Russian Site added itself to Ignore List

Bohma · April 24, 2012

Hi,

I've run DDS and the two reports are pasted below.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by Brendan O'Mahony at 16:15:57 on 2012-04-24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2233 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: PC Tools Firewall Plus *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe

C:\windows\ehome\ehtray.exe

C:\windows\system32\dla\dlactrlw.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\WinDates\WinDates.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Documents and Settings\Brendan O'Mahony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/ig?refresh=1

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Advertising Cookie Opt-out: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - c:\program files\google\advertising cookie opt-out\opt_out.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] ; "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [bitTorrent DNA] ; "c:\program files\dna\btdna.exe"

uRun: [Creative Detector] ; "c:\program files\creative\mediasource\detector\CTDetect.exe" /R

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\brendan o'mahony\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [Adobe ARM] ; "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] ; "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [CTSysVol] ; "c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe" /r

mRun: [DMXLauncher] ; "c:\program files\dell\media experience\DMXLauncher.exe"

mRun: [iSUSPM Startup] ; "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [QuickTime Task] ; "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sigmatelSysTrayApp] ; stsystra.exe

mRun: [updReg] ; c:\windows\UpdReg.EXE

mRun: [KORG USB-MIDI Driver] c:\program files\korg\korg usb-midi driver\EsHelper2.exe /s

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [DLA] c:\windows\system32\dla\dlactrlw.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s

mRun: [NeroFilterCheck] ; c:\program files\common files\ahead\lib\NeroCheck.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\brenda~1\startm~1\programs\startup\windates.lnk - c:\program files\windates\WinDates.exe

IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

Trusted Zone: exam2score.com\www

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.euro.dell.com/systemprofiler/SysPro.CAB

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://homebase.2020.net/Core/Player/2020PlayerAX_Win32.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - hxxp://www.devalvr.com/instalacion/plugin/devalvrplugin.php

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165595934929

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://bq.kp.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://202.139.104.2/activex/AxisCamControl.cab

DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://216.123.238.206/activex/AMC.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://edexcel.webex.com/client/T25L/support/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab

DPF: {FE8FE5F0-E1EE-4ACD-81E0-2A6CFECB8431} - hxxp://downloads.e-marking.eu.com/ePenClientSpec.ocx

TCP: Interfaces\{29B39846-0902-49E5-B96A-2F1FC54E9A72} : DhcpNameServer = 208.67.220.220,208.67.222.222

TCP: Interfaces\{58C0D046-5A3A-4A04-ACAD-AF80A584954F} : NameServer = 212.159.13.49,212.159.13.50

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\brendan o'mahony\application data\mozilla\firefox\profiles\88e1vnko.new profile\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig

FF - plugin: c:\documents and settings\brendan o'mahony\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll

.

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

============= SERVICES / DRIVERS ===============

.

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-4-17 56208]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-21 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-21 337880]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-2-27 251560]

R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-4-17 71440]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-4-17 164112]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-21 20696]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-21 44768]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-9-5 21992]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-4 654408]

R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2012-2-27 160576]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-4-17 931640]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-4 22344]

R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2012-2-27 89472]

R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2012-2-27 57536]

R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\RapportIaso.sys [2012-4-17 21520]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-8 135664]

S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2012-2-27 286000]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 253088]

S3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [2007-2-17 133504]

S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2011-9-24 384576]

S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2011-9-24 39488]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-9-10 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]

S3 DCamUSBSvis;AXIA Stream Driver;c:\windows\system32\drivers\svstream.sys --> c:\windows\system32\drivers\svstream.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-8 135664]

S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2012-1-25 24056]

S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2012-2-27 57536]

S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2012-2-27 125248]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-8-16 14336]

.

=============== Created Last 30 ================

.

2012-04-23 21:47:36 -------- d-----w- c:\documents and settings\brendan o'mahony\local settings\application data\drumtrack

2012-04-23 21:47:25 -------- d-----w- c:\program files\drumtrack

2012-04-22 14:19:17 -------- d-----w- c:\documents and settings\brendan o'mahony\application data\Keolab

2012-04-17 00:23:58 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2012-04-07 11:36:14 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-03-25 22:49:29 -------- d-----w- c:\documents and settings\brendan o'mahony\application data\Flux

2012-03-25 22:45:24 -------- d-----w- c:\program files\Flux

.

==================== Find3M ====================

.

2012-04-19 15:35:36 28672 ----a-w- c:\windows\system32\verclsid.exe

2012-04-15 18:57:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-16 14:02:51 21 ----a-w- c:\documents and settings\brendan o'mahony\application data\iasna_FB9AEABC-F56E-4c47-A862-8892AA545113.dll

2012-03-07 00:15:19 41184 ----a-w- c:\windows\avastSS.scr

2012-03-07 00:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec

2012-02-27 21:39:19 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-02-27 21:39:19 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-26 17:41:31 1025 ----a-w- c:\windows\system32\clauth2.dll

2012-01-26 17:41:31 1025 ----a-w- c:\windows\system32\clauth1.dll

2012-01-26 17:41:30 1025 ----a-w- c:\windows\system32\sysprs7.dll

2007-10-02 22:06:42 774144 ----a-w- c:\program files\RngInterstitial.dll

.

============= FINISH: 16:17:39.89 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 13/10/2006 16:51:06

System Uptime: 24/04/2012 15:47:54 (1 hours ago)

.

Motherboard: Dell Inc | | 0CT103

Processor: AMD Athlon 64 X2 Dual Core Processor 3800+ | Socket M2 | 2004/1000mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 228 GiB total, 85.499 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Broadcom 440x 10/100 Integrated Controller

Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01ED1028&REV_02\4&DC268A3&0&3880

Manufacturer: Broadcom

Name: Broadcom 440x 10/100 Integrated Controller

PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01ED1028&REV_02\4&DC268A3&0&3880

Service: bcm4sbxp

.

==== System Restore Points ===================

.

RP1: 27/02/2012 20:05:13 - System Checkpoint

RP2: 27/02/2012 21:35:42 - Second Attempt

RP3: 27/02/2012 21:38:50 - Removed Java 6 Update 24

RP4: 27/02/2012 21:39:02 - Installed Java 6 Update 31

RP5: 28/02/2012 16:35:08 - Removed SlimCleaner

RP6: 03/03/2012 00:27:00 - System Checkpoint

RP7: 04/03/2012 18:56:52 - System Checkpoint

RP8: 05/03/2012 19:19:22 - System Checkpoint

RP9: 08/03/2012 16:41:31 - System Checkpoint

RP10: 10/03/2012 20:03:32 - System Checkpoint

RP11: 12/03/2012 17:39:45 - System Checkpoint

RP12: 13/03/2012 18:08:31 - System Checkpoint

RP13: 14/03/2012 18:50:01 - System Checkpoint

RP14: 14/03/2012 22:17:14 - Software Distribution Service 3.0

RP15: 17/03/2012 00:29:47 - System Checkpoint

RP16: 19/03/2012 18:07:33 - Removed Steinberg Cubase LE AI Elements 6

RP17: 19/03/2012 18:10:53 - Removed Steinberg Cubase LE 5

RP18: 21/03/2012 20:34:58 - System Checkpoint

RP19: 24/03/2012 22:04:27 - System Checkpoint

RP20: 25/03/2012 20:24:46 - Installed Flux_StereoTool

RP21: 25/03/2012 23:43:11 - Removed Flux_StereoTool

RP22: 25/03/2012 23:47:32 - Installed Flux_StereoTool

RP23: 26/03/2012 15:37:06 - Installed Rapport

RP24: 27/03/2012 20:50:21 - System Checkpoint

RP25: 04/04/2012 02:41:42 - System Checkpoint

RP26: 05/04/2012 14:21:06 - System Checkpoint

RP27: 10/04/2012 20:45:27 - System Checkpoint

RP28: 11/04/2012 22:34:55 - System Checkpoint

RP29: 12/04/2012 11:05:52 - Software Distribution Service 3.0

RP30: 16/04/2012 16:20:00 - System Checkpoint

RP31: 17/04/2012 17:09:12 - System Checkpoint

RP32: 19/04/2012 19:12:14 - System Checkpoint

RP33: 20/04/2012 19:53:17 - System Checkpoint

RP34: 22/04/2012 13:55:31 - System Checkpoint

RP35: 23/04/2012 13:58:20 - Installed Rapport

.

==== Installed Programs ======================

.

7-Zip 9.20

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 8.3.1

Adobe Shockwave Player 11

AirZip Plug-in for Internet Explorer

Apple Application Support

Apple Software Update

ArcSoft Camera Suite

ASIO4ALL

Athlon 64 Processor Driver

ATI Catalyst Control Center

ATI Display Driver

avast! Free Antivirus

AXIS Media Control Embedded

BEHRINGER USB AUDIO DRIVER

BestPractice (remove only)

BitTorrent

Blazing Angels Squadrons of WWII Demo

Broadcom Management Programs

Cagles Mill Guitar Tuner Version 1.2

Camel Audio Alchemy

CamToPrint

Canon iP4500 series

Canon iP4500 series User Registration

Canon My Printer

CCleaner

CD-LabelPrint

Clear Cache feature for Internet Explorer

Close Combat Invasion Normandy

CM Alpha

Compatibility Pack for the 2007 Office system

CPUID CPU-Z 1.58

Creative Audio Control Panel

Creative Audio Pack

Creative Console Launcher

Creative MediaSource

Creative MediaSource 5

Creative Software AutoUpdate

Creative WaveStudio 7

Dell CinePlayer

Dell Support 3.2

Dell System Restore

DevalVR for Internet Explorer (remove)

DNA

DrumTrack 1.0

DVDx 2

Easy-WebPrint

eLicenser Control

ePEN Scoring System

EPSON Copy Utility 3

EPSON Smart Panel

EPSON TWAIN 5

ESET Online Scanner v3

Fender FUSE 2.5.0.22

Flux_StereoTool

FLV Player 1.3.3

FLV Player 2.0 (build 25)

Free Convert M4A to MP3 AMR OGG AAC Converter 5.8

Free FLV Converter V 2.0

Free M4a to MP3 Converter 6.2

Google Advertising Cookie Opt-out

Google Chrome

Google Earth

Google Earth Plug-in

Google Gears

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

GPL MPEG-1/2 DirectShow Decoder Filter

Guitar Guru Version 2.1.2

Hallmark Smilebox

HDtracks Download Manager

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Java Auto Updater

Java 6 Update 31

K-Lite Mega Codec Pack 8.1.0

KORG K-Series Editor

KORG M1 Le

KORG USB-MIDI Driver Tools for Windows

LADSPA_plugins-win-0.4.15

Legacy 6.0

Lexicon Alpha Driver

Lexicon Pantheon VST Plug-in (remove only)

Malwarebytes Anti-Malware version 1.61.0.1400

Manic Miner for Windows 3.01

MCU

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.0 Hotfix (KB2656378)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WinUsb 1.0

Microsoft Works

MixMeister BPM Analyzer 1.0

Mozilla Firefox 11.0 (x86 en-US)

MP3 to WAV Decoder

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Native Instruments Kontakt 4

Native Instruments Kontakt Factory Selection

Native Instruments Service Center

Nero 7 Ultra Edition

neroxml

NVIDIA Drivers

Octoshape add-in for Adobe Flash Player

OpenAL

PC Tools Firewall Plus 7.0

QuickTime

Rapport

REAPER

rgc:audio sfz VSTi v1.96

Roxio DLA

Roxio MyDVD LE

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

SearchAssist

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB982132)

shortcircuit

Sibelius Scorch (ActiveX Only)

Sonic Activation Module

Sonic Advanced Decoder

Sonic Encoders

Sonic Update Manager

Sound Blaster ADVANCED MB Drivers

Sound Blaster Audigy ADVANCED MB

Sound Blaster Audigy ADVANCED MB Product Registration

Sound Blaster for Media Center

Soundbytes Obbo (remove only)

SoundFont Bank Manager

Spicy Guitar 1.2.0.1

Spotify

Steinberg Groove Agent ONE Content

Steinberg Groove Agent ONE Vintage Beatboxes

Steinberg HALion Sonic SE

Steinberg HALion Sonic SE Content for Cubase LE AI Elements

Steinberg HALionOne

Steinberg HALionOne Essential Set

Stereoizer - Computer Music Edition v1.0

TeamViewer 7

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB2632503)

Update for Windows Internet Explorer 8 (KB971180)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Media Player 10 (KB910393)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB971029)

URL Assistant

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VisualRoute Lite Edition

WebFldrs XP

What's Running 2.2

WinDates

Windows Installer Clean Up

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live OneCare safety scanner

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

Windows Media Player 11

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Service Pack 3

yellow tools Independence Free 2.5.4 32bit

ZxEmulator Standalone Version 1.0

.

==== Event Viewer Messages From Past Week ========

.

19/04/2012 20:25:24, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom1.

19/04/2012 16:02:57, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT nvatabus nvraid pctgntdi RapportKELL RasAcd Rdbss Tcpip WS2IFSL

19/04/2012 16:02:57, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

19/04/2012 16:02:57, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

19/04/2012 16:01:39, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

19/04/2012 16:01:37, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

17/04/2012 16:36:17, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

17/04/2012 13:06:50, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ehRecvr with arguments "-Service" in order to run the server: {F4396DC6-E851-4D3A-8D01-34E6949F3500}

17/04/2012 13:06:46, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid

17/04/2012 13:06:44, error: Service Control Manager [7001] - The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

17/04/2012 13:06:44, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

==== End Of File ===========================

Elise · May 5, 2012

Hello and :welcome:

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Bohma · May 8, 2012

Hi,

I have run Combofix and am pasting the log below. When I first tried to run Combofix, I forgot to disable my firewall and kept getting pop-ups asking if I would give permission for various programs to run. i'm not sure if this is relevant or not, but one pop-up stated that a new network had been detected (LAN#). Anyway, I disabled my antivirus, MBAM, my firewall and disabled my Internet connection before running Combofix. It took about half an hour to complete!

ComboFix 12-05-08.01 - Brendan O'Mahony 08/05/2012 14:36:41.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2301 [GMT 1:00]

Running from: c:\documents and settings\Brendan O'Mahony\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\system32\msvcsv60.dll

.

((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))

.

2012-05-05 13:37 . 2012-05-05 13:54 -------- d-----w- C:\BOOT

2012-05-05 13:37 . 2012-05-05 13:37 -------- d-----w- C:\My Backups

2012-05-05 13:36 . 2011-12-22 22:09 185864 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys

2012-05-05 13:36 . 2011-12-22 22:09 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys

2012-05-05 13:35 . 2011-12-22 22:09 50312 ----a-w- c:\windows\system32\drivers\eubakup.sys

2012-05-05 13:35 . 2012-02-08 14:46 40840 ----a-w- c:\windows\system32\drivers\EUBKMON.sys

2012-05-05 13:34 . 2011-12-22 22:09 20616 ----a-w- c:\windows\system32\fbnative.exe

2012-05-05 13:34 . 2012-05-05 13:34 -------- d-----w- c:\program files\EaseUS

2012-05-02 15:44 . 2012-05-02 15:44 -------- d-----w- C:\found.001

2012-04-30 16:01 . 2012-04-30 16:01 -------- d-----w- c:\documents and settings\Brendan O'Mahony\Application Data\IK Multimedia

2012-04-30 14:23 . 2012-04-30 14:23 -------- d-----w- c:\documents and settings\Brendan O'Mahony\Application Data\Daichi

2012-04-30 13:17 . 2012-04-30 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\IK Multimedia

2012-04-29 14:47 . 2012-04-30 16:59 -------- d-----w- c:\documents and settings\Brendan O'Mahony\Application Data\MeldaProduction MHarmonizerCM

2012-04-29 14:25 . 2012-04-29 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\MTexturedStyles

2012-04-29 14:25 . 2012-04-29 14:25 -------- d-----w- c:\program files\MeldaProduction

2012-04-29 12:52 . 2012-04-29 12:52 -------- d-----w- c:\documents and settings\Brendan O'Mahony\Application Data\Cableguys

2012-04-29 12:51 . 2012-04-29 12:51 -------- d-----w- c:\program files\CM Vocoder

2012-04-29 12:19 . 2012-04-29 12:19 -------- d-----w- c:\program files\RhinoCM

2012-04-27 16:21 . 2012-04-27 17:48 -------- d-----w- c:\program files\SpywareBlaster

2012-04-26 16:13 . 2012-04-26 16:14 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-04-25 19:59 . 2012-04-25 19:59 -------- d-----w- c:\documents and settings\Brendan O'Mahony\Application Data\vstsaxi

2012-04-23 21:47 . 2012-04-23 21:49 -------- d-----w- c:\documents and settings\Brendan O'Mahony\Local Settings\Application Data\drumtrack

2012-04-22 14:19 . 2012-04-22 14:19 -------- d-----w- c:\documents and settings\Brendan O'Mahony\Application Data\Keolab

2012-04-17 00:23 . 2012-04-17 00:23 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-07 18:57 . 2012-04-07 11:36 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-07 18:57 . 2011-05-14 17:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-19 15:35 . 2006-10-11 17:49 28672 ----a-w- c:\windows\system32\verclsid.exe

2012-04-04 14:56 . 2010-09-04 20:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-16 14:02 . 2012-03-16 14:02 21 ----a-w- c:\documents and settings\Brendan O'Mahony\Application Data\iasna_FB9AEABC-F56E-4c47-A862-8892AA545113.dll

2012-03-07 00:15 . 2011-08-21 20:49 41184 ----a-w- c:\windows\avastSS.scr

2012-03-07 00:15 . 2011-08-21 20:49 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-07 00:03 . 2011-08-21 20:49 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-07 00:03 . 2011-08-21 20:49 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-07 00:02 . 2011-08-21 20:49 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-03-07 00:01 . 2011-08-21 20:49 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-07 00:01 . 2011-08-21 20:49 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-03-07 00:01 . 2011-08-21 20:49 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-03-07 00:01 . 2011-08-21 20:49 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-03-06 23:58 . 2011-08-21 20:49 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-03-01 11:01 . 2005-08-16 03:18 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2005-08-16 03:18 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2005-08-16 03:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2005-08-16 03:18 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2005-08-16 03:18 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2005-08-16 03:18 385024 ----a-w- c:\windows\system32\html.iec

2012-02-27 21:39 . 2012-02-27 21:39 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-02-27 21:39 . 2010-05-04 17:35 472808 ----a-w- c:\windows\system32\deployJava1.dll

2007-10-02 22:06 . 2007-10-02 22:06 774144 ----a-w- c:\program files\RngInterstitial.dll

2012-03-18 22:01 . 2011-06-09 16:30 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-12 321344]

"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]

"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]

"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]

"QuickTime Task"="c:\program files\quicktime\qttask.exe" [2009-09-05 417792]

"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"KORG USB-MIDI Driver"="c:\program files\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]

"nwiz"="nwiz.exe" [2006-08-23 1617920]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2006-03-20 86960]

"DLA"="c:\windows\system32\dla\dlactrlw.exe" [2005-09-08 122940]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-12-22 70792]

"EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-03-15 744584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Brendan O'Mahony\Start Menu\Programs\Startup\

WinDates.lnk - c:\program files\WinDates\WinDates.exe [2006-11-3 1589248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi4"=KORGUMDD.DRV

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PageKeeper Jobs.lnk]

backup=c:\windows\pss\PageKeeper Jobs.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Brendan O'Mahony^Start Menu^Programs^Startup^OCRAWARE.lnk]

backup=c:\windows\pss\OCRAWARE.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPod Service"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

"GoToAssist"=3 (0x3)

"KService"=2 (0x2)

"sdCoreService"=3 (0x3)

"sdAuxService"=3 (0x3)

"aawservice"=2 (0x2)

"Bonjour Service"=2 (0x2)

"WLSetupSvc"=3 (0x3)

"Lavasoft Ad-Aware Service"=2 (0x2)

"NBService"=3 (0x3)

"MDM"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

"IDriverT"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Broadcom\\BACS\\BACS.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=

"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"=

"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TbService.exe"=

"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TBConsoleUI.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [05/05/2012 14:35 50312]

R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [05/05/2012 14:35 40840]

R0 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [26/04/2012 17:13 32072]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [17/04/2012 01:23 56208]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21/08/2011 21:49 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21/08/2011 21:49 337880]

R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [05/05/2012 14:36 16008]

R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [05/05/2012 14:36 185864]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [27/02/2012 22:55 251560]

R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 19:09 228208]

R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [17/04/2012 01:23 71440]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [17/04/2012 01:23 164112]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/08/2011 21:49 20696]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [05/09/2011 19:57 21992]

R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [05/05/2012 14:34 61064]

R2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [05/05/2012 14:34 23176]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [04/09/2010 21:28 654408]

R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [27/02/2012 22:55 160576]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [17/04/2012 01:23 931640]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [05/05/2010 21:23 171096]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [05/05/2010 21:24 1324120]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [05/05/2010 21:23 72792]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04/09/2010 21:28 22344]

R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [22/10/2006 21:24 47360]

R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [27/02/2012 22:54 89472]

R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [27/02/2012 22:54 57536]

R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [27/02/2012 22:54 125248]

R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [17/04/2012 01:26 21520]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08/12/2009 20:44 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [07/04/2012 12:36 257696]

S3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [17/02/2007 20:42 133504]

S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [24/09/2011 22:41 384576]

S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [24/09/2011 22:41 39488]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10/09/2011 12:28 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [05/05/2010 21:23 171096]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [05/05/2010 21:24 1324120]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [05/05/2010 21:23 72792]

S3 DCamUSBSvis;AXIA Stream Driver;c:\windows\system32\DRIVERS\svstream.sys --> c:\windows\system32\DRIVERS\svstream.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [08/12/2009 20:44 135664]

S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [25/01/2012 21:18 24056]

S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [27/02/2012 22:54 57536]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [16/08/2005 04:18 14336]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - EUBAKUP

*NewlyCreated* - EUBKMON

*NewlyCreated* - RAPPORTIASO

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 18:57]

.

2012-04-29 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-11 14:56]

.

2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-08 19:44]

.

2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-08 19:44]

.

2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-69676293-4256888696-4198206526-1005Core.job

- c:\documents and settings\Brendan O'Mahony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-11 21:04]

.

2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-69676293-4256888696-4198206526-1005UA.job

- c:\documents and settings\Brendan O'Mahony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-11 21:04]

.

2012-05-07 c:\windows\Tasks\User_Feed_Synchronization-{6146DE30-349F-4F5D-AEE3-6E23B6696B15}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/ig?refresh=1

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000

Trusted Zone: exam2score.com\www

TCP: Interfaces\{58C0D046-5A3A-4A04-ACAD-AF80A584954F}: NameServer = 212.159.13.49,212.159.13.50

DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - hxxp://www.devalvr.com/instalacion/plugin/devalvrplugin.php

DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://bq.kp.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://216.123.238.206/activex/AMC.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: {FE8FE5F0-E1EE-4ACD-81E0-2A6CFECB8431} - hxxp://downloads.e-marking.eu.com/ePenClientSpec.ocx

FF - ProfilePath - c:\documents and settings\Brendan O'Mahony\Application Data\Mozilla\Firefox\Profiles\88e1vnko.New profile\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-CM Alpha - c:\documents and settings\Brendan O'Mahony\Desktop\UninstalAlpha.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-08 14:56

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTxfiHlp = CTXFIHLP.EXE?

.

scanning hidden files ...

.

C:\avast! sandbox

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-69676293-4256888696-4198206526-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

.

Completion time: 2012-05-08 15:05:22

ComboFix-quarantined-files.txt 2012-05-08 14:05

.

Pre-Run: 91,048,759,296 bytes free

Post-Run: 91,015,667,712 bytes free

.

- - End Of File - - BB9DC8C2C2E8499177C63D47759DDC32

Elise · May 8, 2012

Hi again, how are things running at this point?

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

Bohma · May 8, 2012

Hi,

The results of the TDSSKiller scan are below

17:11:01.0890 3860 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

17:11:03.0015 3860 ============================================================

17:11:03.0015 3860 Current date / time: 2012/05/08 17:11:03.0015

17:11:03.0015 3860 SystemInfo:

17:11:03.0015 3860

17:11:03.0015 3860 OS Version: 5.1.2600 ServicePack: 3.0

17:11:03.0015 3860 Product type: Workstation

17:11:03.0015 3860 ComputerName: DHWC6J2J

17:11:03.0015 3860 UserName: Brendan O'Mahony

17:11:03.0015 3860 Windows directory: C:\WINDOWS

17:11:03.0015 3860 System windows directory: C:\WINDOWS

17:11:03.0015 3860 Processor architecture: Intel x86

17:11:03.0015 3860 Number of processors: 2

17:11:03.0015 3860 Page size: 0x1000

17:11:03.0015 3860 Boot type: Normal boot

17:11:03.0015 3860 ============================================================

17:11:03.0968 3860 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

17:11:03.0968 3860 ============================================================

17:11:03.0968 3860 \Device\Harddisk0\DR0:

17:11:03.0968 3860 MBR partitions:

17:11:03.0968 3860 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x1C840B54

17:11:03.0968 3860 ============================================================

17:11:04.0015 3860 C: <-> \Device\Harddisk0\DR0\Partition0

17:11:04.0015 3860 ============================================================

17:11:04.0015 3860 Initialize success

17:11:04.0015 3860 ============================================================

17:11:25.0593 3716 ============================================================

17:11:25.0593 3716 Scan started

17:11:25.0593 3716 Mode: Manual;

17:11:25.0593 3716 ============================================================

17:11:25.0906 3716 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys

17:11:25.0906 3716 Aavmker4 - ok

17:11:25.0921 3716 Abiosdsk - ok

17:11:25.0984 3716 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

17:11:25.0984 3716 abp480n5 - ok

17:11:26.0015 3716 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:11:26.0031 3716 ACPI - ok

17:11:26.0031 3716 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:11:26.0031 3716 ACPIEC - ok

17:11:26.0125 3716 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

17:11:26.0140 3716 AdobeFlashPlayerUpdateSvc - ok

17:11:26.0156 3716 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

17:11:26.0156 3716 adpu160m - ok

17:11:26.0203 3716 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:11:26.0203 3716 aec - ok

17:11:26.0250 3716 AF05BDA (4c35b9b2d62c1f6f66d07125c7cdbd8b) C:\WINDOWS\system32\drivers\AF05BDA.sys

17:11:26.0250 3716 AF05BDA - ok

17:11:26.0281 3716 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

17:11:26.0281 3716 AFD - ok

17:11:26.0328 3716 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

17:11:26.0328 3716 agp440 - ok

17:11:26.0375 3716 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

17:11:26.0375 3716 agpCPQ - ok

17:11:26.0406 3716 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

17:11:26.0406 3716 Aha154x - ok

17:11:26.0437 3716 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

17:11:26.0437 3716 aic78u2 - ok

17:11:26.0468 3716 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

17:11:26.0468 3716 aic78xx - ok

17:11:26.0484 3716 alcan5wn (293bcaf4ef7afcc4b00d28f75c420356) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys

17:11:26.0484 3716 alcan5wn - ok

17:11:26.0546 3716 alcaudsl (bdb16789e789f087b43b5f75032d4fdc) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys

17:11:26.0546 3716 alcaudsl - ok

17:11:26.0593 3716 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

17:11:26.0593 3716 Alerter - ok

17:11:26.0625 3716 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

17:11:26.0625 3716 ALG - ok

17:11:26.0656 3716 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

17:11:26.0656 3716 AliIde - ok

17:11:26.0687 3716 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

17:11:26.0687 3716 alim1541 - ok

17:11:26.0703 3716 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

17:11:26.0718 3716 amdagp - ok

17:11:26.0750 3716 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

17:11:26.0750 3716 AmdK8 - ok

17:11:26.0781 3716 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

17:11:26.0781 3716 amsint - ok

17:11:26.0828 3716 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

17:11:26.0843 3716 AppMgmt - ok

17:11:26.0875 3716 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

17:11:26.0875 3716 asc - ok

17:11:26.0937 3716 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

17:11:26.0937 3716 asc3350p - ok

17:11:27.0000 3716 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

17:11:27.0000 3716 asc3550 - ok

17:11:27.0109 3716 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

17:11:27.0140 3716 aspnet_state - ok

17:11:27.0171 3716 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys

17:11:27.0171 3716 aswFsBlk - ok

17:11:27.0171 3716 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys

17:11:27.0171 3716 aswMon2 - ok

17:11:27.0187 3716 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys

17:11:27.0187 3716 aswRdr - ok

17:11:27.0218 3716 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys

17:11:27.0218 3716 aswSnx - ok

17:11:27.0250 3716 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys

17:11:27.0250 3716 aswSP - ok

17:11:27.0265 3716 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys

17:11:27.0265 3716 aswTdi - ok

17:11:27.0281 3716 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:11:27.0281 3716 AsyncMac - ok

17:11:27.0312 3716 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:11:27.0312 3716 atapi - ok

17:11:27.0328 3716 Atdisk - ok

17:11:27.0375 3716 Ati HotKey Poller (c23082b890f21267037ca6111c385ff3) C:\WINDOWS\system32\Ati2evxx.exe

17:11:27.0375 3716 Ati HotKey Poller - ok

17:11:27.0468 3716 ati2mtag (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

17:11:27.0484 3716 ati2mtag - ok

17:11:27.0593 3716 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:11:27.0593 3716 Atmarpc - ok

17:11:27.0625 3716 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

17:11:27.0640 3716 AudioSrv - ok

17:11:27.0656 3716 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:11:27.0656 3716 audstub - ok

17:11:27.0765 3716 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

17:11:27.0765 3716 avast! Antivirus - ok

17:11:27.0781 3716 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

17:11:27.0781 3716 bcm4sbxp - ok

17:11:27.0796 3716 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:11:27.0796 3716 Beep - ok

17:11:27.0843 3716 BEHRINGER_2902 (b46ca7a8d52d878408db9554445c41a1) C:\WINDOWS\system32\Drivers\BUSB2902.sys

17:11:27.0859 3716 BEHRINGER_2902 - ok

17:11:27.0890 3716 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

17:11:27.0906 3716 BITS - ok

17:11:27.0921 3716 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

17:11:27.0937 3716 Browser - ok

17:11:27.0937 3716 BUSB_AUDIO_WDM (f1d6ad745dbf94a141d077b6c9e22f00) C:\WINDOWS\system32\drivers\busbwdm.sys

17:11:27.0953 3716 BUSB_AUDIO_WDM - ok

17:11:28.0062 3716 catchme - ok

17:11:28.0093 3716 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

17:11:28.0093 3716 cbidf - ok

17:11:28.0093 3716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:11:28.0093 3716 cbidf2k - ok

17:11:28.0140 3716 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

17:11:28.0140 3716 CCDECODE - ok

17:11:28.0156 3716 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

17:11:28.0156 3716 cd20xrnt - ok

17:11:28.0203 3716 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:11:28.0203 3716 Cdaudio - ok

17:11:28.0218 3716 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:11:28.0218 3716 Cdfs - ok

17:11:28.0250 3716 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:11:28.0265 3716 Cdrom - ok

17:11:28.0265 3716 Changer - ok

17:11:28.0281 3716 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

17:11:28.0296 3716 CiSvc - ok

17:11:28.0343 3716 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

17:11:28.0343 3716 ClipSrv - ok

17:11:28.0437 3716 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:11:28.0500 3716 clr_optimization_v2.0.50727_32 - ok

17:11:28.0515 3716 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

17:11:28.0515 3716 CmdIde - ok

17:11:28.0515 3716 COMSysApp - ok

17:11:28.0531 3716 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

17:11:28.0546 3716 Cpqarray - ok

17:11:28.0578 3716 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys

17:11:28.0578 3716 cpuz135 - ok

17:11:28.0687 3716 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

17:11:28.0703 3716 Creative Audio Engine Licensing Service - ok

17:11:28.0718 3716 Creative Labs Licensing Service (7db5e3f44d797bd38b8e336ccc2e49d5) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

17:11:28.0718 3716 Creative Labs Licensing Service - ok

17:11:28.0765 3716 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe

17:11:28.0765 3716 Creative Service for CDROM Access - ok

17:11:28.0781 3716 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

17:11:28.0781 3716 CryptSvc - ok

17:11:28.0812 3716 CT20XUT (b9106942eb5dd0e034ab40a9d48d056e) C:\WINDOWS\system32\drivers\CT20XUT.SYS

17:11:28.0812 3716 CT20XUT - ok

17:11:28.0812 3716 CT20XUT.SYS (b9106942eb5dd0e034ab40a9d48d056e) C:\WINDOWS\System32\drivers\CT20XUT.SYS

17:11:28.0828 3716 CT20XUT.SYS - ok

17:11:28.0843 3716 ctac32k (f2b1d0a3d21bd0d9f46457cbcec1a0e9) C:\WINDOWS\system32\drivers\ctac32k.sys

17:11:28.0859 3716 ctac32k - ok

17:11:28.0875 3716 ctaud2k (44f60a5e3c3a8a6bba4c280948ea6095) C:\WINDOWS\system32\drivers\ctaud2k.sys

17:11:28.0890 3716 ctaud2k - ok

17:11:28.0953 3716 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files\Creative\Shared Files\CTAudSvc.exe

17:11:28.0953 3716 CTAudSvcService - ok

17:11:28.0984 3716 ctdvda2k (8cbe82d6bbf206e144f22cb33fab1f2c) C:\WINDOWS\system32\drivers\ctdvda2k.sys

17:11:28.0984 3716 ctdvda2k - ok

17:11:29.0046 3716 CTEXFIFX (4ae083d16ac9fc9bdf98498f93426226) C:\WINDOWS\system32\drivers\CTEXFIFX.SYS

17:11:29.0046 3716 CTEXFIFX - ok

17:11:29.0156 3716 CTEXFIFX.SYS (4ae083d16ac9fc9bdf98498f93426226) C:\WINDOWS\System32\drivers\CTEXFIFX.SYS

17:11:29.0156 3716 CTEXFIFX.SYS - ok

17:11:29.0187 3716 CTHWIUT (b610bfe02f9fc0cb0b1cde3ec4c13ffa) C:\WINDOWS\system32\drivers\CTHWIUT.SYS

17:11:29.0187 3716 CTHWIUT - ok

17:11:29.0203 3716 CTHWIUT.SYS (b610bfe02f9fc0cb0b1cde3ec4c13ffa) C:\WINDOWS\System32\drivers\CTHWIUT.SYS

17:11:29.0203 3716 CTHWIUT.SYS - ok

17:11:29.0203 3716 ctprxy2k (f0f19a13c948e5289601e354b08e0941) C:\WINDOWS\system32\drivers\ctprxy2k.sys

17:11:29.0203 3716 ctprxy2k - ok

17:11:29.0218 3716 ctsfm2k (c7b2c36a6203a5f3d0a378fd78c5ddd6) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

17:11:29.0234 3716 ctsfm2k - ok

17:11:29.0265 3716 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys

17:11:29.0265 3716 CTUSFSYN - ok

17:11:29.0312 3716 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

17:11:29.0328 3716 dac2w2k - ok

17:11:29.0328 3716 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

17:11:29.0343 3716 dac960nt - ok

17:11:29.0343 3716 DCamUSBSvis - ok

17:11:29.0390 3716 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

17:11:29.0406 3716 DcomLaunch - ok

17:11:29.0421 3716 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

17:11:29.0437 3716 Dhcp - ok

17:11:29.0468 3716 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:11:29.0468 3716 Disk - ok

17:11:29.0515 3716 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

17:11:29.0515 3716 DLABOIOM - ok

17:11:29.0531 3716 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

17:11:29.0531 3716 DLACDBHM - ok

17:11:29.0546 3716 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS

17:11:29.0546 3716 DLADResN - ok

17:11:29.0546 3716 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

17:11:29.0546 3716 DLAIFS_M - ok

17:11:29.0562 3716 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

17:11:29.0562 3716 DLAOPIOM - ok

17:11:29.0562 3716 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

17:11:29.0562 3716 DLAPoolM - ok

17:11:29.0578 3716 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

17:11:29.0578 3716 DLARTL_N - ok

17:11:29.0578 3716 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

17:11:29.0593 3716 DLAUDFAM - ok

17:11:29.0593 3716 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

17:11:29.0609 3716 DLAUDF_M - ok

17:11:29.0609 3716 dmadmin - ok

17:11:29.0656 3716 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

17:11:29.0656 3716 dmboot - ok

17:11:29.0671 3716 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

17:11:29.0671 3716 dmio - ok

17:11:29.0703 3716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:11:29.0703 3716 dmload - ok

17:11:29.0750 3716 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

17:11:29.0750 3716 dmserver - ok

17:11:29.0781 3716 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:11:29.0781 3716 DMusic - ok

17:11:29.0828 3716 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

17:11:29.0828 3716 Dnscache - ok

17:11:29.0953 3716 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

17:11:29.0968 3716 Dot3svc - ok

17:11:29.0984 3716 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

17:11:29.0984 3716 dpti2o - ok

17:11:30.0015 3716 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:11:30.0015 3716 drmkaud - ok

17:11:30.0015 3716 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

17:11:30.0015 3716 DRVMCDB - ok

17:11:30.0031 3716 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

17:11:30.0031 3716 DRVNDDM - ok

17:11:30.0156 3716 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

17:11:30.0156 3716 DSproct - ok

17:11:30.0171 3716 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

17:11:30.0171 3716 E100B - ok

17:11:30.0203 3716 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

17:11:30.0203 3716 EapHost - ok

17:11:30.0281 3716 EaseUS Agent (64585b1d85ff7566b99ced303a02f357) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

17:11:30.0312 3716 EaseUS Agent - ok

17:11:30.0406 3716 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe

17:11:30.0406 3716 ehRecvr - ok

17:11:30.0453 3716 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe

17:11:30.0453 3716 ehSched - ok

17:11:30.0484 3716 emupia (fb2d6d4d14ae801f5267b0368fc0cb0c) C:\WINDOWS\system32\drivers\emupia2k.sys

17:11:30.0484 3716 emupia - ok

17:11:30.0500 3716 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

17:11:30.0515 3716 ERSvc - ok

17:11:30.0531 3716 EUBAKUP (40f272bc66a4692c4e5a07008b3c428d) C:\WINDOWS\system32\drivers\eubakup.sys

17:11:30.0531 3716 EUBAKUP - ok

17:11:30.0562 3716 EUBKMON (be026469e2a07e27910c7cd059e89557) C:\WINDOWS\system32\drivers\EUBKMON.sys

17:11:30.0562 3716 EUBKMON - ok

17:11:30.0593 3716 EUDSKACS (b5a6d8ffb1be1ea333c96f8788c6a909) C:\WINDOWS\system32\drivers\eudskacs.sys

17:11:30.0593 3716 EUDSKACS - ok

17:11:30.0609 3716 EUFDDISK (a67bf5bb59c6c15fab47c771dbe00c20) C:\WINDOWS\system32\drivers\EuFdDisk.sys

17:11:30.0609 3716 EUFDDISK - ok

17:11:30.0656 3716 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

17:11:30.0671 3716 Eventlog - ok

17:11:30.0703 3716 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

17:11:30.0718 3716 EventSystem - ok

17:11:30.0765 3716 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:11:30.0765 3716 Fastfat - ok

17:11:30.0796 3716 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

17:11:30.0812 3716 FastUserSwitchingCompatibility - ok

17:11:30.0859 3716 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

17:11:30.0859 3716 Fax - ok

17:11:30.0890 3716 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

17:11:30.0890 3716 Fdc - ok

17:11:30.0906 3716 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

17:11:30.0906 3716 Fips - ok

17:11:30.0937 3716 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

17:11:30.0937 3716 Flpydisk - ok

17:11:30.0968 3716 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

17:11:30.0984 3716 FltMgr - ok

17:11:31.0093 3716 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

17:11:31.0093 3716 FontCache3.0.0.0 - ok

17:11:31.0125 3716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:11:31.0140 3716 Fs_Rec - ok

17:11:31.0171 3716 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:11:31.0187 3716 Ftdisk - ok

17:11:31.0203 3716 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:11:31.0203 3716 Gpc - ok

17:11:31.0328 3716 Guard Agent (a6a4223573cfcf87843cfcb3a9c237c7) C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe

17:11:31.0359 3716 Guard Agent - ok

17:11:31.0437 3716 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

17:11:31.0453 3716 gupdate - ok

17:11:31.0453 3716 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

17:11:31.0453 3716 gupdatem - ok

17:11:31.0531 3716 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

17:11:31.0531 3716 gusvc - ok

17:11:31.0609 3716 ha20x2k (7ff1ced1201c169a783b0e81cc561fba) C:\WINDOWS\system32\drivers\ha20x2k.sys

17:11:31.0609 3716 ha20x2k - ok

17:11:31.0656 3716 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:11:31.0656 3716 HDAudBus - ok

17:11:31.0734 3716 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

17:11:31.0734 3716 helpsvc - ok

17:11:31.0750 3716 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

17:11:31.0765 3716 HidServ - ok

17:11:31.0781 3716 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:11:31.0781 3716 HidUsb - ok

17:11:31.0843 3716 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

17:11:31.0843 3716 hkmsvc - ok

17:11:31.0859 3716 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

17:11:31.0859 3716 hpn - ok

17:11:31.0921 3716 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:11:31.0921 3716 HTTP - ok

17:11:31.0937 3716 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

17:11:31.0953 3716 HTTPFilter - ok

17:11:31.0984 3716 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

17:11:31.0984 3716 i2omgmt - ok

17:11:32.0000 3716 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

17:11:32.0000 3716 i2omp - ok

17:11:32.0015 3716 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:11:32.0015 3716 i8042prt - ok

17:11:32.0109 3716 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

17:11:32.0125 3716 IDriverT - ok

17:11:32.0265 3716 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:11:32.0281 3716 idsvc - ok

17:11:32.0296 3716 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:11:32.0312 3716 Imapi - ok

17:11:32.0343 3716 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

17:11:32.0359 3716 ImapiService - ok

17:11:32.0437 3716 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

17:11:32.0437 3716 ini910u - ok

17:11:32.0453 3716 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

17:11:32.0453 3716 IntelIde - ok

17:11:32.0468 3716 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:11:32.0484 3716 intelppm - ok

17:11:32.0515 3716 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

17:11:32.0515 3716 Ip6Fw - ok

17:11:32.0531 3716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:11:32.0546 3716 IpFilterDriver - ok

17:11:32.0546 3716 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:11:32.0546 3716 IpInIp - ok

17:11:32.0593 3716 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:11:32.0593 3716 IpNat - ok

17:11:32.0640 3716 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:11:32.0656 3716 IPSec - ok

17:11:32.0656 3716 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:11:32.0656 3716 IRENUM - ok

17:11:32.0703 3716 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:11:32.0703 3716 isapnp - ok

17:11:32.0859 3716 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe

17:11:32.0859 3716 JavaQuickStarterService - ok

17:11:32.0875 3716 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:11:32.0875 3716 Kbdclass - ok

17:11:32.0890 3716 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:11:32.0890 3716 kbdhid - ok

17:11:32.0937 3716 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:11:32.0937 3716 kmixer - ok

17:11:32.0968 3716 KORGUMDS (50deddce25c89382a23e605eb4e0236b) C:\WINDOWS\system32\Drivers\KORGUMDS.SYS

17:11:32.0968 3716 KORGUMDS - ok

17:11:33.0000 3716 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:11:33.0000 3716 KSecDD - ok

17:11:33.0046 3716 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

17:11:33.0062 3716 lanmanserver - ok

17:11:33.0093 3716 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

17:11:33.0109 3716 lanmanworkstation - ok

17:11:33.0109 3716 lbrtfdc - ok

17:11:33.0125 3716 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

17:11:33.0140 3716 LmHosts - ok

17:11:33.0156 3716 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys

17:11:33.0171 3716 mbamchameleon - ok

17:11:33.0171 3716 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

17:11:33.0187 3716 MBAMProtector - ok

17:11:33.0234 3716 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

17:11:33.0250 3716 MBAMService - ok

17:11:33.0328 3716 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe

17:11:33.0328 3716 McrdSvc - ok

17:11:33.0421 3716 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

17:11:33.0437 3716 MDM - ok

17:11:33.0515 3716 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

17:11:33.0515 3716 Messenger - ok

17:11:33.0546 3716 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll

17:11:33.0546 3716 MHN - ok

17:11:33.0625 3716 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

17:11:33.0625 3716 MHNDRV - ok

17:11:33.0656 3716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:11:33.0656 3716 mnmdd - ok

17:11:33.0687 3716 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

17:11:33.0687 3716 mnmsrvc - ok

17:11:33.0718 3716 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

17:11:33.0718 3716 Modem - ok

17:11:33.0781 3716 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys

17:11:33.0812 3716 monfilt - ok

17:11:33.0875 3716 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:11:33.0875 3716 Mouclass - ok

17:11:33.0906 3716 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:11:33.0906 3716 mouhid - ok

17:11:33.0921 3716 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:11:33.0937 3716 MountMgr - ok

17:11:33.0953 3716 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

17:11:33.0953 3716 MPE - ok

17:11:33.0968 3716 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

17:11:33.0968 3716 mraid35x - ok

17:11:33.0984 3716 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:11:33.0984 3716 MRxDAV - ok

17:11:34.0046 3716 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:11:34.0046 3716 MRxSmb - ok

17:11:34.0093 3716 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

17:11:34.0093 3716 MSDTC - ok

17:11:34.0109 3716 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:11:34.0109 3716 Msfs - ok

17:11:34.0109 3716 MSIServer - ok

17:11:34.0140 3716 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:11:34.0140 3716 MSKSSRV - ok

17:11:34.0156 3716 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:11:34.0156 3716 MSPCLOCK - ok

17:11:34.0171 3716 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:11:34.0171 3716 MSPQM - ok

17:11:34.0187 3716 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:11:34.0187 3716 mssmbios - ok

17:11:34.0218 3716 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

17:11:34.0218 3716 MSTEE - ok

17:11:34.0250 3716 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:11:34.0250 3716 Mup - ok

17:11:34.0281 3716 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

17:11:34.0281 3716 NABTSFEC - ok

17:11:34.0359 3716 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

17:11:34.0359 3716 napagent - ok

17:11:34.0515 3716 NBService (3bae2bfcb6d69e19c8373f635dd544dc) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

17:11:34.0531 3716 NBService - ok

17:11:34.0593 3716 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:11:34.0593 3716 NDIS - ok

17:11:34.0625 3716 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

17:11:34.0625 3716 NdisIP - ok

17:11:34.0656 3716 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:11:34.0656 3716 NdisTapi - ok

17:11:34.0671 3716 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:11:34.0671 3716 Ndisuio - ok

17:11:34.0687 3716 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:11:34.0687 3716 NdisWan - ok

17:11:34.0718 3716 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:11:34.0734 3716 NDProxy - ok

17:11:34.0734 3716 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:11:34.0734 3716 NetBIOS - ok

17:11:34.0750 3716 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:11:34.0765 3716 NetBT - ok

17:11:34.0796 3716 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

17:11:34.0812 3716 NetDDE - ok

17:11:34.0812 3716 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

17:11:34.0828 3716 NetDDEdsdm - ok

17:11:34.0859 3716 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:11:34.0859 3716 Netlogon - ok

17:11:34.0890 3716 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

17:11:34.0890 3716 Netman - ok

17:11:35.0031 3716 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:11:35.0031 3716 NetTcpPortSharing - ok

17:11:35.0078 3716 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

17:11:35.0078 3716 Nla - ok

17:11:35.0203 3716 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

17:11:35.0203 3716 NMIndexingService - ok

17:11:35.0296 3716 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:11:35.0296 3716 Npfs - ok

17:11:35.0343 3716 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:11:35.0359 3716 Ntfs - ok

17:11:35.0390 3716 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:11:35.0390 3716 NtLmSsp - ok

17:11:35.0421 3716 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

17:11:35.0437 3716 NtmsSvc - ok

17:11:35.0484 3716 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:11:35.0484 3716 Null - ok

17:11:35.0593 3716 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

17:11:35.0656 3716 nv - ok

17:11:35.0796 3716 nvata (6b37162e91a7005baa753cb611acea2d) C:\WINDOWS\system32\DRIVERS\nvata.sys

17:11:35.0796 3716 nvata - ok

17:11:35.0843 3716 nvatabus (75562456aa672bb5fe56d3c64c6d1c7d) C:\WINDOWS\system32\drivers\nvatabus.sys

17:11:35.0843 3716 nvatabus - ok

17:11:35.0859 3716 nvraid (1d4781a5957300dc81b91161b45704bb) C:\WINDOWS\system32\drivers\nvraid.sys

17:11:35.0875 3716 nvraid - ok

17:11:35.0906 3716 NVSvc (986d6666e076afd2b60acafd5b01a00f) C:\WINDOWS\system32\nvsvc32.exe

17:11:35.0921 3716 NVSvc - ok

17:11:35.0937 3716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:11:35.0937 3716 NwlnkFlt - ok

17:11:35.0953 3716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:11:35.0953 3716 NwlnkFwd - ok

17:11:36.0031 3716 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:11:36.0031 3716 ose - ok

17:11:36.0062 3716 ossrv (ac5bf1a610effaae9cfc48cb53483f08) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

17:11:36.0078 3716 ossrv - ok

17:11:36.0109 3716 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

17:11:36.0109 3716 Parport - ok

17:11:36.0156 3716 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:11:36.0156 3716 PartMgr - ok

17:11:36.0171 3716 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:11:36.0187 3716 ParVdm - ok

17:11:36.0203 3716 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:11:36.0218 3716 PCI - ok

17:11:36.0218 3716 PCIDump - ok

17:11:36.0250 3716 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:11:36.0250 3716 PCIIde - ok

17:11:36.0265 3716 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:11:36.0265 3716 Pcmcia - ok

17:11:36.0281 3716 Pcouffin (cd2425fd848e5fa09c9a213da56817a9) C:\WINDOWS\system32\Drivers\Pcouffin.sys

17:11:36.0281 3716 Pcouffin - ok

17:11:36.0343 3716 PCTAppEvent (7ea0ebd6e5aa687e116eb185a7cfb667) C:\WINDOWS\system32\drivers\PCTAppEvent.sys

17:11:36.0343 3716 PCTAppEvent - ok

17:11:36.0390 3716 PCTFW-PacketFilter (60af5fa418efe284fb81dbbf5a0391fb) C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys

17:11:36.0390 3716 PCTFW-PacketFilter - ok

17:11:36.0421 3716 pctgntdi (5be722c8c9bba995693c8cd524d83b27) C:\WINDOWS\system32\drivers\pctgntdi.sys

17:11:36.0421 3716 pctgntdi - ok

17:11:36.0437 3716 pctNdis (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys

17:11:36.0437 3716 pctNdis - ok

17:11:36.0437 3716 pctNdisMP (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys

17:11:36.0437 3716 pctNdisMP - ok

17:11:36.0531 3716 PCToolsFirewallPlus (86d511370a217b554916e3a45d091042) C:\Program Files\PC Tools Firewall Plus\FWService.exe

17:11:36.0531 3716 PCToolsFirewallPlus - ok

17:11:36.0546 3716 pctplfw (fe6803af91ddb32ff8edf5d6c0d370af) C:\WINDOWS\system32\drivers\pctplfw.sys

17:11:36.0546 3716 pctplfw - ok

17:11:36.0546 3716 PDCOMP - ok

17:11:36.0562 3716 PDFRAME - ok

17:11:36.0562 3716 PDRELI - ok

17:11:36.0578 3716 PDRFRAME - ok

17:11:36.0593 3716 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

17:11:36.0609 3716 perc2 - ok

17:11:36.0609 3716 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

17:11:36.0625 3716 perc2hib - ok

17:11:36.0671 3716 PfModNT (26b529a374d19e8c61a7943f8466232d) C:\WINDOWS\system32\drivers\PfModNT.sys

17:11:36.0671 3716 PfModNT - ok

17:11:36.0703 3716 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\WINDOWS\system32\IoctlSvc.exe

17:11:36.0718 3716 PLFlash DeviceIoControl Service - ok

17:11:36.0750 3716 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

17:11:36.0765 3716 PlugPlay - ok

17:11:36.0781 3716 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:11:36.0781 3716 PolicyAgent - ok

17:11:36.0812 3716 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:11:36.0828 3716 PptpMiniport - ok

17:11:36.0828 3716 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

17:11:36.0843 3716 Processor - ok

17:11:36.0843 3716 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:11:36.0843 3716 ProtectedStorage - ok

17:11:36.0859 3716 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:11:36.0859 3716 PSched - ok

17:11:36.0890 3716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:11:36.0890 3716 Ptilink - ok

17:11:36.0921 3716 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

17:11:36.0921 3716 PxHelp20 - ok

17:11:36.0937 3716 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

17:11:36.0937 3716 ql1080 - ok

17:11:36.0953 3716 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

17:11:36.0953 3716 Ql10wnt - ok

17:11:36.0968 3716 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

17:11:36.0968 3716 ql12160 - ok

17:11:36.0984 3716 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

17:11:36.0984 3716 ql1240 - ok

17:11:37.0000 3716 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

17:11:37.0000 3716 ql1280 - ok

17:11:37.0125 3716 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys

17:11:37.0125 3716 RapportCerberus_34302 - ok

17:11:37.0250 3716 RapportEI (d78c402d0e87b0dd7c7cf02934cbe0c3) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

17:11:37.0250 3716 RapportEI - ok

17:11:37.0281 3716 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys

17:11:37.0296 3716 RapportIaso - ok

17:11:37.0328 3716 RapportKELL (2948a395a64a25dababeabaec507f0b2) C:\WINDOWS\system32\Drivers\RapportKELL.sys

17:11:37.0343 3716 RapportKELL - ok

17:11:37.0484 3716 RapportMgmtService (659902a5e589cfe32baa8a48d6bd5d35) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

17:11:37.0500 3716 RapportMgmtService - ok

17:11:37.0562 3716 RapportPG (b8a9707bde2fe01e4988d6b622a575f2) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

17:11:37.0562 3716 RapportPG - ok

17:11:37.0671 3716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:11:37.0671 3716 RasAcd - ok

17:11:37.0718 3716 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

17:11:37.0718 3716 RasAuto - ok

17:11:37.0750 3716 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:11:37.0750 3716 Rasl2tp - ok

17:11:37.0781 3716 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

17:11:37.0796 3716 RasMan - ok

17:11:37.0812 3716 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:11:37.0812 3716 RasPppoe - ok

17:11:37.0812 3716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:11:37.0812 3716 Raspti - ok

17:11:37.0843 3716 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:11:37.0859 3716 Rdbss - ok

17:11:37.0859 3716 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:11:37.0859 3716 RDPCDD - ok

17:11:37.0875 3716 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:11:37.0890 3716 rdpdr - ok

17:11:37.0921 3716 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

17:11:37.0937 3716 RDPWD - ok

17:11:37.0953 3716 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

17:11:37.0968 3716 RDSessMgr - ok

17:11:37.0984 3716 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:11:37.0984 3716 redbook - ok

17:11:38.0031 3716 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

17:11:38.0046 3716 RemoteAccess - ok

17:11:38.0062 3716 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

17:11:38.0062 3716 RemoteRegistry - ok

17:11:38.0078 3716 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

17:11:38.0093 3716 RpcLocator - ok

17:11:38.0125 3716 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

17:11:38.0140 3716 RpcSs - ok

17:11:38.0187 3716 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

17:11:38.0203 3716 RSVP - ok

17:11:38.0218 3716 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:11:38.0218 3716 SamSs - ok

17:11:38.0250 3716 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

17:11:38.0265 3716 SCardSvr - ok

17:11:38.0312 3716 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

17:11:38.0328 3716 Schedule - ok

17:11:38.0390 3716 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:11:38.0390 3716 Secdrv - ok

17:11:38.0437 3716 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

17:11:38.0437 3716 seclogon - ok

17:11:38.0453 3716 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

17:11:38.0468 3716 SENS - ok

17:11:38.0500 3716 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:11:38.0515 3716 serenum - ok

17:11:38.0531 3716 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

17:11:38.0531 3716 Serial - ok

17:11:38.0593 3716 sfdrv01 (adeb7db47a6f3412283259176f408be5) C:\WINDOWS\system32\drivers\sfdrv01.sys

17:11:38.0593 3716 sfdrv01 - ok

17:11:38.0609 3716 sfhlp02 (c1376a954899d98488a19396ea3aae2b) C:\WINDOWS\system32\drivers\sfhlp02.sys

17:11:38.0609 3716 sfhlp02 - ok

17:11:38.0640 3716 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

17:11:38.0640 3716 Sfloppy - ok

17:11:38.0656 3716 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys

17:11:38.0656 3716 sfvfs02 - ok

17:11:38.0703 3716 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

17:11:38.0703 3716 SharedAccess - ok

17:11:38.0765 3716 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

17:11:38.0781 3716 ShellHWDetection - ok

17:11:38.0781 3716 Simbad - ok

17:11:38.0812 3716 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

17:11:38.0812 3716 sisagp - ok

17:11:38.0812 3716 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

17:11:38.0828 3716 SLIP - ok

17:11:38.0843 3716 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

17:11:38.0843 3716 Sparrow - ok

17:11:38.0859 3716 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:11:38.0875 3716 splitter - ok

17:11:38.0906 3716 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

17:11:38.0906 3716 Spooler - ok

17:11:38.0921 3716 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

17:11:38.0921 3716 sr - ok

17:11:38.0953 3716 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

17:11:38.0968 3716 srservice - ok

17:11:39.0031 3716 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:11:39.0031 3716 Srv - ok

17:11:39.0046 3716 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

17:11:39.0062 3716 SSDPSRV - ok

17:11:39.0125 3716 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys

17:11:39.0156 3716 STHDA - ok

17:11:39.0203 3716 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

17:11:39.0218 3716 stisvc - ok

17:11:39.0281 3716 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

17:11:39.0281 3716 streamip - ok

17:11:39.0312 3716 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:11:39.0328 3716 swenum - ok

17:11:39.0343 3716 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:11:39.0343 3716 swmidi - ok

17:11:39.0343 3716 SwPrv - ok

17:11:39.0390 3716 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

17:11:39.0390 3716 symc810 - ok

17:11:39.0406 3716 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

17:11:39.0406 3716 symc8xx - ok

17:11:39.0421 3716 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

17:11:39.0421 3716 sym_hi - ok

17:11:39.0421 3716 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

17:11:39.0437 3716 sym_u3 - ok

17:11:39.0437 3716 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:11:39.0437 3716 sysaudio - ok

17:11:39.0468 3716 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

17:11:39.0468 3716 SysmonLog - ok

17:11:39.0500 3716 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

17:11:39.0515 3716 TapiSrv - ok

17:11:39.0562 3716 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:11:39.0562 3716 Tcpip - ok

17:11:39.0593 3716 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:11:39.0593 3716 TDPIPE - ok

17:11:39.0609 3716 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:11:39.0609 3716 TDTCP - ok

17:11:39.0640 3716 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:11:39.0656 3716 TermDD - ok

17:11:39.0687 3716 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

17:11:39.0703 3716 TermService - ok

17:11:39.0750 3716 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

17:11:39.0750 3716 Themes - ok

17:11:39.0812 3716 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

17:11:39.0828 3716 TlntSvr - ok

17:11:39.0843 3716 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

17:11:39.0843 3716 TosIde - ok

17:11:39.0859 3716 TPkd - ok

17:11:39.0875 3716 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

17:11:39.0890 3716 TrkWks - ok

17:11:39.0921 3716 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:11:39.0921 3716 Udfs - ok

17:11:39.0953 3716 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

17:11:39.0953 3716 ultra - ok

17:11:40.0000 3716 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:11:40.0015 3716 Update - ok

17:11:40.0046 3716 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

17:11:40.0062 3716 upnphost - ok

17:11:40.0078 3716 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

17:11:40.0093 3716 UPS - ok

17:11:40.0140 3716 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

17:11:40.0140 3716 usbaudio - ok

17:11:40.0156 3716 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:11:40.0156 3716 usbccgp - ok

17:11:40.0187 3716 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:11:40.0187 3716 usbehci - ok

17:11:40.0203 3716 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:11:40.0203 3716 usbhub - ok

17:11:40.0218 3716 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

17:11:40.0218 3716 usbohci - ok

17:11:40.0234 3716 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:11:40.0234 3716 usbprint - ok

17:11:40.0265 3716 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:11:40.0265 3716 usbscan - ok

17:11:40.0281 3716 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:11:40.0281 3716 USBSTOR - ok

17:11:40.0296 3716 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:11:40.0296 3716 usbuhci - ok

17:11:40.0343 3716 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:11:40.0343 3716 VgaSave - ok

17:11:40.0375 3716 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

17:11:40.0375 3716 viaagp - ok

17:11:40.0390 3716 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

17:11:40.0390 3716 ViaIde - ok

17:11:40.0421 3716 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:11:40.0421 3716 VolSnap - ok

17:11:40.0453 3716 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

17:11:40.0468 3716 VSS - ok

17:11:40.0500 3716 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

17:11:40.0500 3716 w32time - ok

17:11:40.0515 3716 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:11:40.0515 3716 Wanarp - ok

17:11:40.0531 3716 wanatw - ok

17:11:40.0593 3716 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

17:11:40.0609 3716 Wdf01000 - ok

17:11:40.0609 3716 WDICA - ok

17:11:40.0640 3716 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:11:40.0640 3716 wdmaud - ok

17:11:40.0671 3716 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

17:11:40.0687 3716 WebClient - ok

17:11:40.0750 3716 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

17:11:40.0765 3716 winmgmt - ok

17:11:40.0828 3716 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll

17:11:40.0859 3716 WinRM - ok

17:11:40.0953 3716 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

17:11:40.0953 3716 WinUSB - ok

17:11:41.0000 3716 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

17:11:41.0000 3716 WmdmPmSN - ok

17:11:41.0046 3716 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

17:11:41.0046 3716 Wmi - ok

17:11:41.0078 3716 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

17:11:41.0078 3716 WmiApSrv - ok

17:11:41.0203 3716 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

17:11:41.0218 3716 WMPNetworkSvc - ok

17:11:41.0234 3716 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

17:11:41.0234 3716 WpdUsb - ok

17:11:41.0281 3716 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

17:11:41.0281 3716 WS2IFSL - ok

17:11:41.0328 3716 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

17:11:41.0343 3716 wscsvc - ok

17:11:41.0375 3716 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

17:11:41.0390 3716 WSTCODEC - ok

17:11:41.0421 3716 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

17:11:41.0421 3716 wuauserv - ok

17:11:41.0468 3716 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

17:11:41.0468 3716 WudfPf - ok

17:11:41.0484 3716 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

17:11:41.0500 3716 WudfRd - ok

17:11:41.0531 3716 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

17:11:41.0546 3716 WudfSvc - ok

17:11:41.0609 3716 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

17:11:41.0625 3716 WZCSVC - ok

17:11:41.0671 3716 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

17:11:41.0687 3716 xmlprov - ok

17:11:41.0703 3716 MBR (0x1B8) (91722e6bc3a2b40ff00222dca4a3db3e) \Device\Harddisk0\DR0

17:11:41.0734 3716 \Device\Harddisk0\DR0 - ok

17:11:41.0765 3716 Boot (0x1200) (b3c33cdae0262de3bab5d8071ed176ac) \Device\Harddisk0\DR0\Partition0

17:11:41.0765 3716 \Device\Harddisk0\DR0\Partition0 - ok

17:11:41.0765 3716 ============================================================

17:11:41.0765 3716 Scan finished

17:11:41.0765 3716 ============================================================

17:11:41.0781 3552 Detected object count: 0

17:11:41.0781 3552 Actual detected object count: 0

Elise · May 8, 2012

That all looks good, how is everything running at this point?

Bohma · May 8, 2012

Seems to be OK but I thought things were OK before I found a Russian site on the MBAM Ignore List.

I can't imagine where this could have come from as I have Avast, MBAM and PCTools Firewall plus. Also, if I ever download anything I scan it with Avast and MBAM before opening or unzipping the file. I've also got WOT. I can't think of anything else I can do.

Elise · May 8, 2012

Everything looks perfectly fine, I'm not sure how that site ended up there (maybe someone accidentally clicked on Ignore when it appeared), so no need to worry about an active infection.

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

Download the latest version of Adobe Reader Version X. and save it to your desktop.
Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
Click the download button at the bottom.
If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
Then from your desktop double-click on Adobe Reader to install the newest version.
If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the "Adobe Setup - Welcome" window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
2. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
3. Double click on the
  icon on your desktop.
4. Check "YES, I accept the Terms of Use."
5. Click the Start button.
6. Accept any security warnings from your browser.
7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:
  - Scan potentially unwanted applications
  - Scan for potentially unsafe applications
  - Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Bohma · May 12, 2012

<p>Hi Elise,</p>

<p>Sorry for the delay in replying but I did not notice your request to run a scan with ESET until today when I received a strange email from 'ex1stence' , apparently via your site. I have now run the scan and 6 infections were found. I have pasted the report below. </p>

<p>Since your last email, thinking my PC was clean of infections, I have cloned my hard disk to a larger sized one and this is the one the infections were found on. The original HD is still in my PC but is not currently connected to the motherboard with a data cable. I am assuming that this HD must also be infected and will need to be cleaned.</p>

<div>C:\Documents and Settings\Brendan O'Mahony\Local Settings\TempImages\UpdateInstaller.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Agent.SZW trojan<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

<div>C:\Documents and Settings\Brendan O'Mahony\My Documents\Downloads\FreeWAVToMP3ConverterSetup.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Agent.SZW trojan<span class="Apple-tab-span" style="white-space:pre"> </span>deleted - quarantined</div>

<div>C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP20\A0174471.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

<div>C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP20\A0174472.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

<div>C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP48\A0252863.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

<div>C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP55\A0257364.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Agent.SZW trojan<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

Elise · May 12, 2012

No worries, nothing was active, most of it was in system restore, which will be reset in the following steps.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

Delete the tools used during the disinfection:
- Press windows key + r on your keyboard at the same time. In the run box type combofix /uninstall, then press OK.
- This will remove Combofix and other tools we used from your computer.
[*]You can delete any other tool or log by simply deleting them.

Please read the following advice on how to prevent reinfecting your PC:

Install and update the following programs regularly:
- an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
  A comprehensive tutorial and a list of possible firewalls can be found here.
- an AntiVirus Software
  It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
- an Anti-Spyware program
  Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
  SUPERAntiSpyware is another good scanner with high detection and removal rates.
  Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
- Spyware Blaster
  A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Miekies' prevention suggestions
So How did I get infected?
Microsoft - 'Security at home'
Calendar of Updates: See which updates have been released.
How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
osalt: Find (free) open source alternatives to known commercial software.

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Bohma · May 12, 2012

Hi Elise,

Thanks for your quick reply. Before I uninstall Combofix etc. how do I go about cleaning the HD I've cloned?

Elise · May 12, 2012

If it was a recent clone the best thing would be to recreate it after doing all steps to update and protect your computer. That way you can be sure it is clean and can be used.

Bohma · May 14, 2012

Hi Elise,

I've done all you suggested in your last email but I notice that System Restore is turned off. Is it safe to turn it on again?

Elise · May 14, 2012

Yes, please turn it on.

If you have no other questions I will request this topic to be closed.

LDTate · May 14, 2012

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Russian Site added itself to Ignore List

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information