[Active] Google redirect

rmhughes0711 · Feb 28, 2011

I verified the proper time, changed to time.nist.gov, and updated the time. I then tried to run the scan again but got the same error about an expired license. What next?

Bobbye · Mar 1, 2011

I went back and reviewed all the logs. You still have Kaspersky on the system:

"So you need to remove Kaspersky because you shouldn't have more than 1 AV." (02-11 15:11:36>> - c:\progra~2\Kaspersky Lab.
2011-02-12 15:23 -------- d-----w- c:\programdata\Kaspersky Lab

Download the archive kavremover.zip.

Unpack the archive (for example, using WinZip)

Double click on kavremover.exe

Enter the code from the picture. If you cannot read the code from the picture, click on the button next to the picture to generate a new code
[o] The screen will display the products detected.
[o] You can also select Remove all known products.

Click on the button Remove

Wait until a dialog window appears to inform you that the product was successfully removed

Click OK

Images courtesy Kaspersky

Reboot the computer.

Now try the online scan.

rmhughes0711 · Mar 2, 2011

I followed the directions sent, rebooted, and re-ran the scan however I still get the error when trying to use the on-line scanner. Suggestions? Thanks for your help!

Bobbye · Mar 2, 2011

The redirects have stopped> is that correct? you had a problem running the script in Combofix, but eventually were able to do it. You have not been able to run either of the online scans. You started with AVG, which you had to remove for Combofix. You asked for AV recommendations and I suggested Avast or Avira. You decided to go with Comodo Internet Security.

The last log however, has had entries from multiple AV programs, even after you ran the AVG remover. I am going to remove all AV entries except Comodo:

Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code:
KillAll::
File::
c:\windows\system32\DRIVERS\AVGIDSEH.Sys
c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe
c:\windows\system32\DRIVERS\AVGIDSDriver.Sys
c:\windows\system32\DRIVERS\AVGIDSFilter.Sys
c:\windows\system32\DRIVERS\AVGIDSShim.Sys
Folder::
c:\programdata\Kaspersky Lab
C:\$AVG
c:\users\Linda\AppData\Roaming\AVG10
c:\programdata\Common Files
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=-
Driver::
AVGIDSEH
AVG Security Toolbar Service
AVGIDSDriver
AVGIDSFilter
AVGIDSShim
Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
===================
Follow Method 1 on this site to run the Error Checking in Vista> check both boxes on the screen that comes up. This will force you to reboot for the checking to start. Let it finish, system will reboot when through: http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html
====================
Try either of the online virus scans when through.

rmhughes0711 · Mar 2, 2011

Here's the log. Will perform "method 1" next.

ComboFix 11-03-02.01 - Linda 03/02/2011 22:57:07.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.996 [GMT -5:00]
Running from: c:\users\Linda\Desktop\ComboFix2.exe
Command switches used :: c:\users\Linda\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {675CEE69-9702-A524-3989-6D7CC8BF3695}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe"
"c:\windows\system32\DRIVERS\AVGIDSDriver.Sys"
"c:\windows\system32\DRIVERS\AVGIDSEH.Sys"
"c:\windows\system32\DRIVERS\AVGIDSFilter.Sys"
"c:\windows\system32\DRIVERS\AVGIDSShim.Sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$AVG
c:\$avg\$VAULT\V_00000001.fil
c:\$avg\$VAULT\V_00000003.fil
c:\$avg\$VAULT\V_00000004.fil
c:\$avg\$VAULT\vvfolder.idx
c:\programdata\Common Files
c:\programdata\Common Files\F994B190-6FE2-E80D-7F55-E81B2A213971.dat
c:\programdata\PCDr\5744\Downloads\ceb06396-ae9d-42b7-a00f-867e3e8710fd.dll
c:\programdata\PCDr\5744\Downloads\fb37c43e-fc6b-476d-8936-e95ecdba3cf7.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVGIDSDRIVER
-------\Legacy_AVGIDSEH
-------\Legacy_AVGIDSFILTER
-------\Legacy_AVGIDSSHIM
-------\Service_AVG Security Toolbar Service
-------\Service_AVGIDSDriver
-------\Service_AVGIDSEH
-------\Service_AVGIDSFilter
-------\Service_AVGIDSShim

((((((((((((((((((((((((( Files Created from 2011-02-03 to 2011-03-03 )))))))))))))))))))))))))))))))
.

2011-03-03 04:04 . 2011-03-03 04:15 -------- d-----w- c:\users\Linda\AppData\Local\temp
2011-03-03 04:04 . 2011-03-03 04:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-01 19:12 . 2011-03-01 19:13 -------- d-----w- C:\kleaner.tmp
2011-02-28 16:00 . 2011-02-28 16:00 -------- d-----w- c:\windows\Sun
2011-02-20 03:48 . 2011-02-20 03:48 -------- d-----w- C:\VritualRoot
2011-02-18 17:38 . 2011-03-03 04:05 661088 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-02-18 17:35 . 2011-02-18 17:35 -------- d-----w- c:\program files\COMODO
2011-02-18 17:34 . 2011-02-18 17:40 -------- d-----w- c:\programdata\Comodo
2011-02-15 16:16 . 2011-02-15 16:16 -------- d-----w- c:\program files\Common Files\Adobe
2011-02-14 05:27 . 2011-02-14 05:27 -------- d-----w- c:\program files\Common Files\Java
2011-02-14 05:08 . 2011-02-14 05:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-14 05:08 . 2011-02-14 05:25 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-11 15:27 . 2011-02-11 15:27 7168 ----a-w- c:\windows\system32\drivers\utm0mjuw.sys
2011-02-11 04:29 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-02-11 04:00 . 2010-12-18 04:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-11 04:00 . 2010-12-18 06:26 129536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-02-11 04:00 . 2010-12-18 06:22 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-10 06:10 . 2011-02-10 06:11 -------- d-----w- c:\program files\Dell Support Center
2011-02-10 05:59 . 2011-02-10 06:14 -------- d-----w- c:\programdata\PCDr
2011-02-10 05:59 . 2011-02-10 06:01 -------- d-----w- c:\users\Linda\AppData\Roaming\PCDr
2011-02-10 04:30 . 2011-02-10 06:09 -------- d-----w- c:\programdata\SupportSoft
2011-02-10 04:29 . 2011-02-10 06:09 -------- d-----w- c:\program files\Common Files\supportsoft
2011-02-09 21:27 . 2011-02-09 21:27 -------- d-----w- c:\windows\en
2011-02-09 21:26 . 2010-09-23 05:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-02-09 21:22 . 2011-02-09 21:41 -------- d-----w- c:\program files\Microsoft
2011-02-09 21:21 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-02-09 21:21 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-02-09 21:21 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-02-09 21:14 . 2011-02-28 15:59 -------- d-----w- c:\users\Linda\AppData\Local\Windows Live
2011-02-09 21:14 . 2011-02-09 21:14 -------- d-----w- c:\program files\Common Files\Windows Live
2011-02-09 21:13 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-02-09 21:12 . 2011-02-10 18:27 -------- d-----w- c:\program files\Microsoft Silverlight
2011-02-09 20:17 . 2011-02-09 20:17 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-02-09 20:11 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-09 19:39 . 2011-02-09 19:39 -------- d-----w- c:\programdata\Roaming
2011-02-09 19:38 . 2011-02-09 19:38 56 ----a-w- c:\windows\system32\IHV_Install.bat
2011-02-09 19:38 . 2011-02-09 19:38 -------- d-----w- c:\program files\Cisco
2011-02-09 19:36 . 2011-02-09 19:36 -------- d-----w- c:\programdata\Intel
2011-02-09 19:36 . 2011-02-09 19:36 -------- d-----w- c:\users\Linda\AppData\Roaming\Intel
2011-02-09 05:33 . 2011-02-02 22:10 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F3E2D36-D77E-4A02-A25F-8C92206C245C}\mpengine.dll
2011-02-09 04:46 . 2011-02-02 22:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-09 03:49 . 2011-02-09 03:49 -------- d-----w- c:\users\Linda\AppData\Roaming\SUPERAntiSpyware.com
2011-02-09 03:49 . 2011-02-09 03:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-02-09 03:48 . 2011-02-22 00:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-09 03:17 . 2011-02-09 03:17 -------- d-----w- c:\program files\CleanUp!
2011-02-09 02:51 . 2011-02-09 02:51 -------- d-----w- c:\users\Linda\AppData\Roaming\Malwarebytes
2011-02-09 02:51 . 2011-02-09 02:51 -------- d-----w- c:\programdata\Malwarebytes
2011-02-09 02:51 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-09 02:51 . 2011-02-12 15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-09 02:51 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-08 22:42 . 2011-02-08 22:42 388096 ----a-r- c:\users\Linda\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-08 22:42 . 2011-02-08 22:42 -------- d-----w- c:\program files\Trend Micro
2011-02-08 21:51 . 2011-02-09 04:55 -------- d-----w- c:\programdata\MFAData
2011-02-08 21:31 . 2011-02-08 21:31 -------- d-----w- c:\users\Linda\AppData\Local\WindowsUpdate

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-06 22:36 . 2011-01-06 22:36 80064 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-06 22:36 . 2011-01-06 22:36 34744 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-06 22:36 . 2011-01-06 22:36 236600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-06 22:36 . 2011-01-06 22:36 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-12-29 06:42 . 2010-12-29 06:42 285480 ----a-w- c:\windows\system32\guard32.dll
2010-12-28 15:55 . 2011-01-12 22:42 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 22:42 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-08 18:12 . 2010-09-09 23:22 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 18:11 . 2010-09-09 23:22 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 18:11 . 2010-09-09 23:22 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 18:11 . 2010-09-09 23:22 87424 ----a-w- c:\windows\system32\LMIinit.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 05:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 05:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-22 2423752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 2548552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 05:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Linda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-08-22 12:06 167368 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-07-30 19:40 16384 ----a-w- c:\dell\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-04-22 06:11 166424 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 01:52 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-04-22 06:11 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-01-27 16:22 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-12-03 05:58 36864 ----a-w- c:\windows\OEM02Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 16:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-04-22 06:11 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2007-04-17 04:50 49168 ----a-w- c:\program files\Fingerprint Reader Suite\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-05-10 07:00 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
R3 utm0mjuw;AVZ Kernel Driver;c:\windows\system32\Drivers\utm0mjuw.sys [2011-02-11 7168]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-09 691696]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-01-06 17256]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-06 236600]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-01-27 12856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 179712]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-04-22 111616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]

2011-03-03 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]

2011-03-03 c:\windows\Tasks\User_Feed_Synchronization-{E25AF0CE-209A-4671-829D-9113D775E90A}.job
- c:\windows\system32\msfeedssync.exe [2011-02-11 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {92344F64-B6DC-4365-80A0-4EA5E5B7256F} = 156.154.70.22,156.154.71.22
TCP: {9F7F5F0B-B2F9-401B-A173-FB3487657F61} = 156.154.70.22,156.154.71.22
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4ib0vqk6.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-02 23:15
Windows 6.0.6002 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\guard32.dll

- - - - - - - > 'Explorer.exe'(1552)
c:\windows\system32\guard32.dll
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Fingerprint Reader Suite\upeksvr.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-03-02 23:19:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-03 04:19
ComboFix2.txt 2011-02-23 20:26

Pre-Run: 16,665,456,640 bytes free
Post-Run: 16,674,189,312 bytes free

- - End Of File - - 96104C203917526CB5C485FE177BE5B6

Bobbye · Mar 5, 2011

Let me know if you get the online virus scan after running the error checking.

rmhughes0711 · Mar 5, 2011

I got further this time but it still errored, although with a different error. This time it downloaded the updates and actually started to install them. I walked away for about an hour and when I got back, this was the error I got.

Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: Anti-virus database was updated after license expiry]

Please advise on appropriate next steps. Thanks!!!!

Bobbye · Mar 5, 2011

Attention! Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0.

Did you note the above on the site and follow it?
I will check their forums and see if others are experiencing this. I know the site was down recently while they updated their database.

rmhughes0711 · Mar 5, 2011

I did notice this. Before I got started, I not only deactivated Comodo but I also shut it down so that it wasn't even running. I did the same for my spyware. When I did, Windows started yelling at me that I was not protected anymore. I then tried to install the updates. As I said in my prior post, I did get further that you think. his time so I thought that was good. Let me know w

Bobbye · Mar 5, 2011

Looking at these errors in the logs:

2/12/2011 3:38:16 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows Vista (KB2393802).

2/12/2011 3:27:31 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.

2/10/2011 1:28:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2485376~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state.

I think the same problem is causing the online scan failure. Several forums have offered this:

Run cmd.exe with elevated privileges (right click on cmd.exe and choose "run as Administrator") and type:

fsutil resource setautoreset true c:\

and next restart computer.

Alternatively you can run this MS Fix it 50140

There are 2 additional parts that can be added to the Command sequence if needed.

rmhughes0711 · Mar 6, 2011

Ran the fix but the online virus scan still failed with a "license expired" error. Thoughts?

rmhughes0711 · Mar 8, 2011

Just wanted to make sure you weren't waiting on anything from me. Let me know. Thanks for your help!

Bobbye · Mar 8, 2011

Actually, I was:

I think the same problem is causing the online scan failure

Download the file TDSSKiller.zip and save to the desktop.
(If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)

Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.

Double click on TDSSKiller.exe. to run the scan

When the scan is over, the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).

Select the action Quarantine to quarantine detected objects.
The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43

After clicking Next, the utility applies selected actions and outputs the result.

A reboot is required after disinfection.

Post log please.

rmhughes0711 · Mar 8, 2011

I'm glad I asked! Here's the report.

2011/03/08 13:44:46.0841 3776 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/08 13:44:47.0138 3776 ================================================================================
2011/03/08 13:44:47.0138 3776 SystemInfo:
2011/03/08 13:44:47.0138 3776
2011/03/08 13:44:47.0138 3776 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/08 13:44:47.0138 3776 Product type: Workstation
2011/03/08 13:44:47.0138 3776 ComputerName: LINDA-PC
2011/03/08 13:44:47.0138 3776 UserName: Linda
2011/03/08 13:44:47.0139 3776 Windows directory: C:\Windows
2011/03/08 13:44:47.0139 3776 System windows directory: C:\Windows
2011/03/08 13:44:47.0139 3776 Processor architecture: Intel x86
2011/03/08 13:44:47.0139 3776 Number of processors: 2
2011/03/08 13:44:47.0139 3776 Page size: 0x1000
2011/03/08 13:44:47.0139 3776 Boot type: Normal boot
2011/03/08 13:44:47.0139 3776 ================================================================================
2011/03/08 13:44:56.0185 3776 Initialize success
2011/03/08 13:45:13.0661 2464 ================================================================================
2011/03/08 13:45:13.0661 2464 Scan started
2011/03/08 13:45:13.0661 2464 Mode: Manual;
2011/03/08 13:45:13.0661 2464 ================================================================================
2011/03/08 13:45:15.0539 2464 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/08 13:45:15.0969 2464 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/08 13:45:16.0411 2464 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/08 13:45:16.0662 2464 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/08 13:45:16.0967 2464 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/08 13:45:17.0323 2464 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/08 13:45:17.0559 2464 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/08 13:45:17.0889 2464 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/08 13:45:18.0075 2464 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/08 13:45:18.0508 2464 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/08 13:45:18.0985 2464 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/08 13:45:19.0115 2464 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/08 13:45:19.0378 2464 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/03/08 13:45:19.0557 2464 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/08 13:45:19.0813 2464 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/08 13:45:19.0976 2464 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/08 13:45:20.0359 2464 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/03/08 13:45:20.0616 2464 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/03/08 13:45:20.0988 2464 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/08 13:45:21.0166 2464 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/08 13:45:21.0452 2464 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/08 13:45:21.0559 2464 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/08 13:45:21.0605 2464 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/08 13:45:21.0898 2464 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/08 13:45:21.0980 2464 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/08 13:45:22.0062 2464 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/08 13:45:22.0234 2464 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/08 13:45:22.0360 2464 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/03/08 13:45:22.0558 2464 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/08 13:45:22.0785 2464 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/03/08 13:45:23.0055 2464 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/03/08 13:45:23.0435 2464 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/03/08 13:45:23.0672 2464 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
2011/03/08 13:45:23.0978 2464 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
2011/03/08 13:45:24.0245 2464 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/03/08 13:45:24.0565 2464 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/08 13:45:24.0919 2464 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/08 13:45:25.0250 2464 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/08 13:45:25.0327 2464 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/08 13:45:25.0558 2464 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/08 13:45:25.0629 2464 cmderd (0346c4bcfbe97ddafb6d6106e3a5e577) C:\Windows\system32\DRIVERS\cmderd.sys
2011/03/08 13:45:25.0709 2464 cmdGuard (8a4c864777b717ae45580c1e0de2c103) C:\Windows\system32\DRIVERS\cmdguard.sys
2011/03/08 13:45:25.0809 2464 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/08 13:45:25.0921 2464 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/08 13:45:26.0277 2464 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/08 13:45:26.0581 2464 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/08 13:45:27.0279 2464 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/08 13:45:27.0494 2464 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/08 13:45:27.0659 2464 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/03/08 13:45:27.0731 2464 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/03/08 13:45:27.0777 2464 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/03/08 13:45:27.0846 2464 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/08 13:45:27.0936 2464 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/03/08 13:45:28.0078 2464 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
2011/03/08 13:45:28.0233 2464 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/08 13:45:28.0407 2464 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/03/08 13:45:28.0499 2464 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/08 13:45:28.0724 2464 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/08 13:45:28.0965 2464 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/08 13:45:29.0175 2464 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/08 13:45:29.0397 2464 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/08 13:45:29.0490 2464 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/08 13:45:29.0582 2464 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/08 13:45:29.0757 2464 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/08 13:45:30.0040 2464 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/08 13:45:30.0160 2464 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/08 13:45:30.0532 2464 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/08 13:45:30.0884 2464 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/03/08 13:45:31.0011 2464 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/08 13:45:31.0306 2464 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/08 13:45:31.0455 2464 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/08 13:45:31.0789 2464 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/08 13:45:31.0970 2464 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/08 13:45:32.0201 2464 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/08 13:45:32.0403 2464 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/08 13:45:32.0578 2464 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/08 13:45:32.0870 2464 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/03/08 13:45:33.0216 2464 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/08 13:45:33.0541 2464 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/08 13:45:33.0816 2464 iaStor (707c1692214b1c290271067197f075f6) C:\Windows\system32\drivers\iastor.sys
2011/03/08 13:45:34.0141 2464 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/08 13:45:34.0627 2464 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/08 13:45:34.0780 2464 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/08 13:45:34.0861 2464 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
2011/03/08 13:45:34.0954 2464 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/08 13:45:35.0034 2464 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/08 13:45:35.0113 2464 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/08 13:45:35.0583 2464 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/08 13:45:35.0769 2464 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/08 13:45:35.0918 2464 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/08 13:45:35.0972 2464 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/08 13:45:36.0164 2464 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/08 13:45:36.0435 2464 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/08 13:45:36.0471 2464 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/08 13:45:36.0503 2464 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/08 13:45:36.0715 2464 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/08 13:45:37.0228 2464 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/08 13:45:37.0553 2464 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/08 13:45:37.0966 2464 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/03/08 13:45:38.0090 2464 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
2011/03/08 13:45:38.0790 2464 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
2011/03/08 13:45:39.0001 2464 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/08 13:45:39.0178 2464 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/08 13:45:39.0292 2464 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/08 13:45:39.0372 2464 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/08 13:45:39.0443 2464 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/08 13:45:39.0588 2464 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/08 13:45:39.0754 2464 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/08 13:45:39.0815 2464 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/08 13:45:39.0947 2464 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/08 13:45:40.0018 2464 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/08 13:45:40.0084 2464 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/08 13:45:40.0148 2464 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/08 13:45:40.0215 2464 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/08 13:45:40.0295 2464 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/08 13:45:40.0372 2464 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/08 13:45:40.0438 2464 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/08 13:45:40.0498 2464 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/08 13:45:40.0684 2464 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/08 13:45:40.0748 2464 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/03/08 13:45:40.0839 2464 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/08 13:45:40.0947 2464 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/08 13:45:41.0010 2464 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/08 13:45:41.0077 2464 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/08 13:45:41.0175 2464 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/08 13:45:41.0262 2464 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/08 13:45:41.0343 2464 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/08 13:45:41.0402 2464 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/08 13:45:41.0557 2464 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/08 13:45:41.0772 2464 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/08 13:45:41.0874 2464 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/08 13:45:41.0954 2464 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/08 13:45:42.0048 2464 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/08 13:45:42.0124 2464 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/08 13:45:42.0222 2464 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/08 13:45:42.0328 2464 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/08 13:45:42.0411 2464 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/08 13:45:42.0517 2464 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/08 13:45:42.0946 2464 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/03/08 13:45:43.0189 2464 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/08 13:45:43.0268 2464 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/08 13:45:43.0338 2464 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/08 13:45:43.0515 2464 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/08 13:45:43.0701 2464 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/08 13:45:43.0768 2464 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/08 13:45:43.0823 2464 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/08 13:45:43.0898 2464 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/08 13:45:43.0986 2464 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/08 13:45:44.0430 2464 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2011/03/08 13:45:44.0533 2464 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2011/03/08 13:45:44.0595 2464 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/08 13:45:44.0798 2464 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/08 13:45:44.0968 2464 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/08 13:45:45.0087 2464 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/08 13:45:45.0232 2464 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
2011/03/08 13:45:45.0344 2464 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/08 13:45:45.0430 2464 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/03/08 13:45:45.0539 2464 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/08 13:45:45.0826 2464 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/08 13:45:46.0102 2464 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/08 13:45:46.0164 2464 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/03/08 13:45:46.0255 2464 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/08 13:45:46.0452 2464 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/08 13:45:46.0723 2464 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/08 13:45:47.0009 2464 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/08 13:45:47.0405 2464 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/08 13:45:47.0703 2464 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/08 13:45:47.0770 2464 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/08 13:45:47.0888 2464 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/08 13:45:47.0966 2464 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/08 13:45:48.0019 2464 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/08 13:45:48.0084 2464 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/08 13:45:48.0247 2464 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/03/08 13:45:48.0470 2464 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/08 13:45:48.0795 2464 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/08 13:45:49.0153 2464 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/03/08 13:45:49.0264 2464 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/03/08 13:45:49.0377 2464 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/03/08 13:45:49.0425 2464 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/03/08 13:45:49.0551 2464 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/08 13:45:49.0755 2464 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/08 13:45:49.0795 2464 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/08 13:45:49.0960 2464 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/08 13:45:50.0189 2464 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/08 13:45:50.0405 2464 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/08 13:45:50.0608 2464 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/08 13:45:50.0763 2464 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/08 13:45:50.0961 2464 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/08 13:45:51.0270 2464 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/08 13:45:51.0430 2464 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/08 13:45:51.0557 2464 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/08 13:45:51.0619 2464 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/08 13:45:51.0758 2464 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/08 13:45:51.0981 2464 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/08 13:45:52.0094 2464 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/08 13:45:52.0369 2464 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/08 13:45:52.0544 2464 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/08 13:45:52.0784 2464 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/03/08 13:45:52.0784 2464 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/03/08 13:45:52.0795 2464 sptd - detected Locked file (1)
2011/03/08 13:45:52.0999 2464 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/03/08 13:45:53.0164 2464 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/08 13:45:53.0314 2464 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/08 13:45:53.0457 2464 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2011/03/08 13:45:53.0660 2464 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/08 13:45:53.0973 2464 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/08 13:45:54.0119 2464 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/08 13:45:54.0328 2464 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/08 13:45:54.0446 2464 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/08 13:45:54.0810 2464 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/03/08 13:45:55.0110 2464 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/08 13:45:55.0378 2464 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/08 13:45:55.0580 2464 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys
2011/03/08 13:45:55.0770 2464 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/08 13:45:55.0997 2464 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/08 13:45:56.0083 2464 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/08 13:45:56.0143 2464 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/08 13:45:56.0392 2464 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/08 13:45:56.0444 2464 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/08 13:45:56.0489 2464 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/08 13:45:56.0765 2464 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/08 13:45:56.0907 2464 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/08 13:45:57.0079 2464 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/08 13:45:57.0241 2464 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/08 13:45:57.0443 2464 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/08 13:45:57.0518 2464 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/08 13:45:57.0622 2464 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/08 13:45:57.0794 2464 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/03/08 13:45:57.0868 2464 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/08 13:45:58.0011 2464 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/08 13:45:58.0096 2464 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/08 13:45:58.0163 2464 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/08 13:45:58.0388 2464 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/08 13:45:58.0465 2464 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/08 13:45:58.0582 2464 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/08 13:45:58.0681 2464 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/08 13:45:58.0749 2464 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/08 13:45:58.0940 2464 utm0mjuw (524d8d450622db4a7875b111c299a76b) C:\Windows\system32\Drivers\utm0mjuw.sys
2011/03/08 13:45:59.0134 2464 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/08 13:45:59.0194 2464 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/08 13:45:59.0280 2464 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/08 13:45:59.0349 2464 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/08 13:45:59.0417 2464 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/08 13:45:59.0532 2464 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/08 13:45:59.0695 2464 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/08 13:45:59.0869 2464 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/08 13:46:00.0027 2464 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/08 13:46:00.0269 2464 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/08 13:46:00.0478 2464 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/08 13:46:00.0689 2464 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/08 13:46:00.0990 2464 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/08 13:46:01.0086 2464 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
2011/03/08 13:46:01.0282 2464 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/08 13:46:01.0636 2464 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/08 13:46:01.0855 2464 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/08 13:46:01.0947 2464 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/08 13:46:02.0121 2464 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/08 13:46:02.0287 2464 ================================================================================
2011/03/08 13:46:02.0287 2464 Scan finished
2011/03/08 13:46:02.0287 2464 ================================================================================
2011/03/08 13:46:02.0312 4356 Detected object count: 1
2011/03/08 13:48:27.0511 4356 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/03/08 13:48:27.0511 4356 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/03/08 13:48:27.0550 4356 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
2011/03/08 13:48:27.0553 4356 Locked file(sptd) - User select action: Quarantine

rmhughes0711 · Mar 9, 2011

Just checking in. Let me know if I need to be doing anything. Thanks for your help!!

Bobbye · Mar 11, 2011

What is the status of the system? Are you still getting the redirects? If yes, can you give me an example of the Domain? No links, please. Just name like searchalot.com, etc.

Describe the redirects as clearly as possible.

rmhughes0711 · Mar 11, 2011

No redirects are occurring at this point. I have antivirus turned back on and the system seems to be running as normal. If you feel you have seen everything you need to see, I am content. Let me know your thoughts.

Bobbye · Mar 12, 2011

That's good news! I leave you with a clean system! Let's remove the tools we used:

Removing all of the tools we used and the files and folders they created

Uninstall ComboFix and all Backups of the files it deleted

Click START> then RUN

Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Download OTCleanIt by OldTimer and save it to your Desktop.

Double click OTCleanIt.exe.

Click the CleanUp! button.

If you are prompted to Reboot during the cleanup, select Yes.

The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.

Go to Start > All Programs > Accessories > System Tools

Click "System Restore".

Choose "Create a Restore Point" on the first screen then click "Next".

Give the Restore Point a name> click "Create".

Go back and follow the path to > System Tools.
[*]Choose Disc Cleanup
[*]Click "OK" to select the partition or drive you want.
[*]Click the "More Options" Tab.
[*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

Let me know if you have any more questions.

rmhughes0711 · Mar 13, 2011

Dude, you rock! Thanks for all your help with this. I'm not sure if Techspot does evaluations on their volunteers but if they do let me know so that I can give you a glowing recommendation! Thanks for everything!!!!!!

Bobbye · Mar 13, 2011

Thank you! I appreciate that. Glad to help out. I'm leaving some suggestions to help you stay clean: Use any or all:

Tips for added security and safer browsing:

Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.

Have layered Security:

Antivirus Software(only one):Both of the following programs are free and known to be good:
[o]Avira-AntiVir-Personal-Free-Antivirus
[o]Avast Free Version

Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
[o]Comodo
[o]Zone Alarm

Antispyware: I recommend all of the following:
[o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.

[o]Download ZonedOut and save to your desktop. this replaces IE/Spyad and manages the Zones in Internet explorer. This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
For IE7 and IE8, Windows 2000 thru Vista. No Windows 7 yet.
IE/Spyad is not longer being supported. If you have this on your system, you should replace it with the following program. Make sure your IE8 is Up-to-date before adding sites to your restricted zone.
Known issue: If you have "immunized" your computer with Spybot Search and Destroy, and use ZonedOut to "Remove All" restricted sites - ZonedOut will remove your trusted sites as well. Note that if you remove Spybot Search and Destroys Immunization the problem goes away...
[o]Replace the Host Files
MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
[o]Google Toolbar Get the free google toolbar to help stop pop up windows.

Stay current on updates:
[o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
[o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
[o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

Reset Cookies to prevent Tracking Cookies:
[o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
[o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

Do regular Maintenance
Remove Temporary Internet Files regularly:
[o]ATF Cleaner by Atribune
OR
[o]TFC
Disable and Enable System Restore:
[o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.

Practice Safe Email Handling
[o] Don't open email from anyone you don't know.
[o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
[o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

Use a Site Advisor: I recommend The Web of Trust (WOT), an add-on safe surfing tool for your browser. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.Your online email account – Google Mail, Yahoo! Mail and Hotmail is also protected.

Every time to do a search and the screen comes up with the sites, they will have the rating light. Green (2 shades), Amber/Yellow Caution, Red> not advised. A few sites haven't been rated and show as a blue flashlight. http://www.mywot.com/en/download

From the "Rocking Dude" with pleasure.

TechSpot

[Active] Google redirect

rmhughes0711 Newcomer, in training

Bobbye Helper on the Fringe

rmhughes0711 Newcomer, in training

Bobbye Helper on the Fringe

rmhughes0711 Newcomer, in training

Bobbye Helper on the Fringe

rmhughes0711 Newcomer, in training

Bobbye Helper on the Fringe

rmhughes0711 Newcomer, in training

Bobbye Helper on the Fringe

rmhughes0711 Newcomer, in training

rmhughes0711 Newcomer, in training

Bobbye Helper on the Fringe

rmhughes0711 Newcomer, in training

rmhughes0711 Newcomer, in training

Bobbye Helper on the Fringe

rmhughes0711 Newcomer, in training

Bobbye Helper on the Fringe

rmhughes0711 Newcomer, in training

Bobbye Helper on the Fringe