14 replies to this topic

[Bohma]

Hi,

I've run DDS and the two reports are pasted below.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Brendan O'Mahony at 16:15:57 on 2012-04-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2233 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe
C:\windows\ehome\ehtray.exe
C:\windows\system32\dla\dlactrlw.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\WinDates\WinDates.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Brendan O'Mahony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Brendan O'Mahony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Brendan O'Mahony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Brendan O'Mahony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Brendan O'Mahony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/ig?refresh=1
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Advertising Cookie Opt-out: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - c:\program files\google\advertising cookie opt-out\opt_out.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] ; "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [BitTorrent DNA] ; "c:\program files\dna\btdna.exe"
uRun: [Creative Detector] ; "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\brendan o'mahony\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe ARM] ; "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] ; "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [CTSysVol] ; "c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe" /r
mRun: [DMXLauncher] ; "c:\program files\dell\media experience\DMXLauncher.exe"
mRun: [ISUSPM Startup] ; "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [QuickTime Task] ; "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SigmatelSysTrayApp] ; stsystra.exe
mRun: [UpdReg] ; c:\windows\UpdReg.EXE
mRun: [KORG USB-MIDI Driver] c:\program files\korg\korg usb-midi driver\EsHelper2.exe /s
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\dlactrlw.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [NeroFilterCheck] ; c:\program files\common files\ahead\lib\NeroCheck.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\brenda~1\startm~1\programs\startup\windates.lnk - c:\program files\windates\WinDates.exe
IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: exam2score.com\www
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.euro.dell.com/systemprofiler/SysPro.CAB
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://homebase.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - hxxp://www.devalvr.com/instalacion/plugin/devalvrplugin.php
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165595934929
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://bq.kp.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://202.139.104.2/activex/AxisCamControl.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://216.123.238.206/activex/AMC.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://edexcel.webex.com/client/T25L/support/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
DPF: {FE8FE5F0-E1EE-4ACD-81E0-2A6CFECB8431} - hxxp://downloads.e-marking.eu.com/ePenClientSpec.ocx
TCP: Interfaces\{29B39846-0902-49E5-B96A-2F1FC54E9A72} : DhcpNameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{58C0D046-5A3A-4A04-ACAD-AF80A584954F} : NameServer = 212.159.13.49,212.159.13.50
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\brendan o'mahony\application data\mozilla\firefox\profiles\88e1vnko.new profile\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig
FF - plugin: c:\documents and settings\brendan o'mahony\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-4-17 56208]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-21 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-21 337880]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-2-27 251560]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-4-17 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-4-17 164112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-21 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-21 44768]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-9-5 21992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-4 654408]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2012-2-27 160576]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-4-17 931640]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-4 22344]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2012-2-27 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2012-2-27 57536]
R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\RapportIaso.sys [2012-4-17 21520]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-8 135664]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2012-2-27 286000]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 253088]
S3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [2007-2-17 133504]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2011-9-24 384576]
S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2011-9-24 39488]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-9-10 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]
S3 DCamUSBSvis;AXIA Stream Driver;c:\windows\system32\drivers\svstream.sys --> c:\windows\system32\drivers\svstream.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-8 135664]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2012-1-25 24056]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2012-2-27 57536]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2012-2-27 125248]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-8-16 14336]
.
=============== Created Last 30 ================
.
2012-04-23 21:47:36 -------- d-----w- c:\documents and settings\brendan o'mahony\local settings\application data\drumtrack
2012-04-23 21:47:25 -------- d-----w- c:\program files\drumtrack
2012-04-22 14:19:17 -------- d-----w- c:\documents and settings\brendan o'mahony\application data\Keolab
2012-04-17 00:23:58 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-04-07 11:36:14 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-25 22:49:29 -------- d-----w- c:\documents and settings\brendan o'mahony\application data\Flux
2012-03-25 22:45:24 -------- d-----w- c:\program files\Flux
.
==================== Find3M ====================
.
2012-04-19 15:35:36 28672 ----a-w- c:\windows\system32\verclsid.exe
2012-04-15 18:57:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 14:02:51 21 ----a-w- c:\documents and settings\brendan o'mahony\application data\iasna_FB9AEABC-F56E-4c47-A862-8892AA545113.dll
2012-03-07 00:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-27 21:39:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-27 21:39:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-26 17:41:31 1025 ----a-w- c:\windows\system32\clauth2.dll
2012-01-26 17:41:31 1025 ----a-w- c:\windows\system32\clauth1.dll
2012-01-26 17:41:30 1025 ----a-w- c:\windows\system32\sysprs7.dll
2007-10-02 22:06:42 774144 ----a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 16:17:39.89 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 13/10/2006 16:51:06
System Uptime: 24/04/2012 15:47:54 (1 hours ago)
.
Motherboard: Dell Inc | | 0CT103
Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+ | Socket M2 | 2004/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 228 GiB total, 85.499 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01ED1028&REV_02\4&DC268A3&0&3880
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01ED1028&REV_02\4&DC268A3&0&3880
Service: bcm4sbxp
.
==== System Restore Points ===================
.
RP1: 27/02/2012 20:05:13 - System Checkpoint
RP2: 27/02/2012 21:35:42 - Second Attempt
RP3: 27/02/2012 21:38:50 - Removed Java™ 6 Update 24
RP4: 27/02/2012 21:39:02 - Installed Java™ 6 Update 31
RP5: 28/02/2012 16:35:08 - Removed SlimCleaner
RP6: 03/03/2012 00:27:00 - System Checkpoint
RP7: 04/03/2012 18:56:52 - System Checkpoint
RP8: 05/03/2012 19:19:22 - System Checkpoint
RP9: 08/03/2012 16:41:31 - System Checkpoint
RP10: 10/03/2012 20:03:32 - System Checkpoint
RP11: 12/03/2012 17:39:45 - System Checkpoint
RP12: 13/03/2012 18:08:31 - System Checkpoint
RP13: 14/03/2012 18:50:01 - System Checkpoint
RP14: 14/03/2012 22:17:14 - Software Distribution Service 3.0
RP15: 17/03/2012 00:29:47 - System Checkpoint
RP16: 19/03/2012 18:07:33 - Removed Steinberg Cubase LE AI Elements 6
RP17: 19/03/2012 18:10:53 - Removed Steinberg Cubase LE 5
RP18: 21/03/2012 20:34:58 - System Checkpoint
RP19: 24/03/2012 22:04:27 - System Checkpoint
RP20: 25/03/2012 20:24:46 - Installed Flux_StereoTool
RP21: 25/03/2012 23:43:11 - Removed Flux_StereoTool
RP22: 25/03/2012 23:47:32 - Installed Flux_StereoTool
RP23: 26/03/2012 15:37:06 - Installed Rapport
RP24: 27/03/2012 20:50:21 - System Checkpoint
RP25: 04/04/2012 02:41:42 - System Checkpoint
RP26: 05/04/2012 14:21:06 - System Checkpoint
RP27: 10/04/2012 20:45:27 - System Checkpoint
RP28: 11/04/2012 22:34:55 - System Checkpoint
RP29: 12/04/2012 11:05:52 - Software Distribution Service 3.0
RP30: 16/04/2012 16:20:00 - System Checkpoint
RP31: 17/04/2012 17:09:12 - System Checkpoint
RP32: 19/04/2012 19:12:14 - System Checkpoint
RP33: 20/04/2012 19:53:17 - System Checkpoint
RP34: 22/04/2012 13:55:31 - System Checkpoint
RP35: 23/04/2012 13:58:20 - Installed Rapport
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
Adobe Shockwave Player 11
AirZip Plug-in for Internet Explorer
Apple Application Support
Apple Software Update
ArcSoft Camera Suite
ASIO4ALL
Athlon 64 Processor Driver
ATI Catalyst Control Center
ATI Display Driver
avast! Free Antivirus
AXIS Media Control Embedded
BEHRINGER USB AUDIO DRIVER
BestPractice (remove only)
BitTorrent
Blazing Angels Squadrons of WWII Demo
Broadcom Management Programs
Cagles Mill Guitar Tuner Version 1.2
Camel Audio Alchemy
CamToPrint
Canon iP4500 series
Canon iP4500 series User Registration
Canon My Printer
CCleaner
CD-LabelPrint
Clear Cache feature for Internet Explorer
Close Combat Invasion Normandy
CM Alpha
Compatibility Pack for the 2007 Office system
CPUID CPU-Z 1.58
Creative Audio Control Panel
Creative Audio Pack
Creative Console Launcher
Creative MediaSource
Creative MediaSource 5
Creative Software AutoUpdate
Creative WaveStudio 7
Dell CinePlayer
Dell Support 3.2
Dell System Restore
DevalVR for Internet Explorer (remove)
DNA
DrumTrack 1.0
DVDx 2
Easy-WebPrint
eLicenser Control
ePEN Scoring System
EPSON Copy Utility 3
EPSON Smart Panel
EPSON TWAIN 5
ESET Online Scanner v3
Fender FUSE 2.5.0.22
Flux_StereoTool
FLV Player 1.3.3
FLV Player 2.0 (build 25)
Free Convert M4A to MP3 AMR OGG AAC Converter 5.8
Free FLV Converter V 2.0
Free M4a to MP3 Converter 6.2
Google Advertising Cookie Opt-out
Google Chrome
Google Earth
Google Earth Plug-in
Google Gears
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPL MPEG-1/2 DirectShow Decoder Filter
Guitar Guru Version 2.1.2
Hallmark Smilebox
HDtracks Download Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Java Auto Updater
Java™ 6 Update 31
K-Lite Mega Codec Pack 8.1.0
KORG K-Series Editor
KORG M1 Le
KORG USB-MIDI Driver Tools for Windows
LADSPA_plugins-win-0.4.15
Legacy 6.0
Lexicon Alpha Driver
Lexicon Pantheon VST Plug-in (remove only)
Malwarebytes Anti-Malware version 1.61.0.1400
Manic Miner for Windows 3.01
MCU
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WinUsb 1.0
Microsoft Works
MixMeister BPM Analyzer 1.0
Mozilla Firefox 11.0 (x86 en-US)
MP3 to WAV Decoder
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Native Instruments Kontakt 4
Native Instruments Kontakt Factory Selection
Native Instruments Service Center
Nero 7 Ultra Edition
neroxml
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OpenAL
PC Tools Firewall Plus 7.0
QuickTime
Rapport
REAPER
rgc:audio sfz VSTi v1.96
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB982132)
shortcircuit
Sibelius Scorch (ActiveX Only)
Sonic Activation Module
Sonic Advanced Decoder
Sonic Encoders
Sonic Update Manager
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Sound Blaster for Media Center
Soundbytes Obbo (remove only)
SoundFont Bank Manager
Spicy Guitar 1.2.0.1
Spotify
Steinberg Groove Agent ONE Content
Steinberg Groove Agent ONE Vintage Beatboxes
Steinberg HALion Sonic SE
Steinberg HALion Sonic SE Content for Cubase LE AI Elements
Steinberg HALionOne
Steinberg HALionOne Essential Set
Stereoizer - Computer Music Edition v1.0
TeamViewer 7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB971029)
URL Assistant
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VisualRoute Lite Edition
WebFldrs XP
What's Running 2.2
WinDates
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Service Pack 3
yellow tools Independence Free 2.5.4 32bit
ZxEmulator Standalone Version 1.0
.
==== Event Viewer Messages From Past Week ========
.
19/04/2012 20:25:24, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom1.
19/04/2012 16:02:57, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT nvatabus nvraid pctgntdi RapportKELL RasAcd Rdbss Tcpip WS2IFSL
19/04/2012 16:02:57, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
19/04/2012 16:02:57, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
19/04/2012 16:01:39, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
19/04/2012 16:01:37, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
17/04/2012 16:36:17, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
17/04/2012 13:06:50, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ehRecvr with arguments "-Service" in order to run the server: {F4396DC6-E851-4D3A-8D01-34E6949F3500}
17/04/2012 13:06:46, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid
17/04/2012 13:06:44, error: Service Control Manager [7001] - The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
17/04/2012 13:06:44, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================

[Elise]

Hello and

COMBOFIX
---------------
Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

[Bohma]

Hi,

I have run Combofix and am pasting the log below. When I first tried to run Combofix, I forgot to disable my firewall and kept getting pop-ups asking if I would give permission for various programs to run. i'm not sure if this is relevant or not, but one pop-up stated that a new network had been detected (LAN#). Anyway, I disabled my antivirus, MBAM, my firewall and disabled my Internet connection before running Combofix. It took about half an hour to complete!



ComboFix 12-05-08.01 - Brendan O'Mahony 08/05/2012 14:36:41.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2301 [GMT 1:00]
Running from: c:\documents and settings\Brendan O'Mahony\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\msvcsv60.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-05 13:37 . 2012-05-05 13:54 -------- d-----w- C:\BOOT
2012-05-05 13:37 . 2012-05-05 13:37 -------- d-----w- C:\My Backups
2012-05-05 13:36 . 2011-12-22 22:09 185864 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2012-05-05 13:36 . 2011-12-22 22:09 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2012-05-05 13:35 . 2011-12-22 22:09 50312 ----a-w- c:\windows\system32\drivers\eubakup.sys
2012-05-05 13:35 . 2012-02-08 14:46 40840 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2012-05-05 13:34 . 2011-12-22 22:09 20616 ----a-w- c:\windows\system32\fbnative.exe
2012-05-05 13:34 . 2012-05-05 13:34 -------- d-----w- c:\program files\EaseUS
2012-05-02 15:44 . 2012-05-02 15:44 -------- d-----w- C:\found.001
2012-04-30 16:01 . 2012-04-30 16:01 -------- d-----w- c:\documents and settings\Brendan O'Mahony\Application Data\IK Multimedia
2012-04-30 14:23 . 2012-04-30 14:23 -------- d-----w- c:\documents and settings\Brendan O'Mahony\Application Data\Daichi
2012-04-30 13:17 . 2012-04-30 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\IK Multimedia
2012-04-29 14:47 . 2012-04-30 16:59 -------- d-----w- c:\documents and settings\Brendan O'Mahony\Application Data\MeldaProduction MHarmonizerCM
2012-04-29 14:25 . 2012-04-29 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\MTexturedStyles
2012-04-29 14:25 . 2012-04-29 14:25 -------- d-----w- c:\program files\MeldaProduction
2012-04-29 12:52 . 2012-04-29 12:52 -------- d-----w- c:\documents and settings\Brendan O'Mahony\Application Data\Cableguys
2012-04-29 12:51 . 2012-04-29 12:51 -------- d-----w- c:\program files\CM Vocoder
2012-04-29 12:19 . 2012-04-29 12:19 -------- d-----w- c:\program files\RhinoCM
2012-04-27 16:21 . 2012-04-27 17:48 -------- d-----w- c:\program files\SpywareBlaster
2012-04-26 16:13 . 2012-04-26 16:14 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-25 19:59 . 2012-04-25 19:59 -------- d-----w- c:\documents and settings\Brendan O'Mahony\Application Data\vstsaxi
2012-04-23 21:47 . 2012-04-23 21:49 -------- d-----w- c:\documents and settings\Brendan O'Mahony\Local Settings\Application Data\drumtrack
2012-04-22 14:19 . 2012-04-22 14:19 -------- d-----w- c:\documents and settings\Brendan O'Mahony\Application Data\Keolab
2012-04-17 00:23 . 2012-04-17 00:23 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 18:57 . 2012-04-07 11:36 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-07 18:57 . 2011-05-14 17:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 15:35 . 2006-10-11 17:49 28672 ----a-w- c:\windows\system32\verclsid.exe
2012-04-04 14:56 . 2010-09-04 20:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 14:02 . 2012-03-16 14:02 21 ----a-w- c:\documents and settings\Brendan O'Mahony\Application Data\iasna_FB9AEABC-F56E-4c47-A862-8892AA545113.dll
2012-03-07 00:15 . 2011-08-21 20:49 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-08-21 20:49 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-08-21 20:49 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2011-08-21 20:49 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2011-08-21 20:49 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2011-08-21 20:49 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-08-21 20:49 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2011-08-21 20:49 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2011-08-21 20:49 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2011-08-21 20:49 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2005-08-16 03:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2005-08-16 03:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2005-08-16 03:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2005-08-16 03:18 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2005-08-16 03:18 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2005-08-16 03:18 385024 ----a-w- c:\windows\system32\html.iec
2012-02-27 21:39 . 2012-02-27 21:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-27 21:39 . 2010-05-04 17:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2007-10-02 22:06 . 2007-10-02 22:06 774144 ----a-w- c:\program files\RngInterstitial.dll
2012-03-18 22:01 . 2011-06-09 16:30 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-12 321344]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"QuickTime Task"="c:\program files\quicktime\qttask.exe" [2009-09-05 417792]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"KORG USB-MIDI Driver"="c:\program files\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2006-03-20 86960]
"DLA"="c:\windows\system32\dla\dlactrlw.exe" [2005-09-08 122940]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-12-22 70792]
"EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-03-15 744584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Brendan O'Mahony\Start Menu\Programs\Startup\
WinDates.lnk - c:\program files\WinDates\WinDates.exe [2006-11-3 1589248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi4"=KORGUMDD.DRV
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PageKeeper Jobs.lnk]
backup=c:\windows\pss\PageKeeper Jobs.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Brendan O'Mahony^Start Menu^Programs^Startup^OCRAWARE.lnk]
backup=c:\windows\pss\OCRAWARE.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"GoToAssist"=3 (0x3)
"KService"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"aawservice"=2 (0x2)
"Bonjour Service"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"NBService"=3 (0x3)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Broadcom\\BACS\\BACS.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TbService.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TBConsoleUI.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [05/05/2012 14:35 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [05/05/2012 14:35 40840]
R0 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [26/04/2012 17:13 32072]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [17/04/2012 01:23 56208]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21/08/2011 21:49 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21/08/2011 21:49 337880]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [05/05/2012 14:36 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [05/05/2012 14:36 185864]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [27/02/2012 22:55 251560]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 19:09 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [17/04/2012 01:23 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [17/04/2012 01:23 164112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/08/2011 21:49 20696]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [05/09/2011 19:57 21992]
R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [05/05/2012 14:34 61064]
R2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [05/05/2012 14:34 23176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [04/09/2010 21:28 654408]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [27/02/2012 22:55 160576]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [17/04/2012 01:23 931640]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [05/05/2010 21:23 171096]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [05/05/2010 21:24 1324120]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [05/05/2010 21:23 72792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04/09/2010 21:28 22344]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [22/10/2006 21:24 47360]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [27/02/2012 22:54 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [27/02/2012 22:54 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [27/02/2012 22:54 125248]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [17/04/2012 01:26 21520]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08/12/2009 20:44 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [07/04/2012 12:36 257696]
S3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [17/02/2007 20:42 133504]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [24/09/2011 22:41 384576]
S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [24/09/2011 22:41 39488]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10/09/2011 12:28 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [05/05/2010 21:23 171096]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [05/05/2010 21:24 1324120]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [05/05/2010 21:23 72792]
S3 DCamUSBSvis;AXIA Stream Driver;c:\windows\system32\DRIVERS\svstream.sys --> c:\windows\system32\DRIVERS\svstream.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [08/12/2009 20:44 135664]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [25/01/2012 21:18 24056]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [27/02/2012 22:54 57536]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [16/08/2005 04:18 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - EUBAKUP
*NewlyCreated* - EUBKMON
*NewlyCreated* - RAPPORTIASO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 18:57]
.
2012-04-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-11 14:56]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-08 19:44]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-08 19:44]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-69676293-4256888696-4198206526-1005Core.job
- c:\documents and settings\Brendan O'Mahony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-11 21:04]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-69676293-4256888696-4198206526-1005UA.job
- c:\documents and settings\Brendan O'Mahony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-11 21:04]
.
2012-05-07 c:\windows\Tasks\User_Feed_Synchronization-{6146DE30-349F-4F5D-AEE3-6E23B6696B15}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?refresh=1
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
Trusted Zone: exam2score.com\www
TCP: Interfaces\{58C0D046-5A3A-4A04-ACAD-AF80A584954F}: NameServer = 212.159.13.49,212.159.13.50
DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - hxxp://www.devalvr.com/instalacion/plugin/devalvrplugin.php
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://bq.kp.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://216.123.238.206/activex/AMC.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {FE8FE5F0-E1EE-4ACD-81E0-2A6CFECB8431} - hxxp://downloads.e-marking.eu.com/ePenClientSpec.ocx
FF - ProfilePath - c:\documents and settings\Brendan O'Mahony\Application Data\Mozilla\Firefox\Profiles\88e1vnko.New profile\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-CM Alpha - c:\documents and settings\Brendan O'Mahony\Desktop\UninstalAlpha.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-08 14:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-69676293-4256888696-4198206526-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2012-05-08 15:05:22
ComboFix-quarantined-files.txt 2012-05-08 14:05
.
Pre-Run: 91,048,759,296 bytes free
Post-Run: 91,015,667,712 bytes free
.
- - End Of File - - BB9DC8C2C2E8499177C63D47759DDC32

[Elise]

Hi again, how are things running at this point?

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.

[Bohma]

Hi,

The results of the TDSSKiller scan are below



17:11:01.0890 3860 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
17:11:03.0015 3860 ============================================================
17:11:03.0015 3860 Current date / time: 2012/05/08 17:11:03.0015
17:11:03.0015 3860 SystemInfo:
17:11:03.0015 3860
17:11:03.0015 3860 OS Version: 5.1.2600 ServicePack: 3.0
17:11:03.0015 3860 Product type: Workstation
17:11:03.0015 3860 ComputerName: DHWC6J2J
17:11:03.0015 3860 UserName: Brendan O'Mahony
17:11:03.0015 3860 Windows directory: C:\WINDOWS
17:11:03.0015 3860 System windows directory: C:\WINDOWS
17:11:03.0015 3860 Processor architecture: Intel x86
17:11:03.0015 3860 Number of processors: 2
17:11:03.0015 3860 Page size: 0x1000
17:11:03.0015 3860 Boot type: Normal boot
17:11:03.0015 3860 ============================================================
17:11:03.0968 3860 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:11:03.0968 3860 ============================================================
17:11:03.0968 3860 \Device\Harddisk0\DR0:
17:11:03.0968 3860 MBR partitions:
17:11:03.0968 3860 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x1C840B54
17:11:03.0968 3860 ============================================================
17:11:04.0015 3860 C: <-> \Device\Harddisk0\DR0\Partition0
17:11:04.0015 3860 ============================================================
17:11:04.0015 3860 Initialize success
17:11:04.0015 3860 ============================================================
17:11:25.0593 3716 ============================================================
17:11:25.0593 3716 Scan started
17:11:25.0593 3716 Mode: Manual;
17:11:25.0593 3716 ============================================================
17:11:25.0906 3716 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
17:11:25.0906 3716 Aavmker4 - ok
17:11:25.0921 3716 Abiosdsk - ok
17:11:25.0984 3716 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:11:25.0984 3716 abp480n5 - ok
17:11:26.0015 3716 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:11:26.0031 3716 ACPI - ok
17:11:26.0031 3716 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:11:26.0031 3716 ACPIEC - ok
17:11:26.0125 3716 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:11:26.0140 3716 AdobeFlashPlayerUpdateSvc - ok
17:11:26.0156 3716 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:11:26.0156 3716 adpu160m - ok
17:11:26.0203 3716 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:11:26.0203 3716 aec - ok
17:11:26.0250 3716 AF05BDA (4c35b9b2d62c1f6f66d07125c7cdbd8b) C:\WINDOWS\system32\drivers\AF05BDA.sys
17:11:26.0250 3716 AF05BDA - ok
17:11:26.0281 3716 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:11:26.0281 3716 AFD - ok
17:11:26.0328 3716 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:11:26.0328 3716 agp440 - ok
17:11:26.0375 3716 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:11:26.0375 3716 agpCPQ - ok
17:11:26.0406 3716 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:11:26.0406 3716 Aha154x - ok
17:11:26.0437 3716 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:11:26.0437 3716 aic78u2 - ok
17:11:26.0468 3716 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:11:26.0468 3716 aic78xx - ok
17:11:26.0484 3716 alcan5wn (293bcaf4ef7afcc4b00d28f75c420356) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
17:11:26.0484 3716 alcan5wn - ok
17:11:26.0546 3716 alcaudsl (bdb16789e789f087b43b5f75032d4fdc) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
17:11:26.0546 3716 alcaudsl - ok
17:11:26.0593 3716 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:11:26.0593 3716 Alerter - ok
17:11:26.0625 3716 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:11:26.0625 3716 ALG - ok
17:11:26.0656 3716 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:11:26.0656 3716 AliIde - ok
17:11:26.0687 3716 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:11:26.0687 3716 alim1541 - ok
17:11:26.0703 3716 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:11:26.0718 3716 amdagp - ok
17:11:26.0750 3716 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:11:26.0750 3716 AmdK8 - ok
17:11:26.0781 3716 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:11:26.0781 3716 amsint - ok
17:11:26.0828 3716 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:11:26.0843 3716 AppMgmt - ok
17:11:26.0875 3716 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:11:26.0875 3716 asc - ok
17:11:26.0937 3716 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:11:26.0937 3716 asc3350p - ok
17:11:27.0000 3716 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:11:27.0000 3716 asc3550 - ok
17:11:27.0109 3716 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:11:27.0140 3716 aspnet_state - ok
17:11:27.0171 3716 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:11:27.0171 3716 aswFsBlk - ok
17:11:27.0171 3716 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
17:11:27.0171 3716 aswMon2 - ok
17:11:27.0187 3716 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
17:11:27.0187 3716 aswRdr - ok
17:11:27.0218 3716 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
17:11:27.0218 3716 aswSnx - ok
17:11:27.0250 3716 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
17:11:27.0250 3716 aswSP - ok
17:11:27.0265 3716 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
17:11:27.0265 3716 aswTdi - ok
17:11:27.0281 3716 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:11:27.0281 3716 AsyncMac - ok
17:11:27.0312 3716 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:11:27.0312 3716 atapi - ok
17:11:27.0328 3716 Atdisk - ok
17:11:27.0375 3716 Ati HotKey Poller (c23082b890f21267037ca6111c385ff3) C:\WINDOWS\system32\Ati2evxx.exe
17:11:27.0375 3716 Ati HotKey Poller - ok
17:11:27.0468 3716 ati2mtag (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:11:27.0484 3716 ati2mtag - ok
17:11:27.0593 3716 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:11:27.0593 3716 Atmarpc - ok
17:11:27.0625 3716 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:11:27.0640 3716 AudioSrv - ok
17:11:27.0656 3716 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:11:27.0656 3716 audstub - ok
17:11:27.0765 3716 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:11:27.0765 3716 avast! Antivirus - ok
17:11:27.0781 3716 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
17:11:27.0781 3716 bcm4sbxp - ok
17:11:27.0796 3716 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:11:27.0796 3716 Beep - ok
17:11:27.0843 3716 BEHRINGER_2902 (b46ca7a8d52d878408db9554445c41a1) C:\WINDOWS\system32\Drivers\BUSB2902.sys
17:11:27.0859 3716 BEHRINGER_2902 - ok
17:11:27.0890 3716 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:11:27.0906 3716 BITS - ok
17:11:27.0921 3716 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:11:27.0937 3716 Browser - ok
17:11:27.0937 3716 BUSB_AUDIO_WDM (f1d6ad745dbf94a141d077b6c9e22f00) C:\WINDOWS\system32\drivers\busbwdm.sys
17:11:27.0953 3716 BUSB_AUDIO_WDM - ok
17:11:28.0062 3716 catchme - ok
17:11:28.0093 3716 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:11:28.0093 3716 cbidf - ok
17:11:28.0093 3716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:11:28.0093 3716 cbidf2k - ok
17:11:28.0140 3716 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:11:28.0140 3716 CCDECODE - ok
17:11:28.0156 3716 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:11:28.0156 3716 cd20xrnt - ok
17:11:28.0203 3716 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:11:28.0203 3716 Cdaudio - ok
17:11:28.0218 3716 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:11:28.0218 3716 Cdfs - ok
17:11:28.0250 3716 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:11:28.0265 3716 Cdrom - ok
17:11:28.0265 3716 Changer - ok
17:11:28.0281 3716 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:11:28.0296 3716 CiSvc - ok
17:11:28.0343 3716 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:11:28.0343 3716 ClipSrv - ok
17:11:28.0437 3716 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:11:28.0500 3716 clr_optimization_v2.0.50727_32 - ok
17:11:28.0515 3716 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:11:28.0515 3716 CmdIde - ok
17:11:28.0515 3716 COMSysApp - ok
17:11:28.0531 3716 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:11:28.0546 3716 Cpqarray - ok
17:11:28.0578 3716 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
17:11:28.0578 3716 cpuz135 - ok
17:11:28.0687 3716 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
17:11:28.0703 3716 Creative Audio Engine Licensing Service - ok
17:11:28.0718 3716 Creative Labs Licensing Service (7db5e3f44d797bd38b8e336ccc2e49d5) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
17:11:28.0718 3716 Creative Labs Licensing Service - ok
17:11:28.0765 3716 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe
17:11:28.0765 3716 Creative Service for CDROM Access - ok
17:11:28.0781 3716 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:11:28.0781 3716 CryptSvc - ok
17:11:28.0812 3716 CT20XUT (b9106942eb5dd0e034ab40a9d48d056e) C:\WINDOWS\system32\drivers\CT20XUT.SYS
17:11:28.0812 3716 CT20XUT - ok
17:11:28.0812 3716 CT20XUT.SYS (b9106942eb5dd0e034ab40a9d48d056e) C:\WINDOWS\System32\drivers\CT20XUT.SYS
17:11:28.0828 3716 CT20XUT.SYS - ok
17:11:28.0843 3716 ctac32k (f2b1d0a3d21bd0d9f46457cbcec1a0e9) C:\WINDOWS\system32\drivers\ctac32k.sys
17:11:28.0859 3716 ctac32k - ok
17:11:28.0875 3716 ctaud2k (44f60a5e3c3a8a6bba4c280948ea6095) C:\WINDOWS\system32\drivers\ctaud2k.sys
17:11:28.0890 3716 ctaud2k - ok
17:11:28.0953 3716 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
17:11:28.0953 3716 CTAudSvcService - ok
17:11:28.0984 3716 ctdvda2k (8cbe82d6bbf206e144f22cb33fab1f2c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
17:11:28.0984 3716 ctdvda2k - ok
17:11:29.0046 3716 CTEXFIFX (4ae083d16ac9fc9bdf98498f93426226) C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
17:11:29.0046 3716 CTEXFIFX - ok
17:11:29.0156 3716 CTEXFIFX.SYS (4ae083d16ac9fc9bdf98498f93426226) C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
17:11:29.0156 3716 CTEXFIFX.SYS - ok
17:11:29.0187 3716 CTHWIUT (b610bfe02f9fc0cb0b1cde3ec4c13ffa) C:\WINDOWS\system32\drivers\CTHWIUT.SYS
17:11:29.0187 3716 CTHWIUT - ok
17:11:29.0203 3716 CTHWIUT.SYS (b610bfe02f9fc0cb0b1cde3ec4c13ffa) C:\WINDOWS\System32\drivers\CTHWIUT.SYS
17:11:29.0203 3716 CTHWIUT.SYS - ok
17:11:29.0203 3716 ctprxy2k (f0f19a13c948e5289601e354b08e0941) C:\WINDOWS\system32\drivers\ctprxy2k.sys
17:11:29.0203 3716 ctprxy2k - ok
17:11:29.0218 3716 ctsfm2k (c7b2c36a6203a5f3d0a378fd78c5ddd6) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
17:11:29.0234 3716 ctsfm2k - ok
17:11:29.0265 3716 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
17:11:29.0265 3716 CTUSFSYN - ok
17:11:29.0312 3716 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:11:29.0328 3716 dac2w2k - ok
17:11:29.0328 3716 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:11:29.0343 3716 dac960nt - ok
17:11:29.0343 3716 DCamUSBSvis - ok
17:11:29.0390 3716 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:11:29.0406 3716 DcomLaunch - ok
17:11:29.0421 3716 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:11:29.0437 3716 Dhcp - ok
17:11:29.0468 3716 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:11:29.0468 3716 Disk - ok
17:11:29.0515 3716 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
17:11:29.0515 3716 DLABOIOM - ok
17:11:29.0531 3716 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:11:29.0531 3716 DLACDBHM - ok
17:11:29.0546 3716 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
17:11:29.0546 3716 DLADResN - ok
17:11:29.0546 3716 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
17:11:29.0546 3716 DLAIFS_M - ok
17:11:29.0562 3716 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
17:11:29.0562 3716 DLAOPIOM - ok
17:11:29.0562 3716 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
17:11:29.0562 3716 DLAPoolM - ok
17:11:29.0578 3716 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
17:11:29.0578 3716 DLARTL_N - ok
17:11:29.0578 3716 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
17:11:29.0593 3716 DLAUDFAM - ok
17:11:29.0593 3716 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
17:11:29.0609 3716 DLAUDF_M - ok
17:11:29.0609 3716 dmadmin - ok
17:11:29.0656 3716 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:11:29.0656 3716 dmboot - ok
17:11:29.0671 3716 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:11:29.0671 3716 dmio - ok
17:11:29.0703 3716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:11:29.0703 3716 dmload - ok
17:11:29.0750 3716 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:11:29.0750 3716 dmserver - ok
17:11:29.0781 3716 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:11:29.0781 3716 DMusic - ok
17:11:29.0828 3716 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:11:29.0828 3716 Dnscache - ok
17:11:29.0953 3716 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:11:29.0968 3716 Dot3svc - ok
17:11:29.0984 3716 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:11:29.0984 3716 dpti2o - ok
17:11:30.0015 3716 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:11:30.0015 3716 drmkaud - ok
17:11:30.0015 3716 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
17:11:30.0015 3716 DRVMCDB - ok
17:11:30.0031 3716 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
17:11:30.0031 3716 DRVNDDM - ok
17:11:30.0156 3716 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
17:11:30.0156 3716 DSproct - ok
17:11:30.0171 3716 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:11:30.0171 3716 E100B - ok
17:11:30.0203 3716 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:11:30.0203 3716 EapHost - ok
17:11:30.0281 3716 EaseUS Agent (64585b1d85ff7566b99ced303a02f357) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
17:11:30.0312 3716 EaseUS Agent - ok
17:11:30.0406 3716 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
17:11:30.0406 3716 ehRecvr - ok
17:11:30.0453 3716 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
17:11:30.0453 3716 ehSched - ok
17:11:30.0484 3716 emupia (fb2d6d4d14ae801f5267b0368fc0cb0c) C:\WINDOWS\system32\drivers\emupia2k.sys
17:11:30.0484 3716 emupia - ok
17:11:30.0500 3716 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:11:30.0515 3716 ERSvc - ok
17:11:30.0531 3716 EUBAKUP (40f272bc66a4692c4e5a07008b3c428d) C:\WINDOWS\system32\drivers\eubakup.sys
17:11:30.0531 3716 EUBAKUP - ok
17:11:30.0562 3716 EUBKMON (be026469e2a07e27910c7cd059e89557) C:\WINDOWS\system32\drivers\EUBKMON.sys
17:11:30.0562 3716 EUBKMON - ok
17:11:30.0593 3716 EUDSKACS (b5a6d8ffb1be1ea333c96f8788c6a909) C:\WINDOWS\system32\drivers\eudskacs.sys
17:11:30.0593 3716 EUDSKACS - ok
17:11:30.0609 3716 EUFDDISK (a67bf5bb59c6c15fab47c771dbe00c20) C:\WINDOWS\system32\drivers\EuFdDisk.sys
17:11:30.0609 3716 EUFDDISK - ok
17:11:30.0656 3716 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:11:30.0671 3716 Eventlog - ok
17:11:30.0703 3716 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:11:30.0718 3716 EventSystem - ok
17:11:30.0765 3716 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:11:30.0765 3716 Fastfat - ok
17:11:30.0796 3716 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:11:30.0812 3716 FastUserSwitchingCompatibility - ok
17:11:30.0859 3716 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
17:11:30.0859 3716 Fax - ok
17:11:30.0890 3716 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:11:30.0890 3716 Fdc - ok
17:11:30.0906 3716 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:11:30.0906 3716 Fips - ok
17:11:30.0937 3716 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:11:30.0937 3716 Flpydisk - ok
17:11:30.0968 3716 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:11:30.0984 3716 FltMgr - ok
17:11:31.0093 3716 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:11:31.0093 3716 FontCache3.0.0.0 - ok
17:11:31.0125 3716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:11:31.0140 3716 Fs_Rec - ok
17:11:31.0171 3716 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:11:31.0187 3716 Ftdisk - ok
17:11:31.0203 3716 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:11:31.0203 3716 Gpc - ok
17:11:31.0328 3716 Guard Agent (a6a4223573cfcf87843cfcb3a9c237c7) C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
17:11:31.0359 3716 Guard Agent - ok
17:11:31.0437 3716 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:11:31.0453 3716 gupdate - ok
17:11:31.0453 3716 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:11:31.0453 3716 gupdatem - ok
17:11:31.0531 3716 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:11:31.0531 3716 gusvc - ok
17:11:31.0609 3716 ha20x2k (7ff1ced1201c169a783b0e81cc561fba) C:\WINDOWS\system32\drivers\ha20x2k.sys
17:11:31.0609 3716 ha20x2k - ok
17:11:31.0656 3716 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:11:31.0656 3716 HDAudBus - ok
17:11:31.0734 3716 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:11:31.0734 3716 helpsvc - ok
17:11:31.0750 3716 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
17:11:31.0765 3716 HidServ - ok
17:11:31.0781 3716 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:11:31.0781 3716 HidUsb - ok
17:11:31.0843 3716 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:11:31.0843 3716 hkmsvc - ok
17:11:31.0859 3716 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:11:31.0859 3716 hpn - ok
17:11:31.0921 3716 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:11:31.0921 3716 HTTP - ok
17:11:31.0937 3716 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:11:31.0953 3716 HTTPFilter - ok
17:11:31.0984 3716 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:11:31.0984 3716 i2omgmt - ok
17:11:32.0000 3716 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:11:32.0000 3716 i2omp - ok
17:11:32.0015 3716 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:11:32.0015 3716 i8042prt - ok
17:11:32.0109 3716 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:11:32.0125 3716 IDriverT - ok
17:11:32.0265 3716 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:11:32.0281 3716 idsvc - ok
17:11:32.0296 3716 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:11:32.0312 3716 Imapi - ok
17:11:32.0343 3716 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:11:32.0359 3716 ImapiService - ok
17:11:32.0437 3716 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:11:32.0437 3716 ini910u - ok
17:11:32.0453 3716 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:11:32.0453 3716 IntelIde - ok
17:11:32.0468 3716 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:11:32.0484 3716 intelppm - ok
17:11:32.0515 3716 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:11:32.0515 3716 Ip6Fw - ok
17:11:32.0531 3716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:11:32.0546 3716 IpFilterDriver - ok
17:11:32.0546 3716 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:11:32.0546 3716 IpInIp - ok
17:11:32.0593 3716 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:11:32.0593 3716 IpNat - ok
17:11:32.0640 3716 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:11:32.0656 3716 IPSec - ok
17:11:32.0656 3716 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:11:32.0656 3716 IRENUM - ok
17:11:32.0703 3716 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:11:32.0703 3716 isapnp - ok
17:11:32.0859 3716 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
17:11:32.0859 3716 JavaQuickStarterService - ok
17:11:32.0875 3716 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:11:32.0875 3716 Kbdclass - ok
17:11:32.0890 3716 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:11:32.0890 3716 kbdhid - ok
17:11:32.0937 3716 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:11:32.0937 3716 kmixer - ok
17:11:32.0968 3716 KORGUMDS (50deddce25c89382a23e605eb4e0236b) C:\WINDOWS\system32\Drivers\KORGUMDS.SYS
17:11:32.0968 3716 KORGUMDS - ok
17:11:33.0000 3716 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:11:33.0000 3716 KSecDD - ok
17:11:33.0046 3716 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:11:33.0062 3716 lanmanserver - ok
17:11:33.0093 3716 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:11:33.0109 3716 lanmanworkstation - ok
17:11:33.0109 3716 lbrtfdc - ok
17:11:33.0125 3716 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:11:33.0140 3716 LmHosts - ok
17:11:33.0156 3716 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys
17:11:33.0171 3716 mbamchameleon - ok
17:11:33.0171 3716 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
17:11:33.0187 3716 MBAMProtector - ok
17:11:33.0234 3716 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:11:33.0250 3716 MBAMService - ok
17:11:33.0328 3716 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
17:11:33.0328 3716 McrdSvc - ok
17:11:33.0421 3716 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:11:33.0437 3716 MDM - ok
17:11:33.0515 3716 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:11:33.0515 3716 Messenger - ok
17:11:33.0546 3716 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
17:11:33.0546 3716 MHN - ok
17:11:33.0625 3716 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
17:11:33.0625 3716 MHNDRV - ok
17:11:33.0656 3716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:11:33.0656 3716 mnmdd - ok
17:11:33.0687 3716 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:11:33.0687 3716 mnmsrvc - ok
17:11:33.0718 3716 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:11:33.0718 3716 Modem - ok
17:11:33.0781 3716 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
17:11:33.0812 3716 monfilt - ok
17:11:33.0875 3716 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:11:33.0875 3716 Mouclass - ok
17:11:33.0906 3716 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:11:33.0906 3716 mouhid - ok
17:11:33.0921 3716 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:11:33.0937 3716 MountMgr - ok
17:11:33.0953 3716 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
17:11:33.0953 3716 MPE - ok
17:11:33.0968 3716 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:11:33.0968 3716 mraid35x - ok
17:11:33.0984 3716 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:11:33.0984 3716 MRxDAV - ok
17:11:34.0046 3716 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:11:34.0046 3716 MRxSmb - ok
17:11:34.0093 3716 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:11:34.0093 3716 MSDTC - ok
17:11:34.0109 3716 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:11:34.0109 3716 Msfs - ok
17:11:34.0109 3716 MSIServer - ok
17:11:34.0140 3716 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:11:34.0140 3716 MSKSSRV - ok
17:11:34.0156 3716 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:11:34.0156 3716 MSPCLOCK - ok
17:11:34.0171 3716 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:11:34.0171 3716 MSPQM - ok
17:11:34.0187 3716 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:11:34.0187 3716 mssmbios - ok
17:11:34.0218 3716 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:11:34.0218 3716 MSTEE - ok
17:11:34.0250 3716 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:11:34.0250 3716 Mup - ok
17:11:34.0281 3716 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:11:34.0281 3716 NABTSFEC - ok
17:11:34.0359 3716 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:11:34.0359 3716 napagent - ok
17:11:34.0515 3716 NBService (3bae2bfcb6d69e19c8373f635dd544dc) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
17:11:34.0531 3716 NBService - ok
17:11:34.0593 3716 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:11:34.0593 3716 NDIS - ok
17:11:34.0625 3716 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:11:34.0625 3716 NdisIP - ok
17:11:34.0656 3716 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:11:34.0656 3716 NdisTapi - ok
17:11:34.0671 3716 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:11:34.0671 3716 Ndisuio - ok
17:11:34.0687 3716 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:11:34.0687 3716 NdisWan - ok
17:11:34.0718 3716 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:11:34.0734 3716 NDProxy - ok
17:11:34.0734 3716 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:11:34.0734 3716 NetBIOS - ok
17:11:34.0750 3716 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:11:34.0765 3716 NetBT - ok
17:11:34.0796 3716 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:11:34.0812 3716 NetDDE - ok
17:11:34.0812 3716 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:11:34.0828 3716 NetDDEdsdm - ok
17:11:34.0859 3716 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:11:34.0859 3716 Netlogon - ok
17:11:34.0890 3716 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:11:34.0890 3716 Netman - ok
17:11:35.0031 3716 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:11:35.0031 3716 NetTcpPortSharing - ok
17:11:35.0078 3716 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:11:35.0078 3716 Nla - ok
17:11:35.0203 3716 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
17:11:35.0203 3716 NMIndexingService - ok
17:11:35.0296 3716 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:11:35.0296 3716 Npfs - ok
17:11:35.0343 3716 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:11:35.0359 3716 Ntfs - ok
17:11:35.0390 3716 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:11:35.0390 3716 NtLmSsp - ok
17:11:35.0421 3716 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:11:35.0437 3716 NtmsSvc - ok
17:11:35.0484 3716 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:11:35.0484 3716 Null - ok
17:11:35.0593 3716 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:11:35.0656 3716 nv - ok
17:11:35.0796 3716 nvata (6b37162e91a7005baa753cb611acea2d) C:\WINDOWS\system32\DRIVERS\nvata.sys
17:11:35.0796 3716 nvata - ok
17:11:35.0843 3716 nvatabus (75562456aa672bb5fe56d3c64c6d1c7d) C:\WINDOWS\system32\drivers\nvatabus.sys
17:11:35.0843 3716 nvatabus - ok
17:11:35.0859 3716 nvraid (1d4781a5957300dc81b91161b45704bb) C:\WINDOWS\system32\drivers\nvraid.sys
17:11:35.0875 3716 nvraid - ok
17:11:35.0906 3716 NVSvc (986d6666e076afd2b60acafd5b01a00f) C:\WINDOWS\system32\nvsvc32.exe
17:11:35.0921 3716 NVSvc - ok
17:11:35.0937 3716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:11:35.0937 3716 NwlnkFlt - ok
17:11:35.0953 3716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:11:35.0953 3716 NwlnkFwd - ok
17:11:36.0031 3716 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:11:36.0031 3716 ose - ok
17:11:36.0062 3716 ossrv (ac5bf1a610effaae9cfc48cb53483f08) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
17:11:36.0078 3716 ossrv - ok
17:11:36.0109 3716 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:11:36.0109 3716 Parport - ok
17:11:36.0156 3716 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:11:36.0156 3716 PartMgr - ok
17:11:36.0171 3716 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:11:36.0187 3716 ParVdm - ok
17:11:36.0203 3716 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:11:36.0218 3716 PCI - ok
17:11:36.0218 3716 PCIDump - ok
17:11:36.0250 3716 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:11:36.0250 3716 PCIIde - ok
17:11:36.0265 3716 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:11:36.0265 3716 Pcmcia - ok
17:11:36.0281 3716 Pcouffin (cd2425fd848e5fa09c9a213da56817a9) C:\WINDOWS\system32\Drivers\Pcouffin.sys
17:11:36.0281 3716 Pcouffin - ok
17:11:36.0343 3716 PCTAppEvent (7ea0ebd6e5aa687e116eb185a7cfb667) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
17:11:36.0343 3716 PCTAppEvent - ok
17:11:36.0390 3716 PCTFW-PacketFilter (60af5fa418efe284fb81dbbf5a0391fb) C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
17:11:36.0390 3716 PCTFW-PacketFilter - ok
17:11:36.0421 3716 pctgntdi (5be722c8c9bba995693c8cd524d83b27) C:\WINDOWS\system32\drivers\pctgntdi.sys
17:11:36.0421 3716 pctgntdi - ok
17:11:36.0437 3716 pctNdis (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
17:11:36.0437 3716 pctNdis - ok
17:11:36.0437 3716 pctNdisMP (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
17:11:36.0437 3716 pctNdisMP - ok
17:11:36.0531 3716 PCToolsFirewallPlus (86d511370a217b554916e3a45d091042) C:\Program Files\PC Tools Firewall Plus\FWService.exe
17:11:36.0531 3716 PCToolsFirewallPlus - ok
17:11:36.0546 3716 pctplfw (fe6803af91ddb32ff8edf5d6c0d370af) C:\WINDOWS\system32\drivers\pctplfw.sys
17:11:36.0546 3716 pctplfw - ok
17:11:36.0546 3716 PDCOMP - ok
17:11:36.0562 3716 PDFRAME - ok
17:11:36.0562 3716 PDRELI - ok
17:11:36.0578 3716 PDRFRAME - ok
17:11:36.0593 3716 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:11:36.0609 3716 perc2 - ok
17:11:36.0609 3716 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:11:36.0625 3716 perc2hib - ok
17:11:36.0671 3716 PfModNT (26b529a374d19e8c61a7943f8466232d) C:\WINDOWS\system32\drivers\PfModNT.sys
17:11:36.0671 3716 PfModNT - ok
17:11:36.0703 3716 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\WINDOWS\system32\IoctlSvc.exe
17:11:36.0718 3716 PLFlash DeviceIoControl Service - ok
17:11:36.0750 3716 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:11:36.0765 3716 PlugPlay - ok
17:11:36.0781 3716 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:11:36.0781 3716 PolicyAgent - ok
17:11:36.0812 3716 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:11:36.0828 3716 PptpMiniport - ok
17:11:36.0828 3716 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:11:36.0843 3716 Processor - ok
17:11:36.0843 3716 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:11:36.0843 3716 ProtectedStorage - ok
17:11:36.0859 3716 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:11:36.0859 3716 PSched - ok
17:11:36.0890 3716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:11:36.0890 3716 Ptilink - ok
17:11:36.0921 3716 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:11:36.0921 3716 PxHelp20 - ok
17:11:36.0937 3716 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:11:36.0937 3716 ql1080 - ok
17:11:36.0953 3716 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:11:36.0953 3716 Ql10wnt - ok
17:11:36.0968 3716 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:11:36.0968 3716 ql12160 - ok
17:11:36.0984 3716 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:11:36.0984 3716 ql1240 - ok
17:11:37.0000 3716 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:11:37.0000 3716 ql1280 - ok
17:11:37.0125 3716 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
17:11:37.0125 3716 RapportCerberus_34302 - ok
17:11:37.0250 3716 RapportEI (d78c402d0e87b0dd7c7cf02934cbe0c3) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
17:11:37.0250 3716 RapportEI - ok
17:11:37.0281 3716 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys
17:11:37.0296 3716 RapportIaso - ok
17:11:37.0328 3716 RapportKELL (2948a395a64a25dababeabaec507f0b2) C:\WINDOWS\system32\Drivers\RapportKELL.sys
17:11:37.0343 3716 RapportKELL - ok
17:11:37.0484 3716 RapportMgmtService (659902a5e589cfe32baa8a48d6bd5d35) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
17:11:37.0500 3716 RapportMgmtService - ok
17:11:37.0562 3716 RapportPG (b8a9707bde2fe01e4988d6b622a575f2) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
17:11:37.0562 3716 RapportPG - ok
17:11:37.0671 3716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:11:37.0671 3716 RasAcd - ok
17:11:37.0718 3716 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:11:37.0718 3716 RasAuto - ok
17:11:37.0750 3716 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:11:37.0750 3716 Rasl2tp - ok
17:11:37.0781 3716 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:11:37.0796 3716 RasMan - ok
17:11:37.0812 3716 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:11:37.0812 3716 RasPppoe - ok
17:11:37.0812 3716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:11:37.0812 3716 Raspti - ok
17:11:37.0843 3716 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:11:37.0859 3716 Rdbss - ok
17:11:37.0859 3716 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:11:37.0859 3716 RDPCDD - ok
17:11:37.0875 3716 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:11:37.0890 3716 rdpdr - ok
17:11:37.0921 3716 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:11:37.0937 3716 RDPWD - ok
17:11:37.0953 3716 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:11:37.0968 3716 RDSessMgr - ok
17:11:37.0984 3716 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:11:37.0984 3716 redbook - ok
17:11:38.0031 3716 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:11:38.0046 3716 RemoteAccess - ok
17:11:38.0062 3716 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:11:38.0062 3716 RemoteRegistry - ok
17:11:38.0078 3716 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:11:38.0093 3716 RpcLocator - ok
17:11:38.0125 3716 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:11:38.0140 3716 RpcSs - ok
17:11:38.0187 3716 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:11:38.0203 3716 RSVP - ok
17:11:38.0218 3716 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:11:38.0218 3716 SamSs - ok
17:11:38.0250 3716 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:11:38.0265 3716 SCardSvr - ok
17:11:38.0312 3716 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:11:38.0328 3716 Schedule - ok
17:11:38.0390 3716 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:11:38.0390 3716 Secdrv - ok
17:11:38.0437 3716 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:11:38.0437 3716 seclogon - ok
17:11:38.0453 3716 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:11:38.0468 3716 SENS - ok
17:11:38.0500 3716 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:11:38.0515 3716 serenum - ok
17:11:38.0531 3716 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:11:38.0531 3716 Serial - ok
17:11:38.0593 3716 sfdrv01 (adeb7db47a6f3412283259176f408be5) C:\WINDOWS\system32\drivers\sfdrv01.sys
17:11:38.0593 3716 sfdrv01 - ok
17:11:38.0609 3716 sfhlp02 (c1376a954899d98488a19396ea3aae2b) C:\WINDOWS\system32\drivers\sfhlp02.sys
17:11:38.0609 3716 sfhlp02 - ok
17:11:38.0640 3716 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
17:11:38.0640 3716 Sfloppy - ok
17:11:38.0656 3716 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
17:11:38.0656 3716 sfvfs02 - ok
17:11:38.0703 3716 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:11:38.0703 3716 SharedAccess - ok
17:11:38.0765 3716 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:11:38.0781 3716 ShellHWDetection - ok
17:11:38.0781 3716 Simbad - ok
17:11:38.0812 3716 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:11:38.0812 3716 sisagp - ok
17:11:38.0812 3716 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:11:38.0828 3716 SLIP - ok
17:11:38.0843 3716 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:11:38.0843 3716 Sparrow - ok
17:11:38.0859 3716 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:11:38.0875 3716 splitter - ok
17:11:38.0906 3716 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:11:38.0906 3716 Spooler - ok
17:11:38.0921 3716 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:11:38.0921 3716 sr - ok
17:11:38.0953 3716 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:11:38.0968 3716 srservice - ok
17:11:39.0031 3716 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:11:39.0031 3716 Srv - ok
17:11:39.0046 3716 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:11:39.0062 3716 SSDPSRV - ok
17:11:39.0125 3716 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
17:11:39.0156 3716 STHDA - ok
17:11:39.0203 3716 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:11:39.0218 3716 stisvc - ok
17:11:39.0281 3716 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:11:39.0281 3716 streamip - ok
17:11:39.0312 3716 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:11:39.0328 3716 swenum - ok
17:11:39.0343 3716 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:11:39.0343 3716 swmidi - ok
17:11:39.0343 3716 SwPrv - ok
17:11:39.0390 3716 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:11:39.0390 3716 symc810 - ok
17:11:39.0406 3716 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:11:39.0406 3716 symc8xx - ok
17:11:39.0421 3716 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:11:39.0421 3716 sym_hi - ok
17:11:39.0421 3716 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:11:39.0437 3716 sym_u3 - ok
17:11:39.0437 3716 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:11:39.0437 3716 sysaudio - ok
17:11:39.0468 3716 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:11:39.0468 3716 SysmonLog - ok
17:11:39.0500 3716 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:11:39.0515 3716 TapiSrv - ok
17:11:39.0562 3716 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:11:39.0562 3716 Tcpip - ok
17:11:39.0593 3716 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:11:39.0593 3716 TDPIPE - ok
17:11:39.0609 3716 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:11:39.0609 3716 TDTCP - ok
17:11:39.0640 3716 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:11:39.0656 3716 TermDD - ok
17:11:39.0687 3716 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:11:39.0703 3716 TermService - ok
17:11:39.0750 3716 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:11:39.0750 3716 Themes - ok
17:11:39.0812 3716 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:11:39.0828 3716 TlntSvr - ok
17:11:39.0843 3716 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:11:39.0843 3716 TosIde - ok
17:11:39.0859 3716 TPkd - ok
17:11:39.0875 3716 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:11:39.0890 3716 TrkWks - ok
17:11:39.0921 3716 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:11:39.0921 3716 Udfs - ok
17:11:39.0953 3716 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:11:39.0953 3716 ultra - ok
17:11:40.0000 3716 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:11:40.0015 3716 Update - ok
17:11:40.0046 3716 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:11:40.0062 3716 upnphost - ok
17:11:40.0078 3716 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:11:40.0093 3716 UPS - ok
17:11:40.0140 3716 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:11:40.0140 3716 usbaudio - ok
17:11:40.0156 3716 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:11:40.0156 3716 usbccgp - ok
17:11:40.0187 3716 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:11:40.0187 3716 usbehci - ok
17:11:40.0203 3716 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:11:40.0203 3716 usbhub - ok
17:11:40.0218 3716 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:11:40.0218 3716 usbohci - ok
17:11:40.0234 3716 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:11:40.0234 3716 usbprint - ok
17:11:40.0265 3716 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:11:40.0265 3716 usbscan - ok
17:11:40.0281 3716 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:11:40.0281 3716 USBSTOR - ok
17:11:40.0296 3716 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:11:40.0296 3716 usbuhci - ok
17:11:40.0343 3716 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:11:40.0343 3716 VgaSave - ok
17:11:40.0375 3716 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:11:40.0375 3716 viaagp - ok
17:11:40.0390 3716 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:11:40.0390 3716 ViaIde - ok
17:11:40.0421 3716 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:11:40.0421 3716 VolSnap - ok
17:11:40.0453 3716 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:11:40.0468 3716 VSS - ok
17:11:40.0500 3716 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:11:40.0500 3716 w32time - ok
17:11:40.0515 3716 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:11:40.0515 3716 Wanarp - ok
17:11:40.0531 3716 wanatw - ok
17:11:40.0593 3716 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:11:40.0609 3716 Wdf01000 - ok
17:11:40.0609 3716 WDICA - ok
17:11:40.0640 3716 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:11:40.0640 3716 wdmaud - ok
17:11:40.0671 3716 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:11:40.0687 3716 WebClient - ok
17:11:40.0750 3716 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:11:40.0765 3716 winmgmt - ok
17:11:40.0828 3716 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
17:11:40.0859 3716 WinRM - ok
17:11:40.0953 3716 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
17:11:40.0953 3716 WinUSB - ok
17:11:41.0000 3716 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:11:41.0000 3716 WmdmPmSN - ok
17:11:41.0046 3716 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:11:41.0046 3716 Wmi - ok
17:11:41.0078 3716 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:11:41.0078 3716 WmiApSrv - ok
17:11:41.0203 3716 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:11:41.0218 3716 WMPNetworkSvc - ok
17:11:41.0234 3716 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:11:41.0234 3716 WpdUsb - ok
17:11:41.0281 3716 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:11:41.0281 3716 WS2IFSL - ok
17:11:41.0328 3716 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:11:41.0343 3716 wscsvc - ok
17:11:41.0375 3716 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:11:41.0390 3716 WSTCODEC - ok
17:11:41.0421 3716 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:11:41.0421 3716 wuauserv - ok
17:11:41.0468 3716 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:11:41.0468 3716 WudfPf - ok
17:11:41.0484 3716 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:11:41.0500 3716 WudfRd - ok
17:11:41.0531 3716 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:11:41.0546 3716 WudfSvc - ok
17:11:41.0609 3716 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:11:41.0625 3716 WZCSVC - ok
17:11:41.0671 3716 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:11:41.0687 3716 xmlprov - ok
17:11:41.0703 3716 MBR (0x1B8) (91722e6bc3a2b40ff00222dca4a3db3e) \Device\Harddisk0\DR0
17:11:41.0734 3716 \Device\Harddisk0\DR0 - ok
17:11:41.0765 3716 Boot (0x1200) (b3c33cdae0262de3bab5d8071ed176ac) \Device\Harddisk0\DR0\Partition0
17:11:41.0765 3716 \Device\Harddisk0\DR0\Partition0 - ok
17:11:41.0765 3716 ============================================================
17:11:41.0765 3716 Scan finished
17:11:41.0765 3716 ============================================================
17:11:41.0781 3552 Detected object count: 0
17:11:41.0781 3552 Actual detected object count: 0

[Elise]

That all looks good, how is everything running at this point?

[Bohma]

Seems to be OK but I thought things were OK before I found a Russian site on the MBAM Ignore List.

I can't imagine where this could have come from as I have Avast, MBAM and PCTools Firewall plus. Also, if I ever download anything I scan it with Avast and MBAM before opening or unzipping the file. I've also got WOT. I can't think of anything else I can do.

[Elise]

Everything looks perfectly fine, I'm not sure how that site ended up there (maybe someone accidentally clicked on Ignore when it appeared), so no need to worry about an active infection.

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

• Download the latest version of Adobe Reader Version X. and save it to your desktop.
  
• Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  
• Click the download button at the bottom.
  
• If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  
• Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
  If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  
• Then from your desktop double-click on Adobe Reader to install the newest version.
  If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the "Adobe Setup - Welcome" window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!


ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on this link to open ESET OnlineScan in a new window.
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the
    icon on your desktop.
• Check "YES, I accept the Terms of Use."
  
• Click the Start button.
  
• Accept any security warnings from your browser.
  
• Under scan settings, check "Scan Archives" and "Remove found threats"
  
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, click List Threats
  
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Click the Back button.
  
• Click the Finish button.

[Bohma]

<p>Hi Elise,</p>
<p> </p>
<p>Sorry for the delay in replying but I did not notice your request to run a scan with ESET until today when I received a strange email from &#39;ex1stence&#39; , apparently via your site.  I have now run the scan and 6 infections were found.  I have pasted the report below.  </p>
<p> </p>
<p>Since your last email, thinking my PC was clean of infections, I have cloned my hard disk to a larger sized one and this is the one the infections were found on.  The original HD is still in my PC but is not currently connected to the motherboard with a data cable.  I am assuming that this HD must also be infected and will need to be cleaned.</p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<div>C:\Documents and Settings\Brendan O&#39;Mahony\Local Settings\TempImages\UpdateInstaller.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Agent.SZW trojan<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>
<div>C:\Documents and Settings\Brendan O&#39;Mahony\My Documents\Downloads\FreeWAVToMP3ConverterSetup.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Agent.SZW trojan<span class="Apple-tab-span" style="white-space:pre"> </span>deleted - quarantined</div>
<div>C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP20\A0174471.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>
<div>C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP20\A0174472.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>
<div>C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP48\A0252863.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>
<div>C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP55\A0257364.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Agent.SZW trojan<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>
<div> </div>

[Elise]

No worries, nothing was active, most of it was in system restore, which will be reset in the following steps.

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

• Delete the tools used during the disinfection:
  
  
  • Press windows key + r on your keyboard at the same time. In the run box type combofix /uninstall, then press OK.
    
    
    
    
  • This will remove Combofix and other tools we used from your computer.
• You can delete any other tool or log by simply deleting them.

Please read the following advice on how to prevent reinfecting your PC:

• Install and update the following programs regularly:
  • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
    A comprehensive tutorial and a list of possible firewalls can be found here.
    
  • an AntiVirus Software
    It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    
  • an Anti-Spyware program
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    
  • Spyware Blaster
    A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
• Keep Windows (and your other Microsoft software) up to date!
  I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
  Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  
• Keep your other software up to date as well
  Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  
• Stay up to date!
  The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

• Miekies' prevention suggestions
  
• So How did I get infected?
  
• Microsoft - 'Security at home'
  
• Calendar of Updates: See which updates have been released.
  
• How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
  
• Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
  
• osalt: Find (free) open source alternatives to known commercial software.

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

[Bohma]

Hi Elise,

Thanks for your quick reply. Before I uninstall Combofix etc. how do I go about cleaning the HD I've cloned?

[Elise]

If it was a recent clone the best thing would be to recreate it after doing all steps to update and protect your computer. That way you can be sure it is clean and can be used.

[Bohma]

Hi Elise,

I've done all you suggested in your last email but I notice that System Restore is turned off. Is it safe to turn it on again?

[Elise]

Yes, please turn it on.

If you have no other questions I will request this topic to be closed.

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.