TechSpot

Browser popups, multple iexplorer.exe processes per tab/window, and google redirect

By lemmy law
Nov 20, 2010
  1. - I initially had antivirus2010 virus but cleaned it up with MalwareBytes' anti-malware
    - My browser is constantly popping up or redirecting the current window and I have noticed multiple iexplorer.exe processes, up to 2-3 per tab/window
    - Additionally I have discovered that my search engines (not just google) get redirected to all kinds of sites, from porn to bogus antispyware/antivirus software sites.

    I attached my HJS log and can run other scans if needed as well.

    Thanks for any and all help you can give.
     

    Attached Files:

  2. lemmy law

    lemmy law TS Rookie Topic Starter

    OK so started the 8 step process so here is what I have so far.

    - Ran my AVG scan and got nothing
    - Ran TFC and rebooted
    - Ran Malwarebytes' Anti-Malware again and here is the log:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5157

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/20/2010 4:56:18 PM
    mbam-log-2010-11-20 (16-56-18).txt

    Scan type: Quick scan
    Objects scanned: 190325
    Time elapsed: 8 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    *******************************************
    Will run GMER next and post in reply
     
  3. lemmy law

    lemmy law TS Rookie Topic Starter

    Unable to run GMER even in safe mode so went on to DDS and here is the attach.txt:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/14/2006 11:45:24 PM
    System Uptime: 11/20/2010 5:26:32 PM (0 hours ago)

    Motherboard: Dell Inc. | | 0YC523
    Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2992/800mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 99 GiB total, 26.829 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()
    F: is FIXED (NTFS) - 45 GiB total, 30.336 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: VMware Virtual Ethernet Adapter for VMnet1
    Device ID: ROOT\VMWARE\0000
    Manufacturer: VMware, Inc.
    Name: VMware Virtual Ethernet Adapter for VMnet1
    PNP Device ID: ROOT\VMWARE\0000
    Service: VMnetAdapter

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: VMware Virtual Ethernet Adapter for VMnet8
    Device ID: ROOT\VMWARE\0001
    Manufacturer: VMware, Inc.
    Name: VMware Virtual Ethernet Adapter for VMnet8
    PNP Device ID: ROOT\VMWARE\0001
    Service: VMnetAdapter

    ==== System Restore Points ===================

    RP1742: 11/16/2010 9:02:40 PM - System Checkpoint
    RP1743: 11/17/2010 9:48:08 PM - System Checkpoint
    RP1744: 11/18/2010 10:29:51 PM - System Checkpoint
    RP1745: 11/19/2010 6:04:09 AM - Spyware Terminator - restore point
    RP1746: 11/19/2010 6:55:08 PM - Restore Operation
    RP1747: 11/20/2010 9:56:53 AM - Restore Operation

    ==== Installed Programs ======================


    3DVIA player 4.1
    ActivClient 6.1 x86
    ActivIdentity Device Installer
    Ad-Aware
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.1.0
    Adobe Shockwave Player 11
    AiO_Scan_CDA
    AiOSoftwareNPI
    Andrea VoiceCenter
    APC PowerChute Personal Edition
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoImpression
    AutoUpdate
    Avatar Bobble Battles
    AVG Free 9.0
    Banctec Service Agreement
    BlackBerry Desktop Software 4.2
    Bonjour
    BufferChm
    BulletProof FTP Server (remove only)
    C5100
    c5100_Help
    CardRd81
    CCScore
    Comcast High-Speed Internet Install Wizard
    Compatibility Pack for the 2007 Office system
    CP_CalendarTemplates1
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Panorama1Config
    cp_PosterPrintConfig
    CR2
    Creative MediaSource
    Critical Update for Windows Media Player 11 (KB959772)
    Cucusoft Ultimate DVD + Video Converter Suite 7.15.7.8
    CueTour
    CustomerResearchQFolder
    CuteFTP 7 Professional
    Daimonin Client 0.967
    Dell Digital Jukebox Driver
    Dell Driver Download Manager
    Dell Driver Reset Tool
    Dell System Restore
    DellSupport
    Destinations
    Device Installer x86
    DeviceManagementQFolder
    Digital Content Portal
    DirectX Media Runtime 5.1
    DiscAPI (Studio 10)
    DivX
    DocProc
    DocProcQFolder
    DocumentViewer
    DocumentViewerQFolder
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    ELIcon
    ESSBrwr
    ESSCDBK
    ESScore
    ESSCT
    ESSEMAIL
    ESSgui
    ESShelp
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTOOLS
    ESSTUTOR
    essvcpt
    ESSvpaht
    ESSvpot
    eSupportQFolder
    Ethereal 0.99.0
    EZLive Monitor 2.0
    EZMedia Box 2.0
    EZVideo Mail
    Fax_CDA
    Free Realms
    FullDPAppQFolder
    Garmin City Navigator North America NT 2009 Update
    Garmin WebUpdater
    Google AFE
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    High Definition Audio Driver Package - KB835221
    HLPIndex
    HLPPDOCK
    HLPSFO
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format 11 SDK (KB973442)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 7.0
    HP Document Viewer 7.0
    HP Imaging Device Functions 7.0
    HP Photosmart Premier Software 6.5
    HP Photosmart, Officejet and Deskjet 7.0.A
    HP Solution Center 7.0
    HP Update
    HPPhotoSmartExpress
    HPProductAssistant
    InstantShareDevices
    InstantShareDevicesMFC
    Intel Matrix Storage Manager
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    iTunes
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 22
    Java(TM) SE Runtime Environment 6 Update 1
    Kodak EasyShare software
    KSU
    Macromedia Flash Player
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office FrontPage 2003
    Microsoft Office Professional Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Media Video 9 VCM
    Microsoft WinUsb 1.0
    Mixer
    MobileMe Control Panel
    Modem Event Monitor
    Move Media Player
    Mozilla Firefox (3.0.11)
    MSN Toolbar
    MSN Toolbar Platform
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyDVD
    NavFit98A
    Nero 6 Ultra Edition
    NewCopy_CDA
    Notifier
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    OCR Software by I.R.I.S 7.0
    OfotoXMI
    ooVoo
    OTOY
    OTtBP
    OTtBPSDK
    PanoStandAlone
    PartitionMagic
    PC CameraQ
    PhotoGallery
    Pinnacle Instant DVD Recorder
    PowerDVD 5.5
    PowerQuest PartitionMagic 8.0
    ProductContextNPI
    QuickTime
    RandMap
    RAPID (Studio 10)
    Reader Rabbit's Interactive Reading Journey for Grades K-1
    Readme
    RealPlayer
    RollerCoaster Tycoon
    Safari
    Scan
    ScannerCopy
    ScanToWeb
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SFR
    SHASTA
    SKIN0001
    SkinsHP1
    SKINXSDK
    SlideShow
    SmartSound Quicktracks Plugin
    SolutionCenter
    Sonic Advanced Decoder
    Sonic DLA
    Sonic Encoders
    Sonic MyDVD LE
    Sonic RecordNow
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Sonic_PrimoSDK
    Sound Blaster Audigy ADVANCED MB
    Sound Blaster Audigy ADVANCED MB Demo
    Sound Blaster Audigy ADVANCED MB Product Registration
    Status
    Studio 10
    System Requirements Lab
    Time to Play (TM) Pet Shop
    Toolbox
    TrayApp
    Type to Learn
    U.B. Funkeys
    Unity Web Player
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    USB 2.0 Wireless LAN Card Utility
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VMware Workstation
    VPRINTOL
    WebCyberCoach 3.2 Dell
    WebFldrs XP
    WebReg
    WildTangent Web Driver
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    Windows Media Player 11
    Windows Mobile Device Updater Component
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinPcap 3.1
    WinRAR archiver
    WinZip
    WIRELESS
    Wizard101
    Yahoo! BrowserPlus 2.9.8
    Zoo Vet
    Zune
    Zune Language Pack (DEU)
    Zune Language Pack (ESP)
    Zune Language Pack (FRA)
    Zune Language Pack (ITA)
    Zune Language Pack (NLD)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)

    ==== Event Viewer Messages From Past Week ========

    11/20/2010 9:15:21 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv

    with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    11/20/2010 9:09:53 AM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated

    unexpectedly. It has done this 1 time(s).
    11/20/2010 7:50:40 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc

    with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    11/20/2010 4:15:36 PM, error: Service Control Manager [7034] - The VMware NAT Service service terminated

    unexpectedly. It has done this 1 time(s).
    11/20/2010 4:15:36 PM, error: Service Control Manager [7034] - The VMware DHCP Service service terminated

    unexpectedly. It has done this 1 time(s).
    11/20/2010 4:15:36 PM, error: Service Control Manager [7034] - The VMware Authorization Service service

    terminated unexpectedly. It has done this 1 time(s).
    11/20/2010 4:15:36 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service

    terminated unexpectedly. It has done this 1 time(s).
    11/20/2010 4:15:36 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly.

    It has done this 1 time(s).
    11/20/2010 4:15:36 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated

    unexpectedly. It has done this 1 time(s).
    11/20/2010 4:15:36 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated

    unexpectedly. It has done this 1 time(s).
    11/20/2010 4:15:36 PM, error: Service Control Manager [7034] - The iPod Service service terminated

    unexpectedly. It has done this 1 time(s).
    11/20/2010 4:15:36 PM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor

    service terminated unexpectedly. It has done this 1 time(s).
    11/20/2010 4:15:36 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service

    terminated unexpectedly. It has done this 1 time(s).
    11/20/2010 4:15:36 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated

    unexpectedly. It has done this 1 time(s).
    11/20/2010 4:15:36 PM, error: Service Control Manager [7034] - The APC UPS Service service terminated

    unexpectedly. It has done this 1 time(s).
    11/20/2010 4:15:36 PM, error: Service Control Manager [7034] - The ActivClient Middleware Service service

    terminated unexpectedly. It has done this 1 time(s).
    11/20/2010 4:15:36 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service

    terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000

    milliseconds: Restart the service.
    11/20/2010 4:15:36 PM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated

    unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds:

    Restart the service.
    11/20/2010 4:15:36 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated

    unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000

    milliseconds: Restart the service.
    11/20/2010 4:15:24 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service

    terminated unexpectedly. It has done this 1 time(s).
    11/20/2010 10:53:08 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated

    unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds:

    Restart the service.
    11/20/2010 10:53:03 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated

    unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds:

    Restart the service.
    11/20/2010 10:07:49 AM, error: Service Control Manager [7034] - The SSDP Discovery Service service

    terminated unexpectedly. It has done this 1 time(s).
    11/20/2010 10:07:49 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the

    Remote Registry service to connect.
    11/20/2010 10:07:49 AM, error: Service Control Manager [7000] - The Remote Registry service failed to start

    due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/20/2010 10:07:38 AM, error: Service Control Manager [7031] - The Remote Registry service terminated

    unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000

    milliseconds: Restart the service.
    11/20/2010 10:07:36 AM, error: Service Control Manager [7034] - The WebClient service terminated

    unexpectedly. It has done this 1 time(s).
    11/20/2010 10:02:10 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup

    of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15

    minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    11/19/2010 9:26:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with

    arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
    11/19/2010 9:25:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with

    arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    11/19/2010 9:16:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start

    driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm NPPTNT2 PCLEPCI
    11/19/2010 7:39:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman

    with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    11/19/2010 7:37:02 PM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed

    to start due to the following error: Access is denied.
    11/19/2010 7:36:56 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service

    terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000

    milliseconds: Restart the service.
    11/19/2010 7:36:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start

    driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT NPPTNT2

    PCLEPCI RasAcd Rdbss Tcpip
    11/19/2010 7:36:24 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on

    the AFD service which failed to start because of the following error: A device attached to the system is not

    functioning.
    11/19/2010 7:36:24 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the

    IPSEC driver service which failed to start because of the following error: A device attached to the system

    is not functioning.
    11/19/2010 7:36:24 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the

    NetBios over Tcpip service which failed to start because of the following error: A device attached to the

    system is not functioning.
    11/19/2010 7:36:24 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the

    TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to

    the system is not functioning.
    11/19/2010 7:36:24 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on

    the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached

    to the system is not functioning.
    11/19/2010 6:54:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service

    EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/19/2010 6:53:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start

    driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm NPPTNT2 PCLEPCI sp_rsdrv2
    11/19/2010 5:18:47 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed

    to start due to the following error: The system cannot find the file specified.
    11/18/2010 8:26:25 PM, error: Service Control Manager [7023] - The Uninterruptible Power Supply service

    terminated with the following error: %%2482
    11/18/2010 8:26:25 PM, error: Service Control Manager [7000] - The Smart Card Reader service failed to start

    due to the following error: The system cannot find the device specified.
    11/18/2010 8:26:25 PM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to

    the following error: The system cannot find the path specified.
    11/18/2010 8:26:25 PM, error: Service Control Manager [7000] - The ASInsHelp service failed to start due to

    the following error: The system cannot find the file specified.
    11/18/2010 8:26:07 PM, error: UPS [2482] - The UPS service could not access the specified Comm Port.
    11/18/2010 8:25:43 PM, error: ACTR [1] - Can't open COM1. It is either not available or used by another

    device.
    11/18/2010 8:25:17 PM, error: SCardSvr [602] - WDM Reader driver initialization cannot open reader device:

    The system cannot find the path specified.
    11/18/2010 7:56:00 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service

    EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/18/2010 7:29:54 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt

    with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    11/17/2010 9:25:00 PM, error: DCOM [10000] - Unable to start a DCOM Server: {5E248397-8614-4EC5-8926-

    BD242DC9830A}. The error: "%2" Happened while starting this command: "C:\Program

    Files\ActivIdentity\ActivClient\acevents.exe" -Embedding
    11/14/2010 8:13:09 AM, error: Dhcp [1002] - The IP address lease 192.168.100.2 for the Network Card with

    network address 0013720E86F5 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a

    DHCPNACK message).
    11/14/2010 8:12:16 AM, error: Dhcp [1002] - The IP address lease 68.49.73.95 for the Network Card with

    network address 0013720E86F5 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a

    DHCPNACK message).
    11/13/2010 6:53:58 AM, error: System Error [1003] - Error code 100000d1, parameter1 90a30000, parameter2

    00000002, parameter3 00000001, parameter4 a333c3bd.

    ==== End Of File ===========================
     
  4. lemmy law

    lemmy law TS Rookie Topic Starter

    Here is the DDS.txt:


    DDS (Ver_10-11-10.01) - NTFSx86
    Run by Lemuel Lawrence at 17:37:05.87 on Sat 11/20/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1255 [GMT -5:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ActivIdentity\ActivClient\accoca.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\ZuneBusEnum.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\DOCUME~1\LEMUEL~1\LOCALS~1\Temp\clclean.0001
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    svchost.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Documents and Settings\Lemuel Lawrence\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
    uWindow Title = Windows Internet Explorer provided by Comcast
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Connection Wizard,ShellNext = hxxp://www.soundblaster.com/MBupgrade/companion.asp?v=01a7&sv=CFD31B33F340&lg=1033
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    mURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    TB: {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - No File
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [SetDefaultMIDI] MIDIDef.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Comcast Install 1.0; GTB6.5; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://spongebob.nick.com/games/play/sb_fliporflop/"
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [PCLEUSBTip] c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe
    mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
    mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
    mRun: [CTSVolFE] "c:\program files\creative\mixer\CTSVolFE.exe" /r
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
    mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} - hxxp://www.gamescampus.com/luncher/GamesCampus.cab
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
    DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
    DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxd.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
    DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} - hxxps://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
    DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www-cdn.freerealms.com/gamedata/plugins/1.0.3.133/FreeRealmsInstaller.cab?v=1059
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader.cab
    DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
    DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.18.39/ttinst.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://playgames.comcast.net/online2/mahjong_escape_ancient/PTGameLauncher.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
    Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: ljJYOiHB - ljJYOiHB.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
    Hosts: 91.212.127.226 osguard-pro.microsoft.com
    Hosts: 91.212.127.226 osguard-pro.com
    Hosts: 91.212.127.226 www.osguard-pro.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\lemuel~1\applic~1\mozilla\firefox\profiles\xhtxn5q8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VI2TDF&PC=VI2TDF&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VI2TDF&PC=VI2TDF&q=
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\lemuel lawrence\application data\move networks\plugins\npqmp071705000014.dll
    FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
    FF - plugin: c:\windows\downloaded program files\npsoe.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-20 64288]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-13 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-13 29584]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-13 243024]
    R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-20 24652]
    R3 Actrpcsc;Actrpcsc;c:\windows\system32\drivers\actrpcsc.sys [2008-11-12 14784]
    R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [2009-7-12 14639]
    R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [2009-7-12 10193]
    S2 ACTR;Smart Card Reader;c:\windows\system32\drivers\ACTR.SYS [2008-11-12 16472]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1375992]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
    S3 SNDP106;Digital Spy Camera;c:\windows\system32\drivers\sndp106.sys [2009-3-29 227456]
    S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
    S3 XDva002;XDva002;\??\c:\windows\system32\xdva002.sys --> c:\windows\system32\XDva002.sys [?]
    S3 XDva007;XDva007;\??\c:\windows\system32\xdva007.sys --> c:\windows\system32\XDva007.sys [?]
    S3 XDva009;XDva009;\??\c:\windows\system32\xdva009.sys --> c:\windows\system32\XDva009.sys [?]
    S3 XDva010;XDva010;\??\c:\windows\system32\xdva010.sys --> c:\windows\system32\XDva010.sys [?]
    S3 XDva012;XDva012;\??\c:\windows\system32\xdva012.sys --> c:\windows\system32\XDva012.sys [?]
    S3 XDva013;XDva013;\??\c:\windows\system32\xdva013.sys --> c:\windows\system32\XDva013.sys [?]
    S3 XDva014;XDva014;\??\c:\windows\system32\xdva014.sys --> c:\windows\system32\XDva014.sys [?]
    S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2006-2-8 57344]

    =============== Created Last 30 ================

    2010-11-20 20:11:24 -------- d-----w- c:\program files\trend micro
    2010-11-20 15:12:04 -------- d-----w- c:\docume~1\lemuel~1\applic~1\Malwarebytes
    2010-11-20 15:11:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-20 15:11:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-20 14:59:43 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2010-11-20 14:59:43 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-11-20 14:59:07 -------- d-----w- c:\program files\iTunes
    2010-11-20 14:59:07 -------- d-----w- c:\program files\iPod
    2010-11-20 14:58:16 -------- d-----w- c:\windows\system32\drivers\umdf\en-US
    2010-11-20 14:58:03 -------- d-----w- c:\windows\system32\drivers\umdf\pt-PT
    2010-11-20 14:58:03 -------- d-----w- c:\windows\system32\drivers\umdf\pt-BR
    2010-11-20 14:58:03 -------- d-----w- c:\windows\system32\drivers\umdf\nl-NL
    2010-11-20 14:58:03 -------- d-----w- c:\windows\system32\drivers\umdf\it-IT
    2010-11-20 14:58:03 -------- d-----w- c:\windows\system32\drivers\umdf\fr-FR
    2010-11-20 14:58:03 -------- d-----w- c:\windows\system32\drivers\umdf\es-ES
    2010-11-20 14:58:03 -------- d-----w- c:\windows\system32\drivers\umdf\de-DE
    2010-11-20 14:58:00 -------- d-----w- c:\docume~1\lemuel~1\locals~1\applic~1\Yahoo!
    2010-11-20 14:57:58 -------- d-----w- c:\program files\MSN Toolbar
    2010-11-20 14:57:57 -------- d-----w- c:\program files\MSN Toolbar Installer
    2010-11-20 12:47:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-20 12:47:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-11-19 01:00:46 -------- d-----w- c:\docume~1\lemuel~1\applic~1\Spyware Terminator
    2010-11-19 01:00:33 -------- d-----w- c:\program files\Spyware Terminator
    2010-11-18 23:50:41 -------- d-----w- c:\docume~1\lemuel~1\applic~1\GetRightToGo
    2010-11-18 23:42:07 -------- d-----w- c:\docume~1\lemuel~1\applic~1\whitesmoketoolbar
    2010-11-18 13:13:17 -------- d-----w- c:\program files\whitesmoketoolbar
    2010-11-18 13:12:51 -------- d-----w- c:\windows\system32\%APPDATA%
    2010-11-14 15:18:51 -------- d-----w- c:\program files\iPod(2)
    2010-11-14 15:18:48 -------- d-----w- c:\program files\iTunes(2)
    2010-11-12 22:44:02 256 ----a-w- c:\windows\system32\pool.bin

    ==================== Find3M ====================

    2010-10-19 21:00:08 294912 ----a-w- C:\gmer.exe
    2010-09-24 17:19:16 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
    2010-09-24 17:19:08 57072 ----a-w- c:\windows\system32\ZuneBusEnum.exe
    2010-09-24 16:11:44 65024 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
    2010-09-24 16:11:44 58368 ----a-w- c:\windows\system32\ZuneRegUtil.dll
    2010-09-24 16:11:44 46080 ----a-w- c:\windows\system32\ZunePTDNS.dll
    2010-09-24 16:11:44 365056 ----a-w- c:\windows\system32\ZuneNetProxy.dll
    2010-09-24 16:11:44 130560 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
    2010-09-24 16:11:42 205824 ----a-w- c:\windows\system32\ZuneCoInst.dll
    2010-09-24 16:11:42 203776 ----a-w- c:\windows\system32\ZuneMTPZ.dll
    2010-09-24 15:31:26 1837296 ----a-w- c:\windows\system32\WUDFUpdate_01009.dll
    2010-09-24 15:31:24 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
    2010-09-24 15:31:24 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 08:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 06:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2002-07-26 21:02:06 153088 ----a-w- c:\program files\UNWISE.EXE

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST316082 rev.8.03 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A42B446]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a431504]; MOV EAX, [0x8a431580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8ADC5AB8]
    3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A3DAC58]
    \Driver\iastor[0x8AD5B4A8] -> IRP_MJ_CREATE -> 0x8A42B446
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskST3160828AS_____________________________8.03____#4&3203b792&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\iaStor DriverStartIo -> 0x8A42B292
    user != kernel MBR !!!
    sectors 312499998 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    ============= FINISH: 17:39:23.03 ===============
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Is this the same system and the same problem as the other thread you started? It looks like it is. I'm going to delete that thread. All posts and logs for this system for this problem go here.

    You have Rootkit malware infection. Please run the following:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.

    Note: When you open Notepad for a log, please click on Format first and uncheck Word Wrap.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  6. lemmy law

    lemmy law TS Rookie Topic Starter

    My appologies, didn't mean to start multiple threads.

    Ran the TDSSKIller, rebooted, and here is the output:

    2010/11/20 18:03:27.0296 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
    2010/11/20 18:03:27.0296 ================================================================================
    2010/11/20 18:03:27.0296 SystemInfo:
    2010/11/20 18:03:27.0296
    2010/11/20 18:03:27.0296 OS Version: 5.1.2600 ServicePack: 3.0
    2010/11/20 18:03:27.0296 Product type: Workstation
    2010/11/20 18:03:27.0296 ComputerName: DELLXPS
    2010/11/20 18:03:27.0296 UserName: Lemuel Lawrence
    2010/11/20 18:03:27.0296 Windows directory: C:\WINDOWS
    2010/11/20 18:03:27.0296 System windows directory: C:\WINDOWS
    2010/11/20 18:03:27.0296 Processor architecture: Intel x86
    2010/11/20 18:03:27.0296 Number of processors: 2
    2010/11/20 18:03:27.0296 Page size: 0x1000
    2010/11/20 18:03:27.0296 Boot type: Normal boot
    2010/11/20 18:03:27.0296 ================================================================================
    2010/11/20 18:03:27.0546 Initialize success
    2010/11/20 18:04:07.0593 ================================================================================
    2010/11/20 18:04:07.0593 Scan started
    2010/11/20 18:04:07.0593 Mode: Manual;
    2010/11/20 18:04:07.0593 ================================================================================
    2010/11/20 18:04:07.0953 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2010/11/20 18:04:08.0000 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/11/20 18:04:08.0046 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/11/20 18:04:08.0078 ACTR (0e48c247e204c39cfebe18b55e929e0f) C:\WINDOWS\system32\drivers\ACTR.sys
    2010/11/20 18:04:08.0109 Actrpcsc (71cc0e089a13f067cd30dc4ec46eff5e) C:\WINDOWS\system32\DRIVERS\actrpcsc.sys
    2010/11/20 18:04:08.0140 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2010/11/20 18:04:08.0171 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/11/20 18:04:08.0218 AegisP (93034ce0cd3578d68da550fc2bca3080) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    2010/11/20 18:04:08.0265 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/11/20 18:04:08.0312 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2010/11/20 18:04:08.0328 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2010/11/20 18:04:08.0359 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2010/11/20 18:04:08.0375 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2010/11/20 18:04:08.0406 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2010/11/20 18:04:08.0453 aksbus (e2a0f989fb8ff405bae42e05200f957a) C:\WINDOWS\system32\DRIVERS\aksbus.sys
    2010/11/20 18:04:08.0484 akspcsc (71f54ceb96d8a0cecafb008008618962) C:\WINDOWS\system32\DRIVERS\akspcsc.sys
    2010/11/20 18:04:08.0531 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2010/11/20 18:04:08.0546 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2010/11/20 18:04:08.0578 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2010/11/20 18:04:08.0593 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2010/11/20 18:04:08.0656 ASAPIW2K (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\Drivers\ASAPIW2K.sys
    2010/11/20 18:04:08.0671 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2010/11/20 18:04:08.0687 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2010/11/20 18:04:08.0718 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2010/11/20 18:04:08.0765 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
    2010/11/20 18:04:08.0828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/11/20 18:04:08.0859 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/11/20 18:04:08.0921 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/11/20 18:04:08.0968 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/11/20 18:04:09.0015 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
    2010/11/20 18:04:09.0046 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
    2010/11/20 18:04:09.0093 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
    2010/11/20 18:04:09.0140 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/11/20 18:04:09.0187 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2010/11/20 18:04:09.0203 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/11/20 18:04:09.0265 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/11/20 18:04:09.0281 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2010/11/20 18:04:09.0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/11/20 18:04:09.0343 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/11/20 18:04:09.0406 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/11/20 18:04:09.0468 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2010/11/20 18:04:09.0515 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2010/11/20 18:04:09.0562 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2010/11/20 18:04:09.0640 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
    2010/11/20 18:04:09.0671 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
    2010/11/20 18:04:09.0703 CVirtA (72f820e457bc8a1c61aeb86df89dd41a) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
    2010/11/20 18:04:09.0734 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2010/11/20 18:04:09.0765 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2010/11/20 18:04:09.0812 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys
    2010/11/20 18:04:09.0859 DcCam (1b269ed3eb2d81ec11cd5b0544e89962) C:\WINDOWS\system32\DRIVERS\DcCam.sys
    2010/11/20 18:04:09.0890 DcFpoint (bd6ce20068159f9714ebe9e76decab2c) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
    2010/11/20 18:04:09.0921 DCFS2K (1315e0b5b6fc1fe930ee3498309700bd) C:\WINDOWS\system32\drivers\dcfs2k.sys
    2010/11/20 18:04:09.0968 DcLps (5f5055efb3e0820f349924e7c5bd5af4) C:\WINDOWS\system32\DRIVERS\DcLps.sys
    2010/11/20 18:04:10.0000 DcPTP (31689427da60a724b31a622b35ed21ec) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
    2010/11/20 18:04:10.0046 DELL_A02 (ac42d95803a473f4898297dafba8dc89) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
    2010/11/20 18:04:10.0093 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/11/20 18:04:10.0171 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/11/20 18:04:10.0234 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/11/20 18:04:10.0250 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/11/20 18:04:10.0296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/11/20 18:04:10.0328 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2010/11/20 18:04:10.0390 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/11/20 18:04:10.0421 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
    2010/11/20 18:04:10.0468 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
    2010/11/20 18:04:10.0578 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    2010/11/20 18:04:10.0625 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
    2010/11/20 18:04:10.0671 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2010/11/20 18:04:10.0718 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    2010/11/20 18:04:10.0781 emAudio (ffa45148a2d5d05dbb3c0997e579fc9c) C:\WINDOWS\system32\drivers\emAudio.sys
    2010/11/20 18:04:10.0859 Exportit (f85ffdeae43f9e9a7c3f4e3cc5ef09eb) C:\WINDOWS\system32\DRIVERS\exportit.sys
    2010/11/20 18:04:10.0906 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/11/20 18:04:10.0937 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/11/20 18:04:10.0984 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys
    2010/11/20 18:04:11.0015 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/11/20 18:04:11.0046 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/11/20 18:04:11.0078 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/11/20 18:04:11.0125 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/11/20 18:04:11.0140 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/11/20 18:04:11.0187 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2010/11/20 18:04:11.0218 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/11/20 18:04:11.0265 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
    2010/11/20 18:04:11.0312 hcmon (9d4bff527040edf5dcc8707ee610f535) C:\WINDOWS\system32\Drivers\hcmon.sys
    2010/11/20 18:04:11.0359 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/11/20 18:04:11.0406 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
    2010/11/20 18:04:11.0453 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/11/20 18:04:11.0500 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2010/11/20 18:04:11.0546 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2010/11/20 18:04:11.0578 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2010/11/20 18:04:11.0593 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2010/11/20 18:04:11.0656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/11/20 18:04:11.0703 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2010/11/20 18:04:11.0734 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2010/11/20 18:04:11.0750 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/11/20 18:04:11.0812 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
    2010/11/20 18:04:11.0875 imagedrv (0a7c49b48c772591a2d362daa00246c8) C:\WINDOWS\system32\Drivers\imagedrv.sys
    2010/11/20 18:04:11.0906 imagesrv (549ba4f539e7b8d8129500b96dd7b27a) C:\WINDOWS\system32\DRIVERS\imagesrv.sys
    2010/11/20 18:04:11.0953 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/11/20 18:04:12.0000 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2010/11/20 18:04:12.0062 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
    2010/11/20 18:04:12.0140 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
    2010/11/20 18:04:12.0187 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
    2010/11/20 18:04:12.0218 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/11/20 18:04:12.0265 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/11/20 18:04:12.0296 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/11/20 18:04:12.0312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/11/20 18:04:12.0359 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/11/20 18:04:12.0406 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/11/20 18:04:12.0437 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/11/20 18:04:12.0484 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/11/20 18:04:12.0515 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/11/20 18:04:12.0562 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/11/20 18:04:12.0578 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/11/20 18:04:12.0625 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/11/20 18:04:12.0671 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/11/20 18:04:12.0718 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
    2010/11/20 18:04:12.0796 MarvinBus (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
    2010/11/20 18:04:12.0859 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    2010/11/20 18:04:12.0906 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/11/20 18:04:12.0968 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/11/20 18:04:12.0984 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2010/11/20 18:04:13.0015 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
    2010/11/20 18:04:13.0062 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/11/20 18:04:13.0109 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/11/20 18:04:13.0140 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/11/20 18:04:13.0187 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2010/11/20 18:04:13.0218 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/11/20 18:04:13.0250 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/11/20 18:04:13.0296 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/11/20 18:04:13.0328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/11/20 18:04:13.0375 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/11/20 18:04:13.0406 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/11/20 18:04:13.0437 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/11/20 18:04:13.0468 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/11/20 18:04:13.0515 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/11/20 18:04:13.0546 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/11/20 18:04:13.0593 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/11/20 18:04:13.0625 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/11/20 18:04:13.0656 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/11/20 18:04:13.0687 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/11/20 18:04:13.0718 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/11/20 18:04:13.0734 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/11/20 18:04:13.0765 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/11/20 18:04:13.0796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/11/20 18:04:13.0890 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
    2010/11/20 18:04:13.0921 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
    2010/11/20 18:04:13.0953 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/11/20 18:04:14.0046 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
    2010/11/20 18:04:14.0078 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/11/20 18:04:14.0156 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/11/20 18:04:14.0375 nv (4f15e1e56703f59c0ac00022162e5308) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/11/20 18:04:14.0593 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/11/20 18:04:14.0609 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/11/20 18:04:14.0671 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
    2010/11/20 18:04:14.0718 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/11/20 18:04:14.0750 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/11/20 18:04:14.0781 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/11/20 18:04:14.0828 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/11/20 18:04:14.0890 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/11/20 18:04:14.0937 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
    2010/11/20 18:04:14.0968 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/11/20 18:04:15.0093 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2010/11/20 18:04:15.0140 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2010/11/20 18:04:15.0218 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
    2010/11/20 18:04:15.0250 PfModNT (d9ed17ac15720096a9f92ff4ea587b09) C:\WINDOWS\system32\drivers\PfModNT.sys
    2010/11/20 18:04:15.0312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/11/20 18:04:15.0343 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
    2010/11/20 18:04:15.0375 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/11/20 18:04:15.0406 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/11/20 18:04:15.0437 PxHelp20 (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/11/20 18:04:15.0484 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2010/11/20 18:04:15.0500 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2010/11/20 18:04:15.0531 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2010/11/20 18:04:15.0562 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2010/11/20 18:04:15.0578 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2010/11/20 18:04:15.0625 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/11/20 18:04:15.0671 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/11/20 18:04:15.0687 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/11/20 18:04:15.0718 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/11/20 18:04:15.0750 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/11/20 18:04:15.0781 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/11/20 18:04:15.0812 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/11/20 18:04:15.0875 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/11/20 18:04:15.0906 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/11/20 18:04:15.0968 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    2010/11/20 18:04:16.0000 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2010/11/20 18:04:16.0078 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys
    2010/11/20 18:04:16.0156 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/11/20 18:04:16.0218 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/11/20 18:04:16.0250 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/11/20 18:04:16.0296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/11/20 18:04:16.0406 sigfilt (6bd3976b881888ac9a0ed3eb94e7fd38) C:\WINDOWS\system32\drivers\sigfilt.sys
    2010/11/20 18:04:16.0515 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2010/11/20 18:04:16.0531 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/11/20 18:04:16.0578 SNDP106 (1847429455f9ea983494bea08f803c29) C:\WINDOWS\system32\DRIVERS\sndp106.sys
    2010/11/20 18:04:16.0640 SoC PC-Camera Service (79ad3acffa28ec914f652081cad3df48) C:\WINDOWS\system32\DRIVERS\pfc027.sys
    2010/11/20 18:04:16.0687 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2010/11/20 18:04:16.0718 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/11/20 18:04:16.0765 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/11/20 18:04:16.0812 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/11/20 18:04:16.0859 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
    2010/11/20 18:04:16.0890 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
    2010/11/20 18:04:16.0921 STHDA (b95480c92c4c9c311be47b8a1ad73770) C:\WINDOWS\system32\drivers\sthda.sys
    2010/11/20 18:04:16.0968 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/11/20 18:04:17.0000 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/11/20 18:04:17.0031 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/11/20 18:04:17.0078 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2010/11/20 18:04:17.0109 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2010/11/20 18:04:17.0140 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2010/11/20 18:04:17.0171 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2010/11/20 18:04:17.0218 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/11/20 18:04:17.0281 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/11/20 18:04:17.0312 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/11/20 18:04:17.0359 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/11/20 18:04:17.0390 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/11/20 18:04:17.0437 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
    2010/11/20 18:04:17.0468 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
    2010/11/20 18:04:17.0515 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
    2010/11/20 18:04:17.0562 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
    2010/11/20 18:04:17.0593 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
    2010/11/20 18:04:17.0625 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
    2010/11/20 18:04:17.0640 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
    2010/11/20 18:04:17.0671 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
    2010/11/20 18:04:17.0703 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
    2010/11/20 18:04:17.0750 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2010/11/20 18:04:17.0812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/11/20 18:04:17.0843 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2010/11/20 18:04:17.0906 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/11/20 18:04:17.0968 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2010/11/20 18:04:18.0015 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/11/20 18:04:18.0031 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/11/20 18:04:18.0062 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/11/20 18:04:18.0093 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/11/20 18:04:18.0140 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/11/20 18:04:18.0171 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/11/20 18:04:18.0203 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/11/20 18:04:18.0250 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/11/20 18:04:18.0281 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2010/11/20 18:04:18.0312 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2010/11/20 18:04:18.0375 VMnetAdapter (fdfd74ab4d0f27b5d062c2a39cbb6d54) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
    2010/11/20 18:04:18.0406 VMnetBridge (4ec4340134aaca930291a062a151cb2f) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
    2010/11/20 18:04:18.0453 VMnetuserif (4f8c0447012c550c4c6a6a0e27190fd4) C:\WINDOWS\system32\drivers\vmnetuserif.sys
    2010/11/20 18:04:18.0484 vmusb (4bd6bd4aa4a1cde612cb5254e62ca718) C:\WINDOWS\system32\Drivers\vmusb.sys
    2010/11/20 18:04:18.0546 vmx86 (868724102e6a3431836c681ccbc951e7) C:\WINDOWS\system32\Drivers\vmx86.sys
    2010/11/20 18:04:18.0578 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/11/20 18:04:18.0656 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/11/20 18:04:18.0734 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    2010/11/20 18:04:18.0781 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/11/20 18:04:18.0843 WinDriver6 (94e4312d546048bf31604a8b2ad13fc0) C:\WINDOWS\system32\drivers\windrvr6.sys
    2010/11/20 18:04:18.0906 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    2010/11/20 18:04:19.0000 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2010/11/20 18:04:19.0046 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/11/20 18:04:19.0093 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/11/20 18:04:19.0156 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/11/20 18:04:19.0375 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
    2010/11/20 18:04:19.0468 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/11/20 18:04:19.0468 ================================================================================
    2010/11/20 18:04:19.0468 Scan finished
    2010/11/20 18:04:19.0468 ================================================================================
    2010/11/20 18:04:19.0500 Detected object count: 1
    2010/11/20 18:05:10.0781 \HardDisk0 - will be cured after reboot
    2010/11/20 18:05:10.0781 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

    ********************************
    Ready for the next step, and thank you very much for the assistance
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, good job! Please run the following:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    =====================================
    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..

    I will check you again later for the Rootkit.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...