cubase LE AI Elements

Steinberg HALionOne

Steinberg HALionOne Essential Set

TeamViewer 7

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB2632503)

Update for Windows Internet Explorer 8 (KB971180)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Media Player 10 (KB910393)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB971029)

URL Assistant

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VisualRoute Lite Edition

WebFldrs XP

What's Running 2.2

WinDates

Windows Installer Clean Up

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live OneCare safety scanner

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

Windows Media Player 11

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Service Pack 3

ZxEmulator Standalone Version 1.0

.

==== Event Viewer Messages From Past Week ========

.

25/02/2012 20:03:26, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WMI Performance Adapter service to connect.

25/02/2012 20:03:26, error: Service Control Manager [7000] - The WMI Performance Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

25/02/2012 20:03:26, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ehRecvr with arguments "-Service" in order to run the server: {F4396DC6-E851-4D3A-8D01-34E6949F3500}

23/02/2012 22:38:36, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

23/02/2012 22:21:23, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSnx aswSP aswTdi Fips nvatabus nvraid RapportKELL

23/02/2012 22:20:14, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

23/02/2012 20:11:51, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

23/02/2012 15:46:51, error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

23/02/2012 15:26:26, error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

23/02/2012 13:48:38, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

21/02/2012 13:01:10, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid

21/02/2012 13:01:06, error: Service Control Manager [7001] - The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

21/02/2012 13:01:06, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

20/02/2012 20:45:57, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

20/02/2012 13:26:28, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

20/02/2012 13:26:26, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

19/02/2012 02:41:51, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom1.

.

==== End Of File ===========================

RogueKiller V7.1.0 [02/15/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Brendan O'Mahony [Admin rights]

Mode: Scan -- Date: 02/25/2012 21:15:58

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{58C0D046-5A3A-4A04-ACAD-AF80A584954F} : NameServer (212.159.13.49,8.8.8.8) -> FOUND

[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{58C0D046-5A3A-4A04-ACAD-AF80A584954F} : NameServer (212.159.13.49,8.8.8.8) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[FOLDER] plugs : c:\documents and settings\brendan o'mahony\application data\adobe\plugs --> FOUND

[FOLDER] shed : c:\documents and settings\brendan o'mahony\application data\adobe\shed --> FOUND

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys @ 0xA380B5E0)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP2504C +++++

--- User ---

[MBR] 6fe513b8ee87ab699c5a7155cb2c09f3

[bSP] eb56c44a5e637616a189ce643b9b2203 : MBR Code unknown

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 233601 Mo

3 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 478528155 | Size: 4753 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

OK, please don't start any new posts, stay in this one!!!!

When replying just use:

Reply to this topic and then more reply options, finally Add Reply

----------------------------

Please go to control panels add/remove programs and uninstall:

Advanced SystemCare 5

Here's why:

http://www.systemloo...CService.exe&s=

----------------------------------------------

Please delete your copy of TDSSKiller and download a fresh one and run it like this:

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Link to post
Share on other sites

Hi Mr Charlie,

I've followed your instructions and the report from TDSSKiller is pasted below

13:28:24.0453 3672 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49

13:28:24.0640 3672 ============================================================

13:28:24.0640 3672 Current date / time: 2012/02/26 13:28:24.0640

13:28:24.0640 3672 SystemInfo:

13:28:24.0640 3672

13:28:24.0640 3672 OS Version: 5.1.2600 ServicePack: 3.0

13:28:24.0640 3672 Product type: Workstation

13:28:24.0640 3672 ComputerName: DHWC6J2J

13:28:24.0640 3672 UserName: Brendan O'Mahony

13:28:24.0640 3672 Windows directory: C:\WINDOWS

13:28:24.0640 3672 System windows directory: C:\WINDOWS

13:28:24.0640 3672 Processor architecture: Intel x86

13:28:24.0640 3672 Number of processors: 2

13:28:24.0640 3672 Page size: 0x1000

13:28:24.0640 3672 Boot type: Normal boot

13:28:24.0640 3672 ============================================================

13:28:26.0406 3672 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:28:26.0406 3672 \Device\Harddisk0\DR0:

13:28:26.0406 3672 MBR used

13:28:26.0406 3672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x1C840B54

13:28:26.0453 3672 Initialize success

13:28:26.0453 3672 ============================================================

13:29:45.0109 3444 ============================================================

13:29:45.0109 3444 Scan started

13:29:45.0109 3444 Mode: Manual; SigCheck; TDLFS;

13:29:45.0109 3444 ============================================================

13:29:45.0484 3444 Aavmker4 (fdba5bb4c8171cda00b2233d5389ee5f) C:\WINDOWS\system32\drivers\Aavmker4.sys

13:29:45.0640 3444 Aavmker4 - ok

13:29:45.0656 3444 Abiosdsk - ok

13:29:45.0687 3444 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

13:29:46.0984 3444 abp480n5 - ok

13:29:47.0046 3444 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:29:47.0203 3444 ACPI - ok

13:29:47.0218 3444 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:29:47.0359 3444 ACPIEC - ok

13:29:47.0500 3444 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

13:29:47.0718 3444 adpu160m - ok

13:29:47.0765 3444 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:29:47.0921 3444 aec - ok

13:29:47.0968 3444 AF05BDA (4c35b9b2d62c1f6f66d07125c7cdbd8b) C:\WINDOWS\system32\drivers\AF05BDA.sys

13:29:48.0000 3444 AF05BDA - ok

13:29:48.0140 3444 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

13:29:48.0156 3444 AFD - ok

13:29:48.0187 3444 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

13:29:48.0328 3444 agp440 - ok

13:29:48.0453 3444 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

13:29:48.0687 3444 agpCPQ - ok

13:29:48.0718 3444 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

13:29:48.0796 3444 Aha154x - ok

13:29:48.0828 3444 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

13:29:49.0000 3444 aic78u2 - ok

13:29:49.0015 3444 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

13:29:49.0187 3444 aic78xx - ok

13:29:49.0390 3444 alcan5wn (293bcaf4ef7afcc4b00d28f75c420356) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys

13:29:49.0421 3444 alcan5wn ( UnsignedFile.Multi.Generic ) - warning

13:29:49.0421 3444 alcan5wn - detected UnsignedFile.Multi.Generic (1)

13:29:49.0468 3444 alcaudsl (bdb16789e789f087b43b5f75032d4fdc) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys

13:29:49.0468 3444 alcaudsl ( UnsignedFile.Multi.Generic ) - warning

13:29:49.0468 3444 alcaudsl - detected UnsignedFile.Multi.Generic (1)

13:29:49.0593 3444 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

13:29:49.0750 3444 AliIde - ok

13:29:49.0859 3444 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

13:29:50.0031 3444 alim1541 - ok

13:29:50.0140 3444 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

13:29:50.0312 3444 amdagp - ok

13:29:50.0437 3444 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

13:29:50.0468 3444 AmdK8 - ok

13:29:50.0593 3444 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

13:29:50.0671 3444 amsint - ok

13:29:50.0718 3444 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

13:29:50.0859 3444 asc - ok

13:29:50.0984 3444 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

13:29:51.0078 3444 asc3350p - ok

13:29:51.0218 3444 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

13:29:51.0375 3444 asc3550 - ok

13:29:51.0531 3444 aswFsBlk (581b82df5dbcc1dda6b775fac0d92472) C:\WINDOWS\system32\drivers\aswFsBlk.sys

13:29:51.0546 3444 aswFsBlk - ok

13:29:51.0671 3444 aswMon2 (4310e0977b48ec9bc5cca6931f806e6d) C:\WINDOWS\system32\drivers\aswMon2.sys

13:29:51.0687 3444 aswMon2 - ok

13:29:51.0718 3444 aswRdr (0b44ee90b3db93582b260a80b28b7ffd) C:\WINDOWS\system32\drivers\aswRdr.sys

13:29:51.0734 3444 aswRdr - ok

13:29:51.0812 3444 aswSnx (ca9601cd277a1e510b80422a40240a95) C:\WINDOWS\system32\drivers\aswSnx.sys

13:29:51.0843 3444 aswSnx - ok

13:29:51.0890 3444 aswSP (05ea22dde5ca7ee3a865046aff2f0229) C:\WINDOWS\system32\drivers\aswSP.sys

13:29:51.0921 3444 aswSP - ok

13:29:51.0953 3444 aswTdi (3ac73a9e7378848d1bde174b4bb39212) C:\WINDOWS\system32\drivers\aswTdi.sys

13:29:51.0968 3444 aswTdi - ok

13:29:52.0000 3444 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:29:52.0171 3444 AsyncMac - ok

13:29:52.0296 3444 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:29:52.0453 3444 atapi - ok

13:29:52.0562 3444 Atdisk - ok

13:29:52.0640 3444 ati2mtag (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

13:29:52.0765 3444 ati2mtag - ok

13:29:52.0812 3444 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:29:52.0984 3444 Atmarpc - ok

13:29:53.0140 3444 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:29:53.0281 3444 audstub - ok

13:29:53.0421 3444 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

13:29:53.0437 3444 bcm4sbxp - ok

13:29:53.0468 3444 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:29:53.0687 3444 Beep - ok

13:29:53.0734 3444 BEHRINGER_2902 (b46ca7a8d52d878408db9554445c41a1) C:\WINDOWS\system32\Drivers\BUSB2902.sys

13:29:53.0765 3444 BEHRINGER_2902 - ok

13:29:53.0781 3444 BUSB_AUDIO_WDM (f1d6ad745dbf94a141d077b6c9e22f00) C:\WINDOWS\system32\drivers\busbwdm.sys

13:29:53.0812 3444 BUSB_AUDIO_WDM - ok

13:29:53.0828 3444 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

13:29:54.0000 3444 cbidf - ok

13:29:54.0171 3444 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:29:54.0328 3444 cbidf2k - ok

13:29:54.0484 3444 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

13:29:54.0734 3444 CCDECODE - ok

13:29:54.0750 3444 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

13:29:54.0828 3444 cd20xrnt - ok

13:29:54.0843 3444 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:29:54.0984 3444 Cdaudio - ok

13:29:55.0031 3444 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

13:29:55.0171 3444 Cdfs - ok

13:29:55.0218 3444 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:29:55.0250 3444 Cdrom - ok

13:29:55.0265 3444 Changer - ok

13:29:55.0296 3444 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

13:29:55.0437 3444 CmdIde - ok

13:29:55.0578 3444 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

13:29:55.0750 3444 Cpqarray - ok

13:29:55.0796 3444 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys

13:29:55.0812 3444 cpuz135 - ok

13:29:55.0968 3444 CT20XUT (b9106942eb5dd0e034ab40a9d48d056e) C:\WINDOWS\system32\drivers\CT20XUT.SYS

13:29:55.0984 3444 CT20XUT - ok

13:29:56.0000 3444 CT20XUT.SYS (b9106942eb5dd0e034ab40a9d48d056e) C:\WINDOWS\System32\drivers\CT20XUT.SYS

13:29:56.0015 3444 CT20XUT.SYS - ok

13:29:56.0156 3444 ctac32k (f2b1d0a3d21bd0d9f46457cbcec1a0e9) C:\WINDOWS\system32\drivers\ctac32k.sys

13:29:56.0187 3444 ctac32k - ok

13:29:56.0234 3444 ctaud2k (44f60a5e3c3a8a6bba4c280948ea6095) C:\WINDOWS\system32\drivers\ctaud2k.sys

13:29:56.0281 3444 ctaud2k - ok

13:29:56.0312 3444 ctdvda2k (8cbe82d6bbf206e144f22cb33fab1f2c) C:\WINDOWS\system32\drivers\ctdvda2k.sys

13:29:56.0343 3444 ctdvda2k - ok

13:29:56.0406 3444 CTEXFIFX (4ae083d16ac9fc9bdf98498f93426226) C:\WINDOWS\system32\drivers\CTEXFIFX.SYS

13:29:56.0468 3444 CTEXFIFX - ok

13:29:56.0500 3444 CTEXFIFX.SYS (4ae083d16ac9fc9bdf98498f93426226) C:\WINDOWS\System32\drivers\CTEXFIFX.SYS

13:29:56.0546 3444 CTEXFIFX.SYS - ok

13:29:56.0562 3444 CTHWIUT (b610bfe02f9fc0cb0b1cde3ec4c13ffa) C:\WINDOWS\system32\drivers\CTHWIUT.SYS

13:29:56.0578 3444 CTHWIUT - ok

13:29:56.0671 3444 CTHWIUT.SYS (b610bfe02f9fc0cb0b1cde3ec4c13ffa) C:\WINDOWS\System32\drivers\CTHWIUT.SYS

13:29:56.0687 3444 CTHWIUT.SYS - ok

13:29:56.0703 3444 ctprxy2k (f0f19a13c948e5289601e354b08e0941) C:\WINDOWS\system32\drivers\ctprxy2k.sys

13:29:56.0718 3444 ctprxy2k - ok

13:29:56.0750 3444 ctsfm2k (c7b2c36a6203a5f3d0a378fd78c5ddd6) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

13:29:56.0781 3444 ctsfm2k - ok

13:29:56.0828 3444 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys

13:29:56.0859 3444 CTUSFSYN - ok

13:29:56.0890 3444 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

13:29:57.0062 3444 dac2w2k - ok

13:29:57.0203 3444 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

13:29:57.0437 3444 dac960nt - ok

13:29:57.0546 3444 DCamUSBSvis - ok

13:29:57.0593 3444 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

13:29:57.0734 3444 Disk - ok

13:29:57.0781 3444 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

13:29:57.0796 3444 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning

13:29:57.0796 3444 DLABOIOM - detected UnsignedFile.Multi.Generic (1)

13:29:57.0812 3444 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

13:29:57.0828 3444 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning

13:29:57.0828 3444 DLACDBHM - detected UnsignedFile.Multi.Generic (1)

13:29:57.0843 3444 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS

13:29:57.0859 3444 DLADResN ( UnsignedFile.Multi.Generic ) - warning

13:29:57.0859 3444 DLADResN - detected UnsignedFile.Multi.Generic (1)

13:29:57.0859 3444 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

13:29:57.0875 3444 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning

13:29:57.0875 3444 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)

13:29:57.0890 3444 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

13:29:57.0890 3444 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning

13:29:57.0890 3444 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)

13:29:57.0906 3444 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

13:29:57.0906 3444 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning

13:29:57.0906 3444 DLAPoolM - detected UnsignedFile.Multi.Generic (1)

13:29:57.0921 3444 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

13:29:57.0937 3444 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning

13:29:57.0937 3444 DLARTL_N - detected UnsignedFile.Multi.Generic (1)

13:29:57.0953 3444 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

13:29:57.0968 3444 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning

13:29:57.0968 3444 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)

13:29:57.0984 3444 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

13:29:58.0000 3444 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning

13:29:58.0000 3444 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)

13:29:58.0046 3444 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

13:29:58.0218 3444 dmboot - ok

13:29:58.0312 3444 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

13:29:58.0484 3444 dmio - ok

13:29:58.0593 3444 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:29:58.0750 3444 dmload - ok

13:29:58.0906 3444 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

13:29:59.0062 3444 DMusic - ok

13:29:59.0203 3444 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

13:29:59.0343 3444 dpti2o - ok

13:29:59.0531 3444 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

13:29:59.0703 3444 drmkaud - ok

13:29:59.0718 3444 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

13:29:59.0750 3444 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning

13:29:59.0750 3444 DRVMCDB - detected UnsignedFile.Multi.Generic (1)

13:29:59.0765 3444 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

13:29:59.0781 3444 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning

13:29:59.0781 3444 DRVNDDM - detected UnsignedFile.Multi.Generic (1)

13:29:59.0890 3444 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

13:29:59.0906 3444 DSproct ( UnsignedFile.Multi.Generic ) - warning

13:29:59.0906 3444 DSproct - detected UnsignedFile.Multi.Generic (1)

13:29:59.0953 3444 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

13:30:00.0125 3444 E100B - ok

13:30:00.0250 3444 emupia (fb2d6d4d14ae801f5267b0368fc0cb0c) C:\WINDOWS\system32\drivers\emupia2k.sys

13:30:00.0265 3444 emupia - ok

13:30:00.0296 3444 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

13:30:00.0453 3444 Fastfat - ok

13:30:00.0578 3444 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

13:30:00.0734 3444 Fdc - ok

13:30:00.0828 3444 FileMonitor (9200a69413d69ab86add9bc81960be7b) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys

13:30:00.0843 3444 FileMonitor - ok

13:30:00.0875 3444 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

13:30:01.0031 3444 Fips - ok

13:30:01.0156 3444 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

13:30:01.0312 3444 Flpydisk - ok

13:30:01.0484 3444 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

13:30:01.0703 3444 FltMgr - ok

13:30:01.0750 3444 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:30:01.0906 3444 Fs_Rec - ok

13:30:01.0937 3444 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:30:02.0109 3444 Ftdisk - ok

13:30:02.0218 3444 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:30:02.0359 3444 Gpc - ok

13:30:02.0578 3444 ha20x2k (7ff1ced1201c169a783b0e81cc561fba) C:\WINDOWS\system32\drivers\ha20x2k.sys

13:30:02.0640 3444 ha20x2k - ok

13:30:02.0703 3444 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

13:30:02.0875 3444 HDAudBus - ok

13:30:03.0031 3444 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:30:03.0171 3444 HidUsb - ok

13:30:03.0296 3444 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

13:30:03.0437 3444 hpn - ok

13:30:03.0593 3444 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:30:03.0625 3444 HTTP - ok

13:30:03.0656 3444 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

13:30:03.0796 3444 i2omgmt - ok

13:30:03.0906 3444 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

13:30:04.0031 3444 i2omp - ok

13:30:04.0203 3444 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:30:04.0359 3444 i8042prt - ok

13:30:04.0515 3444 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:30:04.0718 3444 Imapi - ok

13:30:04.0750 3444 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

13:30:04.0906 3444 ini910u - ok

13:30:04.0921 3444 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

13:30:05.0093 3444 IntelIde - ok

13:30:05.0250 3444 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

13:30:05.0390 3444 intelppm - ok

13:30:05.0546 3444 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

13:30:05.0765 3444 Ip6Fw - ok

13:30:05.0796 3444 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:30:05.0984 3444 IpFilterDriver - ok

13:30:06.0140 3444 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:30:06.0281 3444 IpInIp - ok

13:30:06.0437 3444 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:30:06.0734 3444 IpNat - ok

13:30:06.0781 3444 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:30:06.0937 3444 IPSec - ok

13:30:07.0062 3444 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:30:07.0140 3444 IRENUM - ok

13:30:07.0265 3444 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:30:07.0406 3444 isapnp - ok

13:30:07.0562 3444 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:30:07.0796 3444 Kbdclass - ok

13:30:07.0828 3444 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

13:30:07.0968 3444 kbdhid - ok

13:30:08.0140 3444 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

13:30:08.0296 3444 kmixer - ok

13:30:08.0453 3444 KORGUMDS (50deddce25c89382a23e605eb4e0236b) C:\WINDOWS\system32\Drivers\KORGUMDS.SYS

13:30:08.0484 3444 KORGUMDS - ok

13:30:08.0593 3444 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:30:08.0718 3444 KSecDD - ok

13:30:08.0734 3444 lbrtfdc - ok

13:30:08.0781 3444 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

13:30:08.0796 3444 MBAMProtector - ok

13:30:08.0828 3444 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

13:30:08.0843 3444 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

13:30:08.0843 3444 MHNDRV - detected UnsignedFile.Multi.Generic (1)

13:30:08.0843 3444 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:30:09.0015 3444 mnmdd - ok

13:30:09.0125 3444 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

13:30:09.0296 3444 Modem - ok

13:30:09.0437 3444 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys

13:30:09.0531 3444 monfilt - ok

13:30:09.0687 3444 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:30:09.0843 3444 Mouclass - ok

13:30:10.0015 3444 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:30:10.0156 3444 mouhid - ok

13:30:10.0328 3444 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

13:30:10.0484 3444 MountMgr - ok

13:30:10.0578 3444 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

13:30:10.0828 3444 MPE - ok

13:30:10.0968 3444 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

13:30:11.0140 3444 mraid35x - ok

13:30:11.0250 3444 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:30:11.0421 3444 MRxDAV - ok

13:30:11.0562 3444 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:30:11.0593 3444 MRxSmb - ok

13:30:11.0625 3444 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

13:30:11.0765 3444 Msfs - ok

13:30:11.0890 3444 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:30:12.0062 3444 MSKSSRV - ok

13:30:12.0187 3444 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:30:12.0328 3444 MSPCLOCK - ok

13:30:12.0546 3444 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

13:30:12.0703 3444 MSPQM - ok

13:30:12.0734 3444 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:30:12.0859 3444 mssmbios - ok

13:30:12.0875 3444 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

13:30:13.0031 3444 MSTEE - ok

13:30:13.0187 3444 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

13:30:13.0218 3444 Mup - ok

13:30:13.0343 3444 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

13:30:13.0500 3444 NABTSFEC - ok

13:30:13.0625 3444 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

13:30:13.0796 3444 NDIS - ok

13:30:13.0984 3444 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

13:30:14.0156 3444 NdisIP - ok

13:30:14.0328 3444 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:30:14.0453 3444 NdisTapi - ok

13:30:14.0578 3444 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:30:14.0734 3444 Ndisuio - ok

13:30:14.0734 3444 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:30:14.0890 3444 NdisWan - ok

13:30:15.0046 3444 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

13:30:15.0062 3444 NDProxy - ok

13:30:15.0171 3444 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:30:15.0328 3444 NetBIOS - ok

13:30:15.0390 3444 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:30:15.0546 3444 NetBT - ok

13:30:15.0671 3444 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

13:30:15.0843 3444 Npfs - ok

13:30:15.0890 3444 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

13:30:16.0093 3444 Ntfs - ok

13:30:16.0265 3444 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:30:16.0406 3444 Null - ok

13:30:16.0765 3444 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

13:30:16.0953 3444 nv - ok

13:30:17.0109 3444 nvata (6b37162e91a7005baa753cb611acea2d) C:\WINDOWS\system32\DRIVERS\nvata.sys

13:30:17.0156 3444 nvata - ok

13:30:17.0203 3444 nvatabus (75562456aa672bb5fe56d3c64c6d1c7d) C:\WINDOWS\system32\drivers\nvatabus.sys

13:30:17.0218 3444 nvatabus ( UnsignedFile.Multi.Generic ) - warning

13:30:17.0234 3444 nvatabus - detected UnsignedFile.Multi.Generic (1)

13:30:17.0250 3444 nvraid (1d4781a5957300dc81b91161b45704bb) C:\WINDOWS\system32\drivers\nvraid.sys

13:30:17.0296 3444 nvraid ( UnsignedFile.Multi.Generic ) - warning

13:30:17.0296 3444 nvraid - detected UnsignedFile.Multi.Generic (1)

13:30:17.0328 3444 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:30:17.0468 3444 NwlnkFlt - ok

13:30:17.0625 3444 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:30:17.0781 3444 NwlnkFwd - ok

13:30:17.0953 3444 ossrv (ac5bf1a610effaae9cfc48cb53483f08) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

13:30:17.0968 3444 ossrv - ok

13:30:18.0015 3444 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

13:30:18.0187 3444 Parport - ok

13:30:18.0328 3444 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

13:30:18.0484 3444 PartMgr - ok

13:30:18.0593 3444 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

13:30:18.0750 3444 ParVdm - ok

13:30:18.0859 3444 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

13:30:19.0156 3444 PCI - ok

13:30:19.0296 3444 PCIDump - ok

13:30:19.0390 3444 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

13:30:19.0546 3444 PCIIde - ok

13:30:19.0703 3444 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

13:30:19.0843 3444 Pcmcia - ok

13:30:20.0000 3444 Pcouffin (cd2425fd848e5fa09c9a213da56817a9) C:\WINDOWS\system32\Drivers\Pcouffin.sys

13:30:20.0000 3444 Pcouffin ( UnsignedFile.Multi.Generic ) - warning

13:30:20.0000 3444 Pcouffin - detected UnsignedFile.Multi.Generic (1)

13:30:20.0015 3444 PDCOMP - ok

13:30:20.0031 3444 PDFRAME - ok

13:30:20.0031 3444 PDRELI - ok

13:30:20.0046 3444 PDRFRAME - ok

13:30:20.0171 3444 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

13:30:20.0406 3444 perc2 - ok

13:30:20.0421 3444 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

13:30:20.0593 3444 perc2hib - ok

13:30:20.0750 3444 PfModNT (26b529a374d19e8c61a7943f8466232d) C:\WINDOWS\system32\drivers\PfModNT.sys

13:30:20.0765 3444 PfModNT - ok

13:30:20.0796 3444 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:30:20.0937 3444 PptpMiniport - ok

13:30:20.0984 3444 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

13:30:21.0140 3444 Processor - ok

13:30:21.0281 3444 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

13:30:21.0453 3444 PSched - ok

13:30:21.0578 3444 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:30:21.0734 3444 Ptilink - ok

13:30:21.0781 3444 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

13:30:21.0796 3444 PxHelp20 - ok

13:30:21.0828 3444 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

13:30:21.0968 3444 ql1080 - ok

13:30:22.0093 3444 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

13:30:22.0343 3444 Ql10wnt - ok

13:30:22.0468 3444 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

13:30:22.0703 3444 ql12160 - ok

13:30:22.0718 3444 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

13:30:22.0875 3444 ql1240 - ok

13:30:22.0890 3444 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

13:30:23.0046 3444 ql1280 - ok

13:30:23.0265 3444 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys

13:30:23.0281 3444 RapportCerberus_34302 - ok

13:30:23.0437 3444 RapportEI (9cea472c1d5f6a93ea852dcd768240fc) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

13:30:23.0453 3444 RapportEI - ok

13:30:23.0468 3444 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys

13:30:23.0484 3444 RapportIaso - ok

13:30:23.0609 3444 RapportKELL (593026fedda8d072603f147a463f0357) C:\WINDOWS\system32\Drivers\RapportKELL.sys

13:30:23.0625 3444 RapportKELL - ok

13:30:23.0656 3444 RapportPG (e87522b23da4d4a5fdfde5fc5132900c) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

13:30:23.0671 3444 RapportPG - ok

13:30:23.0687 3444 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:30:23.0828 3444 RasAcd - ok

13:30:23.0968 3444 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:30:24.0234 3444 Rasl2tp - ok

13:30:24.0359 3444 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:30:24.0531 3444 RasPppoe - ok

13:30:24.0703 3444 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:30:24.0859 3444 Raspti - ok

13:30:24.0921 3444 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:30:25.0078 3444 Rdbss - ok

13:30:25.0109 3444 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:30:25.0265 3444 RDPCDD - ok

13:30:25.0421 3444 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

13:30:25.0578 3444 rdpdr - ok

13:30:25.0781 3444 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

13:30:25.0796 3444 RDPWD - ok

13:30:25.0828 3444 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:30:25.0984 3444 redbook - ok

13:30:26.0109 3444 RegFilter (2ca761ce3abb7bbbb9c5519b2fb54f5e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys

13:30:26.0125 3444 RegFilter - ok

13:30:26.0203 3444 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:30:26.0281 3444 Secdrv - ok

13:30:26.0328 3444 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

13:30:26.0484 3444 serenum - ok

13:30:26.0687 3444 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

13:30:26.0828 3444 Serial - ok

13:30:26.0968 3444 sfdrv01 (adeb7db47a6f3412283259176f408be5) C:\WINDOWS\system32\drivers\sfdrv01.sys

13:30:26.0984 3444 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning

13:30:26.0984 3444 sfdrv01 - detected UnsignedFile.Multi.Generic (1)

13:30:26.0984 3444 sfhlp02 (c1376a954899d98488a19396ea3aae2b) C:\WINDOWS\system32\drivers\sfhlp02.sys

13:30:27.0015 3444 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning

13:30:27.0015 3444 sfhlp02 - detected UnsignedFile.Multi.Generic (1)

13:30:27.0125 3444 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

13:30:27.0296 3444 Sfloppy - ok

13:30:27.0375 3444 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys

13:30:27.0421 3444 sfvfs02 ( UnsignedFile.Multi.Generic ) - warning

13:30:27.0421 3444 sfvfs02 - detected UnsignedFile.Multi.Generic (1)

13:30:27.0593 3444 Simbad - ok

13:30:27.0625 3444 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

13:30:27.0765 3444 sisagp - ok

13:30:27.0875 3444 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

13:30:28.0031 3444 SLIP - ok

13:30:28.0171 3444 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

13:30:28.0265 3444 Sparrow - ok

13:30:28.0390 3444 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

13:30:28.0531 3444 splitter - ok

13:30:28.0671 3444 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

13:30:28.0765 3444 sr - ok

13:30:28.0812 3444 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

13:30:28.0843 3444 Srv - ok

13:30:28.0906 3444 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys

13:30:28.0968 3444 STHDA - ok

13:30:29.0015 3444 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

13:30:29.0171 3444 streamip - ok

13:30:29.0281 3444 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:30:29.0421 3444 swenum - ok

13:30:29.0546 3444 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

13:30:29.0734 3444 swmidi - ok

13:30:29.0765 3444 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

13:30:29.0906 3444 symc810 - ok

13:30:29.0937 3444 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

13:30:30.0187 3444 symc8xx - ok

13:30:30.0343 3444 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

13:30:30.0500 3444 sym_hi - ok

13:30:30.0562 3444 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

13:30:30.0703 3444 sym_u3 - ok

13:30:30.0734 3444 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

13:30:30.0890 3444 sysaudio - ok

13:30:31.0125 3444 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:30:31.0171 3444 Tcpip - ok

13:30:31.0203 3444 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

13:30:31.0343 3444 TDPIPE - ok

13:30:31.0437 3444 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

13:30:31.0687 3444 TDTCP - ok

13:30:31.0734 3444 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

13:30:31.0875 3444 TermDD - ok

13:30:32.0015 3444 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

13:30:32.0171 3444 TosIde - ok

13:30:32.0281 3444 TPkd - ok

13:30:32.0328 3444 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

13:30:32.0562 3444 Udfs - ok

13:30:32.0609 3444 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

13:30:32.0718 3444 ultra - ok

13:30:32.0796 3444 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

13:30:33.0000 3444 Update - ok

13:30:33.0156 3444 UrlFilter (62551ba687f1d0f582810cfa37384bb0) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys

13:30:33.0171 3444 UrlFilter - ok

13:30:33.0250 3444 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

13:30:33.0437 3444 usbaudio - ok

13:30:33.0468 3444 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:30:33.0640 3444 usbccgp - ok

13:30:33.0750 3444 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

13:30:33.0921 3444 usbehci - ok

13:30:34.0078 3444 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:30:34.0234 3444 usbhub - ok

13:30:34.0265 3444 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

13:30:34.0468 3444 usbohci - ok

13:30:34.0515 3444 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:30:34.0656 3444 usbprint - ok

13:30:34.0890 3444 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:30:35.0062 3444 usbscan - ok

13:30:35.0203 3444 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:30:35.0406 3444 USBSTOR - ok

13:30:35.0421 3444 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

13:30:35.0593 3444 usbuhci - ok

13:30:35.0640 3444 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

13:30:35.0781 3444 VgaSave - ok

13:30:35.0921 3444 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

13:30:36.0156 3444 viaagp - ok

13:30:36.0265 3444 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

13:30:36.0421 3444 ViaIde - ok

13:30:36.0593 3444 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

13:30:36.0734 3444 VolSnap - ok

13:30:36.0859 3444 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:30:37.0015 3444 Wanarp - ok

13:30:37.0140 3444 wanatw - ok

13:30:37.0187 3444 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

13:30:37.0218 3444 Wdf01000 - ok

13:30:37.0234 3444 WDICA - ok

13:30:37.0265 3444 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

13:30:37.0421 3444 wdmaud - ok

13:30:37.0562 3444 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

13:30:37.0578 3444 WinUSB - ok

13:30:37.0625 3444 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

13:30:37.0640 3444 WpdUsb - ok

13:30:37.0687 3444 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

13:30:37.0828 3444 WS2IFSL - ok

13:30:37.0921 3444 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

13:30:38.0093 3444 WSTCODEC - ok

13:30:38.0234 3444 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

13:30:38.0265 3444 WudfPf - ok

13:30:38.0296 3444 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

13:30:38.0343 3444 WudfRd - ok

13:30:38.0390 3444 MBR (0x1B8) (91722e6bc3a2b40ff00222dca4a3db3e) \Device\Harddisk0\DR0

13:30:38.0421 3444 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

13:30:38.0421 3444 \Device\Harddisk0\DR0 - detected TDSS File System (1)

13:30:38.0437 3444 Boot (0x1200) (b3c33cdae0262de3bab5d8071ed176ac) \Device\Harddisk0\DR0\Partition0

13:30:38.0437 3444 \Device\Harddisk0\DR0\Partition0 - ok

13:30:38.0437 3444 ============================================================

13:30:38.0437 3444 Scan finished

13:30:38.0437 3444 ============================================================

13:30:38.0546 1412 Detected object count: 22

13:30:38.0546 1412 Actual detected object count: 22

13:34:32.0062 1412 alcan5wn ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0062 1412 alcan5wn ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0078 1412 alcaudsl ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0078 1412 alcaudsl ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0093 1412 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0093 1412 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0093 1412 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0093 1412 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0093 1412 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0093 1412 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0093 1412 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0093 1412 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0093 1412 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0093 1412 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0093 1412 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0093 1412 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0109 1412 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0109 1412 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0109 1412 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0109 1412 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0109 1412 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0109 1412 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0109 1412 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0109 1412 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0125 1412 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0125 1412 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0125 1412 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0125 1412 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0125 1412 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0125 1412 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0125 1412 nvatabus ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0125 1412 nvatabus ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0125 1412 nvraid ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0125 1412 nvraid ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0125 1412 Pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0125 1412 Pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0125 1412 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0125 1412 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0125 1412 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0125 1412 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0140 1412 sfvfs02 ( UnsignedFile.Multi.Generic ) - skipped by user

13:34:32.0140 1412 sfvfs02 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:34:32.0140 1412 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

13:34:32.0140 1412 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

13:35:07.0937 2676 Deinitialize success

Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

Hi Mr Charlie,

I've run Combofix and the report is below

ComboFix 12-02-25.02 - Brendan O'Mahony 26/02/2012 18:18:53.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2383 [GMT 0:00]

Running from: c:\documents and settings\Brendan O'Mahony\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Brendan O'Mahony\Application Data\Adobe\plugs

c:\documents and settings\Brendan O'Mahony\Application Data\Adobe\shed

c:\documents and settings\Brendan O'Mahony\GoToAssistDownloadHelper.exe

c:\documents and settings\Brendan O'Mahony\WINDOWS

c:\windows\Downloaded Installations\BMP

c:\windows\Downloaded Installations\BMP\{61C062D5-7A00-44BC-BC16-125BDF22EA65}\1033.MST

c:\windows\Downloaded Installations\BMP\{61C062D5-7A00-44BC-BC16-125BDF22EA65}\BACS.msi

c:\windows\iun6002.exe

c:\windows\system\Color

c:\windows\system32\AF05BDAEX.dll

c:\windows\system32\lsprst7.dll

c:\windows\system32\ssprs.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))

.

.

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-23 16:23 . 2011-08-21 20:49 41184 ----a-w- c:\windows\avastSS.scr

2012-02-23 16:23 . 2011-08-21 20:49 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-02-23 16:12 . 2011-08-21 20:49 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-02-23 16:12 . 2011-08-21 20:49 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-02-23 16:10 . 2011-08-21 20:49 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-02-23 16:10 . 2011-08-21 20:49 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-02-23 16:10 . 2011-08-21 20:49 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-02-23 16:10 . 2011-08-21 20:49 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-02-23 16:10 . 2011-08-21 20:49 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-02-23 16:07 . 2011-08-21 20:49 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-01-14 19:48 . 2012-01-14 19:48 2892 ----a-w- c:\windows\system32\audcon.sys

2012-01-12 16:53 . 2005-08-16 03:18 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-29 18:00 . 2012-01-15 19:27 79360 ----a-w- c:\windows\system32\ff_vfw.dll

2011-12-21 18:14 . 2012-01-15 19:27 151552 ----a-w- c:\windows\system32\ac3acm.acm

2011-12-17 19:46 . 2005-08-16 03:18 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46 . 2005-08-16 03:18 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46 . 2005-08-16 03:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22 . 2005-08-16 03:18 385024 ----a-w- c:\windows\system32\html.iec

2011-12-10 15:24 . 2010-09-04 20:28 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2007-10-02 22:06 . 2007-10-02 22:06 774144 ----a-w- c:\program files\RngInterstitial.dll

2012-02-17 21:33 . 2011-06-09 16:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-02-23 16:23 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-12 321344]

"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]

"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

"QuickTime Task"="c:\program files\quicktime\qttask.exe" [2009-09-05 417792]

"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"KORG USB-MIDI Driver"="c:\program files\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]

"nwiz"="nwiz.exe" [2006-08-23 1617920]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2006-03-20 86960]

"DLA"="c:\windows\system32\dla\dlactrlw.exe" [2005-09-08 122940]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Brendan O'Mahony\Start Menu\Programs\Startup\

WinDates.lnk - c:\program files\WinDates\WinDates.exe [2006-11-3 1589248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi4"=KORGUMDD.DRV

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PageKeeper Jobs.lnk]

backup=c:\windows\pss\PageKeeper Jobs.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Brendan O'Mahony^Start Menu^Programs^Startup^OCRAWARE.lnk]

backup=c:\windows\pss\OCRAWARE.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPod Service"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

"GoToAssist"=3 (0x3)

"KService"=2 (0x2)

"sdCoreService"=3 (0x3)

"sdAuxService"=3 (0x3)

"aawservice"=2 (0x2)

"Bonjour Service"=2 (0x2)

"WLSetupSvc"=3 (0x3)

"Lavasoft Ad-Aware Service"=2 (0x2)

"NBService"=3 (0x3)

"MDM"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

"IDriverT"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Broadcom\\BACS\\BACS.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [12/11/2011 18:22 56208]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21/08/2011 20:49 610648]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21/08/2011 20:49 337112]

R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 18:09 228208]

R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [12/11/2011 18:22 71440]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [12/11/2011 18:22 164112]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/08/2011 20:49 20696]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [05/09/2011 18:57 21992]

R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [24/02/2012 01:55 821592]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [04/09/2010 20:28 652360]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [12/11/2011 18:22 931640]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [05/05/2010 20:23 171096]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [05/05/2010 20:24 1324120]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [05/05/2010 20:23 72792]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04/09/2010 20:28 20464]

R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [22/10/2006 20:24 47360]

R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [12/11/2011 18:24 21520]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08/12/2009 19:44 135664]

S3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [17/02/2007 19:42 133504]

S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [24/09/2011 21:41 384576]

S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [24/09/2011 21:41 39488]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10/09/2011 11:28 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [05/05/2010 20:23 171096]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [05/05/2010 20:24 1324120]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [05/05/2010 20:23 72792]

S3 DCamUSBSvis;AXIA Stream Driver;c:\windows\system32\DRIVERS\svstream.sys --> c:\windows\system32\DRIVERS\svstream.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [08/12/2009 19:44 135664]

S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [25/01/2012 20:18 24056]

S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [24/02/2012 01:55 30368]

S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [24/02/2012 01:55 16208]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [16/08/2005 03:18 14336]

S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [24/02/2012 01:55 246816]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - RAPPORTIASO

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-26 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-11 14:56]

.

2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-08 19:44]

.

2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-08 19:44]

.

2012-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-69676293-4256888696-4198206526-1005Core.job

- c:\documents and settings\Brendan O'Mahony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-11 21:04]

.

2012-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-69676293-4256888696-4198206526-1005UA.job

- c:\documents and settings\Brendan O'Mahony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-11 21:04]

.

2012-02-25 c:\windows\Tasks\User_Feed_Synchronization-{6146DE30-349F-4F5D-AEE3-6E23B6696B15}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/ig?refresh=1

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000

Trusted Zone: exam2score.com\www

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{58C0D046-5A3A-4A04-ACAD-AF80A584954F}: NameServer = 212.159.13.49,8.8.8.8

DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - hxxp://www.devalvr.com/instalacion/plugin/devalvrplugin.php

DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://bq.kp.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://216.123.238.206/activex/AMC.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: {FE8FE5F0-E1EE-4ACD-81E0-2A6CFECB8431} - hxxp://downloads.e-marking.eu.com/ePenClientSpec.ocx

FF - ProfilePath - c:\documents and settings\Brendan O'Mahony\Application Data\Mozilla\Firefox\Profiles\88e1vnko.New profile\

FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-kdx - (no file)

HKCU-Run-swg - (no file)

HKCU-Run-updateMgr - (no file)

HKLM-Run-AppleSyncNotifier - (no file)

HKLM-Run-CanonSolutionMenu - (no file)

HKLM-Run-Easy-PrintToolBox - (no file)

HKLM-Run-ISTray - (no file)

HKLM-Run-iTunesHelper - (no file)

HKLM-Run-MSKDetectorExe - (no file)

HKLM-Run-SDTray - (no file)

Notify-WgaLogon - (no file)

MSConfigStartUp-ExpressFiles - c:\program files\ExpressFiles\ExpressFiles.exe

AddRemove-Master of the Skies - The Red Ace - c:\windows\iun6002.exe

AddRemove-1180219261.fuse.fender.com - c:\program files\Microsoft Silverlight\4.0.60831.0\Silverlight.Configuration.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-26 18:30

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTxfiHlp = CTXFIHLP.EXE?

.

scanning hidden files ...

.

.

C:\avast! sandbox

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-69676293-4256888696-4198206526-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3136)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Creative\Shared Files\CTAudSvc.exe

c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler.exe

c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

c:\windows\system32\CTsvcCDA.exe

c:\windows\eHome\ehSched.exe

c:\windows\system32\IoctlSvc.exe

c:\windows\system32\dllhost.exe

.

**************************************************************************

.

Completion time: 2012-02-26 18:39:38 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-26 18:39

.

Pre-Run: 109,694,980,096 bytes free

Post-Run: 110,124,085,248 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - 0D21B16C108E55988C264461D29E0874

Link to post
Share on other sites

Here is the updated MBAM report

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.26.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Brendan O'Mahony :: DHWC6J2J [administrator]

Protection: Enabled

26/02/2012 19:28:26

mbam-log-2012-02-26 (19-28-26).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 201875

Time elapsed: 23 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Just before I emailed the MBAM report to you, I opened Firefox and went to my iGoogle home page. A popup from Avast warned that a malious url had been blocked. I therefore assumed the infection was still present on my system. The popups were mainly appearing whenever I went to my iGoogle homepage with either Firefox or IE.

I put my PC on standby for a couple of hours and tried Firefox again. This time I got no popup from Avast or MBAM. I opened IE and, again, there were no popups. I have not done anything to the PC since running the MBAM quick scan. I am puzzled and do not really know if the infection has been 'cured' or not. Why did the popups it appear before but not now?

Link to post
Share on other sites

Run this scan please:

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Scan

Wait for the scan to finish

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

MrC

Link to post
Share on other sites

Hi Mr C,

I've run ESET and the report is pasted below

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=2296776f80726f45b779780db2eb1669

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-27 03:56:00

# local_time=2012-02-27 03:56:00 (+0000, GMT Standard Time)

# country="United Kingdom"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 198 198 0 0

# scanned=318299

# found=9

# cleaned=9

# scan_time=7431

C:\Documents and Settings\Brendan O'Mahony\Application Data\DA5134D56BA9C85592AC8ED8E70F81D2\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Brendan O'Mahony\Application Data\DA5134D56BA9C85592AC8ED8E70F81D2\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Brendan O'Mahony\Desktop\cnet2_KontaktPlayer4_411_Win_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Brendan O'Mahony\Desktop\cnet_Setup_FreeConverter_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1199\A0618464.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1199\A0618557.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1200\A0639734.ini Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1200\A0639735.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1200\A0639736.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

One more scan:

Please remove any usb or external drives from the computer before you run these scan!

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

MrC

Link to post
Share on other sites

FSS report pasted below

Farbar Service Scanner Version: 22-02-2012

Ran by Brendan O'Mahony (administrator) on 27-02-2012 at 17:25:58

Running from "C:\Documents and Settings\Brendan O'Mahony\Desktop"

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is set to Disabled. The default start type is Auto.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

aswTdi(13) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)

0x0D000000040000000100000002000000030000000D0000000C000000050000000B000000060000000700000008000000090000000A000000

IpSec Tag value is correct.

**** End of log ****

Link to post
Share on other sites

OK, a little cleanup to do.

Please Uninstall ComboFix:

Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

--------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

--------------------------

Your Java is out of date, older versions are vulnerable to malware.

Java™ 6 Update 24 <---should be 31

Go to your control panel > Java > Update Tab > Update Now

------------------------------------

Make sure your firewall is running:

To enable Windows Firewall, follow these steps:

Click Start, click Run, type Firewall.cpl, and then click OK.

On the General tab, click On (recommended). <----should be ON

Click OK.

---------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

I've uninstalled Combo Fix and run OTL. Avast pops up and treats as a suspicious program so I have to switch it off for 10 minutes. When I go to System Restore I get a message saying its turned off. I turned it on again and checked if a restore point has been created but I'm not sure if it has or not.

Link to post
Share on other sites

To check if System Restore is turned on:

On your desktop > right click on My Computer > Choose Properties > Click the System Restore Tab.

All the info is there.

---------------------------

To create a new System Restore point:

Copy and paste this into the run box:

%systemroot%\system32\restore\rstrui.exe

Click OK > create a new System Restore point.

MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.